Network Registrar CLI Reference Guide Contents The Network Registrar CLI Reference Guide is written for network and system administrators and is intended to provide information about how to use Cisco Network Registrar’s command line program, nrcmd. Use this online guide after you have installed Network Registrar and have it running.
Angle brackets (< >)—Indicate you must provide a value for an attribute or argument in the command. Copyright © 1992--2009 Cisco Systems, Inc. All rights reserved.
Network Registrar CLI Reference Guide Network Registrar CLI Introduction About_the_nrcmd_Program Invoking_the_nrcmd_Command Batch_Mode Interactive_Mode Registry_and_Environment_Variables Command_Organization Command_Usage Saving_Your_Changes Refreshing_and_Clearing_the_CLI_Cache Navigation_Keys About the nrcmd Program The nrcmd command line interface (CLI) enables you to configure and manage your DNS, DHCP, and TFTP servers. This section describes how to use the nrcmd CLI.
Invoking the nrcmd Command You can invoke the nrcmd command in batch mode and run scripts that use the commands; or you can invoke the nrcmd command in interactive mode and enter commands at the nrcmd command prompt. By default, the nrcmd command is located in C:\Program Files\Network Registrar\Local\bin on Windows and in /opt/nwreg2/local/usrbin on Solaris and Linux. Note: On Windows, if you want to run the nrcmd program from outside the installed path, you must set the CNR_HOME environment variable.
Note: The cluster to which you connect determines the CLI attributes that appear and are available for the release of Network Registrar running on the cluster. This CLI Reference describes the attributes for the current release. For the attributes available for an earlier release, see the CLI Reference for that release. Batch Mode The program goes into batch mode if you include a functional command or the -b < file.txt option on the line.
Registry and Environment Variables If you omit the general options, Network Registrar gets them from the Registry or environment variables. If Network Registrar cannot find values for these parameters, it prompts you for them. If you omit the cluster name on a system where Network Registrar servers are installed, the nrcmd program assumes access to localhost and does not prompt you.
There are three ways to set attributes: ● create command. For example, to create a High-Availability (HA) DNS server pair, you can specify cluster and IP addresses for the main and backup servers during creation: nrcmd> ha-dns-pair ha-pair-11 create 192.168.50.1 192.168.60.1 main=localhost backup=backup ● Use the set or enable command after creating the object.
$ nrcmd -N admin -P changeme zone example.com show 100 Ok example.com.: defttl=12h; expire=7d; minttl=10m; nameservers={{0 rr2.example.com.}}; ns=rr2.; origin=example.com.; person=rr1.; refresh=3h; retry=60m; serial=1; updateacl="key myKey"; 100 Ok ● Other custom methods--These are specific operations that you can perform on an object, beyond editing its attributes. Examples are adding a range of IP addresses to a scope, or removing hosts from a zone.
addr = 192.168.50.0 bootp = disabled deactivated = You can also include attribute definitions on the same line. This example creates the same scope, but also specifies the name of the DNS zone to which a DHCP client's host name should be added: scope testscope create nrcmd> scope testScope create 192.168.50.0 255.255.255.0 100 Ok testScope: addr = 192.168.50.
This example specifies the list of IP addresses for zone transfers for a zone: nrcmd> zone example.com. set auth-servers=192.168.50.1,10.0.0.1 100 Ok auth-servers=192.168.50.1,10.0.0.1 This example sets a client’s client-class and domain name: nrcmd> client 00:d0:ba:d3:bd:3b set client-class-name=internal domain-name=example.com. 100 Ok client-class-name=internal domain-name=example.com. The unset keyword places an attribute in the undefined state. The get keyword displays the value for an attribute.
Note: You cannot use set and enable on the same command line. Attribute Flags Command are described as: ● ● ● Required--The attribute is required for the object, and usually syntactically positional on the create command line. You must set the attribute or accept its default, and you can modify the value. You cannot use the unset keyword to set a required attribute to undefined. Trying to do so returns the error message 386 - Required attribute cannot be deleted.
Table 1-2 nrcmd Navigation Key Combinations Key Combination Action Control-a Go to the beginning of the line Control-b Back one character (or the left arrow key) Control-d Delete one character Control-e Go to the end of the line Control-f Forward one character (or the right arrow key) Control-k Kill to the end of the line Control-l Redraw the line Control-n Next line in the history (or the down arrow key) Control-p Previous line in the history (or the up arrow key) Control-t Shift an indi
Network Registrar CLI Reference Guide Table of Contents Overview ● ● ● nrcmd intro expert CLI Commands ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● acl addr-trap address-block admin ccm client client-class client-class-policy client-policy cluster dhcp dhcp-address-block dhcp-address-block-policy dhcp-dns-update dhcp-interface dhcp-listener dhcp-subnet dns dns-interface dns-update-map exit export extension failover-pair group ha-dns-pair help
● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● import key ldap lease lease-notification lease6 license link link-policy link-template link-template-policy option option-set owner prefix prefix-policy prefix-template prefix-template-policy policy region remote-dns report reservation reservation6 role router router-interface router-login-template router-type save scope scope-policy scope-template scope-template-policy server session snmp snmp-interface subnet sync-from-
● ● ● ● ● update-policy vpn zone zone-dist zone-template Reference nrcmd nrcmd - run the Network Registrar command line interface Synopsis nrcmd [flags] [] Description Flags are: -C -N -P -V -b -R Specify the cluster to connect to. Specify the administrator name. Specify the administrator password.
Description The nrcmd commands fall into two basic groups: regular and irregular. The regular commands manipulate configuration objects such as DHCP Scopes and DNS Zones in a standard fashion. The irregular commands do everything else that is useful. This man page will describe the general pattern of the regular commands. The behavior of the irregular commands will be described in their individual man pages.
For example, DHCP Scope objects contain lists of address ranges from which leases may be offered. To manipulate this list of ranges, the scope command provides the commands: addRange, removeRange, and listRanges. Another example is the forceAvailable command provided by the lease command to tell the DHCP server that a given lease should be forced into the available state. Filters The results of the list commands can be restricted by applying filters to the results.
In batch mode (when the command is entered on the command line), nrcmd will not attempt to obtain a lock unless the command is not one of the valid ones listed above. If a lock is needed, it will then attempt to get it; if this fails, the error issued is 408 Cannot lock cluster: Already locked: '@. where , , and are as above. Return codes All nrcmd commands will return a status code as the first line of output.
AT_RANGEINT AT_RANGETIME AT_ENUMINT AT_FLAGSINT - a range restricted integer a range restricted time value an enumerated integer a bitmask with named bit positions Validation Data validation will be done at configuration creation and property modification time. The nrcmd CLI will check for required valid values when a configuration object is created, and it will check the validity of property values when they are set.
These commands are available only in expert mode and must be used with care. To enter expert mode: nrcmd> session set visibility=3 The local cluster can only be deleted while in expert mode. The ccm sync-from-dhcp command can be used to synchronize CCM data from the DHCP server configuration data. The ccm sync-to-dhcp command can be used to synchronize the DHCP server's data from CCM's data. The ccm sync-from-dns command can be used to synchronize CCM DNS zone and RR data or hosts from RR data from DNS.
Description The acl command is used to manage DNS ACLs which are used to restrict dynamic DNS updates, zone transfers and queries. Once you have created the acl object, it can be used with the update-acl, restrict-xfer-acl and restrict-query-acl on the DNS server or a zone object. You can specify the match-list as a comma-separated list of values, enclosed in quotes, or you can use the add and remove commands to edit the match list. The add command will add elements to the end of the list.
match list before you actually create the ACL. But the ACL must exist before you start or reload the DNS server. If the DNS server cannot resolve an ACL name reference on either the DNS server object or a zone object, it will flag the error and will not start.
Sets the free-address level at which a low-threshold trap will be generated, and the 'high' threshold will be re-enabled. For scopes, the free-address level is calculated as follows: available non-reserved leases 100 * ----------------------------total configured leases where the counts are the sum across all of the scopes included in the aggregation.
address-block [/] create [= ...] address-block [/] delete address-block list address-block listnames address-block show address-block get address-block set = [= ...] address-block unset Description An address block is an aggregate of IP addresses based on a power-of-two address space. For example, the 192.168.0.
Names the owner of this address block. Use the owner field to group similarly owned address blocks; to limit administrative access; and to track allocation or delegation for ARIN reporting purposes. parent oid Identifies the parent address block. region oid Names the region associated with this address block. Use the region field to group similarly located address blocks and to limit administrative access.
admin admin admin admin admin admin admin admin admin admin admin create [=] delete list listnames set = [= ...] get unset enable disable show enterPassword Description The admin command configures administrators for the cluster. You can choose any string for the name of the administrator. Names are not case-sensitive.
ccm ccm - Configures and controls the CCM server Synopsis ccm ccm ccm ccm get set = [= ...] unset show ccm listConnections [full] Description The ccm command manages the CCM server in the cluster. The ccm listConnections displays details on the current connections to the CCM server. Examples Status See Also server Attributes atul-port rangeint(1-65535) default = 7543 Enables the CCM server to listen for incoming ATUL queries on this UDP port.
If polling for lease history data, this causes CCM to ask for history detail data when polling DHCP servers, and save the detail data when it's returned. Changes to this setting will take effect on the next server restart. local-edit-mode flags(dhcp=2, dns=3) default = dhcp,dns Indicates the default mode that web UI and CLI clients use for local edits: 2 dhcp If set, scope and reservation edits are forwarded to the DHCP server after being saved to the configuration database.
Provides a fixed time of day for replica polling. This time is interpreted as a time of day offset, with 0 being 12 midnight, provided the polling interval is less than 24 hours, and the offset value is less than the polling interval. If the offset value is greater than the polling interval, or the interval is greater than 24 hours, the offset will be ignored. The scheduler for polling will ensure that the first polling event occurs at the offset time.
Indicates the default mode that regional clients should use for DNS updates. This default mode is overridden if a mode is specified in a given CCM SCP message (in other words, by specific client request). If unset, clients should always present the choice of mode to the user.
client client - Creates clients and assigns them to client-classes Synopsis client client client client client client client client create [=] delete list listnames show get set = unset Description The client command assigns attributes to a specific client entry. These attributes determine what type of IP address, policy, or both that Network Registrar assigns to the requesting host.
Usually 1 (Ethernet) or 6 (Token Ring), but can be any number from 1 through 255. length Octets in the MAC address (usually 6, but can be any number from 1 through 16). address MAC address itself, with octets separated by colons, and each octet having a two-character hex value from 00 through FF (not case-sensitive).
Sets an authentication expiration date, using date format or the forever keyword. Dates can be in the 2h (two hours ago, for example) or month day hour:minute[:second] year format. Formats for the date are: + Time in the future, where num is a decimal number and unit is s, m, h, d, or w for seconds, minutes, hours, days or weeks, respectively. :[:] Month, day, 24-hour time, and 2-or-4-digit-year. For example:Jun 30 20:00:00 2007. Enter the time that is local to the nrcmd process.
Causes the server to drop the hostname option that the client sent, and not replace it. If you have disabled DNS name synthesis, then the client will have no name placed into DNS. @use-macaddress Causes the server to synthesize a hostname for the client that is derived from its MAC address, and is thus unique. This token is used to ensure that a client has a valid name in DNS. This feature is maintained for compatibility with earlier versions.
client-class client-class client-class client-class client-class client-class client-class client-class create [=] delete list listnames show set = [= ...] get unset Description The client-class command applies a set of attributes to a group or class of DHCP client configurations.
