Manageability Commands

aaa map-to username

To map the SPIFFE ID to a username for secure authentication and authorization mechanism in gRPC services, use the aaa map-to username command in the XR Config mode.

aaa map-to username username spiffe-id any

Syntax Description

username

Specifies the username that needs to be mapped with the SPIFFE ID.

Command Default

By default, the system uses spiffe-user as username.

Command Modes

XR Config mode

Command History

Release

Modification

Release 24.2.11

This command was introduced.

Usage Guidelines

Each SPIFFE ID supports only one username. Also, ensure that the username is already configured in the system.

Task ID

Task ID

Operations

config-services

read, write

Examples

The following example shows how to map the SPIFFE ID to a username in gRPC connection:

Router#configure
Router(config)#aaa map-to username cisco spiffe-id any
Router(config)#commit

iteration

To configure the iteration size for large XML agent responses, use the iteration command in xml agent configuration mode. To revert to the default iteration settings, use the no form of this command.

iteration {off | on size iteration-size}

no iteration

Syntax Description

off

Disables iteration, meaning that the entire XML response is returned, regardless of its size. Use of this option is not recommended.

on

Enables iteration, meaning that large XML responses are broken into chunks according to the iteration chunk size.

size iteration-size

Specifies the size of the iteration chunk, in Kbytes. Values can range from 1 to 100,000.

Command Default

Iteration is enabled; the iteration-size is 48.

Command Modes

XML agent

TTY XML agent

SSL XML agent

Command History

Release Modification
Release 7.0.12

This command was introduced.

Usage Guidelines

When the XML agent returns a large response, it splits the response into chunks and returns one chunk at a time. External clients then need to send a GetNext request to obtain the next chunk. Use the iteration command to control the size of iteration chunks. A larger chunk value allows larger chunks to be received in a shorter period of time, possibly making the router system busier. A smaller chunk value allows smaller chunks to be received over a longer period of time, but does not make the router busy You can also specify to disable iteration completely using the iteration off command.


Note


It is not recommended to disable iteration, since this could result in large transient memory usage.


To specify the TTY or SSL iteration size specifically, use the iteration command from the appropriate command mode.

Task ID

Task ID

Operations

config-services

read, write

Examples

The following example shows how to configure the iteration chunk size to 100 Kbytes.


RP/0/RP0/CPU0:router(config)# xml agent
RP/0/RP0/CPU0:router(config-xml)# iteration on size 100
  

The following example shows how to disable iteration:


RP/0/RP0/CPU0:router(config)# xml agent
RP/0/RP0/CPU0:router(config-xml)# iteration off
  

The following example shows how to turn on iteration with the default iteration size:


RP/0/RP0/CPU0:router(config)# xml agent
RP/0/RP0/CPU0:router(config-xml)# no iteration off
  

The following example shows how to change the iteration size to the default iteration size.


RP/0/RP0/CPU0:router(config)# xml agent
RP/0/RP0/CPU0:router(config-xml)# no iteration on size 100
  

The following example shows how to change the iteration size of the TTY agent to 3 Kbytes:


RP/0/RP0/CPU0:router(config)# xml agent tty
RP/0/RP0/CPU0:router(config-xml-tty)# iteration on size 3
  

The following example shows how to turn off the iteration of the SSL agent:


RP/0/RP0/CPU0:router(config)# xml agent ssl
RP/0/RP0/CPU0:router(config-xml-ssl)# iteration off
  

nvgen default-sanitize

To enable sanitizing Strings, Usernames, Passwords, Comments, or IP Addresses in the output for show running configurations command, use the nvgen default-sanitize command.

nvgen default-sanitize { strings | usernames | passwords | comments | ipaddrs }

Syntax Description

strings

Removes the description strings in the running configuration and replaces it with <removed> phrase.

usernames

Removes the usernames in the running configuration and replaces it with <removed> phrase.

password

Removes the passwords in the running configuration and replaces it with <removed> phrase.

comments

Removes the comments in the running configuration and replaces it with <comments removed> phrase.

ipaddrs

Removes the IP addresses in the running configuration and replaces it with <removed> phrase.

Command Default

The output for show running configurations command includes sensitive information such as Strings, Usernames, Passwords, Comments, or IP Addresses.

