Hp Tippingpoint Next Generation Firewall Series Cli Reference Guide HPTippingPoint SMS Command LIne

2015-01-05

: Hp Hp-Tippingpoint-Next-Generation-Firewall-Series-Cli-Reference-Guide-153568 hp-tippingpoint-next-generation-firewall-series-cli-reference-guide-153568 hp pdf

Open the PDF directly: View PDF .
Page Count: 58

Download
Open PDF In Browser	View PDF

HP TippingPoint
Security Management System
CLI Reference
Version 4.0
Abstract

This information describes HP TippingPoint Security Management System (SMS) high and low level commands, and
contains information for using the SMS command line interface. This information is for system administrators,
technicians, and maintenance personnel responsible for installing, configuring, and maintaining HP TippingPoint SMS
appliances and associated devices.

*5998-5015*
Part Number: 5998-5015
August 2013

Legal and notice information
© Copyright 2011–2013 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of
merchantability and fitness for a particular purpose. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential
damages in connection with the furnishing, performance, or use of this material.
This document contains proprietary information, which is protected by copyright. No part of this document may be photocopied, reproduced, or
translated into another language without the prior written consent of Hewlett-Packard. The information is provided “as is” without warranty of any
kind and is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements
accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for
technical or editorial errors or omissions contained herein.
TippingPoint®, the TippingPoint logo, and Digital Vaccine® are registered trademarks of Hewlett-Packard All other company and product names
may be trademarks of their respective holders. All rights reserved. This document contains confidential information, trade secrets or both, which are
the property of Hewlett-Packard No part of this documentation may be reproduced in any form or by any means or used to make any derivative
work (such as translation, transformation, or adaptation) without written permission from Hewlett-Packard or one of its subsidiaries.
UNIX® is a registered trademark of The Open Group.

Security Management System CLI Reference
Publication Part Number: 5998-5015
Product Part Number: JC679A

Table of Contents
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
Target Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Typefaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Document Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Customer Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contact Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.
.
.
.
.
.
.

...v
...v
. . vi
. . vi
. . vii
. viii
. viii

1 Using the Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Command Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Remote Paths. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
FTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
HTTP and HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SMB (Samba) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
The help Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

..
..
..
..
..
..
..
..
..

.
.
.
.
.
.
.
.
.

..
..
..
..
..
..
..
..
..

..
..
..
..
..
..
..
..
..

........
........
........
........
........
........
........
........
........

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

1
1
1
2
2
3
3
3
3

2 SMS Command Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
cls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
diags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
dir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
dns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
factoryreset . . . . . . . . . . . . . . . . . . . . . . . . . . .
fips-mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ftp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
get . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ifconfig . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ipconfig. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
kbdcfg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
mgmtsettings . . . . . . . . . . . . . . . . . . . . . . . . . .
monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
more . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
nic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
nicsettings . . . . . . . . . . . . . . . . . . . . . . . . . . . .
notify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
password . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ping6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
resolve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..

..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..

..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..

..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..

..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..

...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

Security Management System CLI Reference

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

5
5
5
5
5
5
6
6
6
6
6
7
7
7
8
8
8
9
9
9
9
9
9
10
10
10
10
11
12
12
12
12
13

i

reverse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
scp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
service-access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
shutdown. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
snmp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
snmp-request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
snmp-trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
snmpget . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
snmpwalk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
touch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
vi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
who . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..

..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..

..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..

...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

13
13
13
13
14
14
14
14
15
15
16
16
16
16
17
17
18
18
19
19
20
20
20

3 SMS Attributes and Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Attribute Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
cli. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ctl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
db . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
dns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
high availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
health . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
kbd. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
license . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
net . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
pkg. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
pwd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
route6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
smtp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
snmp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
svc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
sw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
sys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

ii

..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..

..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..

...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

21
21
22
23
24
25
26
28
29
30
30
32
33
35
36
37
38
38
38
44
46
46
46

List of Tables
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
1 Using the Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Table 1-1 - Help Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

2 SMS Command Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Table
Table
Table
Table
Table
Table

2-1
2-2
2-3
2-4
2-5
2-6

-

Help Options . . .
Security Levels . . .
ping Options . . . .
ping6 Options . . .
traceroute Options
vi Options . . . . . .

.
.
.
.
.
.

..
..
..
..
..
..

..
..
..
..
..
..

.
.
.
.
.
.

..
..
..
..
..
..

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

..
..
..
..
..
..

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

. .8
. 11
. 11
. 12
. 17
. 19

3 SMS Attributes and Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Table
Table
Table
Table
Table
Table
Table
Table
Table
Table
Table
Table
Table
Table
Table
Table
Table
Table
Table
Table
Table
Table
Table
Table

3-1 - CLI Attribute Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-2 - cli Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-3 - ctl Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-4 - db Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-5 - dns Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-6 - HA Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-7 - health Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-8 - kbd Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-9 - license Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-10 - logs Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-11 - net Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-12 - ntp Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-13 - pkg Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-14 - pwd Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-15 - radius Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-16 - route Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-17 - route6 Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-18 - smtp Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-19 - snmp-request Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-20 - snmp-trap Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-21 - svc Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-22 - sw Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-23 - sys Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-24 - time Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..

..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....
.....

..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..
..

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

. . 21
. . 21
. . 22
. . 23
. . 24
. . 25
. . 26
. . 28
. . 29
. . 30
. . 31
. . 33
. . 34
. . 35
. . 36
. . 37
. . 38
. . 38
. . 39
. . 40
. . 44
. . 46
. . 46
. . 47

Security Management System CLI Reference

iii

iv

About This Guide
The Security Management System CLI Reference provides information about using the SMS command line
interface to configure the HP TippingPoint Security Management System (SMS). This guide includes an
SMS command reference as well as reference information about attributes and objects used by the SMS.
This section covers the following topics:
• Target Audience, page v
• Related Documentation, page v
• Document Conventions, page vi
• Customer Support, page viii

Target Audience
The intended audience includes technicians and maintenance personnel responsible for installing,
configuring, and maintaining HP TippingPoint security systems and associated hardware. Users should be
familiar with networking concepts as well as the following standards and protocols:
• TCP/IP
• UDP
• ICMP
• Ethernet
• Simple Network Time Protocol (SNTP)
• Simple Mail Transport Protocol (SMTP)
• Simple Network management Protocol (SNMP)

Related Documentation
Access the documentation at http://www.hp.com/support/manuals . For the most recent updates for your
products, check the HP Networking Support web site at http://www.hp.com/networking/support.

Security Management System CLI Reference

v

Document Conventions
This guide uses the following document conventions.
• Typefaces, page vi
• Document Messages, page vii

Typefaces
HP TippingPoint publications use the following typographic conventions for structuring information:
Document Typographic Conventions
Convention

Element

Medium blue text

Cross-reference links and e-mail addresses.

Medium blue, underlined text

Website addresses.

Bold font

•
•

Key names.
Text typed into a GUI element, such as into a box.

• GUI elements that are clicked or selected, such as menu and list
items, buttons, and check boxes. Example: Click OK to accept.

vi

Italics font

Text emphasis, important terms, variables, and publication titles.

Monospace font

•
•
•
•

File and directory names.
System output.
Code.
Text typed at the command-line.

Monospace, italic font

•
•

Code variables.
Command-line variables.

Monospace, bold font

Emphasis of file and directory names, system output, code, and text
typed at the command line.

Document Messages
Document messages are special text that is emphasized by format and typeface. This guide contains the
following types of messages:
• Warning
• Caution
• Note
• Tip

WARNING! Warning notes alert you to potential danger of bodily harm or other potential harmful
consequences.

CAUTION: Caution notes provide information to help minimize risk, for example, when a failure to follow
directions could result in damage to equipment or loss of data.

NOTE: Notes provide additional information to explain a concept or complete a task. Notes of specific
importance in clarifying information or instructions are denoted as such.

IMPORTANT:

Another type of note that provides clarifying information or specific instructions.

TIP: Tips provide helpful hints and shortcuts, such as suggestions about how you can perform a task more
easily or more efficiently.

Security Management System CLI Reference

vii

Customer Support
HP TippingPoint is committed to providing quality customer support to all customers. Each customer
receives a customized support agreement that provides detailed support contact information. When you
need technical support, refer to your support agreement or use the following information to contact
Customer Support.

Before You Contact Support
For a quick and efficient resolution of your problem, take a moment to gather some basic information from
before you contact HP TippingPoint customer support:
Information

Find It Here...

Your customer number

Customer Support Agreement or the shipping invoice that came
with the appliance.

SMS serial number

Bottom of the SMS server chassis, or use SMS CLI key command.

SMS version number

In the SMS client, on the Admin screen, or in the Updates area of
the SMS dashboard.

TOS version number

In the SMS client, on the Devices screen (an entry for each
device).

DV Toolkit version number

In the SMS client, on the Profiles (DV Toolkit Packages) screen.

Managed device serial numbers

Local Security Manager Dashboard or the shipping invoice that
came with the appliance.

Contact Information
For additional information or assistance, contact the HP Networking Support:
http://www.hp.com/networking/support
Before contacting HP, collect the following information:
• Product model names and numbers
• Technical support registration number (if applicable)
• Product serial numbers
• Error messages
• Operating system type and revision level
• Detailed questions
Contact an HP Authorized Reseller
For the name of the nearest HP authorized reseller, see the contact HP worldwide website:
http://www.hp.com/country/us/en/wwcontact.html

viii

1

Using the Command Line Interface
The command line interface (CLI) can be used to configure many aspects of the SMS. It includes wizards,
high level commands, and low level commands.

Overview
This chapter explains how to use the SMS CLI.
NOTE:

To use the SMS CLI, you must be logged in with an account that has SuperUser rights.

This section includes the following topics:
• ”Usage” on page 1
• ”The help Command” on page 3

Usage
Most SMS commands consist of the following elements:
• command — the name of the command you want to issue
• object — the name of a collection of related attributes (attribs)
• attrib — the name of a data variable or parameter on which you want to run the command
[=value] — optional syntax you can use with the set command and other writable commands to
define the value of the attrib you specify. If you do not use this syntax, the system goes into interactive
mode and prompts you for the value. See ”Command Types” on page 1 for more information about
interactive commands.
NOTE:

To clear the value of any attribute type a period (.) after the equal sign (=) or when prompted.