This string contains attribute-value pairs that are added to the environment dictionary whenever this client-class is associated with an incoming DHCP request. You can use these attribute-value pairs to configure extensions or expressions without having to re-write the executable code in the extension or expression. The string must have the format: "attribute1=value1,attribute2=value2, ...
Specifies an expression that evaluates to a binary large object (blob), or a string that can be used as a blob. The resulting value groups leases that have a maximum limit on the number of simultaneous active leases allowed. To configure the limit, use limitation-count attribute of the policy command. See also the over-limit-client-class attribute. over-limit-client-class-name string Designates the client-class used if this client is over the limit allowed for the specified limitation-id.
client-class-policy - Adds DHCP policy information to a client-class Synopsis client-class-policy delete client-class-policy set = [= ...
The client-class-policy command configures embedded policies for client-classes. Each client-class can contain option data in its embedded policy and can refer to a named policy with more option data; for example, a router IP address. An embedded policy is a collection of DHCP option values and settings associated with (and named by) a client-class. Network Registrar implicitly creates and deletes an embedded client-class policy when you create and delete the corresponding client-class.
Associates a lease in the AVAILABLE state with the client that last held the lease. If the client requests a lease during the affinity period, it is granted the same lease; that is, unless renewals are prohibited, then it is explicitly not given the lease. Because of the vast IPv6 address space and depending on the address generation technique, it could be millions of years before an address ever needs reassignment to a different client, and there is no reason to hold on to this information for that long.
Determines whether DHCPv6 clients can request temporary (IA_TA) addresses. The default is to allow clients to request temporary addresses. default-prefix-length rangeint(0-128) default = 64 For delegation, specifies the default length of the delegated prefix, if a router (client) does not explicitly request it. The default length must always be less than or equal to the prefix length of the prefix range.
Identifies the boot-file to use in the boot process of a client. The server returns this file name in the 'file' field of its replies. The packet-file-name cannot be longer than 128 characters. packet-server-name string Identifies the host-name of the server to use in a client's boot process. The server returns this file name in the 'sname' field of its replies. The packet-server-name field cannot be longer than 64 characters.
Controls whether the server should prefer unicasting or relaying DHCPv6 Reconfigure messages. If false (the default), the server prefers to unicast Reconfigure messages if the client has one or more valid statefully assigned addresses. If true, the server prefers to send Reconfigure messages via the relay agent unless no relay agent information is available.
Lists the options the server returns to all BOOTP clients. v4-reply-options optionid4 Lists the options the server returns to all DHCPv4 clients, whether or not the client specifically asks for the option data. v6-reply-options optionid6 Lists the options that should be returned in any replies to DHCPv6 clients. This attribute has special handling during the policy hierarchy processing when checking the Prefix policies (embedded or named) for the Prefixes on a Link.
client-policy getVendorOption client-policy unsetVendorOption client-policy listVendorOptions client-policy setV6VendorOption client-policy getV6VendorOption client-policy unsetV6VendorOption client-policy listV6VendorOptions Description The clien
policy, client-class-policy, dhcp-address-block-policy, link-policy, link-template-policy, prefix-policy, prefix-template-policy, scope-policy, scope-template-policy Attributes affinity-period time Associates a lease in the AVAILABLE state with the client that last held the lease. If the client requests a lease during the affinity period, it is granted the same lease; that is, unless renewals are prohibited, then it is explicitly not given the lease.
Determines whether DHCPv6 clients can use a Solicit with the Rapid Commit option to obtain configuration information with fewer messages. To permit this, make sure that a single DHCP server is servicing clients. This attribute has special handling during the policy hierarchy processing when checking the Prefix policies (embedded or named) for the Prefixes on a Link. The Prefixes for the Link are processed in alphabetic (case blind) order. For each Prefix, the embedded and then named policy are checked.
Causes the server to reject all renewal requests, forcing the client to obtain a different address any time it contacts the DHCP server. inhibit-renews-at-reboot bool default = false Permits clients to renew their leases, but the server forces them to obtain new addresses each time they reboot. limitation-count int Specifies the maximum number of clients with the same limitation-id that are allowed to have currently active and valid leases.
Controls DHCPv6 client reconfiguration support: 1 allow Allows clients to request reconfiguration support and the server will honor the request (default). 2 disallow Allows clients to request reconfiguration support but the server will not honor the clients' request. 3 require Requires clients to request reconfiguration support and the server drops client Solicit and Request messages that do not include a Reconfigure-Accept option.
split-lease-times bool default = disabled Specifies a value that the DHCP server might use internally to affect lease times. If enabled, the DHCP server still offers clients lease times that reflect the configured lease-time option from the appropriate policy; but the server bases its decisions regarding expiration on the 'server-lease-time' value. unavailable-timeout time default = 24h Permits the server to make a lease unavailable for the time specified and then to return the lease to available state.
cluster - Configures the local and remote clusters Synopsis cluster cluster cluster cluster cluster cluster cluster cluster create [=] delete list listnames show set = [= ...
Specifies the http-port to use for non-SSL-secured connections to the web server for this cluster. https-port int Controls the https-port to use for SSL-secured connections to the webserver for this cluster. This port is only used if the value of the use-https-port attribute is true. ipaddr ipaddr required,unique Provides the IP address of this server. This attribute, rather than the fqdn is used to connect to the cluster.
poll-replica-offset time default = 4h Sets a fixed time of day for replica polling. This time is interpreted as a time of day offset, with 0 being 12 midnight, provided that: the polling interval is less than 24 hours, and the offset value is less than the polling interval. If the offset value is greater than the polling interval, or the interval is greater than 24 hours, the offset is ignored. The scheduler for polling ensures that the first polling event occurs at the offset time.
scp-read-timeout time default = 20m The time limit for how long we should wait for data when reading an SCP message from this cluster. shared-secret secret Specifies the identifier for the secret shared between the server storing this object and the cluster it represents. This shared secret is used to generate single-sign-on authentication tokens. use-https-port bool default = false Controls whether the https-port is used to make single sign-on connections to the cluster.
Description The dhcp command lets you configure the DHCP server in a cluster. dhcp getStats [[all | server [,] failover [,] dhcpv6] [total | sample]] dhcp resetStats The getStats command retrieves statistics from a running DHCP server. You can supply one or more specific categories of statistics counters, or the keyword all to retrieve all supported categories.
the local time of the nrcmd process. Formats for the date are: - where is a decimal number and is one of 's', 'm', 'h', 'd', 'w', in which 's' is seconds, 'm' is minutes, 'h' is hours, 'd' is days and 'w' is weeks.
the value may be suffixed with K or M to signify units of thousands or millions. Note that in order for these changes to take effect you must save the changes and restart the server Agent. dhcp serverLogs nlogs=6 logsize=500K dhcp serverLogs logsize=5M dhcp getScopeCount [FailoverPair | vpn | all] The getScopeCount command displays the scopes, networks, and VPNs for the current VPN, all VPNs, a specific VPN, or a failover pair.
Status See Also server Attributes activity-summary-interval time default = 5m Sets the time that elapses between activity summary log messages. You must also enable the activity-summary setting in log-settings. addr-blocks-default-selection-tags string Associates a default selection tag (or list of tags) with incoming subnet-allocation requests that do not contain any subnet name data.
Sets the maximum time-to-live in seconds for a client in cache. The DHCP server discards the entries in memory after this period. client-class bool default = disabled Controls how the DHCP server uses the client and client-class configuration objects to affect request processing. Default is false (disabled). client-class-lookup-id expr Specifies the expression used to determine a client-class solely on data contained in an incoming DHCP client request.
Controls whether the DHCP server collects statistics for performance monitoring. collect-sample-counters bool default = disabled Controls whether the DHCP server collects activity statistics counters independently of the log-settings attribute flag. If false, this attribute is disabled. If true, this attribute enables collecting activity statistics. Note: These activity statistics counters are also enabled, if you enable 'activity-summary' logging is enabled (see 'log-settings').
Controls how the DHCP server handles information about an orphaned subnet; that is, whether it keeps the entry in its database or deletes it. Default is false (disable). As the DHCP server starts up, it tries to locate the parent VPN and DHCP address block of each DHCP subnet. If a subnet refers to a VPN that is no longer configured, or if the server cannot locate a parent DHCP address block that contains the subnet, the server uses this attribute to decide.
Enables collection of enhanced statistics counters by the DHCP server, which are then available with DHCP server statistics. The enhanced counters provide more detailed information, but cost the server some performance to maintain. Currently, this enables collecting milliseconds ACK/Reply latencies (instead of second based) and scope aggregation data (even if not explicitly configured). equal-priority-most-available bool default = disabled Controls address allocation among scopes in the same network.
evaluating an expression that fails at the outermost level with the expression-trace-level=10 for the duration of the re-execution, to provide maximum debugging assistance. extension-trace-level int default = 0 Sets the value of the extension trace level for every request object. Default is 0. The range is from 0 through 3, with 0 being very little tracing and 3 the highest amount of tracing.
Controls whether the DHCP server retries a DNS update whenever a client renews its lease, even if it appears to the server that the update was already completed successfully. Default is false (disable). This attribute uses one of the following values: forward DnsUpdateConfig object (if configured) reverse DnsUpdateConfig object (if configured) the default (or where appropriate the server configured value or default value).
Controls how the DHCP server handles ICMP ECHO (ping-beforeoffer) requests. Default is true (enable). If you enable this attribute and configure the DHCP server to to send ICMP ECHO requests, the server makes unavailable any address for which it receives an ECHO reply within its configured timeout period.
Enables the lease history database for DHCPv4, DHCPv6, or both. 0 disabled No lease history is recorded. Default. 1 v4-only The server records lease history for DHCPv4 leases only. 2 v6-only The server records lease history for DHCPv6 leases only. 3 both The server records lease history for both DHCPv4 and DHCPv6 leases. ip-history-detail bool default = false Controls whether to record detailed data for the IP history database. Default is false (disable).
log-settings flags(default=1, incoming-packets=2, missing-options=3, incoming-packet-detail=4, outgoing-packet-detail=5, unknown-criteria=6, dns-update-detail=7, client-detail=8, client-criteriaprocessing=9, failover-detail=10, ldap-query-detail=11, ldap-update-detail=12, ldap-create-detail=13, leasequery=14, dropped-waiting-packets=15, no-success-messages=16, no-dropped-dhcppackets=17, no-dropped-bootp-packets=18, no-failover-activity=19, activity-summary=20, no-invalidpackets=21, no-reduce-logging-when-bu
scope is examined to find an available lease or whenever a scope is examined to determine if a lease is still acceptable for a client who already has one. It can be very useful when configuring or debugging client-class scope criteria processing. It causes moderate amount of information to be logged and should not be left enabled as a matter of course.
This setting will cause a summary message to appear every 5 minutes. It is useful when many of the no-xxx log settings are enabled, to give some idea of the activity in the server without imposing the load required for a log message corresponding to each DHCP message. The time period for these messages can be configured with the DHCP server property activity-summary-interval.
Controls whether the DHCP server uses the client?s MAC address as the only client identifier. The standard behavior, as specified in RFC 2132, is to use the client-id option (if it is present) as the unique client identifier. Default is false (disable). CAUTION: Use this attribute with care. When enabled, it precludes a MAC address from getting multiple IP addresses per network.
Sets the maximum number of leases, regardless of state or whether reserved or not, that the server can associate with a DHCPv6 client. A DHCPv6 lease is always associated with a client; if it is not, it is deleted. This setting is to prevent a client from using lots of leases (such as by issuing many requests with different IAID values). It is not intended to limit the number of active leases a client may have.
