system

Required Command-Line Mode = Enable

Use the system command to restart or expedite the relaunching of individual system processes, enable secure cryptography mode, secure passwords mode, or configure arp/ndp refresh interval on the GigaVUE node.

The system command has the following syntax:

system
   

   process <process name>
      clusterd restart
      httpd restart
      ntpd restart
      restapid restart
      snmpd restart
      sshd restart
      ugwd restart
      wsmd restart
   security crypto enhanced

   security legacy

   security log martian

   security passwords
      enhanced
      login-blank
      min-length <length in characters>
   arp refresh-interval
   ndp refresh-interval

   stacking-mode legacy

   ztp

The following table describes the arguments for the system command:

Argument

Description

<process name>

Specifies the system process name.

   clusterd restart

Restarts the clustering daemon (clusterd) process or expedites the relaunching of this process. For example:

(config) # system process clusterd restart

Note:  This command only applies to cluster control. It does not affect traffic distribution.

   httpd restart

Restarts the HTTP server daemon (httpd) process or expedites the relaunching of this process. For example:

(config) # system process httpd restart

   ntpd restart

Restarts the NTP daemon (ntpd) process or expedites the relaunching of this process. For example:

(config) # system process ntpd restart

   restapid restart

Restarts the REST API daemon (restapid) process or expedites the relaunching of this process. For example:

(config) # system process restapid restart

   snmpd restart

Restarts the SNMP agent daemon (snmpd) process or expedites the relaunching of this process. For example:

(config) # system process snmpd restart

   sshd restart

Restarts the SSH daemon (sshd) process or expedites the relaunching of this process. For example:

(config) # system process sshd restart

   ugwd restart

Restarts the Unified Gateway daemon (ugwd) process or expedites the relaunching of this process. For example:

(config) # system process ugwd restart

   wsmd restart

Restarts the Web Session Manager daemon (wsmd) process or expedites the relaunching of this process. For example:

(config) # system process wsmd restart

security crypto enhanced

Enables the secure cryptography mode, which provides enhanced security on the management interface of the GigaVUE node.

For the secure cryptography mode to take effect, reload the GigaVUE node or cluster.

For example:

(config) # system security crypto enhanced

(config) # reload

or

(config) # system security crypto enhanced

(config) # cluster reload

Refer to the “Configuring Secure Cryptography Mode” section in the GigaVUE Administration Guide for details.

IMPORTANT: TLS version 1.2 is required for secure cryptography mode. When enabling secure cryptography mode, TLS version 1.2 is enabled by default. If you disable secure cryptography mode and want to change the TLS version, use GigaVUE‑OS CLI command: web server ssl min-version tls<version>.

security legacy

In legacy mode, the following algorithms are enabled in addition to the algorithms in the classic mode:

 

KexAlgorithms ecdh-sha2-nistp256

ecdh-sha2-nistp384

ecdh-sha2-nistp521

diffie-hellman-group14-sha256

diffie-hellman-group-exchange-sha256

diffie-hellman-group14-sha1

MACs hmac-sha2-512

hmac-sha2-256

hmac-sha1

 

MACs hmac-sha2-512,hmac-sha2-256,hmac-sha1

 

By default the device is in classic mode, the following algorithms are enabled:

KexAlgorithms ecdh-sha2-nistp256

ecdh-sha2-nistp384

,ecdh-sha2-nistp521

diffie-hellman-group14-sha256

MACs hmac-sha2-512

hmac-sha2-256

 

MACs hmac-sha2-512,hmac-sha2-256

 

Note:  This configuration is allowed only when system is running in the classic mode. To check the system mode use show system security command.

security log martian

Enables the Martian logs that appear in the kernel logs to also appear in the syslog messages in the device.

security passwords
   enhanced
   login-blank
   min-length <length in characters>

Enables the secure passwords mode, which increases the security of passwords on the GigaVUE node. The default is disabled.

For example:

(config) # system security passwords enhanced

When the secure passwords mode is enabled, use min-length to set the minimum password length, from 8 to 64 characters. The default is 8 characters.

For example:

(config) # system security passwords min-length 20

When the secure passwords mode is disabled, you cannot change the minimum password length.

For Common Criteria certification, the password length should be at least 15 characters. Refer to the “Configuring Secure Passwords Mode” section in the GigaVUE Administration Guide for details.