These elements are case-sensitive. You can use any of the following syntax to run an SMS command:
command
command object
command object.attrib
command object.attrib=value

Other SMS commands use a syntax similar to standard UNIX commands, as shown in the following
example:
command -option value

Command Types
SMS commands are either read, write, or read and write. In addition, commands are either interactive,
non-interactive, or might support both options.
• Interactive commands — automatically prompt you for attribute values if you use the appropriate
syntax. Interactive commands also provide you with the current values of their attributes.
• Non-interactive commands — are either read-only or require you to specify the values you want to set.
For example, the get command is non-interactive because it is read-only. As another example, the date
command is non-interactive. If you want to set the date, you must type date value.

Security Management System CLI Reference

1

Interactive Mode Syntax
You can use any of the following syntax options to initiate an interactive CLI command:
• command — If you type the command name, the CLI prompts you to set values for all attribs associated
with that command.
• command object — If you specify the object of a particular command, the CLI prompts you to set
values for all attribs associated with that object.
• command object.attrib — If you specify an object and attribute of a particular command, the CLI
prompts you to set the value of the attribute you specified.
Example
Following is an example of the set command in interactive mode. Items in bold are typed by the user. Items
in brackets ([ ]) indicate the current value of the attribute specified.
Set All System Information Using Interactive Mode
1.

Type the following command:
set sys

The system returns prompts for information. Default values are listed in brackets. To use the default
value, press Enter.
2.

The system prompts you to set the value for the contact attribute:
System contact (sys.contact=[Customer Contact]) = Brit

3.

Type a value for the location attribute and press Enter:
System location (sys.location=[First floor lab]) =

4.

Type a value for name attribute and press Enter:
System name (sys.name=[sms25]) =

5.

The system returns the following confirmation message:
Result: Success
System
System
System
System

contact
location
name
serial number

(sys.contact )
(sys.location )
(sys.name
)
(sys.serialNum)

=
=
=
=

Brit
First floor lab
sms25
X-SMA-ST-SMS25-0001

Remote Paths
Several commands accept remote paths as input. The remote paths specify a resource on an external
server that can be accessed by the SMS server. Remote files that can be specified as input to an operation
may be accessed using the HTTP, HTTPS, FTP, NFS, or SMB (Samba) protocols.
Remote directories that are used for saving SMS-based files to a remote server can be accessed through
the NFS or SMB protocols. Files are always mounted with read-only access. Directories are mounted
read-only when possible.
Remote paths are specified as a single string value. The details for each protocol are listed in the following
sections. In each example, items in italics are variables. When using the path syntax, you must replace
them with the appropriate values for your paths. Items in brackets ([ ]) are optional.

FTP
You can use the following formats for the FTP protocol:
• Complete specification: ftp://[username:password@]server[:port]/directory/filename
• Anonymous FTP: ftp://server/directory/filename
• Specifying a user name and password: ftp://username:password@server/directory/filename
• FTP Examples:
ftp://10.11.12.13/pub/sms-0.0-0.500.pkg
ftp://steve:password@10.11.12.13/pub/sms-0.0-0.500.pkg

2

Using the Command Line Interface

HTTP and HTTPS
You can use the following format for the HTTP and HTTPS protocols:
• Complete specification: http://[username:password@]server[:port]/directory/filename or
https://[username:password@]server[:port]/directory/filename

• HTTP Example:
http://www.servername.com:8000/files/sms-0.0-0.500.pkg

NFS
You can use the following formats for the NFS protocol:
• Remote directory specification—server:/exportedDirectory
• Remote file specification—server:/exportedDirectory/filename
• NFS Example:
nfsserver.domain.com:/public/upgrades/sms-0.0-0.500.pkg

SMB (Samba)
You can use the following formats for the SMB protocol:
• Remote file specification: //server/sharename/directory/filename
• Complete specification: //server/sharename[/directory][/filename] [-o option-list]
Options can be provided to the SMB mount operation by appending them to the end of the mount point
value, and using a space character to separate the values. Options might include the username, password,
and workgroup. Options can be joined together using a comma as a separator.
• SMB Example:
//winbox/pub/sms.pkg -o workgroup=mydomn,username=steve,password=ps111

The help Command
The help command returns documentation about the specified command, object, or attribute.
Syntax
help
help
help
help
help
help
help
help
help
help
help
help

--full
--attribs
object.attrib
--cmds
cmd
--objs
object
--background
background
--topic
topic

Description
The help command is a non-interactive, read command that returns documentation about a command,
object, or attribute that you specify.
NOTE: In the help command syntax, you can use the question mark (?) interchangeably with the word
“help.” For example, you could type the following to view documentation about all commands: ? --cmds

Security Management System CLI Reference

3

Objects and Attributes
The following objects and attributes can be used with the help command:
Table 1-1

Help Commands

Command

Description

help --full

Lists all commands, objects, and attributes

help -- attribs

Lists all attributes

help --objs

Lists all objects, or collections of attributes

help --cmds

Lists all commands

help --background

Lists background topics

Example
To see documentation about the sys object, type help sys. The system returns the following results:
sys: System information
System information can be viewed and updates using the “sys” object.
Read-write:
name, contact, location
Read-only:
serialNum

4

Using the Command Line Interface

2

SMS Command Reference
This chapter describes the SMS commands and the options available for each command.
NOTE:

To use the SMS CLI, you must be logged in with an account that has SuperUser rights.

clear
Clears the screen.
Usage
clear

Aliases
cls

cls
Clears the screen.
Usage
cls

Aliases
clear

console
The console command shows a list of messages that have been sent to the console since the last reboot.
Usage
console

date
Displays and sets the system time. Without a parameter, date will return the current system date and time.
The parameter allows a new date to be specified.
Usage
date [MMDDhhmm[[CC]YY][.ss]]

Related Objects
time

delete
Deletes user files. User files are archived and exported files generated from the database contents.
Usage
delete file [...]

Related Commands
dir, view, vi

diags
Runs diagnostics tests and checks system health. The --force option will run diagnostics without prompting
for confirmation. Runs tests for the system, database, network, tmc, and password and provides status. For
tmc, tests the connection to the tmc and the package server.
Security Management System CLI Reference

5

Usage
diags [--force]

dir
Returns a listing of files contained in the user directory.
Usage
dir

Related Commands
delete, view, vi

dns
The dns command interactively prompts for DNS (Domain Name Service) settings used to resolve host
names to IP address values. To clear server values, use a period (.). The dns object contains default domain
name, DNS search list, and DNS server information.
Usage
dns

Related Commands
nic, ntp

Related Objects
dns

exit
Closes the session.
Usage
exit

Aliases
quit, Ctrl-D

factoryreset
This command is an interactive command that resets the system to the factory defaults. The SMS version is
not changed, however, all other system settings are restored to the factory defaults and all data is lost. You
MUST reboot the SMS for this command to complete.
The factory reset command also resets this system network settings. You CAN NOT access the system via
networking after the reboot is completed. A VGA console, or serial port access is required to reconfigure
networking.
Usage
factoryreset

Related Command
setup

fips-mode
Used to configure the SMS into one of three levels of FIPS operation:
• Disabled – When placed into this mode, no additional FIPS compliance actions/restrictions are
activated in the SMS.
• Crypto – When the SMS is placed into Crypto mode, the SSH terminal negotiates connections using
only FIPS 140-2 approved algorithm. This mode affects only the SSH terminal connections for the SMS.

6

SMS Command Reference

• Full – When placed into this mode, the SMS functions in a manner compliant with the FIPS 140-2
publication specified by the National Institute of Standards and Technology. The SMS automatically
reboots when placed into full FIPS mode or when full FIPS mode is disabled.
Usage
fips-mode

Caveats
Full FIPS mode is not available for vSMS. Transitioning the SMS to operate in Full FIPS mode implements
changes to core elements of the SMS server, reboots the SMS, and requires you to upload a new SMS key
package. A transition to Full FIPS mode does the following:
• Deletes all SMS users.
• Removes all SMS backup and device snapshots stored on the SMS server.
• Deletes all custom responder actions.
• Regenerates SSH server and HTTPS web security keys.
For more information about FIPS mode, see the SMS User Guide.

ftp
The FTP (File Transfer Protocol) client is used to move files to and from the user directory for the SMS server.
The contents of the user directory can be listed with the dir command. Files can be viewed with the view
command, and deleted with the delete command.
Usage
ftp [hostName|hostAddress]

After starting the ftp client, issue the command lcd /tmp.
Caveats
The dir/delete/view commands all operate over the contents of the user directory (/tmp). The cd or
change-directory command is disabled from the shell for reasons of security. In order for the ftp program to
see, and have access to the contents of the user directory, it is important to first change the local directory
with the command lcd /tmp. After this point, files can be copied both to and from the SMS server.
Related Commands
dir, view, delete, vi

get
Retrieves the value of one or more attribs or a list of attribs contained within an object.
Usage
get  [...]

The get command can use any read-write or read-only attribute. See ”SMS Attributes and Objects” on
page 21 for a list of attribs.
Related Commands
list, set

help
Returns background information on various topics and command syntax.
Usage
help [--full | --attribs | --cmds | --objs | --background | topic]

Alias
?

Security Management System CLI Reference

7

Table 2-1

Help Options

Option

Description

--full

Lists all commands, objects and attribs.

--attribs

Lists all attribs.

--objs

Lists all objects (collections of attribs).

--cmds

Lists all commands (default).

--background

Lists background topics.

ifconfig
Displays the network settings for the box. ifconfig is an alias for the command get net, which displays the
values of the attribs contained in the net object. To change the values, use the set net command. See ”net”
on page 30.
Usage
ifconfig

Aliases
get net, ipconfig

Related Objects
net

ipconfig
Displays the network settings for the box. ipconfig is an alias for the command get net, which displays the
values of the attribs contained in the net object. To change the values, use the set net command. See ”net”
on page 30.
Usage
ipconfig

Aliases
get net, ifconfig

Related Objects
net

kbdcfg
Loads the kernel keymap for the console. This is useful if the console is using a non-QWERTY keyboard.
This command leads you through the configuration of a new keyboard layout.