Sets the time to live (TTL) ceiling, in seconds, for DNS records added through dynamic updates. When the DHCP server adds a DNS record, it uses a TTL of the minimum of either this ceiling or one third the lease time. max-ping-packets int default = 500 Sets the number of buffers the server allocated for sending and receiving ICMP ping messages. See the 'ping-clients' and scope 'ping-clients' attribute.
Controls whether the DHCP server releases other leases a client might have on other LAN segments on this server. 0 disabled 1 last-client-preferred 2 first-client-preferred Within one LAN segment, the DHCP server never allocates more than one DHCPv4 address to a single client. Across multiple independent network LAN segments, however, a single client might have one address allocated on several networks.
Controls address allocation among scopes in the same network and within an individual scope as well. When enabled, any scope without an explicit setting for allocation-priority is configured with an allocation-priority equal to the network number of the scope. Similarly, any scope without an explicit setting for allocate-first-available is considered enabled. Explicit settings for either of these scope attributes override the priority-address-allocation set for that scope.
Determines whether the DHCP server generates SMS network discovery records. If this attribute is set to 0, you disable SMS network discovery. If it is set to 1, you enable discovery. Use this attribute in conjunction with the dhcp updateSMS command. sms-site-code string Specifies the site code name of the SMS server that receives discovery records when you use the updateSMS keyword. For proper functioning, make sure that you initialize this attribute to the appropriate site code.
7 other-server-down Sends notifications when another server (DHCP, DNS, or LDAP) stops responding to this DHCP server. 8 other-server-up Sends notifications when another server (DHCP, DNS, or LDAP) responds after having been unresponsive. 9 duplicate-address Sends notifications whenever a duplicate IP address is detected. 10 address-conflict Sends notifications when an address conflict with another DHCP server is detected.
Controls whether the server examines the client-FQDN option for the hostname. Default is true (enable). If true, the server ignores any characters after the first dot (.) because the domain is determined from the scope. If false, the server does not determine the hostname using this. This is useful if the client is sending unexpected or junk characters.
Defines the expression used to assign a client-class based solely on data contained in an incoming DHCPv6 client request. No default. The expression must return a string that is the name of a currently configured client-class; otherwise, the expression must return the string ''. Any return that is not a string containing the name of a currently configured client-class or '' is considered an error.
Description The dhcp-address-block command creates and sets attributes for Network Registrar DHCP address blocks. The command applies only to address block objects that are designated in the DHCP server for subnet allocation to clients. When a DHCP server receives a request to allocate a subnet to a client, it does so by subdividing its available address-blocks. In this context, a DHCP address block is a contiguous range of IP address space that is delegated to the DHCP server for assignment.
Sets the default subnet size for allocations from this address block. deprecated bool default = false Determines whether the server deactivates a DHCP address block. The server ignores a deprecated DHCP address block for new subnet allocations. It allows existing clients to renew their subnets, but indicates to them that the subnet is deprecated. The client then prepares to release the deprecated subnet or subnets back to the server.
dhcp-address-block-policy delete dhcp-address-block-policy set = [= ...
Associates a lease in the AVAILABLE state with the client that last held the lease. If the client requests a lease during the affinity period, it is granted the same lease; that is, unless renewals are prohibited, then it is explicitly not given the lease. Because of the vast IPv6 address space and depending on the address generation technique, it could be millions of years before an address ever needs reassignment to a different client, and there is no reason to hold on to this information for that long.
Determines whether DHCPv6 clients can request temporary (IA_TA) addresses. The default is to allow clients to request temporary addresses. default-prefix-length rangeint(0-128) default = 64 For delegation, specifies the default length of the delegated prefix, if a router (client) does not explicitly request it. The default length must always be less than or equal to the prefix length of the prefix range.
Identifies the boot-file to use in the boot process of a client. The server returns this file name in the 'file' field of its replies. The packet-file-name cannot be longer than 128 characters. packet-server-name string Identifies the host-name of the server to use in a client's boot process. The server returns this file name in the 'sname' field of its replies. The packet-server-name field cannot be longer than 64 characters.
Controls whether the server should prefer unicasting or relaying DHCPv6 Reconfigure messages. If false (the default), the server prefers to unicast Reconfigure messages if the client has one or more valid statefully assigned addresses. If true, the server prefers to send Reconfigure messages via the relay agent unless no relay agent information is available.
Lists the options the server returns to all BOOTP clients. v4-reply-options optionid4 Lists the options the server returns to all DHCPv4 clients, whether or not the client specifically asks for the option data. v6-reply-options optionid6 Lists the options that should be returned in any replies to DHCPv6 clients. This attribute has special handling during the policy hierarchy processing when checking the Prefix policies (embedded or named) for the Prefixes on a Link.
See Also policy Attributes backup-server-addr ipaddr Specifies the backup DNS server address that receives DNS updates if the server specified in server-addr is down. backup-server-key nameref(Key) Specifies the TSIG key used to process all dynamic DNS updates for backup-server-addr. dns-host-bytes rangeint(1-4) Sets the number of bytes in a lease IP address to use when forming in-addr.arpa names. The server forms names in the in-addr.
Indicates the minimum number of seconds the DHCP server keeps the DNS records acquired through dynamic updates. This value sets the shortest allowable time (or time to live) to keep DNS updates. When the DHCP server adds a DNS record, it uses a TTL of one third the lease time if it is between min-dns-ttl and max-dns-ttl values. If one third of the lease time is smaller than min-dns-ttl, the TTL value will be set to min-dns-ttl.
Controls whether the DNS server receives updates for BOOTP clients. If the server is replying to a BOOTP request, and is offering a lease configured to perform DNS updates, it checks this attribute before beginning the DNS update. This attribute allows an administrator to prevent DNS updates for BOOTP clients, while allowing updates for DHCP clients. If not configured, the server setting is used (which defaults to true).
a name collision and disambiguation will likely result). Note: Several of these methods may cause privacy concerns if the DNS is accessible from the Internet. dhcp-interface dhcp-interface - Configures the DHCP server's network interfaces Synopsis dhcp-interface dhcp-interface dhcp-interface dhcp-interface dhcp-interface dhcp-interface dhcp-interface dhcp-interface create [=] delete list listnames show set = [attribute>= ...
Enables or disables the specified multicast addresses on DHCP interfaces. The default multicast addresses are ff02::1:2 and ff05::1:3. DHCPv6 requires address ff02::1:2, if any DHCPv6 clients are directly connected to the link associated with the interface. The address ff05::1:3 is the default multicast addresses used by relay agents when relaying DHCPv6 requests. name string required,unique,immutable Identifies the interface for DNS server use.
Specifies an optional address to which the service is bound. If unspecified, the DHCP server accepts connections to any valid local address. enable bool default = true Specifies whether this service is enabled. If disabled, the DHCP server will ignore this listener configuration. leasequery-backlog-time rangeint(30-600) default = 120 Specifies the number of seconds of active leasequery updates that the DHCP server will hold in memory when a connection is blocked.
dhcp-subnet [show] dhcp-subnet get dhcp-subnet force-available Description The dhcp-subnet commands manipulate subnet objects that the DHCP server has leased to its clients. When the DHCP server receives a request for a subnet, it creates the subnet by subdividing its available address-blocks, and allocating the subnet to the client. The dhcp-subnet commands apply only to subnet objects that have been allocated to clients by the DHCP server.
Displays the time when the client last contacted the DHCP server. client-mac-addr macaddr Displays the MAC address which the client presented to the DHCP server. expiration date Displays the expiration time of the subnet binding. high-water int Displays the highest utilization level recorded since the last time that statistics were retrieved. in-use-addresses int Displays the number of addresses currently being used by hosts.
dns disable dns enable dns dns dns dns get set = [attribute>= show dns findRR -name | dns findRR [-namePrefix ] [-rrTypes ] [-protected | -unprotected] [-zoneType forward | reverse | primary | secondary | published | unpublished | ALL] dns addRootHint [ ...] dns removeRootHint dns listRootHints dns addException [ ...
The dns command lets you configure the DNS server in the cluster. dns findRR -name | dns findRR [-namePrefix ] [-rrTypes ] [-protected | -unprotected] [-zoneType forward | reverse | primary | secondary | published | unpublished | ALL] Use the findRR commands to display the resource records for a specific domain name; or to display those matching a name prefix, a list of resource record types--whether protected or unprotected--and certain zone types.
as forwarders. Network Registrar forwards recursive queries to these servers before forwarding queries to the Internet at-large. You can use the exception command to override forwarding for specific domains. The addForwarder command adds the address of a forwarder for this DNS server. The removeForwarder command removes the address of a forwarder. The listForwarders command lists the forwarders for this DNS server.
and restart the server Agent. dns getStats [performance | query | errors | security | maxcounters | ha | ipv6 | all] [total | sample] dns resetStats The getStats command displays the requested DNS server statistics, either since the last reload or for the last sample period. The resetStats commands returns the DNS activity counters (statistics) to zero.
Controls what activity counters a DNS server uses for logging. The possible flags are: total log the accumulated counters since reset or server start. sample log counters for each sampling interval. performance log performance-related counters. query log query-related counters. errors log error-related counters. security log security-related counters. maxcounters log maxcounters-related counters. ha log HA-related counters. ipv6 log IPv6-related counters.
Sets the amount of time in seconds that the DNS server caches negative answers if there is no SOA record in the authority section of the reply. The presence of an SOA record in the authority section of a negative overrides this attribute value. For more details, see IETF RFC2308. delegation-only-domains dname Instructs the DNS server to expect a specified zone to return only delegations to authoritative nameservers when queried.
Sets the retry interval for forwarding a DNS query to a forwarder or resolution exception server. These queries are recursive, and may require more time for the forwarder to resolve. To ensure the server tries all forwarders, set this value to the 'request-expiration-time' divided by one less than the total number of configured forwarders). Note: This attribute has no affect when you enable slave-mode; the server uses slave-forward-retry-time instead.
xfr-out This flag will allow the generation of log messages associated with outbound full and incremental zone transfers. notify This flag allows log messages associated with the processing of notify messages. scp This flag allows log messages associated with SCP message handling. datastore This flag allows the generation of log messages associated with datastores processing. Enabling this flag provides insight into various events in the server's embedded databases/datastores.
This flag causes outgoing packets to be traced. xfr-in-packets This flag causes incoming zone transfer packets to be traced. xfr-out-packets This flag causes outgoing zone transfer packets to be traced. query-packets This flag causes query packets to be traced. notify-packets This flag causes notify packets to be traced. ddns-packets This flag causes DDNS packets to be traced. performance This flag logs server level performance statistics.
Specifies whether you want the DNS server, when composing a response to a query, to fetch missing glue records. Glue records are DNS A records, which specify the address of a domain's authoritative name servers. Normal DNS responses include NS records and their A records related to the name being queried. no-recurse bool default = disabled Specifies whether you want to disable forwarding client queries to other name servers when your DNS server is not authoritative for data in its own cache.
Specifies the UDP port number that the DNS server uses to send notify requests to other servers. A value of zero indicates that the server should choose a random port. If this attribute is unset, then queries are sent from the port used to listen for queries (See the local-port-num attribute).
Governs the expiration time of DNS queries; for example, DNS query, zone transfer SOA query, IXFR request and notify request). A query that is not answered within this time interval expires. Note: Cisco recommends that you make sure this value is considerably larger than 'request-retry-time' to allow multiple attempts to query multiple servers, using exponential backoff. request-retry-time rangetime(1s-30s) default = 4s Dictates the retry time interval (in secs) when querying a name server.