An admin user can use the login-blank parameter to allow logging in with a blank password. Otherwise, logging in with a blank password is disabled.

For example:

(config) # system security passwords login-blank

By default, the login-blank parameter is disabled, which is equivalent to the following:

(config) # no system security passwords login-blank

stacking-mode legacy

Selects the legacy mode for stacking. For example:

(config) # system stacking-mode legacy

Selects the default stacking mode.

Note:  After user confirmation the system stacking-mode legacy command immediately resets the traffic configuration and initiates a cluster reload of all nodes. After the cluster is up, the configuration saved in the backup file must be applied manually to restore the traffic configuration.

For example:

[cluster: leader] (config) # no system stacking-mode legacy

! WARNING: Changing stacking mode will automatically

! - Take backup of config in file stacking_mode_config_backup.txt

! - Reset factory only traffic config

! - RELOAD the cluster

! - User must manually apply stacking_mode_config_backup.txt after bootup

Confirm stacking mode change? [no] YES

Configuration saved to database 'initial'

System shutdown initiated -- logging off.

# after the cluster is up and user is logged back in, apply the saved configuration in the backup file:

[cluster: leader] (config) # configuration text file stacking_mode_config_backup.txt apply fail-continue

 

(config) # no system stacking-mode legacy

By default the system would disable the stacking-mode legacy parameter.

arp refresh-interval <3~30>

Specifies the Address Resolution Protocol (ARP) refresh time interval. The timer is configurable from 3 to 30 seconds. The default is 30 seconds.

When an IP interface is configured, ARP requests are sent out on the IP interface associated with tool port to find the gateway MAC address, When Tunnel encapsulation GSOP Map is configured with destination tool in local network, ARP requests are sent to the IP interface to find the tool MAC address. In response, the gateway and local tool sends an ARP reply and the control card tries to match the IP interface's IP address with the IP address of the received ARP message. If a match is found, the ARP status changes to resolved (otherwise, the ARP status is not resolved).

Once ARP is resolved, this tunnel ARP timer controls the interval at which an ARP request is sent to the gateway as well as to the local tool to detect if the gateway and local tool is reachable or not.

For example:

(config) # system arp refresh-interval 30

Use the show system arp command to display the ARP refresh interval.

ndp refresh-interval <3~30>

Specifies the Neighbor Discovery Protocol (NDP) refresh time interval. The timer is configurable from 3 to 30 seconds. The default is 30 seconds.

When an IP interface is configured, Neighbor Solicitation (NS) packets are sent out on the IP interface associated with tool port to find the gateway MAC address, and Neighbour Solicitation (NS) packets are sent out on the IP interface to find the local tool address. In response, the gateway sends an Neighbor Advertisement (NA) packet and the control card tries to match the IP interface's IP address with the IP address of the received NA message. If a match is found, the IPv6 neighbor status changes to resolved (otherwise, the IPv6 Neighbor status is not resolved).

Once IPv6 Neighbor is resolved, this tunnel NDP timer controls the interval at which an NS packet is sent to the gateway as well as to the local tool to detect if the gateway and local tool is reachable or not.

For example:

(config) # system ndp refresh-interval 30

Use the show system ndp command to display the NDP refresh time interval.

ztp

Use this command to enable or disable Zero Touch Provisioning (ZTP). ZTP is enabled by default when the device undergoes a factory reset or fresh installation.

To enable ZTP:

(config) # system ztp enable

To disable ZTP:

(config) # no system ztp enable

Refer to the “Zero Touch Provisioning (ZTP)” section in the GigaVUE Administration Guide for details.

Related Commands

The following table summarizes other commands related to the system command:

Task

Command

Displays system information.

# show system

Displays the stacking mode information.

# show system stacking-mode

Disables enhanced cryptography mode. For the change in the enhanced cryptography mode to take effect, reload the GigaVUE node or cluster.

(config) # no system security crypto enhanced

(config) # reload

or

(config) # no system security crypto enhanced

(config) # cluster reload

Disables the secure passwords mode. Also disables the minimum length for passwords.

(config) # no system security passwords enhanced

Disables logging in with a blank password.

(config) # no system security passwords login-blank

Disables the management port's legacy cryptography mode, and enables the new Classic Mode security.

(config) # no system security legacy

Enables the default stacking mode and disables the legacy stacking mode.

(config) # no system stacking-mode legacy

Disables Zero Touch Provisioning (ZTP)

(config)# no system ztp enable