WARNING! Do not use this option if you are using a standard QWERTY keyboard. Setting your
keyboard layout to a value with which you are not familiar could render your system inaccessible.
See Also
kbd.layout (attrib)

8

SMS Command Reference

key
The key command is used to update the license key for the server.
Usage
key

Aliases
license

Related Objects
license

list
Lists the objects or the attribs contained in an object.
Usage
list [object | object.attrib] [...]

If no arguments are specified, list will return all defined objects. If an object is specified, list will return all
attribs contained within the object. If an attribute is specified, list will confirm the attribute by listing the
attribute in the response.
Related Objects
See ”SMS Attributes and Objects” on page 21 for a list of objects and attribs you can use with the list
command.
See Also
get, set

mgmtsettings
The host management options provide prompts to configure IPv4 and IPv6 management addresses, along
with the DNS server.
Usage
mgmtsettings

Related Objects
net

monitor
Shows utilization and uptime information every 5 seconds (by default).
Usage
monitor [delay]

where delay is the number of seconds between polls.
Related Objects
health

more
Command to list output one screen at a time.

nic
Ethernet 10/100/1000Mbps interface management. Interactively prompts for configuration of the SMS
server network settings. The bottom-most (NIC1) is enabled by default and is the recommended connection
to the management network.

Security Management System CLI Reference

9

Usage
nic

Related Commands
dns, ntp

nicsettings
Interactive command that prompts you for the SMS NIC configuration settings and is available through the
CLI and OBE If you want to make changes individually to any of the NIC settings, the SMS provides
options for setting auto negotiation, port speed, and duplex mode.
Example
sms110 SMS=> nicsettings
The Ethernet NIC used for the network management interface is configurable. Please
verify the port configuration of the network device that this SMS is connected to
before making changes. These values may be changed at a later time with the 'set
net' command.
Host autoneg: yes
Host speed: 1000
System duplex: full
Enter: [A]ccept, [C]hange, or [E]xit without saving? <[A],C,E>:

Related Objects
net

notify
The notify command is used to manage the SMS notification service. The command interactively prompts
for SMTP e-mail addresses and SNMPv1 traps to a remote trap server.
Usage
notify

Related Objects
smtp, snmp

Related Commands
snmp

ntp
The ntp command is used to manage the NTP (Network Time Protocol) client that synchronizes the SMS
server time with a list of specified servers. NTP is enabled by default and is configured with a list of Stratum
1 servers available on the internet. The list of servers can be customized to installation requirements. The
SMS server can also act as a NTP server for your devices. The agent can be disabled, but the server
cannot. To clear server values, use a period (.).
Usage
ntp

Related Objects
svc

Related Commands
snmp

password
Changes the password for the current user.

10

SMS Command Reference

The security level and restrictions for entering user names and passwords. The default setting is 2 from the
following options:
Table 2-2

Security Levels

Level

Description

Level 0

User names cannot have spaces in it.
Passwords are unrestricted.

Level 1

User names must be at least 6 characters long without spaces.
Passwords must be at least 8.

Level 2

Passwords must meet Level 1 restrictions and the following:
• Must contain at least two alphabetic characters.
• Must contain at least one numeric character.
• Must contain at least one non-alphanumeric character (examples
include ! ? $ * #).
NOTE:

Do not use spaces in the password.

Usage
password

ping
Checks network connectivity by sending a ICMP request to the specified destination, and then checking on
an echoed response.
Usage
ping [-options] hostNameOrAddress

Table 2-3

ping Options

Option

Description

-c count

Stop after sending count packets.

-i wait

Wait wait seconds between sending each packet. The default is to wait for
one second between each packet.

-n

Numeric output only. No attempt will be made to lookup symbolic names
for host addresses.

-q

Quiet output. Nothing is displayed except the summary lines at startup time
and when finished.

-r

Bypass the normal routing tables and send directly to a host on an attached
network. If the host is not on a directly-attached network, an error is
returned. This option can be used to ping a local host through an interface
that has no route through it.

-s packetsize

Specifies the number of data bytes to be sent. The default is 56, which
translates into 64 ICMP data bytes when combined with the 8 bytes of
ICMP header data.

-v

Verbose output.

Security Management System CLI Reference

11

ping6
Checks network connectivity by sending a ICMP request to the specified IPv6 destination, and then
checking on an echoed response.
Usage
ping6 [-options] hostNameOrAddress

Table 2-4

ping6 Options

Option

Description

-c count

Stop after sending count packets.

-I

Specifies the interface; for example eth0.

-i wait

Wait wait seconds between sending each packet. The default is to wait for
one second between each packet.

-n

Numeric output only. No attempt will be made to lookup symbolic names
for host addresses.

-q

Quiet output. Nothing is displayed except the summary lines at startup time
and when finished.

-r

Bypass the normal routing tables and send directly to a host on an
attached network. If the host is not on a directly-attached network, an error
is returned. This option can be used to ping a local host through an
interface that has no route through it.

-s packetsize

Specifies the number of data bytes to be sent. The default is 56, which
translates into 64 ICMP data bytes when combined with the 8 bytes of
ICMP header data.

-v

Verbose output.

quit
Closes the session.
Usage
quit

Aliases
exit
Ctrl-D

reboot
Reboot the system. The --force option will reboot the system without prompting for confirmation. The cancel
option aborts an in-progress reboot.
Usage
reboot [--force] [cancel]

resolve
Resolves a hostname to an IP address using the DNS settings. If the name cannot be resolved, it is returned
as-is.
Usage
resolve 

12

SMS Command Reference

See Also
reverse

restart
Restarts the network stack. The --force option restarts the network stack without a confirmation prompt.
Usage
restart [--force]

reverse
Performs a reverse-lookup on an IP address or a relative hostname using the DNS settings. If the value
cannot be resolved, it is returned as-is.
Usage
reverse 

See Also
resolve

routes
Route options allow static routes to be added or deleted for the network management interface.
Usage
routes

See Also
nic (cmd), net (object)

NOTE: Whether or not static route entries are included in routing tables depends on several topology
factors. These include network specificity, metrics, and whether the next hop IP is on the associated
interface. Other routing types, redistributions, and firewall rules also impact static route entries in the
routing tables.

scp
Secure Copy is a remote file copy program that allows a file to be securely copied to or from the SMS CLI.
The scp command is only supported when run from the CLI.
Usage
scp

To copy a file using scp, you must supply values to the following prompts:
Enter
Enter
Enter
Enter
Enter
Enter

file transfer mode [G]et or [P]ut :
scp server IP address or host name:
fully qualified remote file name:
local directory or file name: [/]:
login id:
password:

See Also
logs (object), delete (cmd), dir (cmd)

service-access
Enables or disables service access to the SMS. The SMS version serial number and salt is displayed when
enabling.
Usage
service-access
Security Management System CLI Reference

13

See Also
pwd (object)

set
Assigns values to one or more attribs or to a list of attribs contained within an object. The list may be a one
or more attribute names, object names, or attrib/object pairs. To accept the current or default value, type
the return key. To clear a String or IP Address value, enter a period (.), and then the return key.
The set command can use any read-write or write-only attribute. See ”SMS Attributes and Objects” on
page 21 for more information.
Usage
set  [...]

Related Commands
list, get

setup
Initial setup wizard for providing essential configuration settings for the SMS server. Non-essential values
can be configured with other commands.
The setup command is automatically invoked with the first CLI login session. It is repeated with each new
login session until the entire setup procedure is finally completed. To repeat the procedure, execute the
setup command at any time. The setup procedure prompts you to enter the following information:
• Network type (IPv4 default): IPv[4], IPv[6], or [B]oth <4,6,B>
• Management IPv4 Address
• Network Mask
• IPv4 Default Gateway (optional)
• Management IPv6 Address
• IPv6 Default Route (optional)
• DNS Server-1 (optional)
Usage
setup

shutdown
Shutdown and power-off the system. To restart the system, physically press the POWER button on the front of
the unit. The --force option will reboot the system without prompting for confirmation. The cancel option
aborts an in-progress shutdown operation.
Usage
shutdown [--force] [cancel]

snmp
The snmp command is used to manage the SNMP (Simple Network Management Protocol) values.
Usage
snmp

14

SMS Command Reference

snmp-request
The snmp-request command is used to manage the SNMP (Simple Network Management Protocol)
request agent. When enabled, the SMS agent responds to the SNMP system request. This command
prompts you to enable the SNMP request agent and enter the following information:
Enter the SNMP version: V[2], V[3], or [B]oth <2,3,[B]>:
Enter community string []:
Enter User Name []:
Enter Auth Protocol (None, MD5, or SHA): []:
Enter Auth Key: ********************************
Confirm Key:
********************************
Enter Privacy Protocol (None, AES-128, AES-192, AES-256, DES or Triple_DES): []:
Enter Priv Key: ********************************
Confirm Key:
********************************
Version: Both
Community String:
User Name:
Auth Protocol:
Privacy Protocol:

Usage
snmp-request

See Also
snmp, snmp-trap

snmp-trap
The snmp-trap command is used to manage the SNMP (Simple Network Management Protocol) traps. The
SMS sends SNMP traps to NMS destinations. This command prompts you to enable configuration for an
NMS trap destination and enter the following information:
Commands: [A]dd [D]elete [V]ersion [C]ommunity [P]ort [E]ngine
[U]ser Au[T]hProto Auth[K]ey P[R]ivProto Pr[I]vKey
[L]ist [?]help [Q]uit
Command? : a
Add=>
Add=>
Add=>
Add=>
Add=>
Enter
Enter
Add=>
Enter
Enter
Add=>

Enter trap destination address []: 192.168.1.1
Enter SNMP version: v[2] or v[3] <2,3>: 3
Enter port number [162]:
Enter Engine ID []:
Enter User Name []:
Auth Protocol (None, MD5, or SHA): []:
Auth Key: ********************************
Confirm Key:
********************************
Privacy Protocol (None, AES-128, AES-192, AES-256, DES or Triple_DES): []:
Priv Key: ********************************
Confirm Key:
********************************
IP Address: 192.168.1.1
Version: v3
Port: 162
Engine ID:
User Name:
Auth Protocol:
Privacy Protocol:

Usage
snmp-trap
Security Management System CLI Reference

15

See Also
snmp, snmp-request

snmpget
snmpget will request a single OID from the specified agent.
Usage
snmpget hostNameOrAddress communityName OID

Example (IPv6)
snmpget -v 2c -c public udp6:[fc01:a63:1:0:214:22ff:fe1e:1d87] system.sysName.0

Example (IPv4)
snmpget -v 2c -c public 10.99.1.110 system.sysName.0

See Also
snmpwalk

snmpwalk
snmpwalk will traverse the SNMP MIB of the agent running at the specified address. If the address OID is
not provided, the walk will begin at the first OID, if the community name is not provided, walk with use
public and if the hostNameOrAddress is not provided, walk will use localhost.
Usage
snmpwalk [hostNameOrAddress [communityName [OID]]]

Example (IPv6)
snmpwalk -v 2c -c public udp6:[fc01:a63:1:0:214:22ff:fe1e:1d87] system

Example (IPv4)
snmpwalk -v 2c -c public 10.99.1.110 system

Example (SNMPv3)
snmpwalk -v 3 -u user -l authPriv -a SHA -A authKey -x AES -X privKey 192.168.1.1
system

See Also
snmpget

ssh
The ssh command enables the user to log into a remote machine and execute remote commands from
within the SMS CLI. The communications between two hosts is encrypted and secure.
For more information, refer to external ssh documentation, such as the UNIX man pages.
Usage
ssh
[-D
[-L
[-o
[-w

[-1246AaCfgKkMNnqsTtVvXxYyZ] [-b bind_address] [-c cipher_spec]
[bind_address:]port] [-e escape_char] [-F configfile] [-i identity_file]
[bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] [-O ctl_cmd]
option] [-p port] [-R [bind_address:]port:host:hostport] [-S ctl_path]
local_tun[:remote_tun]] [user@]hostname [command]

time
The time command runs the specified program command with the given arguments. When the command
finishes, time writes a message to standard output giving timing statistics about this program run. These
statistics consist of the elapsed real time between invocation and termination, the user CPU time, and the
system CPU time.
For information about the time object, see ”time” on page 46.
Usage
time  [arguments...]
16

SMS Command Reference

touch
Creates user files, which are archived files generated from database content.
Usage
touch file [...]

See Also
delete, dir, view, vi

traceroute
This program attempts to trace the route an IP packet would follow to a remote host by launching UDP
probe packets with a small ttl (time to live) then listening for an ICMP time exceeded reply from a gateway.
Probes start with a ttl of one and increase by one until we get an ICMP port unreachable (which means we
got to host) or hit a max (which defaults to 30 hops and can be changed with the -m flag). Three probes
(change with -q flag) are sent at each ttl setting and a line is printed showing the ttl, address of the
gateway and round trip time of each probe. If the probe answers come from different gateways, the
address of each responding system is printed. If there is no response within a five second timeout interval
(changed with the -w flag), an asterisk (*) is printed for that probe.
For IPv4 (-4 flag) or IPv6 (-6 flag) tracerouting can be forced using the appropriate flag. By default, the
program tries to resolve the name given and automatically choose the appropriate protocol. If resolving a
host name returns both IPv4 and IPv6 addresses, traceroute uses IPv4.
Usage
traceroute [-dFInrvx] [-f first_ttl] [-g gateway][-i iface] [-m max_ttl] [-p port]
[-q queries]
[-s src_addr] [-t tos] [-w waittime] [-z pausemsecs] host

Table 2-5

traceroute Options

Option

Description

-4

Force IPv4 tracerouting.

-6

Force IPv6 tracerouting.

-f

Set the initial time-to-live used in the first outgoing probe packet.

-F

Set the don’t fragment bit.

-d

Enable socket level debugging.

-g

Specify a loose source route gateway (8 maximum).

-i

Specify a network interface to obtain the source IP address for outgoing
probe packets. This is normally only useful on a multi-homed host. (See the
-s flag for another way to do this).

-I

Use ICMP ECHO instead of UDP datagrams.

-m

Set the max time-to-live (max number of hops) used in outgoing probe
packets. The default is 30 hops (the same default used for TCP
connections).

-n

Print hop addresses numerically rather than symbolically and numerically
(saves a nameserver address-to-name lookup for each gateway found on
the path).

Security Management System CLI Reference

17

Table 2-5

traceroute Options

Option

Description

-p

Set the base UDP port number used in probes (default is 33434).
Traceroute hopes that nothing is listening on UDP ports base to base +
nhops - 1 at the destination host (so an ICMP PORT_UNREACHABLE
message will be returned to terminate the route tracing). If something is
listening on a port in the default range, this option can be used to pick an
unused port range.

-r

Bypass the normal routing tables and send directly to a host on an
attached network. If the host is not on a directly-attached network, an error
is returned. This option can be used to ping a local host through an
interface that has no route through it (e.g., after the interface was dropped
by routed).

-s

Use the specified IP address as the source address in outgoing probe
packets. This is usually given as an IP address, not a hostname.
On multi-homed hosts with more than one IP address, this option can force
the source address to be a different IP address than the interface from
which the probe packet is sent. If the IP address is not one of the host’s
interface addresses, an error is returned and nothing is sent.

-t

Set the type-of-service in probe packets to the following value (default
zero). The value must be a decimal integer in the range 0 to 255. This
option can be used to see if different types-of-service result in different
paths. (If you are not running 4.4bsd, this may be academic since the
normal network services like telnet and ftp don’t let you control the TOS).
Not all values of TOS are legal or meaningful - see the IP spec for
definitions. Useful values are probably ‘-t 16’ (low delay) and ‘-t 8’ (high
throughput).

-v

Use Verbose output. Received ICMP packets other than TIME_EXCEEDED
and UNREACHABLE values are listed.

-w

Set the time (in seconds) to wait for a response to a probe (default five
seconds).

-z

Set the time (in seconds) to pause for a response to a probe.

update
This command leads you through upgrading SMS server software:
1.

Acquire the latest upgrade package from the TMC website.

2.

Save it to a local HTTP or FTP server that can be accessed by the SMS server.

3.

Provide the URL to this downloaded file.

After the package is transferred and installed, the update procedure prompts for a reboot.
Usage
update

Aliases
ctl.upgrade-source

users
Lists and manages the SMS user accounts. You can create new users and assign or change passwords,
roles, disable settings, and force password changes.
Usage
users
18

SMS Command Reference

Related Object
pwd

version
Displays the system and component versions.
Usage
version

Related Objects
sw

vi
vi is a text editor that is comparable to Vi. It can be used to edit all kinds of plain text. It is especially useful
for editing programs. While running vi, a lot of help can be obtained from the on-line help system, with the
:help command.
Usage
vi [options] [file ...]

Caveats
/tmp and its contents are the only files and directories that the SuperUser account has permission to
modify. When accessing files you must specify the complete path name (for example: vi
/tmp/FileName.txt). After seven days without modification, files in this directory are removed.
Options
The options may be given in any order, before or after filenames. Options without an argument can be
combined after a single dash.
Table 2-6

vi Options

Options

Descriptions

+[num]

For the first file the cursor will be positioned on line num. If num is
missing, the cursor will be positioned on the last line.

+/{pat}

For the first file the cursor will be positioned on the first occurrence of
{pat}. See “:help search-pattern” for the available search patterns.

-h

Give a bit of help about the command line arguments and options.
After this, Vi exits.

-m

Modifying files is disabled. Resets the write option, so that writing
files is not possible.

-n

No swap file will be used. Recovery after a crash will be impossible.
Handy if you want to edit a file on a very slow medium (e.g. floppy).
Can also be done with :set uc=0.Can be undone with :set uc=200.

-R

Read-only mode. The read-only option will be set. You can still edit
the buffer, but will be prevented from accidently overwriting a file. If
you do want to overwrite a file, add an exclamation mark to the Ex
command, as in :w!. The -R option also implies the -n option (see
below). The read-only option can be reset with :set noro. See :help
‘read-only’.

-r {file}

Recovery mode. The swap file is used to recover a crashed editing
session. The swap file is a file with the same filename as the text file
with .swp appended. See :help recovery.

Security Management System CLI Reference

19

Table 2-6

vi Options

Options

Descriptions

--

Denotes the end of the options. Arguments after this will be handled
as a file name. This can be used to edit a filename that starts with a
dash (-).

--help

Give a help message and exit, just like -h.

--version

Print version information and exit.

See Also
ftp, dir, delete, view

view
Command to view the contents of the directory. Internal help is available by typing a question mark (?).
See Also
delete, dir, ftp, vi

web
HTTP/HTTPS (Hyper-Text Transfer Protocol) management.
Interactively prompts for configuration of web server settings. The HTTP and HTTPS services can be
separately enabled through the web command. Additionally, a single password can be assigned to the
content to limit access to reports, archived data, documentation and client downloads. The user name used
for access is web and the password is assigned with the web command.
The HTTP protocol is not secure and transmits data and passwords in the clear. It is recommended that
HTTP be disabled.
Usage
web

See Also
snmp

who
Displays a list of CLI users, where and when the users originated.
Usage
who

See Also
health.who

20

SMS Command Reference

3

SMS Attributes and Objects
This chapter describes each object and attribute used by the SMS CLI. For more detailed information about
each element, see the individual commands described in ”SMS Command Reference” on page 5.
NOTE:

To use the SMS CLI, you must be logged in with an account that has SuperUser rights.

Attribute Types
The following table describes each type of attribute (attrib) that you can view or edit in the CLI.
Table 3-1

CLI Attribute Types

Type

Definition

Bool

Boolean. Value can be true or false.

String [#]

String. Can have a maximum size of #.

Password

String. Uses asterisk (*) to mask out the value as it is entered.

IPaddr

IP address. Uses dotted notation.

Name [#]

String. Can contain alpha-numeric characters with a maximum size of #.

cli
Collection of CLI-related attribs. The attribs are used to adjust CLI behavior, including the inactivity timeout
value.
Table 3-2

cli Attributes

Attribute
cli.sessionTimeout

Description

Type

Access

Range

Attribute used to control the auto-logout time.
By adjusting the value, you can control the
number of minutes before the CLI will
automatically log out due to inactivity. Set the
value to 0 to disable the timeout function.