Specifies whether you want round-robin cycling of equivalent records in responses to queries. Equivalent records are records of the same name and type. Since clients often only look at the first record of a set, enabling this features can help balance loads and keep clients from forever trying to talk to an out-of-service host. save-negative-cache-entries bool default = enabled Controls whether to have the server store negative query results. Default, true (enable).
Sets the retry interval for forwarding a DNS query in slave-mode. These queries are recursive, and may require more time for the forwarder to resolve. To ensure the server tries all forwarders, set this value to the 'request-expiration-time' divided by one less than the total number of configured forwarders. slave-mode bool default = disabled Specifies whether you want this server to be a slave server; that is, a server that relies entirely on forwarders for data that is not in its cache.
Defines the traps that this server is configured to send. 1 all Sends notifications for all server events. 2 server-start Sends notifications whenever the server is started or reinitialized. 3 server-stop Sends notifications whenever the server is stopped. 4 ha-dns-partner-down Sends notifications whenever the HA DNS partner goes down. 5 ha-dns-partner-up Sends notifications whenever the HA DNS partner becomes available again after going down.
dns-interface dns-interface dns-interface dns-interface dns-interface dns-interface dns-interface dns-interface create [=] delete list listnames show set = [= ...] get unset dns-interface enable dns-interface disable Description The dns-interface command configures network interfaces for use by the Network Registrar DNS server.
dns-update-map create [= ...] dns-update-map delete dns-update-map list dns-update-map listnames dns-update-map show dns-update-map get dns-update-map set == ...] dns-update-map unset dns-update-map push Description The dns-update-map command lets you define and manage DNS update configuration maps.
dhcp-policy-selector enumint(use-named-policy=1, use-client-class-embedded-policy=2, usescope-embedded-policy=3) default = 1, required Indicates how to find the DHCP Policy to which to attach the DnsUpdateConfig referenced in the dns-config attribute. If a named-policy or client-class-embedded-policy is selected, the referenced policy and/or client-class must be preconfigured on the DHCP servers before the map is applied. If scope-embedded-policy is selected, it is applied to all scopes on the DHCP servers.
Description The exit command lets you exit the current nrcmd session. If you have unsaved changes, they will be flushed to the database before the session exits.
The export command lets you export data in one of several common formats. export leases -server [ -vpn ] [ -time-ascii | -time-numeric ] Use the export leases -server command to export the current and expired leases to a file in the DHCP server's log directory. export leases -client [ -vpn ] [ -time-ascii | -time-numeric ] Use the export leases -client command to export the current leases to the specified file or the standard output.
If there is an [export-addresses] section in the configuration file, the export command uses the clusters that the section specifies instead of the default cluster. If you omit a configuration file, the export addresses command looks for a default .nrconfig file. This is the same configuration file that the report command uses. Network Registrar looks for the file first in your current directory, then in your home directory, and finally in the install-path/conf directory.
Examples Status See Also session current-vpn extension extension - Integrates user-written DHCP extensions into the DHCP server Synopsis extension extension extension extension extension extension extension extension list listnames create [=...] delete get set = [= ...] unset show Description The extension command lets you configure extension modules.
Attributes entry string required Identifies the entry point for the module. This function is called from any extension point to which this module is bound. file string required Provides the filename relative to the directory extensions in the installation, or as an absolute pathname, but this cannot contain a sequence of two dots (..). init-args string Describes the arguments that should be passed to the init-entry point function.
failover-pair sync [] Description The failover-pair command lets you define and manage the failover relationship between a main and backup server. Either the main and backup clusters or the main and backup server IP addresses can be specified with the create command. If the main-server and backup-server addresses are set, the cluster addresses will only be used for synchronization of the server configuration.
Determines the percentage of available addresses that the main server sends to the backup server for scopes on which dynamic BOOTP is enabled. If defined, it must be defined on the main server. If it is defined in a backup server, it is ignored (to enable copying of configurations). If it is not defined at all or the value is 0, the "backup-pct" is used instead.
Controls when the main server updates its database. Normally, the main server updates its database when the backup server ACKs it with what the backup knows. Disabling this capability speeds up the main server, but after a restart the main server is out of sync with what the backup knows, and may offer all clients one lease period with a renew time of the current time plus the MCLT. poll-lease-hist-interval rangetime(0-1y) Specifies how often to collect lease history from the DHCP server for this cluster.
Specifies which server to poll first: 0 main server 1 backup server safe-period time default = 24h Controls the safe period, in seconds. It does not have to be the same on both main and backup servers. It only has meaning if use-safe-period is enabled. Define this attribute on the main server. If it is defined on a backup server, it is ignored (to enable copying of configurations). scopetemplate oid Associates a scope template with a specified failover pair.
admin, role Attributes desc string Describes this group. name string required,unique Names this group of administrator roles. ha-dns-pair ha-dns-pair - configure a High Availability DNS relationship Synopsis ha-dns-pair create [= ...] ha-dns-pair ha-dns-pair ha-dns-pair ha-dns-pair delete list listnames show ha-dns-pair get ha-dns-pair set = [= ...
Status See Also cluster Attributes backup oid(CCMCluster) The cluster reference for the backup server in this DNS HA pair relationship. ha-dns bool default = enabled This attribute enables/disables HA on the DNS server. ha-dns-backup-server ipaddr The IP address to use for the HA DNS protocol on the backup server. If this value is unset, the address specified for the backup cluster will be used.
The help command provides online help. If you type help without arguments, it displays a list of commands. If you type help with an argument, it displays the man page information for the command with that name. You can select the sections of the man page output by specifying the section names after the 'help ' command.
The import command lets you import lease information into the DHCP server configuration or BIND configuration information into the DNS server configuration. import leases Before you can import leases, you need to perform several configuration steps: 1. Configure scopes in the DHCP server for the leases that are going to be imported. (see the scope command.) 2.
key key - Manage TSIG key objects Synopsis key key key key key key key key list listnames show create [=...] delete get set = [= ...] unset Description The key command creates and manages transaction signature (TSIG) keys for DNS updates, zone transfers, queries, and recursions.
A base64 encoded string used for transaction authentication. security-type enumstr(TSIG=1) default = TSIG The type of security that this key is going to be used for. Currently we only support TSIG keys. time-skew rangetime(1s-60m) default = 5m The time stamp fudge factor (amount that the time values can differ). ldap ldap - Specifies the LDAP remote server's properties Synopsis ldap ldap ldap ldap ldap ldap ldap list listnames create [=...
Status See Also Attributes can-create bool default = disabled Controls whether a particular LDAP server can create new entries to use to store lease state updates. See the create properties: create-dictionary, create-string-dictionary, dn-create-format, create-object-classes. can-query bool default = disabled Controls whether a particular LDAP server can be used for client queries. See the query properties: env-dictionary, query-dictionary, search-attribute, search-filter, search-path, and search-scope.
dn-attribute string Determines how the server constructs the distinguished name (DN) of the LDAP entry to update or create. If the server can use one of the lease attributes, it formats the specified dn-attribute using the dn-format string to construct the object filter that specifies the LDAP server to modify. dn-create-format string Provides the distinguished name (DN) for entry creation. A % is required at the entry level and is replaced by the value of the dn-attribute.
An arbitrary name used to refer to an individual server. password string Sets the password of a user with access to the parts of the directory that DHCP uses. Because you can configure LDAP servers to allow anonymous access, this is optional. port int Specifies the port on the remote server to connect to. preference int default = 1 Specifies the preference order in which LDAP servers are used. A positive integer greater than or equal to one. One (1) is the highest preference value.
search-scope enumint(BASE=0, ONELEVEL=1, SUBTREE=2) default = SUBTREE Controls the comprehensiveness of a search: If you specify the scope to be SUBTREE, the server searches all the children of the searchpath. If you specify the scope to be ONELEVEL, the server searches only the immediate children of the base object. If you specify the scope to be BASE, the server searches only the base object itself.
username string Designates a user with access to the parts of the directory that DHCP uses. Because you can configure LDAP servers to allow anonymous access, this is optional.
The list -subnet command lists all leases in a subnet (scopes whose address and mask match the query). The list -lansegment command lists all leases in a LAN segment, meaning all leases in scopes whose address and mask match the query, as well as leases in secondary scopes whose primary scope's address and mask match the query. The list -macaddr command lists all leases that are associated with the specified MAC address. Note: The list -macaddr command for Network Registrar 6.
reload also has the reservation removed. The recommended sequence is: nrcmd> lease delete-reservation nrcmd> scope removeReservation nrcmd> save Note: The send-reservation and delete-reservation commands are deprecated. Use synchronous dhcp-edit-mode instead. These commands are provided for command-syntax compatibility with prior versions and only support mac-address based reservations.
client-flags flags(client-valid=1, client-id-created-from-mac-address=2, client-dns-name-up-todate=3, client-up-to-date-in-mcd=4, reverse-dns-up-to-date=5, dns-update-pending=9, client-fqdnpresent=10, client-updates-name=11, clear-host-name=7, host-name-has-changed=6, domain-namehas-changed=8, use-test-before-update=12, avoid-dns-retry=13, dual-zone-dns-update=14, clientinvalid-due-to-macaddress=15, in-limitation-list=16, used-over-limit-client-class=17, synthesized-dnsname=18, reservation-uses-client-id=19
Indicates the operating system of the client. This attribute is used only by the updateSms keyword and has no other purpose. If you enable failover, the main server transmits this value to the backup server. The syntax of this attribute?s value is OS-name major.minor.: Operating system values are as follows: Microsoft Windows NT Server Microsoft Windows NT Advanced Server Microsoft Windows NT Workstation 4.0 Microsoft Windows NT Workstation 3.
7 23 31 backup-backup backup-backup-active backup-backup-history Indicates the data originated on the backup server and was retrieved from the backup. The suffix -active denotes the data was returned from the active portion of the lease-state database while -history indicates that the data was from the history portion of the lease-state database. When viewing leases with the UI's, you will see all four values routinely, especially if load-balancing is enabled.
Displays the value set for a client-class or client limiting the number of simultaneous active leases a DHCP server can give out to devices on customer premises. relay-agent-auth blob The contents of the 'authentication' suboption 8 of the relay-agent information option 82 from this client. relay-agent-circuit-id blob Displays the circuit-id sub-option of the DHCP relay-agent information option 82 from this client.
If present, the contents of the RADIUS 'vendor-specific' attribute 26 that was contained in the RADIUS Attributes suboption 7 of the relay-agent information option 82 from this client. relay-agent-remote-id blob Displays the remote-id sub-option of the DHCP relay-agent information option 82 from this client. relay-agent-server-id-override ipaddr Displays the IP address in the server-id-override sub-option of the DHCP relay-agent information option 82 from this client.
Names the Dns update configuration object used to perform dynamic DNS update on a reverse zone. scope-name nameref(Scope) A reference to the scope that contains this lease. start-time-of-state date Displays the time the state changed to its current value. state enumint(available=1, offered=2, leased=3, expired=4, unavailable=5, released=6, otheravailable=7, pending-available=8) Displays the current state of the lease. 1 available The lease is not currently leased by any client.
This string value is associated with the lease in order to allow customer applications to relate the lease record to other databases. It is not used directly by the DHCP server, but may be read and written by extensions and expressions. vendor-class-id string Displays the vendor-class-id as offered in a DHCP request option 60. vpn-id int default = 0, immutable Displays the identifier of the DHCP VPN that contains this lease.
