system
Required Command-Line Mode = Enable
Use the system command to restart or expedite the relaunching of individual system processes, enable secure cryptography mode, secure passwords mode, or configure arp/ndp refresh interval on the GigaVUE node.
The system command has the following syntax:
system
process <process name>
clusterd restart
httpd restart
ntpd restart
restapid restart
snmpd restart
sshd restart
ugwd restart
wsmd restart
security crypto enhanced
security legacy
security log martian
security passwords
enhanced
login-blank
min-length <length in characters>
arp refresh-interval
ndp refresh-interval
stacking-mode legacy
ztp
The following table describes the arguments for the system command:
Argument |
Description |
<process name> |
Specifies the system process name. |
clusterd restart |
Restarts the clustering daemon (clusterd) process or expedites the relaunching of this process. For example: (config) # system process clusterd restart Note: This command only applies to cluster control. It does not affect traffic distribution. |
httpd restart |
Restarts the HTTP server daemon (httpd) process or expedites the relaunching of this process. For example: (config) # system process httpd restart |
ntpd restart |
Restarts the NTP daemon (ntpd) process or expedites the relaunching of this process. For example: (config) # system process ntpd restart |
restapid restart |
Restarts the REST API daemon (restapid) process or expedites the relaunching of this process. For example: (config) # system process restapid restart |
snmpd restart |
Restarts the SNMP agent daemon (snmpd) process or expedites the relaunching of this process. For example: (config) # system process snmpd restart |
sshd restart |
Restarts the SSH daemon (sshd) process or expedites the relaunching of this process. For example: (config) # system process sshd restart |
ugwd restart |
Restarts the Unified Gateway daemon (ugwd) process or expedites the relaunching of this process. For example: (config) # system process ugwd restart |
wsmd restart |
Restarts the Web Session Manager daemon (wsmd) process or expedites the relaunching of this process. For example: (config) # system process wsmd restart |
security crypto enhanced |
Enables the secure cryptography mode, which provides enhanced security on the management interface of the GigaVUE node. For the secure cryptography mode to take effect, reload the GigaVUE node or cluster. For example: (config) # system security crypto enhanced (config) # reload or (config) # system security crypto enhanced (config) # cluster reload Refer to the “Configuring Secure Cryptography Mode” section in the GigaVUE Administration Guide for details. IMPORTANT: TLS version 1.2 is required for secure cryptography mode. When enabling secure cryptography mode, TLS version 1.2 is enabled by default. If you disable secure cryptography mode and want to change the TLS version, use GigaVUE‑OS CLI command: web server ssl min-version tls<version>. |
security legacy |
In legacy mode, the following algorithms are enabled in addition to the algorithms in the classic mode:
KexAlgorithms ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group14-sha256 diffie-hellman-group-exchange-sha256 diffie-hellman-group14-sha1 MACs hmac-sha2-512 hmac-sha2-256 hmac-sha1
MACs hmac-sha2-512,hmac-sha2-256,hmac-sha1
By default the device is in classic mode, the following algorithms are enabled: KexAlgorithms ecdh-sha2-nistp256 ecdh-sha2-nistp384 ,ecdh-sha2-nistp521 diffie-hellman-group14-sha256 MACs hmac-sha2-512 hmac-sha2-256
MACs hmac-sha2-512,hmac-sha2-256
Note: This configuration is allowed only when system is running in the classic mode. To check the system mode use show system security command. |
security log martian |
Enables the Martian logs that appear in the kernel logs to also appear in the syslog messages in the device. |
security passwords |
Enables the secure passwords mode, which increases the security of passwords on the GigaVUE node. The default is disabled. For example: (config) # system security passwords enhanced When the secure passwords mode is enabled, use min-length to set the minimum password length, from 8 to 64 characters. The default is 8 characters. For example: (config) # system security passwords min-length 20 When the secure passwords mode is disabled, you cannot change the minimum password length. For Common Criteria certification, the password length should be at least 15 characters. Refer to the “Configuring Secure Passwords Mode” section in the GigaVUE Administration Guide for details. An admin user can use the login-blank parameter to allow logging in with a blank password. Otherwise, logging in with a blank password is disabled. For example: (config) # system security passwords login-blank By default, the login-blank parameter is disabled, which is equivalent to the following: (config) # no system security passwords login-blank |