Int

read-write 0-3200
0

Example:
set cli.sessionTimeout=30

Security Management System CLI Reference

21

ctl
Collection of system control operations. The attribs contained in ctl can be used to reboot or shutdown the
system, or access the upgrade capability. See ”Remote Paths” on page 2 for more information about
entering path names for attribs that require them.
Table 3-3

ctl Attributes

Attribute

Description

Type

Access

Range

ctl.power-off

Setting the ctl.power-off attrib to the value of
true will cause the system to shutdown and
power-off. To restart the system, it is
necessary to physically press the Power
button on the front panel of the box.

Bool

write-only

0

ctl.reboot

Setting the ctl.reboot attrib to the value of
true will cause the system to reboot. The
operation will be immediate with no
warning given to other users using the client
or the CLI.

Bool

write-only

0

ctl.reboot-needed

Returns the state of the system, indicating
whether there are pending configuration
settings that require a reboot to apply those
changes.

Bool

read-only

ctl.pre-upgrade-cleanup

Performs any system cleanup necessary for
an SMS upgrade. Updates that the upgrade
can occur. This command is also run
automatically when an SMS upgrade is
requested. The upgrade will fail if this
command fails.

Bool

write-only 0

ctl.upgrade-source

Setting the ctl.upgrade-source attrib to a
string representing a URL will cause the
system to retrieve and apply the update
package to the system. Normally, a reboot
will be required for the update to become
effective. The URL can reference the http,
https or ftp protocols.

String write-only 5-128

0

Example:
set ctl.upgrade-source=http://www.
tippingpoint.com/SMS-UPDATE-1.0.pkg
ctl.patch-releasenotes

Used to display the release notes for
currently installed Patch.

String read-only

5-128

String read-only

5-128

NOTE: This attribute is used by the UI to
retrieve release notes and is of little interest
to general cli users.
ctl.patch-restart

Used to display restart flag for currently
installed Patch.
NOTE: This attribute is used by the UI to
retrieve restart flag and is of little interest to
general cli users.

22

SMS Attributes and Objects

Table 3-3

ctl Attributes

Attribute

Description

Type

Access

Range

ctl.patch-rollback

Used to roll back to previous patch version.
Displays true if the currently installed Patch
can be rolled back, else false. If set to the
version of the currently installed Patch, it rolls
it back, to either the previously installed
Patch or no Patch if it was the first Patch
installed.

String read-write 5-128

NOTE: This attribute is used by the UI to
retrieve this value and is of little interest to
general cli users.
ctl.patch-source

Used by the UI for installing Patches. Similar
to set ctl.upgrade-source, this takes
a path or url to the Patch package file, then
validates and installs that Patch.

String write-only 5-128

ctl.previous-patchversion

Used to display the version of the Patch
previous to this, for example the Patch a
rollback would install, or None if there is no
previous Patch.

String read-only

5-128

sw.patch-version

Used to display the version number of the
currently installed Patch, or None if no patch
is installed.

String read-only

5-128

db
Collection of database control operations. The attribs contained in db can be used to backup, restore or
re-initialize the system database. See ”Remote Paths” on page 2 for more information about entering path
names for attribs that require them.
On startup, the sequence performed is (1) if requested, backup the database, (2) if requested, restore the
database, (3) if requested, reinit the database, (4) if needed, migrate the database. Therefore, within a
single restart, a current database can be saved to a remote system, and a new database can replace the
old one. To clear a current value, set the attribute to a period (.).
Related Commands
database

Table 3-4

db Attributes

Attribute

Description

Type

Access

Range

db.attackCount

Displays the number of attack records stored
in the database.

Int

read-only

0

db.backup

Setting the db.backup attrib to yes creates a
local database backup with default options.
This file can be downloaded from the
Exports and Archives link from the SMS
Server home page.

Bool

write-only

db.check

Verifies the integrity of the database.

Bool

read-write

db.clear-export

Deletes files in the export directory.

Bool

read-write

Security Management System CLI Reference

23

Table 3-4

db Attributes

Attribute

Description

Type

Access

db.export-files

Files to be saved and transported to a
remote system can be stored in the export
directory. To transfer the entire contents of
the export directory this attrib must be
provided with the name of a Samba (SMB)
mount point.

String

write-only

Range
4-132

The destination mount point must be
writable by the SMS server. SMB can be
secured by providing an access list on the
server that prevents all machines except for
the SMS server to access it. The export
directory can be cleared by setting the
db.clear-export attrib.
Example:
set db.export-files=server:/export/
directory
db.initTime

The time that the database was
re-initialized.

String

read-only

db.reinit

Setting the db.reinit attrib to true will
schedule the database to be cleared upon
system startup the next time the system is
rebooted.

Bool

read-write

0-32
0

dns
The dns object contains default domain name, DNS search list and DNS server information.
Related Objects
nic, ntp

Table 3-5

dns Attributes

Attribute

Description

Type

Access

dns.domain

Default DNS domain used to resolve
hostnames. If a fully-qualified hostname is
not provided, the domain is appended to
the hostname and the result is passed for
resolution.

Name

read-write

2-64

dns.search

DNS domain search list used to resolve
hostnames. If a fully-qualified hostname is
not provided, each member of the search list
is appended to the hostname and the result
is passed for resolution.

String

read-write

2-128

dns.server1
dns.server2
dns.server3

Attribs used to specify name resolution
servers. The value must be a dotted IP
address, and the first entry (dns.server1) will
be assigned a preferred role.

IPaddr

read-write

To clear this value, use a period (.).

24

SMS Attributes and Objects

Range

7-15

high availability
Collection of system High Availability (HA) attribs. The attribs are used to retrieve HA information.
Table 3-6

HA Attributes

Attribute

Description

Type

Access

ha.status

Attribute returning the status of HA.

String

read-only

String

write-only

Range

The status messages include the following:
• Disabled: High Availability is not
configured.
• Enabled.
• Error: The system could not determine
local status.
• Error: Unable to communicate with peer.
• Error: Peer system state is invalid.
• Error: Configuration out of sync with peer.
• Error: Peer system failure.
• Configured: Synchronization required.
• Configured: Attempting synchronization.
• Configured: Synchronizing.
• Degraded: Peer takeover pending.
• Degraded: Unable to communicate with
peer.
• Degraded: Synchronization required.
• Degraded: Peer system failure.
ha.disable

Attribute that disables HA.

ha.configured

Attribute returning the status of the HA
configuration.

ha.ports-enabled

Attribute returning the status of the HA ports.
By default, HA ports are open. To disable, use
set ha.ports-enable = no.

1-1024

read-only
String

read-write

NOTE: If any of your SMS devices are
currently configured for HA, the HA ports on
those systems cannot be disabled. If the HA
ports are disabled, that SMS can not be used
in an HA configuration.
ha.cluster-info

Attribute returning the detailed status for the
Passive and Active systems in the SMS HA
cluster.

read-only

Security Management System CLI Reference

25

health
Collection of system health-related attribs. The attribs are used to retrieve system health information,
including utilization values, and system uptime statistics.
Table 3-7

health Attributes

Attribute

Description

Type

Access

Range

health.cpu-util

Attribute returning the CPU (Processor)
utilization. 0% represents a near-idle system,
and 100% is fully-utilized.

String

read-only

2-4

health.db-valid

Attribute reporting the status of the database.
If true, then the database is considered valid
and fully operational, if false, the system
should be restarted, and other corrective steps
taken.

String

read-only

1-32

health.diskIo

Disk I/O statistics.

String

read-only

0-128

• blocks-read
• blocks-written
health.disk-util

Attribute returning the disk system utilization.
As disk utilization approaches 100%,
database management operations should be
performed to reduce disk usage.

String

read-only

2-4

health.loadAvg

CPU load statistics.

String

read-only

0-128

String

read-only

0-128

• load-avg-1min
• load-avg-5min
• load-avg-15min
• runnable-processes/total-processes
• current-pid
health.memInfo

Physical memory statistics.
• total
• used
• free
• shared
• buffers
• cached

26

health.mem-util

Attribute returning the memory (RAM)
utilization. 0% represents a near-idle system,
and 100% is fully-utilized.

String

read-only

2-4

health.RAID

Attribute returns the status of the physical disks
in your RAID configuration. Only SMS
platforms that have RAID configured will show
output.

String

read-only

0-128

health.net-valid

Attribute reporting the status of the
communication paths. Checks to see if
network is configured and enabled. If
enabled, checks the status of the gateway,
DNS, and NTP.

SMS Attributes and Objects

read-only

Table 3-7

health Attributes

Attribute

Description

Type

Access

Range

health.port-health

Attribute returning Port Statistics of the SMS.
This information corresponds to the Ports
Statistics table on the Port Health screen (SMS
Health) in the UI with all 12 numbers printed in
a single line. The six numbers are for the
primary port and the second six numbers are
for the secondary port. Each set of numbers
corresponds to the following table headings:

String

read-only

String

read-only

0-128

String

read-only

0-128

• total input bytes
• total output bytes
• total input discards
• total output discards
• total input errors
• total output errors
health.swapInfo

Swap memory statistics.
• total
• used
• free

health.swapIo

Swap I/O statistics.
• blocks-read
• blocks-written

health.sys-valid

Attribute reporting the status of the SMS server
application. If true, then the system is
considered valid and fully operational, if false,
the system should be restarted, and other
corrective steps taken.

String

read-only

1-32

health.temperature

Attribute returning the temperature of the SMS
(in degrees Celsius). This information
corresponds to the SMS Health Statistics table
in the UI.
NOTE: The number is displayed with no
indication for Celsius.

String

read-only

1-3

health.tmc-valid

Attribute reporting the status of the
communication paths to the TMC and each of
the configured devices. The message will
indicate the nature of the problem. Usually, the
problem can be addressed by confirming that
the network settings permit the SMS to
communicate with
https://tmc.tippingpoint.com, available
through the internet. See also diags.

read-only

If the SMS cannot establish a TMC connection,
see error messages in the SMS User Guide.

Security Management System CLI Reference

27

Table 3-7

health Attributes

Attribute

Description

Type

Access

Range

health.uptime

Attribute reporting the amount of time since
the last system boot.