# Clustername Username Password clusters=host1 admin passwd1, host2 admin2,host3, host4 admin4 passwd4 Follow these guidelines for specifying clusters: - Separate cluster specifications from each other with commas. - Separate arguments for a particular cluster by whitespace. - For long lines use continuation lines; you do not continuation escape indicators. - Optionally, specify a user name and password for the cluster.
leasing-only Specifies that only scopes that can currently offer leases are reported. mail-host On NT, you must specify a mail-host. On Solaris the mail host is generally already configured for the sendmail program. You can verify that your Solaris system is properly configured by issuing the command "date | mail " and observing whether or not the date is emailed to you.
lease6 list [-duid=] [-lookup-key= [-blob|-string]] [-macaddr=] [-cm-macaddr=] [-vpn=] [-count-only] lease6 [/] [show] lease6 [/] get lease6 [/] activate lease6 [/] deactivate lease6 [/] force-available lease6 [/] reconfigure [renew|rebind|information-request] [-unicast|-via-relay] Description The lea
Status See Also session Attributes binding-end-time date Within the lease database, this holds the time when a lease binding ended. binding-iaid int The IAID of the binding. binding-rebinding-time date Displays the earliest time when the server requested the client to issue a Rebind request for the binding. binding-renewal-time date Displays the earliest time when the server requested the client to issue a Renew request for the binding.
Determines the type of the client-lookup-key attribute. client-reconfigure-key blob The 128-bit key required for Reconfigure Messages to the client per the RFC 3315 Reconfigure Key Authentication Protocol. client-reconfigure-key-generation-time date The time at which the client-reconfigure-key was generated. client-relay-address ip6addr If present, displays the source address from the most recently received Relay-Forw message. If not present, the client communicated directly to the server.
Flags for the lease: 1 reserved The lease is reserved for some client DUID. The table that relates DUID addresses to leases is in the prefix. 3 deactivated The lease is deactivated, which means that it should not be used. Any client which is using a deactivated lease will be told to stop using that address on the next renewal. For internal use only: initialized valid not_in_range forward-dnsupdate nameref(DnsUpdateConfig) Names the forward zone's DNS Update Configuration object for the lease.
start-time-of-state date Sets the time when the state last changed to its current value. state enumint(available=1, offered=2, leased=3, expired=4, unavailable=5, released=6, revoked=10) Displays the current state of the lease: 1 available The lease is not currently leased by the client. 2 offered The lease is offered to the client.
license license license license license license license create delete list listnames [show] get showUtilization Description The license command allows you to view, create, or delete the FLEXlm licenses for the cluster. The command (showUtilization) also allows you to view the number of utilized IP nodes against the RTU's (Right-to-Use). NOTE: The license command uses a different syntax when connected to releases prior to 7.0.
link listPrefixNames link applyTemplate [] Description The link command configures IPv6 network links. Links group IPv6 prefixes (see the prefix command) together. Links are required if multiple prefixes share the same physical link. When creating a link using a template, specify - for the to allow the link template's link-name-expr to name the link. Examples Status See Also link-template, prefix Attributes description string Describes the link.
prefix-list obj(Prefix) Lists the prefixes to be associated with the link. This attribute is used to add or modify the link and its prefixes in a single database action. All objects must be valid, or none will be accepted. The associated prefixes will be stored separately, and will not be returned in the parent link object. region nameref(CCMRegion) Identifies the region for this link, referenced by name. Regions can be used to limit administrative access by region.
The link-policy command lets you configure a DHCP policy embedded in a DHCP link. An embedded policy is a collection of DHCP option values and settings that are associated with (and named by) another object -- in this case a link. You create a link-policy when you first reference it, and you delete it when you delete the link. To set individual option values use the setV6Option command; to unset option values, the unsetV6Option command; and to view option values, the getV6Option and listV6Options commands.
Gives the server control over the lease period. Although a client can request a specific lease time, the server need not honor the request if this attribute is set to false (the default). Even if set to true, clients can request only lease times that are shorter than those configured for the server. allow-non-temporary-addresses bool default = true Determines whether DHCPv6 clients can request non-temporary (IA_NA) addresses. The default is to allow clients to request non-temporary addresses.
Enables the DHCP server to set the server-id option on a DHCPOFFER and a DHCPACK to the giaddr of the incoming packet, instead of the IP address of the server (the default action). This causes all unicast renews to be sent to the relay agent instead of directly to the DHCP server, and so renews arrive at the DHCP server with option-82 information appended to the packet.
Indicates whether leases using this policy are permanently granted to requesting clients. If leases are permanently granted, the dhcp-lease-time will be "infinite." preferred-lifetime time default = 1w Assigns the default and maximum preferred lifetime for leases to DHCPv6 client interfaces. Expressed in seconds and relative to the time the server sent the packet, this attribute sets the length of time that the address is preferred; that is, its use is unrestricted.
came from a link-local address. reverse-dnsupdate nameref(DnsUpdateConfig) Specifies the name of the update configuration that determines which reverse zones to include in a DNS update. server-lease-time time Tells the server how long a lease is valid. For more frequent communication with a client, you might have the server consider leases as leased for a longer period than the client considers them. This also provides more lease-time stability.
Assigns the default and maximum valid lifetime for leases to DHCPv6 client interfaces. Expressed in seconds and relative to the time the server sent the packet, this attribute sets the length of time that an address remains valid. When this period of time expires, the address becomes invalid and unusable. The valid lifetime must be greater than or equal to the preferred lifetime.
free-address-config nameref(AddrTrapConfig) Identifies which trap captures unexpected free address events on this link. If this attribute is not configured, the server looks for the v6-default-free-address-config on the DHCPServer object. link-description-expr expr An expression to define the description on the link object created when using the template. link-name-expr expr An expression to define the name of the link object created when using the template.
link-template-policy delete link-template-policy set = [= ...
affinity-period time Associates a lease in the AVAILABLE state with the client that last held the lease. If the client requests a lease during the affinity period, it is granted the same lease; that is, unless renewals are prohibited, then it is explicitly not given the lease.
The default is not to allow clients to use Rapid Commit. allow-temporary-addresses bool default = true Determines whether DHCPv6 clients can request temporary (IA_TA) addresses. The default is to allow clients to request temporary addresses. default-prefix-length rangeint(0-128) default = 64 For delegation, specifies the default length of the delegated prefix, if a router (client) does not explicitly request it. The default length must always be less than or equal to the prefix length of the prefix range.
packet-file-name string Identifies the boot-file to use in the boot process of a client. The server returns this file name in the 'file' field of its replies. The packet-file-name cannot be longer than 128 characters. packet-server-name string Identifies the host-name of the server to use in a client's boot process. The server returns this file name in the 'sname' field of its replies. The packet-server-name field cannot be longer than 64 characters.
reconfigure-via-relay bool default = false Controls whether the server should prefer unicasting or relaying DHCPv6 Reconfigure messages. If false (the default), the server prefers to unicast Reconfigure messages if the client has one or more valid statefully assigned addresses. If true, the server prefers to send Reconfigure messages via the relay agent unless no relay agent information is available.
v4-bootp-reply-options optionid4 Lists the options the server returns to all BOOTP clients. v4-reply-options optionid4 Lists the options the server returns to all DHCPv4 clients, whether or not the client specifically asks for the option data. v6-reply-options optionid6 Lists the options that should be returned in any replies to DHCPv6 clients. This attribute has special handling during the policy hierarchy processing when checking the Prefix policies (embedded or named) for the Prefixes on a Link.
The option command configures option definitions. Use reserved names as follows: dhcp-config and dhcp6-config to view currently configured option sets for DHCPv4 and DHCPv6 respectively. dhcp-custom and dhcp6-custom to view/add/modify/delete custom option definitions. NOTE: you may also use dhcp-config and dhcp6-config to add/modify/delete custom option definitions. These names are used to operate on the respective custom set.
This attribute provides for the optional subdivision of option data into nested sub-option objects. This is not used for storing DHCP server configuration, but may be useful in other uses of TLV based values.
custom option definition is created. Use the command unset if you wish to clear all custom option definitions. Use 8-bit to create a dhcpv4 vendor option definition set. Use 16-bit to create a dhcpv6 vendor option definition set. Examples Status See Also owner owner - Configures owners Synopsis owner owner owner owner owner owner owner owner create [=] delete list listnames show set = [= ...
name string required Displays the full name, or printable name, for this owner. organization nameref(CCMOrganization) Specifies the organization name required for ARIN reporting purposes. tag string required,unique Displays a unique tag name for this owner. Typically, it is a short name referring to this owner. prefix prefix - Configures IPv6 network prefixes for use in DHCPv6 Note: dhcp-prefix is a synonym for compatibility with earlier versions of Network Registrar.
nrcmd> prefix example-pref create ff00::/8 nrcmd> prefix example-pref set address=ff00::/10 Status See Also link, prefix-template Attributes address prefix required,immutable Identifies a prefix (subnet) that an interface belongs to using the high-order bits of an IPv6 address.
Controls whether a prefix extends leases to clients. A deactivated prefix does not extend leases to any clients. It treats all addresses in its ranges as if they were individually deactivated. Default, false (active). description string Describes the prefix. dhcp-type enumint(stateless=0, dhcp=1, prefix-delegation=2, infrastructure=3, parent=4) default = dhcp Defines how DHCP manages address assignment within a prefix: stateless Prefix is used only for stateless option configuration.
Associates an IPv6 prefix (subnet) with a link. Use this attribute to group prefixes that are on a single link. local-cluster oid Identifies the local DHCP cluster or failover pair for this regional prefix. max-leases rangeint(0-2000000) default = 65536 Sets the maximum number of non-reserved leases that the server will allow to exist on this prefix. When a new lease needs to be created, the server will only do so if the limit has not been exceeded.
Specifies the prefix length of the reverse zone for ip6.arpa updates. You do not need to specify the full reverse zone, because you can synthesize it by using the ip6.arpa domain. Use a multiple of 4 for the value, because ip6.arpa zones are on 4-bit boundaries. If not a multiple of 4, the value is rounded up to the next multiple of 4. The maximum value is 124, because specifying 128 would create a zone name without any possible hostnames contained within.
The prefix-policy command lets you configure a DHCP policy that is embedded in a DHCP prefix. An embedded policy is a collection of DHCP option values and settings associated with (and named by) another object -- in this case a prefix. A prefix-policy is created implicitly when you first reference it, and is deleted when the prefix is deleted.
Enables DHCP clients to perform DNS updates into two DNS zones. To support these clients, you can configure the DHCP server to allow the client to perform an update, but also to perform a DNS update on the client's behalf. allow-lease-time-override bool default = disabled Gives the server control over the lease period. Although a client can request a specific lease time, the server need not honor the request if this attribute is set to false (the default).
Enables the DHCP server to set the server-id option on a DHCPOFFER and a DHCPACK to the giaddr of the incoming packet, instead of the IP address of the server (the default action). This causes all unicast renews to be sent to the relay agent instead of directly to the DHCP server, and so renews arrive at the DHCP server with option-82 information appended to the packet.
Indicates whether leases using this policy are permanently granted to requesting clients. If leases are permanently granted, the dhcp-lease-time will be "infinite." preferred-lifetime time default = 1w Assigns the default and maximum preferred lifetime for leases to DHCPv6 client interfaces. Expressed in seconds and relative to the time the server sent the packet, this attribute sets the length of time that the address is preferred; that is, its use is unrestricted.
came from a link-local address. reverse-dnsupdate nameref(DnsUpdateConfig) Specifies the name of the update configuration that determines which reverse zones to include in a DNS update. server-lease-time time Tells the server how long a lease is valid. For more frequent communication with a client, you might have the server consider leases as leased for a longer period than the client considers them. This also provides more lease-time stability.