stacking-mode legacy |
Selects the legacy mode for stacking. For example: (config) # system stacking-mode legacy Selects the default stacking mode. Note: After user confirmation the system stacking-mode legacy command immediately resets the traffic configuration and initiates a cluster reload of all nodes. After the cluster is up, the configuration saved in the backup file must be applied manually to restore the traffic configuration. For example: [cluster: leader] (config) # no system stacking-mode legacy ! WARNING: Changing stacking mode will automatically ! - Take backup of config in file stacking_mode_config_backup.txt ! - Reset factory only traffic config ! - RELOAD the cluster ! - User must manually apply stacking_mode_config_backup.txt after bootup Confirm stacking mode change? [no] YES Configuration saved to database 'initial' System shutdown initiated -- logging off. # after the cluster is up and user is logged back in, apply the saved configuration in the backup file: [cluster: leader] (config) # configuration text file stacking_mode_config_backup.txt apply fail-continue
(config) # no system stacking-mode legacy By default the system would disable the stacking-mode legacy parameter. |
arp refresh-interval <3~30> |
Specifies the Address Resolution Protocol (ARP) refresh time interval. The timer is configurable from 3 to 30 seconds. The default is 30 seconds. When an IP interface is configured, ARP requests are sent out on the IP interface associated with tool port to find the gateway MAC address, When Tunnel encapsulation GSOP Map is configured with destination tool in local network, ARP requests are sent to the IP interface to find the tool MAC address. In response, the gateway and local tool sends an ARP reply and the control card tries to match the IP interface's IP address with the IP address of the received ARP message. If a match is found, the ARP status changes to resolved (otherwise, the ARP status is not resolved). Once ARP is resolved, this tunnel ARP timer controls the interval at which an ARP request is sent to the gateway as well as to the local tool to detect if the gateway and local tool is reachable or not. For example: (config) # system arp refresh-interval 30 Use the show system arp command to display the ARP refresh interval. |
ndp refresh-interval <3~30> |
Specifies the Neighbor Discovery Protocol (NDP) refresh time interval. The timer is configurable from 3 to 30 seconds. The default is 30 seconds. When an IP interface is configured, Neighbor Solicitation (NS) packets are sent out on the IP interface associated with tool port to find the gateway MAC address, and Neighbour Solicitation (NS) packets are sent out on the IP interface to find the local tool address. In response, the gateway sends an Neighbor Advertisement (NA) packet and the control card tries to match the IP interface's IP address with the IP address of the received NA message. If a match is found, the IPv6 neighbor status changes to resolved (otherwise, the IPv6 Neighbor status is not resolved). Once IPv6 Neighbor is resolved, this tunnel NDP timer controls the interval at which an NS packet is sent to the gateway as well as to the local tool to detect if the gateway and local tool is reachable or not. For example: (config) # system ndp refresh-interval 30 Use the show system ndp command to display the NDP refresh time interval. |
ztp |
Use this command to enable or disable Zero Touch Provisioning (ZTP). ZTP is enabled by default when the device undergoes a factory reset or fresh installation. To enable ZTP: (config) # system ztp enable To disable ZTP: (config) # no system ztp enable Refer to the “Zero Touch Provisioning (ZTP)” section in the GigaVUE Administration Guide for details. |
Related Commands
The following table summarizes other commands related to the system command:
Task |
Command |
Displays system information. |
# show system |
Displays the stacking mode information. |
# show system stacking-mode |
Disables enhanced cryptography mode. For the change in the enhanced cryptography mode to take effect, reload the GigaVUE node or cluster. |
(config) # no system security crypto enhanced (config) # reload or (config) # no system security crypto enhanced (config) # cluster reload |
Disables the secure passwords mode. Also disables the minimum length for passwords. |
(config) # no system security passwords enhanced |
Disables logging in with a blank password. |
(config) # no system security passwords login-blank |
Disables the management port's legacy cryptography mode, and enables the new Classic Mode security. |
(config) # no system security legacy |
Enables the default stacking mode and disables the legacy stacking mode. |
(config) # no system stacking-mode legacy |
Disables Zero Touch Provisioning (ZTP) |
(config)# no system ztp enable |