String

read-only

2-56

health.who

Attribute reporting a list of currently logged-in
users. Pipe (|) characters are used in place of
carriage-return characters.

String

read-only

0-1024

kbd
Keyboard related attribute.

WARNING! Do not use this option if you are using a standard QWERTY keyboard. Setting your
keyboard layout to a value with which you are not familiar could render your system inaccessible.
Related Command
kbdcfg

Table 3-8

kbd Attributes

Attribute

Description

Type

Access

Range

kbd.layout

Specifies the console keyboard layout.

String

read-write

0-64

Usage: set kbd.layout=
Example setting: fr for French keyboard
layout.
The default setting is kbd.layout=us

28

SMS Attributes and Objects

The following console keyboard layouts are available:

license
License information for the SMS server. The license is used to control the number of managed devices
supported by the server.
Related Command
key

Table 3-9

license Attributes

Attribute

Description

Type

Access

license.count

Returns the number of devices that the
license key permits for this server.

Int

read-only

license.date

Returns the date that the current license key
was installed.

String

read-only

license.desc

Returns the license key description.

String

read-only

license.key

Sets or returns the current SMS server license
key.

String

license.reset

Resets the current SMS server license key.

read-write

Range
0-1000
0-32
0-64
32

Security Management System CLI Reference

29

logs
Collection of log-related attribs. The attribs are used to manage log files that are used for troubleshooting.
The logs zip file, sms_logs.zip, is managed in the /mgmt/client/tmp directory. This is the standard
location for cli data files and also allows access from the Exports and Archives link on the SMS web page.
Creating a new logs zip file overwrites the old one.
Related Objects
scp

Table 3-10

logs Attributes

Attribute

Description

Type

Access

Range

set logs.create=yes

Creates the logs zip file sms_logs.zip.

Bool

write-only

0

set logs.del=yes

Deletes the zip file.

Bool

write-only

0

set
logs.create-peer=yes

Attribute used to create a compressed file
containing the HA peer SMS log files. This
file can be downloaded from the Exports and
Archives link from the SMS server home
page. Only the latest compressed file are
retained.

String

write-only

0

String

read-only

0-1024

NOTE: This attribute can be used only when
HA has been configured.
get logs.info

If the zip file exists, lists name, size, date and
time of creation.

net
Collection of network-related attribs. The attribs are used to configure the two Ethernet 10/100/1000
interfaces for access to the local network.
Unless identified as a net-only attrib, each attrib listed as net.* below can use the prefix net to specify the
correct Ethernet10/100/1000 interface.
Example
To change the IP address and gateway for the SMS server, you must complete the following:
1.

Change the IP address by entering the command:
set net.ipaddr = smsip4addr
OR
set net.ipaddr6 = smsip6addr

where smsip4addr is the new IPv4 address, smsip6addr is the new IPv6 address.
2.

Change the gateway by entering the command:
set net.gateway = ipv4gateway
OR
set net.gateway6 = ipv6gateway

where ipv4gateway is the IP address of the new gateway, ipv6gateway is the IPv6 address of the new
IPv6 gateway.
3.

Restart the network stack by entering the command:
set net.restart = yes

The system prompts you to confirm that you want to restart the network stack. Your changes are applied
when the network stack is restarted.

30

SMS Attributes and Objects

NOTE: You must issue the set net.restart=yes command when you modify the IP address or gateway using
the set net command. Changes to these attributes do not take effect until you issue this command. A reboot
(reboot command) should be done after you issue the above command.
For information on set net, see ”set” on page 14.
Related Commands
ifconfig, ipconfig, mgmtsettings

Related Objects
dns

Table 3-11

net Attributes

Attribute

Description

Type

Access

Range

net.autoneg

Attribute used to view, and enable/disable
auto-negotiation for the Ethernet
10/100/1000 interface.

Bool

read-write

0

String

read-write

4

IPaddr

read-write

0

IPaddr

read-write

0

Valid values are: yes or no.
net.duplex

Attribute used to view and change the
duplex setting for the Ethernet
10/100/1000 interface.
Valid values are: half or full.

net.gateway

Attribute used to provide the gateway
(default route) value. To clear this value, use
a period (.). Applies only the net object.
The network interface must be restarted
(net.restart) for setting to take effect. See
”Example” on page 30.

net.gateway6

Attribute used to provide the IPv6 gateway
value. To clear this value, use a period (.).
Applies only the net object.
The network interface must be restarted
(net.restart) for setting to take effect. See
”Example” on page 30.

net.hwaddr

Attribute used to return the Hardware /
MAC (Media Access Control) address for
the Ethernet10/100/1000 interface.

String

read-only

17

net.ifc-enable

Attrib used to enable/disable the NIC.
Normally, this should not be done. To
enable the NIC set the value to true, to
disable the value should be set to false.

Bool

read-write

0

net.ipaddr

Attribute used to view and change the IP
address for the Ethernet10/100/1000
interface. To clear this value, use a period
(.). Applies only the net object. The network
interface must be restarted (net.restart) for
setting to take effect. When you employ this
command, the CLI may not reflect the
change with a confirmation message. See
”Example” on page 30.

IPaddr

read-write

0

Security Management System CLI Reference

31

Table 3-11

net Attributes

Attribute

Description

Type

Access

Range

net.ipaddr6

Attribute used to view and change the IPv6
address. To clear this value, use a period
(.). Applies only the net object.

IPaddr

read-write

0

read-write

0

The network interface must be restarted
(net.restart) for setting to take effect. When
you employ this command, the CLI may not
reflect the change with a confirmation
message. See ”Example” on page 30.
NOTE: The IP address uses IPv6 notation.
net.mask

Attribute used to provide the subnet mask
value. To clear this value, use a period (.).

IPaddr

net.mtu

Attribute used to view the MTU (Maximum
Transmission Unit) for the SMS Ethernet
10/100/1000 interface.

Bool

read-only

0

net.ready

Returns "true" if the primary network
interface is configured and ready.

Bool

read-only

0

net.restart

Attribute used restart the
Ethernet10/100/1000 interface with the
current network settings. Set to true to
restart immediately. (false has no effect.)

Bool

write-only

0

String

read-only

0

Bool

read-write

0

Warning: restarting the network interface
may cause connections to be lost, including
SMS client sessions, and remote CLI
sessions. Applies only the net object.
net.scope-link

Attribute used to return the IPv6 Scope Link
address for the
Ethernet 10/100/1000 interface. See ”net”
on page 30 and the associated net.ipaddr6
attribute).
See also ”ifconfig” on page 8 and
”ipconfig” on page 8.

net.autoneg

Attribute used to view, and enable/disable
auto-negotiation for the Ethernet
10/100/1000 interface.
Valid values are: yes or no.

ntp
Collection of NTP (Network Time Protocol) settings used to synchronize the system time with a remote time
server. NTP allows machines within a network to be synchronized on a common time.
Related Objects
svc, snmp

32

SMS Attributes and Objects

Table 3-12

ntp Attributes

Attribute

Description

Type

ntp.server1
ntp.server2
ntp.server3

Attribs used to specify a list of NTP time
servers. The value may be a dotted IP
address or a hostname. The first entry
(ntp.server1) will be assigned the preferred
time server role. The preferred time server is
also used as a step ticker, which adjusts the
time immediately upon system boot.

IPaddr

Access
read-write

Range
0

To clear this value, use a period (.).
ntp.auth-enable

Attrib used to enable/disable the NTP
authentication. It allows the NTP client to
verify that the server is known and trusted
and not an intruder intending to
masquerade as that server. We only
support NTP V3 (symmetric key)
authentication.

Bool

read-write

0

Int

read-write

1-6553
5

String

read-write

1-255

To enable the NTP authentication, set the
value to yes, and a key id and key value
should be provided with the ntp.auth-keyId
and ntp.auth-keyValue attribs.
To disable the value, set it to no.
Example:
set ntp.auth-enable=yes
ntp.auth-keyId

The ID of key which is used to authenticate
NTP server if the NTP authentication is
enabled. The ID has to exist in
/etc/ntp/keys before you set this value.
To clear this value, use a period (.).
Example:
set ntp.auth-keyId=1

ntp.auth-keyValue

The value of key which is used to
authenticate NTP server if the NTP
authentication is enabled. The key has to
exist in /etc/ntp/keys before you set this
value.
To clear this value, use a period (.).
Example:
set ntp.auth-keyValue=test

pkg
Collection of attribs used to control package management.
Related Object
tmc (object)

Security Management System CLI Reference

33

Table 3-13

pkg Attributes

Attribute

Description

Type

Access

Range

auto-download

Attrib used to control whether new
packages available at the TMC are
automatically downloaded. Email will be
generated to notify the administrator of
the action (if configured).

Bool

read-write

0

auto-install

Attrib used to control whether the SMS
database is updated with the newly
downloaded package.

Bool

read-write

0

dv-activate

Attrib used to activate a DV package.

String

write-only

dv-delete

Attrib used to delete a DV package.

String

write-only

dv-import

Attrib used to import a DV package to the
SMS using a URL.

String

write-only

dv-info

Attrib used to list all of the DV packages
installed on the SMS.

String

read-only

auto-distrib

Attrib used to control whether the new
package will be distributed to the
managed devices.

Bool

read-write

0

tmc-poll-rate

Attrib used to control the frequency of the
check for new TMC packages. The SMS
polls the Threat Management Center
(TMC) at regular intervals (factory default
is 30 minutes). Communication is
attempted over TCP port 4043 to the host
tmc.tippingpoint.com. A follow-up request
that pulls the file may be made to another
server using port 443.

Int

read-write

0-9999

The poll rate can be adjusted by
providing the pkg.tmc-poll-rate attrib with
a new value and then rebooting the SMS.
Assigning the attrib the value of '0'
disables polling. (This setting may be
desirable when the SMS is behind a
firewall which prevents outbound
communication with the TMC.)
proxy-tmc

Attrib used to control whether an HTTP
proxy server is used to make TMC
connections.

Bool

read-write

0

tmc-proxy-host

Attrib used to control which proxy server
to use to make TMC connections.

String

read-write

1-128

tmc-proxy-port

Attrib used to control which proxy server
port to use to make TMC connections.