Assigns the default and maximum valid lifetime for leases to DHCPv6 client interfaces. Expressed in seconds and relative to the time the server sent the packet, this attribute sets the length of time that an address remains valid. When this period of time expires, the address becomes invalid and unusable. The valid lifetime must be greater than or equal to the preferred lifetime. prefix-template prefix-template - Configures a prefix template.
Controls the algorithms used by the server to select a new address or prefix to lease to a client. The available algorithms are: client-request This setting (off by default) controls whether the server uses a client requested lease. reservation This setting (on by default) controls whether the server uses an available reservation for the client.
embedded-policy obj(0) Specifies an policy embedded. Note: When the template is applied, this will replace the entire embedded-policy in the prefix. expiration-time date Sets the time and date on which a prefix expires. After this date and time, the server neither grants new leases nor renews existing leases from this prefix. Once the expiration-time has passed, the prefix is no longer used (though old leases and leases with grace or affinity periods continue to exist until those periods elapse).
Identifies the owner of this prefix, referenced by name. Owners can be used to limit administrative access to prefixes by owner. If the prefix has an associated link, the owner of the associated link will apply, if it is set. If there is no associated link, or the link owner is unset, the owner of the parent prefix will apply, if the prefix owner is unset. policy nameref(Policy) Refers to a shared policy to use when replying to clients.
prefix-template-policy prefix-template-policy = [= prefix-template-policy prefix-template-policy prefix-template-policy prefix-template-policy delete set prefix-template-policy prefix-template-policy prefix-template-policy prefix-template-policy setV6Option getV6Option unsetV6Option listV6Options ...
affinity-period time Associates a lease in the AVAILABLE state with the client that last held the lease. If the client requests a lease during the affinity period, it is granted the same lease; that is, unless renewals are prohibited, then it is explicitly not given the lease.
The default is not to allow clients to use Rapid Commit. allow-temporary-addresses bool default = true Determines whether DHCPv6 clients can request temporary (IA_TA) addresses. The default is to allow clients to request temporary addresses. default-prefix-length rangeint(0-128) default = 64 For delegation, specifies the default length of the delegated prefix, if a router (client) does not explicitly request it. The default length must always be less than or equal to the prefix length of the prefix range.
packet-file-name string Identifies the boot-file to use in the boot process of a client. The server returns this file name in the 'file' field of its replies. The packet-file-name cannot be longer than 128 characters. packet-server-name string Identifies the host-name of the server to use in a client's boot process. The server returns this file name in the 'sname' field of its replies. The packet-server-name field cannot be longer than 64 characters.
reconfigure-via-relay bool default = false Controls whether the server should prefer unicasting or relaying DHCPv6 Reconfigure messages. If false (the default), the server prefers to unicast Reconfigure messages if the client has one or more valid statefully assigned addresses. If true, the server prefers to send Reconfigure messages via the relay agent unless no relay agent information is available.
v4-bootp-reply-options optionid4 Lists the options the server returns to all BOOTP clients. v4-reply-options optionid4 Lists the options the server returns to all DHCPv4 clients, whether or not the client specifically asks for the option data. v6-reply-options optionid6 Lists the options that should be returned in any replies to DHCPv6 clients. This attribute has special handling during the policy hierarchy processing when checking the Prefix policies (embedded or named) for the Prefixes on a Link.
policy policy policy policy setV6Option getV6Option unsetV6Option listV6Options policy policy policy policy setVendorOption getVendorOption unsetVendorOption listVendorOptions policy policy policy policy setV6VendorOption ge
policy listVendorOptions The setVendorOption and getVendorOption commands are used to set and get vendor-specific option data on the policy. These commands require an option name and the name of a vendor-specific option definition set. The unsetVendorOption command removes the data for the specific vendor option. The listVendorOptions command displays all vendor-option data that is set in the policy. The listing includes the name of the option-definition set that was used to define the data.
Determines if a client is allowed to update A records. If the client sets the flags in the FQDN option to indicate that it wants to do the A record update in the request, and if this value is TRUE, the server allows the client to do the A record update; otherwise, based on other server configurations, the server does the A record update. allow-dual-zone-dns-update bool default = disabled Enables DHCP clients to perform DNS updates into two DNS zones.
Specifies the name of the update configuration that determines which forward zones to include in updates. forward-zone-name dname Designates an optional forward zone for DNS updates. giaddr-as-server-id bool default = false Enables the DHCP server to set the server-id option on a DHCPOFFER and a DHCPACK to the giaddr of the incoming packet, instead of the IP address of the server (the default action).
Identifies the IP address of the next server in the client boot process. For example, this might be the address of a TFTP server used by BOOTP clients. The server returns this address in the 'siaddr' field of its replies. permanent-leases bool default = disabled Indicates whether leases using this policy are permanently granted to requesting clients. If leases are permanently granted, the dhcp-lease-time will be "infinite.
Controls whether the server should prefer unicasting or relaying DHCPv6 Reconfigure messages. If false (the default), the server prefers to unicast Reconfigure messages if the client has one or more valid statefully assigned addresses. If true, the server prefers to send Reconfigure messages via the relay agent unless no relay agent information is available.
Lists the options the server returns to all BOOTP clients. v4-reply-options optionid4 Lists the options the server returns to all DHCPv4 clients, whether or not the client specifically asks for the option data. v6-reply-options optionid6 Lists the options that should be returned in any replies to DHCPv6 clients. This attribute has special handling during the policy hierarchy processing when checking the Prefix policies (embedded or named) for the Prefixes on a Link.
See Also Attributes contact string The contact information for this region. name string required The full name or printable name for this region. tag string required,unique The unique tag name for this region. Typically a short name referring to this region. remote-dns remote-dns - Specifies information about remote DNS servers for IXFR Synopsis remote-dns remote-dns remote-dns remote-dns remote-dns remote-dns list listnames [/] create [=...
See Also Attributes ixfr bool default = disabled, required Indicates whether or not a foreign server supports incremental transfer and should be queried for incremental (IXFR) before full (AXFR) when asking for zone transfers. Although unwittingly setting this to true is generally harmless, doing so may result in additional transactions to accomplish a zone transfer. key dname Specifies which key to use when communicating with the remote DNS server.
summarizes the data from all the subnets.
deactivated Examples report report file=myreport.txt Status See Also export addresses, lease-notification, session current-vpn Report Keywords column-separator Specifies the character string you want used between the columns in the report. The default is a single space. If you specify more than one space, you must use a backslash (\) to allow the extra spaces, and if you enter the spaces on the command line, use quotation marks.
reservation - Configures DHCPv4 reservations Synopsis reservation [/] create (|) [-mac|--blob|-string] [attribute=...] reservation [/] delete reservation [/] get reservation [/] set attribute=...
Sets the contents of DHCP option-82 (relay-agent-info) remote-id (sub-option 2) to be the value of the cable-modem's MAC address. When using the CMTS source-verify capability, a DHCPv4 leasequery response must contain a valid option-82 with the cable-modem's MAC address in the remote-id (sub-option 2).
reservation6 [/] create [--blob|-string] [attribute=...] reservation6 [/] delete reservation6 [/] get reservation6 [/] set attribute=... reservation6 [/] unset reservation6 [/] show reservation6 list [[/]|-key] Description The reservation6 command lets you manipulate Network Registrar's global list of DHCPv6 reservations.
ip6address ip6 required,immutable Specifies the IPv6 address for the reservation. lookup-key blob required Specifies the sequence of bytes that is the key for this reservation object. The type for this key is set in the lookup-key-type attribute. lookup-key-type int required Identifies the data dictionary type for the value in the lookup-key attribute. It may take on the values of AT_NSTRING or AT_BLOB. prefix nameref(Prefix) Identifies the prefix for this reservation.
Status See Also group, admin Attributes all-sub-roles bool default = true Controls whether to ignore the sub-role attribute for this attribute. If this attribute is unset, or if it is set to true, then the server ignores the value of the sub-roles attribute and this subrole is authorized for all sub-roles. If this attribute is false, then the sub-roles attribute provides the list of subroles for which this role instance is authorized.
attribute set to true, then subrole authorization for that role is for all subroles. unconstrained bool default = false Indicates that this role has no other constraints beyond the list of operations it can perform. router router - Configures a router Synopsis router router router router router router router router create [= ...] delete list listnames show get set => [= ...
Sets the enable password, in clear-text form. Avoid this field in normal use and never send the password over insecure links. Use this field to provide the clear-text password to the RIC server which intentionally does not have access to the secret storage module. enable-secret secret Identifies the secret containing the clear-text password for enabling super-user access to the router. interfaces obj(CCMRouterInterface) transient Lists objects describing the interfaces associated with this router.
Controls the region associated with this object. This region field is used to group similarly located routers and can be used to limit administrative access. type nameref(CCMRouterType) Specifies the type of the router. This is needed so that the RIC server can use the correct implementation of the router-specific interface. use-ssh enumint(disabled=0, optional=1, required=2) default = 1 Specifies whether the RIC server should (or must) use SSH when communicating with the router.
See Also router, router-interface-type Attributes bundle-id int The id of the bundle for grouping bundled interfaces. cable-dhcp-giaddr enumint(policy=2, primary=1, not-present=0) default = 0 The setting for giaddr selection in cable interfaces. cable-helper ipaddr The list of ip addresses stored as the cable-helper value on the interface. description string The description of this interface. ip-helper ipaddr The list of ip addresses stored as the ip-helper value on the interface.
The enabled/disabled state of this interface. router-login-template router-login-template - Configures login-templates for Routers. Synopsis router-login-template router-login-template router-login-template router-login-template router-login-template router-login-template router-login-template list create = [= ...] delete set = [= ...
The string that is used as the username prompt by the router. router-type router-type - Displays the available router types Synopsis router-type list router-type listnames Description The router-type command displays the available router types. Examples Status See Also router Attributes description string The description of this router type. java-class-name string required The java class name for an implementation of com.cisco.cnr.ricsrv.IRouter that can communicate with this type of router.
save Description The save command saves the current configuration changes to the database. Examples Status See Also scope scope - Specifies the scope's properties Synopsis scope list scope listnames scope create [template=] [=...] scope delete scope set = [= ...
Description The scope command lets you manipulate address ranges in the DHCP server. When creating a scope using a template, specify - for the to allow the scope template's scope-name to name the scope. scope listLeases The listLeases command lists the leases associated with this scope. scope addRange scope removeRange scope listRanges The addRange command adds a range of available addresses to the scope.
The applyTemplate command applies the specified scope-template to the scope. All properties configured on the scope-template are applied to the scope. scope report-staged-edits Displays a list of the scopes that have pending edits that have not been synchronized with the DHCP server. Note: The scope command manages a VPN through a virtual attribute: vpn [] (AT_STRING, Optional, default: ) Use this attribute to set or get the VPN ID by VPN name instead of by ID.
Assigns an order to scopes for allocating IP addresses. Acceptable scopes, with the highest allocation priority, grant IP addresses until the addresses are exhausted. You can mix scopes with an allocation-priority along with those without a priority in the same network. In this case, scopes with allocation priorities are examined for acceptability before those scopes with no allocation-priority. Lower numeric values have higher priorities, but an allocation-priority of 0 (the default) has no priority.
Tells DHCP how many bytes in a lease IP address to use when forming in-addr.arpa names. The server forms names in the in-addr zone by prepending dns-host-bytes of IP address (in reverse order) to the reverse zone name. If unset, the server synthesizes an appropriate value based on the scope's subnet size. dynamic-bootp bool default = disabled Controls whether the server will accept dynamic BOOTP requests for this scope.