Int

read-write

1-65535

Bool

read-write

0

proxy-tmc-authenticat Attrib used to control whether
e
authentication is required with the HTTP

proxy server.

34

SMS Attributes and Objects

pwd
Collection of password-related attribs. The attribs are used to confirm the SuperUser password and enable
the service mode used by support personnel. For information about managing users including user groups,
passwords, and security levels, see the “Administration” chapter in the SMS User Guide.
Related Command
users

Table 3-14

pwd Attributes

Attribute

Description

Type

Access

pwd.group-adduser

Used to add a user to a user group.

String

write-only

pwd.group-deluser

Used to remove a user from a user group. String

write-only

pwd.group-list

Used to list all groups, or groups with
users.

String

read-only

pwd.level

Attribute used to set the security level for
the password.

Int

read-write

pwd.service-enable

Used to enable/disable the service mode
password for the system.

Bool

read-write

Range

0

To protect customer security, the service
mode is deactivated at the factory. To
enable the service mode account, the
customer must log in with an account that
has SuperUser rights and set this attrib to
yes. After service mode is enabled, a
service professional can log in to the
system with a secret one-time password.
To disable service mode, set the attrib to
no.
To clear this value, use a period (.).
Example:
set pwd.service-enable=false
pwd.user-add

Used to add a user and specify the user’s
default user group. User names must
comply with the rules defined by
pwd.level. You must also specify a user
group in the form of
?usergroup=username.

String

write-only

Example:
set pwd.user-add?superuser=
johnsmith
pwd.user-age

Attribute used to set the maximum age for
a password.

Int

read-write

pwd.user-del

Used to delete a user.

String

write-only

pwd.user-desc

Attribute used to describe the user
account.

String

read-write

pwd.user-email

Attribute used for the user account email
address.

Email

read-write

Security Management System CLI Reference

35

Table 3-14

pwd Attributes

Attribute

Description

Type

Access

pwd.user-expires

Attribute used to enable password
expiration.

Bool

read-write

pwd.user-expiredays

Attribute used to set the amount of days to
check the account for expiration.

String

read-only

pwd.user-force-pwd

Attribute used to force a user to change
their password at next login

Bool

read-write

pwd.user-pager

Attribute used to include the user account
pager number.

String

read-write

pwd.user-phone

Attribute used to include the user account
phone number.

String

read-write

pwd.user-pwd

Attribute used for the user account
password.

String

read-only

pwd.user-state

Attribute for the state for the user ID.

String

read-only

pwd.user-verify

Attribute used to identify the user

String

read-write

pwd.web

Used to assign a password to the
HTTP/HTTPS-accessible content. This
single password allows access to the user
manuals, the client software, reports, and
archived attack data. The default is
pwd.web=yes. To permit unrestricted
access to the web server, set the value to
“no”.

Password

write-only

Range

8-32

radius
Collection of radius-related attribs. The attribs are used to enable and configure RADIUS for the SMS. For
more information on RADIUS, see the “Administration” chapter in the SMS User Guide.
Table 3-15

radius Attributes

Attribute

Description

Type

radius.enable

Attribute used to enable/disable the
RADIUS.

Bool

Access

Range

read-write

Primary RADIUS Server

36

radius1.secret

Attrib used to enter the RADIUS secret set
by the RADIUS server administrator. This
entry is used by each RADIUS client,
including the SMS server.

String

radius1.server

Attrib used to set the IP address of the
RADIUS server.

IPaddr

radius1.port

Attrib used to set the port on the RADIUS
server that listens for authentication
requests

Int

read-write

1-6553
5

radius1.timeout

Attrib used to set the maximum timeout
period in seconds.

Int

read-write

1-300

SMS Attributes and Objects

read-write

read-write

0

Table 3-15

radius Attributes

Attribute

Description

Type

Access

radius1.auth

Attrib to set the authentication method
(PAP, CHAP, MSCHAP, MSCHAP2,
EAPMD5)

String

read-write

read-write

Range

Backup RADIUS Server
radius2.secret

Attrib used to enter the RADIUS secret set
by the RADIUS server administrator. This
entry is used by each RADIUS client,
including the SMS server.

String

radius2.server

Attrib used to set the IP address of the
RADIUS server.

IPaddr

radius2.port

Attrib used to set the port on the RADIUS
server that listens for authentication
requests

Int

read-write

1-6553
5

radius2.timeout

Attrib used to set the maximum timeout
period in seconds.

Int

read-write

1-300

radius2.auth

Attrib to set the authentication method
(PAP, CHAP, MSCHAP, MSCHAP2,
EAPMD5)

String

read-write

read-write

0

route
Collection of network-related attribs. The attribs are used to configure the Ethernet 10/100/1000 interface
for access to the local network.
Usage
route.add
route.add   
route.del   

Related Objects
route6, net

Related Commands
ifconfig, ipconfig, routes

Table 3-16

route Attributes

Attribute

Description

Type

Access

Range

route.add

Attribute used to add a static route to the IP
routing table.

IPaddrs

write only

0

IPaddrs

write only

0

String

read-only

0-1024

Usage: route.add  

route.del

Attribute used to delete a static route from
the IP routing table.
Usage: route.del  


route.info

Attribute used to list all routes in the IP
routing table.

Security Management System CLI Reference

37

route6
Collection of attribs used to add, delete and display IPv6 static routes for the management interface
Usage
route6.add
route6.add  
route6.del  

Related Objects
route, net

Related Commands
ifconfig, ipconfig

Table 3-17

route6 Attributes

Attribute

Description

Type

Access

Range

route6.add

Attribute used to add a static route to the IP
routing table.

IPaddrs

write only

0

IPaddrs

write only

0

String

read-only

0-1024

Usage:

route6.add 

Attribute used to delete a static route from
the IP routing table.

route6.del

Usage:

route6.del  

Attribute used to list all routes in the IP
routing table.

route6.info

smtp
Collection of SMTP (Simple Mail Transfer Protocol) -related attribs. The attribs are used to configure the
smtp service.
Table 3-18

smtp Attributes

Attribute

Description

Type

Access

smtp.send-mail

Sends a mail message from the SMS. Other
SMTP configuration settings are required to
successfully send mail.

String

write-only

smtp.notify-list

List of e-mail addresses used to deliver
notification messages when a notifiable event
occurs. The list should be one or more e-mail
addresses separated by comma or semicolons.

Email

read-write

Range

snmp
Collection of SNMP (Simple Network Management Procotol) related attribs. The attribs are used to
configure the SNMP trap service and SMS SNMPrequest agent. For SNMP requests, see ”snmp-request
Attributes” on page 39. For SNMP traps, see ”snmp-trap Attributes” on page 40.
Related Objects
svc

Related Commands
snmp-request, snmp-trap

38

SMS Attributes and Objects

Table 3-19

snmp-request Attributes

Attribute

Description

Type

Access

snmp.request-auth-key

Attrib used to specify the authentication key
for the SNMP request agent. When enabled,
the SMS responds to the SNMP system
request.

String write-only

Range

Example:
set snmp.request-auth-key=mykey
snmp.request-auth-proto Attrib used to specify the authentication

protocol for the SNMP request agent. When
enabled, the SMS responds to the SNMP
system request.

String read-write

Valid protocol values are: None, MD5, and
SHA.
Example:
set snmp.request-auth-proto=MD5
snmp.request-community

Attrib used to specify the community string for
the SNMP request agent. When enabled, the
SMS responds to the SNMP system request.

String read-write

Example:
set snmp.request-community=public
snmp.request-enable

Attrib used to enable/disable the SMS
SNMP request agent. When enabled, the
SMS responds to SNMP system requests.

Bool

read-write

Example:
set snmp.request-enable=true
snmp.request-engine

Attrib used to specify the engine ID for the
SNMP request agent. When enabled, the
SMS responds to the SNMP system request.

String read-write

Example:
set snmp.request-engine=012345
snmp.request-priv-key

Attrib used to specify the privacy key for the
SNMP request agent. When enabled, the
SMS responds to the SNMP system request.

String write-only

Example:
set snmp.request-priv-key=mykey

Security Management System CLI Reference

39

Table 3-19

snmp-request Attributes

Attribute

Description

snmp.request-priv-proto Attrib used to specify the privacy protocol for

the SNMP request agent. When enabled, the
SMS responds to the SNMP system request.
Valid protocol values are:

Type

Access

Range

String read-write

• None
• AES-128
• AES-192
• AES-256
• DES
• Triple_DES
Example:
set snmp.request-priv-proto=AES-128
snmp.request-user

Attrib used to specify the user name for the
SNMP request agent. When enabled, the
SMS responds to the SNMP system request.

String read-write

Example:
set snmp.request-user=myuser
snmp.request-version

Attrib used to change the version for the
SNMP request agent. When enabled, the
SMS responds to the SNMP system request.
Valid version values are: v2 or v3.

String write-only

Example:
set snmp.request-version=v2

Table 3-20

snmp-trap Attributes

Attribute

Description

Type

Access

snmp.trap-add

Attrib used to add a new SNMP trap
destination. An IP address and SNMP version
uniquely identify a destination. The IP
address must be specified. The SNMP version
is optional and can be specified when
separated by a comma.

String write-only

Examples:
set snmp.trap-add=1.1.1.1
set snmp.trap-add=1.1.1.1,v3
snmp.trap-auth-key

Attrib used to specifiy the authentication
protocol for an SNMP trap destination. The IP
address must be specified. The SNMP version
is optional and can be specified when
separated by a comma.
Examples:
set snmp.trap-auth-key?1.1.1.1=mkey
set snmp.trap-auth-key?1.1.1.1,v3=
mykey

40

SMS Attributes and Objects

String write-only

Range

Table 3-20

snmp-trap Attributes

Attribute

Description

Type

Access

snmp.trap-auth-proto

Attrib used to specifiy the authentication key
for an SNMP trap destination. The IP address
must be specified. The SNMP version is
optional and can be specified when
separated by a comma.

String read-write

Range

Valid protocol values are: None, MD5, and
SHA.
Examples:
set snmp.trap-auth-proto?1.1.1.1=MD5
set snmp.trap-auth-proto?1.1.1.1,v3=
MD5
snmp.trap-community

Attrib used to specifiy the community string
for an SNMP trap destination. The IP address
must be specified. The SNMP version is
optional and can be specified when
separated by a comma.

String read-write

Examples:
set snmp.trap-community?1.1.1.1=
public
set snmp.trap-community?1.1.1.1,v2=
public
snmp.trap-del

Attrib used to remove an SNMP trap
destination. The IP address must be specified.
The SNMP version is optional and can be
specified when separated by a comma.

String write-only

Examples:
set snmp.trap-del=1.1.1.1
set snmp.trap-del=1.1.1.1,v3
snmp.trap-engine

Attrib used to specify the engine ID for an
SNMP trap destination. The IP address must
be specified. The SNMP version is optional
and can be specified when separated by a
comma.

String read-write

Examples:
set snmp.trap-engine?1.1.1.1=012345
set snmp.trap-engine?1.1.1.1,v3=
012345
snmp.trap-info

Attrib used to list the SNMP trap destination

String read-only

Example:
get snmp.trap-info

Security Management System CLI Reference

41

Table 3-20

snmp-trap Attributes

Attribute

Description

Type

Access

snmp.trap-port

Attrib used to specify the port for an SNMP
trap destination. The IP address must be
specified. The SNMP version is optional and
can be specified when separated by a
comma.

Int

read-write

Examples:
set snmp.trap-port?1.1.1.1=162
set snmp.trap-port?1.1.1.1,v2=162
snmp.trap-priv-key

Attrib used to specify the privacy key for an
SNMP trap destination. The IP address must
be specified. The SNMP version is optional
and can be specified when separated by a
comma.

String write-only

Examples:
set snmp.trap-priv-key?1.1.1.1=mkey
set snmp.trap-priv-key?1.1.1.1,v3=
mykey
snmp.trap-priv-proto

Attrib used to specify the privacy protocol for
an SNMP trap destination. The IP address
must be specified. The SNMP version is
optional and can be specified when
separated by a comma. Valid protocol values
are:
• None
• AES-128
• AES-192
• AES-256
• DES
• Triple_DES
Examples:
set snmp.trap-priv-proto?1.1.1.1=
AES-128
set snmp.trap-priv-proto?1.1.1.1,v3=
AES-128

42

SMS Attributes and Objects

String read-write

Range

Table 3-20

snmp-trap Attributes

Attribute

Description

Type

Access

snmp.trap-user

Attrib used to specify the user name for an
SNMP trap destination. The IP address must
be specified. The SNMP version is optional
and can be specified when separated by a
comma.

String read-write

Range

Examples:
set snmp.trap-user?1.1.1.1=testuser
set snmp.trap-user?1.1.1.1,v3=
testuser
snmp.trap-version

Attrib used to change the version for an
SNMP trap destination. The IP address must
be specified. The SNMP version is optional
and can be specified when separated by a
comma. Valid version values are: v2 or v3.

String write-only

Examples:
set snmp.trap-version?1.1.1.1=v3
set snmp.trap-version?1.1.1.1,v2=v3

Security Management System CLI Reference

43

svc
Collection of attribs used to enable various services that execute within the system. While the system
implements an internal firewall to protect against attacks, further security can be implemented by disabling
unneeded services.
Related Commands
ntp, snmp, pwd

Table 3-21

svc Attributes

Attribute

Description

Type

Access

Range

svc.fips-enable

Attribute used to enable/disable SMS FIPS
mode. In this mode, only FIPS 140-2
approved cryptographic algorithms are
used when allowing SSH connections.

Bool

read-write

0

Bool

read-write

0

Bool

read-write

NOTE: FIPS mode cannot be enabled if SSH
has not been enabled. Also, disabling SSH
automatically disables FIPS mode.
Example:
set svc.fips-enable=yes
svc.http-enable

Attribute used to enable/disable the HTTP
(HTTP protocol) service.
The HTTP service is used to download the
SMS client during the installation process
and download other files. The service is
configured to prevent CGI and other active
server processing. Once the client is
downloaded, the service can be disabled
until an updated client is available. HTTP
and HTTPS can be enabled separately.
To enable HTTP, set the svc.http-enable
attrib to true. To disable, set to false.
Example:
set svc.http-enable=true

svc.https-enable

Attribute used to enable/disable the HTTPS
(Secure HTTP protocol) service.

0

The HTTPS service is used to download the
SMS client during the installation process.
The service is configured to prevent CGI
and other active server processing. Once
the client is downloaded, the service can be
disabled until an updated client is available.
To enable HTTPS, set the svc.https-enable
attrib to true. To disable, set to false.
svc.ping-enable

Attribute used to enable/disable incoming
ping support. Responding to pings can be
considered a security weakness for systems.
When disabled, the SMS will not respond to
ICMP Echo Requests.
Example:
set svc.ping-enable=true

44

SMS Attributes and Objects

Bool

read-write

0

Table 3-21

svc Attributes

Attribute

Description

Type

svc.ntp-enable

Attrib used to enable/disable the NTP
(Network Time Protocol) client. The NTP
client can be used to synchronize system
time with a list of remote time servers.

Bool

Access
read-write

Range
0

To enable the NTP client, set the value to
true, and a list of servers should be
provided with the ntp.server1 (...) attribs. To
disable the value should be set to false.
Example:
set svc.ntp-enable=true
svc.snmp-enable

Attribute used to enable/disable the SNMP
(Simple Network Management Protocol)
agent.

Bool

read-write

0

Bool

read-write

0

Bool

read-write

0

The SNMP service provides limited,
read-only management support to a remote
SNMP manager. To enable SNMP, set the
svc.snmp-enable attrib to true. To disable,
set to false. The community name for get
requests can be set with the
snmp.get-community attrib.
Example:
set svc.snmp-enable=true
svc.ssh-enable

Attribute used to enable/disable the SSH
(Secure Shell) service.
The SSH service is used to provide secured,
remote CLI (Command Line Interface) access
to the system. If SSH is disabled, the CLI can
still be accessed by connecting a terminal
or a keyboard/monitor to the chassis. The
SMS server supports SSH protocol version
2.
To enable SSH, set the svc.ssh-enable attrib
to true. To disable, set to false.
Example:
set svc.ssh-enable=true

svc.telnet-enable

Attribute used to enable/disable the Telnet
service.
The Telnet service is used to provide remote
CLI (Command Line Interface) access to the
system. If Telnet is disabled, the CLI can still
be accessed by connecting a terminal or a
keyboard monitor to the chassis, or by using
the SSH service.
To enable Telnet, set the svc.telnet-enable
attrib to true. To disable, set to false.
Example:
set svc.telnet-enable=true

Security Management System CLI Reference

45

sw
Collection of software versioning attribs. The attribs are used to report the system software version, and to
list the software packages and their individual versions.
Table 3-22

sw Attributes

Attribute

Description

Type

Access

sw.components

Returns a list of installed software packages
and their versions.

String

read-only

Attribute returning the system software
version.

String

sw.version

read-only

Range
0-1024
1-32

sys
Collection of system-related attribs. The attribs retain system values, including the system name, location
and contact.
Table 3-23

sys Attributes

Attribute

Description

Type

Access

Range

sys.contact

Attribute holding the system contact.
Normally, this file contains the name and/or
address of the administrator of this system.

String

read-write

0-64

sys.location

Attribute holding the system location.
Normally, this field contains the physical
location of the system.

String

read-write

0-64

sys.model

Attribute returning the model of the SMS.
Provide this model in interactions with
support staff.

String

read-only

1-32

sys.name

Attribute holding the system name. The system
name must be set. It will be used in system
prompts.

Name read-write

1-32

sys.platform

Attribute returning the platform name. Provide
this model number in interactions with
support professionals.

String

read-only

1-32

sys.serialNum

Attribute returning the unique ${PRODUCT}
system serial number. Provide this serial
number in interactions with support
professionals.

String

read-only

20

time
Collection of system time attribs. The attribs are used to configure the local time zone and the current
system time.
See Also
ntp

46

SMS Attributes and Objects

Table 3-24

time Attributes

Attribute

Description

Type

time.dateTime

Displays the current system time in a
readable format.

String

read-only

32

time.setTime

Displays and sets the current system time. The
date and time is specified in the format:
[MMDDhhmm[[CC]YY][.ss]]

String

read-write

32

time.setTimeZone

Displays and sets the current local time zone.
Time zones can be represented in several
forms. For example, US Eastern Time can be
represented as either of the following:

String

read-write

2-48

•
•

Access

Range

EST5EDT
America/Newark

The first format is the preferred format: a
three-letter zone, followed by a time offset
from GMT, and another three-letter zone for
the daylight savings time.
Examples:
set time.setTimeZone=
America/New_York
set time.setTimeZone=CST6CDT

Security Management System CLI Reference

47

48

SMS Attributes and Objects

Source Exif Data:

File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.6
Linearized                      : Yes
Language                        : en
XMP Toolkit                     : Adobe XMP Core 5.2-c001 63.139439, 2010/10/03-12:08:50
Creator Tool                    : FrameMaker 10.0.2
Create Date                     : 2013:10:08 13:29:04Z
Modify Date                     : 2013:10:08 13:30:12-06:00
Metadata Date                   : 2013:10:08 13:30:12-06:00
Format                          : application/pdf
Title                           : HPTippingPoint SMS Command LIne Reference Guide
Creator                         : Technical Publications, HP TippingPoint Technologies
Description                     : SMS Command Line Reference
Producer                        : Acrobat Distiller 9.0.0 (Windows)
Keywords                        : TECHD-0000000348; SMS;  CLI; Command Line Reference
Marked                          : True
Copyright                       : Copyright ? 2012 HP TippingPoint. All rights reserved.
Document ID                     : uuid:f8a3d908-72ce-4a0e-8a17-72e0bd7623e2
Instance ID                     : uuid:4b3d17ed-48ca-4e48-b37d-95a589e6ae1d
Page Mode                       : UseOutlines
Page Count                      : 58
Author                          : Technical Publications, HP TippingPoint Technologies
Subject                         : SMS Command Line Reference

EXIF Metadata provided by EXIF.tools

Hp Tippingpoint Next Generation Firewall Series Cli Reference Guide HPTippingPoint SMS Command LIne

Navigation menu

Versions of this User Manual:

Views

Navigation