Sets the number of milliseconds the DHCP server waits for ping responses. If you make this value too large, you slow down the lease offering processes. If you make this value too small, you reduce the effectiveness of pinging addresses before offering them. 300 milliseconds (the default value) is often the best choice. Only used if 'ping-clients' is enabled either for this scope or for the DHCP server. If not specified for the scope, the DHCP server's 'ping-timeout' is used as the default.
scope-policy scope-policy scope-policy scope-policy delete set = [= ...
policy, client-policy, client-class-policy, dhcp-address-block-policy, link-policy, link-template-policy, prefix-policy, prefix-template-policy, scope-template-policy Attributes affinity-period time Associates a lease in the AVAILABLE state with the client that last held the lease. If the client requests a lease during the affinity period, it is granted the same lease; that is, unless renewals are prohibited, then it is explicitly not given the lease.
Determines whether DHCPv6 clients can use a Solicit with the Rapid Commit option to obtain configuration information with fewer messages. To permit this, make sure that a single DHCP server is servicing clients. This attribute has special handling during the policy hierarchy processing when checking the Prefix policies (embedded or named) for the Prefixes on a Link. The Prefixes for the Link are processed in alphabetic (case blind) order. For each Prefix, the embedded and then named policy are checked.
Causes the server to reject all renewal requests, forcing the client to obtain a different address any time it contacts the DHCP server. inhibit-renews-at-reboot bool default = false Permits clients to renew their leases, but the server forces them to obtain new addresses each time they reboot. limitation-count int Specifies the maximum number of clients with the same limitation-id that are allowed to have currently active and valid leases.
Controls DHCPv6 client reconfiguration support: 1 allow Allows clients to request reconfiguration support and the server will honor the request (default). 2 disallow Allows clients to request reconfiguration support but the server will not honor the clients' request. 3 require Requires clients to request reconfiguration support and the server drops client Solicit and Request messages that do not include a Reconfigure-Accept option.
split-lease-times bool default = disabled Specifies a value that the DHCP server might use internally to affect lease times. If enabled, the DHCP server still offers clients lease times that reflect the configured lease-time option from the appropriate policy; but the server bases its decisions regarding expiration on the 'server-lease-time' value. unavailable-timeout time default = 24h Permits the server to make a lease unavailable for the time specified and then to return the lease to available state.
scope-template - Configures a scope template Synopsis scope-template scope-template scope-template scope-template scope-template create [= ...] delete set = [= ...] get unset scope-template disable scope-template enable scope-template show scope-template create clone= scope-template apply-to [,...
You can use the allocation-priority to assign an ordering to scopes, such that allocation of IP addresses will take place from acceptable scopes with a higher priority until the IP addresses in all those scopes are exhausted. An allocation-priority of 0 is treated as not having an allocation-proiority. You can mix scopes with an allocation-priority along with those without an allocation-priority (or with an allocation-priority of 0, which is the same thing) in the same network.
dns-host-bytes rangeint(1-4) This value tells DHCP how many of the bytes in a lease's IP use when forming in-addr.arpa names. The server forms names in-addr zone by prepending dns-host-bytes of IP address (in order) to the reverse zone name. If this is unset, the server will synthesize an appropriate based on the scope's subnet size. address to in the reverse value dynamic-bootp bool Controls whether the server will accept dynamic BOOTP requests for this scope.
The number of milliseconds the DHCP server should wait for ping responses. If you make this value too large, you will slow down the lease offering processes. If you make this value too small, you will reduce the effectiveness of pinging addresses before offering them. policy nameref(Policy) default = default The name of the policy associated with this scope. ranges-expr expr An expression to define the list of scope ranges to be created for a scope object.
scope-template-policy - Edits a DHCP policy embedded in a scopetemplate Synopsis scope-template-policy delete scope-template-policy set = [= ...
See Also policy, client-policy, client-class-policy, dhcp-address-block-policy, link-policy, link-template-policy, prefix-policy, prefix-template-policy, scope-policy Attributes affinity-period time Associates a lease in the AVAILABLE state with the client that last held the lease. If the client requests a lease during the affinity period, it is granted the same lease; that is, unless renewals are prohibited, then it is explicitly not given the lease.
Determines whether DHCPv6 clients can use a Solicit with the Rapid Commit option to obtain configuration information with fewer messages. To permit this, make sure that a single DHCP server is servicing clients. This attribute has special handling during the policy hierarchy processing when checking the Prefix policies (embedded or named) for the Prefixes on a Link. The Prefixes for the Link are processed in alphabetic (case blind) order. For each Prefix, the embedded and then named policy are checked.
Causes the server to reject all renewal requests, forcing the client to obtain a different address any time it contacts the DHCP server. inhibit-renews-at-reboot bool default = false Permits clients to renew their leases, but the server forces them to obtain new addresses each time they reboot. limitation-count int Specifies the maximum number of clients with the same limitation-id that are allowed to have currently active and valid leases.
Controls DHCPv6 client reconfiguration support: 1 allow Allows clients to request reconfiguration support and the server will honor the request (default). 2 disallow Allows clients to request reconfiguration support but the server will not honor the clients' request. 3 require Requires clients to request reconfiguration support and the server drops client Solicit and Request messages that do not include a Reconfigure-Accept option.
split-lease-times bool default = disabled Specifies a value that the DHCP server might use internally to affect lease times. If enabled, the DHCP server still offers clients lease times that reflect the configured lease-time option from the appropriate policy; but the server bases its decisions regarding expiration on the 'server-lease-time' value. unavailable-timeout time default = 24h Permits the server to make a lease unavailable for the time specified and then to return the lease to available state.
server - Configures and controls the server objects Synopsis The server keyword is optional. You can enter all commands starting with just the server type ().
nlogs and logsize. Either or both may be specified in the command, and changes occur only to the one(s) specified. When setting logsize, the value may be suffixed with K or M to signify units of thousands or millions. Note that in order for these changes to take effect you must save the changes and restart the server agent.
The session command lets you view and set session parameters, such as the session visibility and the default output format of your nrcmd program session. The listNetInterfaces command returns a list of the network interfaces that are present on the machine running Network Registrar. Both IPv4 and IPv6 interfaces are included. The log command closes the currently open log file, if any, and opens a new log file to which subsequent output is written if a filename is specified.
per line. script - Show objects in script friendly form: one object per line. dhcp-edit-mode (formerly scope-edit-mode) The edit mode currently in effect when editing DHCP scopes and reservations. The valid values are 'staged' and 'synchronous' (or 'sync'). The value 'default' will use the value configured at the CCM server. This feature only appears in Network Registrar 6.2 and later releases. dns-edit-mode (formerly zone-edit-mode) The edit mode currently in effect when editing CNR zones.
See Also snmp snmp - Configures and controls the SNMP server Synopsis snmp disable snmp enable snmp snmp snmp snmp get set = [= ...] unset [show] Description The snmp command configures the Network Registrar SNMP server. The SNMP server makes some Network Registrar statistics available to SNMP clients, and generates SNMP traps based on the status of the other Network Registrar servers.
The name of the server (constant for now). server-active bool default = true If 'true', the server will run when it is started. If 'false', the server will not run when it is started. trap-source-addr ipaddr An optional address to use as the sender address in outgoing SNMP trap packets.
The IP address and subnet mask of an interface that the SNMP server should use. name string required,unique,immutable subnet subnet - Describes a contiguous range of IP address space in the address-space model Synopsis subnet subnet subnet subnet subnet [/] create [/] delete list listnames show subnet get subnet set = [= ...
Determines the correct in-addr.arpa name to create, when creating reverse zones from a subnet. Based on this value and the subnet size, either a new reverse zone is created, or delegation records are put into the parent reverse zone. If unset, the server synthesizes an appropriate value based on the subnet size. This value parallels the dns-host-bytes attribute in the Scope class. failoverpair oid For DHCP allocation, assigns a subnet to a CCMFailoverPair or to a single CCMCluster object.
Specifies the subnet. VPN that contains the subnet address for this sync-from-dns sync-from-dns - Synchronizes CCM from DNS Synopsis sync-from-dns Description The sync-from-dns command rebuilds CCM management databases from the DNS server. Live server RR data may have the potential, over time, to go out of synchronization with the managed host data, particularly if live RRs are managed both locally and regionally.
The tftp command lets you configure the TFTP server in the cluster. The serverLogs show command displays the number of log files and the maximum size for each file. The serverLogs command allows you to set the two server logging parameters,nlogs and logsize. You can set one parameter or both. Changes occur only to the one or ones specified. When setting logsize, you can add the suffix K or M signify units of thousands or millions.
Specifies a path to a cache directory the TFTP server will use to find the files to put into cache. Upon start up the TFTP server will load all the files located in this directory into cache. file-cache-max-memory-size rangeint(0-2147483647) default = 32000 Specifies the maximum number of bytes available to the server for file-caching. Valid range: 0-2147483647 home-directory string Specifies a path to a home directory the TFTP server will use to resolve TFTP requests.
Specifies the user name the TFTP server will use when connecting to an LDAP server. log-level rangeint(0-4) default = 3 Specifies the level of verbosity the TFTP server will employ when writing log messages to the TFTP server log file. Each integer value from 0 through 4 enables the following log levels: None, Error, Warning, Information and Activity.
Specifies a comma separated list of paths the TFTP server will use to resolve TFTP requests. If use-home-directory-as-root is enabled, the paths in the search list are ignored and the home directory is used to resolve all TFTP requests. session-timeout rangeint(1-2147483647) default = 20 Specifies the maximum length of time the TFTP server will wait after transmitting the initial response before giving up retrying on that response.
The tftp-interface command configures network interfaces for use by the Network Registrar TFTP server. The TFTP interface logically represents the hardware interface (for example, an Ethernet or Token Ring network interface card) that the TFTP server uses. The TFTP server uses the configured address information to determine which interface to use to send and receive packets. If there are no defined interfaces, the server discovers and uses all available interfaces on the system.
Description The trap-recipient command configures management stations to which the Network Registrar SNMP server sends trap messages. The traps to be generated are set on the DNS and DHCP server traps-enabled attribute. Examples nrcmd> trap-recipient example-recipient create nrcmd> trap-recipient example-recipient set ip-addr=192.168.0.34 Status See Also dhcp, dns, addr-trap Attributes agent-addr ipaddr An IP address to use as the source agent-address in traps sent to this recipient.
The update-policy command lets you configure DNS update-policies. The most significant property of an update policy is an ordered list of rules. The rules are used to restrict or permit updates to DNS names. When adding a new rule, enclose the complete string in quotation marks. Use the backslash (\) to allow square brackets ([ ]) in the rule. Note: If an update ACL has been configured on the zone, any update-policy configuration is ignored.
? Will match a single character. For example, the pattern zone?.com matches zone1.com, zone2.com, etc but does not match zone.com [...] Will match any characters listed within the brackets. For example, you can provide a range such as 0-9 or a-z. If the pattern also includes the - character, make it the first character in the list (i.e. dhcp[-a-z]*) rr-types: A comma delimited list of RR types for this rule. Each RR type can also be negated using the exclamation point (i.e. !A,!TXT).
Status See Also Attributes addr-blocks-default-selection-tags string Specifies the default selection tag (or list of tags) that will be associated with incoming subnet-allocation requests in this vpn that do not contain any subnet name data. No default. addr-blocks-use-client-affinity bool Determines whether the DHCP server attempts to allocate subnets to clients using address-blocks that the clients have already used. Default is true (enable).
The VPN's VRF name. zone zone - configures a DNS zone Synopsis zone create primary file= [template=] zone create primary [template==...] zone create secondary [=...] zone delete zone list zone listnames zone set = [= ...
The zone command lets you create and edit DNS zones. The name of the zone may be an IPv4 subnet (
/), IPv6 prefix (/), prefix name (the prefix address is used), or DNS name. zone addHost [ ...] zone removeHost zone listHosts The addHost command adds a host with a given name, address and optional aliases to the zone. The removeHost command removes a host from the zone.is valid only for pre-6.2 clusters. zone protect-name|unprotect-name> The protect-name/unprotect-name command sets the protection status of the resource records for the name. Protected names cannot be updated using DNS update requests. zone forceXfer secondary The forceXfer command forces a full zone transfer of a secondary zone, regardless of the zone serial number, to synchronize DNS data store.
Attributes checkpoint-interval rangetime(60m-1w) default = 3h Sets the number of seconds that elapse between saves of zone data. When the interval expires, Network Registrar takes a snapshot of the zone data and records it in the zone checkpoint database. checkpoint-min-interval rangetime(60s-45m) Specifies the minimum amount of time required (in seconds) between the time the first checkpoint occurs and the second checkpoint starts. This attribute applies only to zones with dynamic resource records.
Displays the fully-qualified domain name of the primary name server for this zone. This host is the original, or primary source, of data for this zone. nsttl dnsttl Displays the ttl value applied to the NS resource records of the zone. origin dname required,immutable Displays the fully-qualified name of the zone's root. The zone name. owner objref(CCMOwner) Names the owner of this zone. Use the owner field to group similarly owned zones and to limit administrative access.
scvg-enabled bool default = false Enables dynamic resource-record scavenging for the zone. This attribute removes stale records when clients are configured to perform DNS updates but do not delete their entries when they're no longer valid. If the DHCP server is used to perform updates, it will also delete records when client leases expire. Scavenging should not be enabled on these zones.
serial int required Displays an administratively specified serial number. The serial number value must always increase; therefore, this serial number is only applied to the zone if it is greater than the actual (dynamic) serial number. soattl dnsttl Displays the time-to-live (ttl) value applied to the SOA resource record of the zone. subzone-forward enumint(normal=0, no-forward=1) default = normal Specifies whether subzones use forwarders or not.
The zone-dist command lets you define and manage zone distribution configurations. On local clusters, the zone-dist sync command synchronizes staged edits to the DNS server and synchronizes primary zones to secondaries. Regardless of the mode selected, the exact list of authoritative zones (primary and secondary) is synchronized with the DNS server.
Configures secondary zones to enable incremental transfer requests. When set, this attribute overrides the dns server global ixfr-enable value. Using the server global value (not setting this value per-zone) enables you to easily globally turn incremental transfers on or off or to set a set a general policy for your zones and specific exceptions to the server global value. 1 enable Permits incremental transfers for this zone. 2 disable Prohibits incremental transfers for this zone.
Provides an optional list of servers to notify when a secondary zone changes. Use with the notify attribute to configure secondary zones. All servers listed in NS records for the zone, with the exception of the server described by the NS property of the zone (the mname field of the SOA record) receive notifications. Servers listed in the notify-set attribute are also notified. primary oid(CCMCluster) Identifies the cluster or HA DNS pair serving the primary zones associated with this zone distribution map.
restrict-xfer-acl amelist Configures the access control list that designates which devices receive zone transfers from the specified zone. Use with the restrict-xfer attribute if use-server-settings is set. zone-template zone-template - Configures a zone template Synopsis zone-template zone-template zone-template zone-template zone-template create [= ...] delete set = [= ...
Controls the default TTL value used for resource records in a zone that do not specify a TTL. dist-map oid Associates a zone distribution map with a zone. The map describes the primary and secondary DNS servers that provide DNS service for this zone. dynamic bool Enables RFC 2136 dynamic updates to the zone. of these updates is a DHCP server.
Identifies the owner of this zone. Use the owner field to group similarly owned zones and to limit administrative access. person string Specifies the mailbox for the hostmaster (person) in domain name form. The first label is a user or mail alias, the rest of the labels are a mail destination. A mailbox of hostmaster@test.com would be represented as: hostmaster.test.com.
Enables dynamic resource-record scavenging for the zone. Use this feature to remove stale records that arise when clients are configured to perform DNS updates, but do not delete their entries when they are no longer valid. If the DHCP server performs updates, it also delete records when client leases expire. Scavenging should not be enabled on these zones. scvg-ignore-restart-interval rangetime(2h-24h) Ensures that the server does not reset the scavenging time whenever a server restarts.
subzone-forward enumint(normal=0, no-forward=1) default = normal Specifies whether subzones use forwarders or not. When no-forward is set, any query for the zone will not be sent to the forwarder. This is an extended resolution exception. update-acl amelist Specifies the access control list for DNS updates to a zone, defined as an address match element list. The access control list is not applied to dynamic updates coming from the UIs.
Network Registrar CLI Reference Guide Using the nrcmd Program in Scripts You can use the nrcmd command to interactively configure and control a Cisco Network Registrar cluster, or you can use it as a programming interface for another program or script. Connecting to Network Registrar When you use the nrcmd command ,you connect to a Network Registrar cluster to read and write configuration data, read state data, and perform control operations.
Because nrcmd does a significant amount of processing at connect time, it is more efficient to perform multiple commands in a single session rather than to initiate a distinct connection and login for each command. The simplest way to have a single nrcmd session perform multiple commands is to create a batch file with one command per line and to redirect standard input from that file.
executing the set of scope commands in the scope.txt file in the previous example, you might want to ensure that the cluster is locked. # Quit if cluster cannot be locked session assert locked Command Syntax When you execute nrcmd commands that contain equal-signs, you must put them within quotation marks.
Network Registrar CLI Reference Guide CLI Codes and Formats Status Returns Network Registrar Error Codes Import and Export File Formats Status Returns The nrcmd program returns status information on the first line of information written to the standard output stream. If there is more data, nrcmd displays this information on additional lines. The first line consists of a numeric status that is followed by a human-readable error status. The status codes are all three-digit integer decimal numbers.
the command line interface will keep running in interactive mode. Fatal errors imply that something serious happened and that you must restart the Network Registrar command line processor. Network Registrar Error Codes Table 4-2 lists and describes the Network Registrar error codes. Table 4-2.
306 Unknown command 307 Unknown keyword 308 Unknown parameter 309 Too many arguments 310 Too few arguments 311 No response to lease request 312 Unexpected response from server 313 No match 314 Duplicate object 315 Import failure 316 Invalid 317 Open failed 318 No MAC address found 319 No lease found 320 Generic error 321 Invalid name 322 Feature not supported 323 Read error 324 Invalid IP address list 325 Invalid type
326 ODBC database access error 327 IP address not contained within pool subnet 328 Identical MX resource record already exists 329 Identical TXT resource record already exists 330 Address is not contained in pool 331 Host is already assigned to an address 332 Address is already assigned to a host 333 No unassigned IP address found in pool 334 Address has not been assigned to a host 335 Static address pools are not enabled, create a pool to enable 336 Range overlaps another pool 337 Ho
355 Can't set partner-down while in recover 356 Not allowed in read-only mode 357 Not a secondary 358 Not a primary 359 No zone matched 360 Forcexfer for this zone is already scheduled 361 Lease is not reserved 362 Scope unknown in server 363 Invalid IP address in server 364 Invalid MAC address in server 365 Failure creating MAC address in server 366 Unknown object in server 367 Command not supported by server 368 Bad length in server 369 Inconsistent scope in server 370 updat
375 updateSMS invalid argument 376 Lease is reserved to a different client 377 Client already reserved a different lease 378 Field name or number not found 379 Suboption name or number already exists 380 Suboption name or number not found 381 Invalid character `-' in vendor-option name 382 Data not found for vendor-option 383 Field name or number already exists 384 counted-array can only be used with array types 385 Read-only attribute cannot be modified 386 Required attribute cannot
395 Lease has no scope pointer -- internal error 396 Invalid vpn-id specification 397 Expression too long 398 Insufficient memory 401 Login failure 402 Permission denied 403 Couldn't lock database 404 Login required 405 Invalid license key 406 A lock is required for this operation 407 Unable to release lock 408 Unable to obtain lock 409 Couldn't lock static address pool 501 Connection failure 502 Server failure 503 Cluster version failure 504 Wrong license key type, local cl
507 Duplicate option name 508 Duplicate vendor-option-enterprise-id 509 Duplicate vendor-option-string 510 Version mismatch 511 No version found 512 Incomplete object 513 Incomplete attribute 514 Incomplete NLIST 515 Invalid repeat count Import and Export File Formats This section describes the import leases and export leases file format. The syntax is: field1|field2|field3|... The fields are listed next.
Start of lease time (GMT) (optional) Lease expiration time (GMT) (optional) Allowable extension time (GMT) (optional) Last transaction time (GMT) (optional) IP address of the DHCP server (optional) Host name (without domain) (optional) width=19 border=0>Domain name (optional) Client ID (optional) VPN (optional) Note: For all the time fields, you can use either the number of seconds since 1970, or day, month, date, time, year format (Mon Apr 13 16:35:48 1998).
Network Registrar Attribute Types AT_AMELST (amelist) A list of AddressMatchElement objects; structurally equivalent to AT_NLIST (AddressMatchElement). This specific type is provided to make generic parsing and unparsing work for attributes of this type. AT_ARRAY (array) A sequence of any other type. This attribute type is deprecated in favor of the more general AT_NLIST type. AT_ATTRTYPE (attrtype) A CNR attribute type, stored as an integer.
with the special meaning 'use the zone default'. AT_ENUMBYTE (enumbyt) An 8-bit integer with a fixed set of valid values. Each of the values can optionally have a string name associated with it. AT_ENUMINT (enumint) A 32-bit integer with a fixed set of valid values. Each of the values can optionally have a string name associated with it. AT_ENUMSHORT (enumshort) A 16-bit integer with a fixed set of valid values. Each of the values can optionally have a string name associated with it.
A 17-octet sequence representing an IPv6 address or address with prefix-length. It consists of 16 octets of address followed by an octet of 255 (for address) or the prefix-length (0-128). AT_IPADDR (ipaddr) A 32-bit IPv4 address. AT_IPKEY (ipkey) An IP address that can be associated with a port number and/or a required TSIG key name.
AT_NODE (dhcpnode) Deprecated. AT_NOLEN (no length) A DHCP option code with no length or value. For example: PAD or END. AT_NSTRING (nstr) A string that is stored as a counted sequence, and is not necessarily null-terminated. AT_OBJ (obj) A CNR object of any schema class. AT_OBJREF (objref) A reference to a specific class of object by OID. It is similar to an AT_OID, but adds the additional expectation that the referenced object has the specified class and does exist in the database.
AT_RANGEINT (rangeint) An AT_INT value that is restricted to a range of valid values. AT_RANGESHORT (rangeshort) An AT_SHORT value that is restricted to a range of valid values. AT_RANGETIME (rangetime) An AT_TIME value that has an associated range of valid values. AT_RDNSNAME (rdname) A relative DNS name, encoded in DNS wire format with counted labels. AT_REQUEST (dhcpreq) A DHCP REQUESTED_OPTIONS option, which the DHCP client uses to request option data by option number.
AT_STIME (stime) A signed version of the AT_TIME type that allows negative time spans. The main use of this type is for time-zone offsets that may be positive or negative. AT_STRING (string) A null-terminated sequence of ASCII bytes. AT_STRUCT (struct) Deprecated. AT_SUBNET (subnet) An IPv4 address and a count of the bits that comprise the network number. The address component will have its host bits set to 0. A similar type, AT_IPNET does not assume or require the host bits to be 0.