Command Modes

Configuration mode

Command History

Release

Modification

Release 7.5.4

This command was introduced.

Usage Guidelines

None

Examples

The following example shows how to sanitize show running configurations:


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# nvgen default-sanitize strings
RP/0/RP0/CPU0:router(config)# nvgen default-sanitize usernames 
RP/0/RP0/CPU0:router(config)# nvgen default-sanitize passwords
RP/0/RP0/CPU0:router(config)# nvgen default-sanitize comments
RP/0/RP0/CPU0:router(config)# nvgen default-sanitize ipaddrs
RP/0/RP0/CPU0:router(config)# commit


show xml schema

To browse the XML schema and data, use the show xml schema command in

EXEC

mode.

show xml schema

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

The show xml schema command runs the XML schema browser so that you can browse the XML schema and data.

Task ID

Task ID

Operations

config-services

read

Examples

This example shows how to enter the XML schema browser and the available commands:


RP/0/RP0/CPU0:router# show xml schema
  
Username: xxxx
Password: 
Enter 'help' or '?' for help
xml-schema[config]:> ?
  
config            oper                action
adminoper         adminaction         cd
pwd               classinfo           list
ls                datalist            walk
walkdata          get                 hierarchy
quit              exit                help
xml-schema[config]:>
    

streaming

To configure XML response streaming, use the streaming command in one of the XML agent configuration modes. To disable XML response streaming, use the no form of this command.

streaming on size size

Syntax Description

on

Turns on XML streaming.

size size

Specifies the size of the stream in Kbytes.

Command Default

XML streaming is disabled.

Command Modes

XML agent

XML agent ssl

XML agent tty

Command History

Release Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

config-services

read, write

Examples

This example illustrates how to set the XML response streaming size to 5000 Kbytes.


RP/0/RP0/CPU0:router# config
RP/0/RP0/CPU0:router(config)# xml agent
RP/0/RP0/CPU0:router(config-xml-agent)# streaming on size 5000
  

throttle

To configure the XML agent processing capabilities, use the throttle command in XML agent configuration mode.

throttle {memory size | process-rate tags}

Syntax Description

memory

Specifies the XML agent memory size.

size

Maximum memory usage of XML agent per session in MB. Values can range from 100 to 600. In IOS XR 64 bit, the values range from 100 to 1024. The default is 300.

process-rate

Specifies the XML agent processing rate.

tags

Number of tags that the XML agent can process per second. Values can range from 1000 to 30000.

Command Default

The process rate is not throttled; memory size is 300 MB.

Command Modes

XML agent configuration

Command History

Release Modification
Release 7.0.12

This command was introduced.

Usage Guidelines

Use the throttle command to control CPU time used by the XML agent when it handles large data.

Task ID

Task ID Operation

config-services

read, write

Examples

This example illustrates how to configure the number of tags that the XML agent can process to 1000:


RP/0/RP0/CPU0:router(config)# xml agent
RP/0/RP0/CPU0:router(config-xml-agent)# throttle process-rate 1000
  

xml agent

To enable Extensible Markup Language (XML) requests over a dedicated TCP connection and enter XML agent configuration mode, use the xml agent command in

global configuration

mode. To disable XML requests over the dedicated TCP connection, use the no form of this command.


Note


This command enables a new, enhanced-performance XML agent. The xml agent tty command enables the legacy XML agent and is supported for backward compatibility.


xml agent

no xml agent

Command Default

XML requests are disabled.

Command Modes

Global configuration

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

There are two XML agents: a legacy XML agent and an enhanced-performance XML agent. We recommend that you use the enhanced-performance agent. The legacy agent is supported for backward compatibility. Use the xml agent command to enable the enhanced-performance XML agent. Use the xml agent tty command to enable the legacy XML agent.

Use the no form of the xml agent command to disable the enhanced-performance XML agent.

Task ID

Task ID

Operations

config-services

read, write

Examples

This example shows how to enable XML requests over a dedicated TCP connection:


RP/0/RP0/CPU0:router(config)# xml agent
         

xml agent ssl

To enable Extensible Markup Language (XML) requests over Secure Socket Layer (SSL) and enter SSL XML agent configuration mode, use the xml agent ssl command in

global configuration

mode. To disable XML requests over SSL, use the no form of this command.

xml agent ssl

no xml agent ssl

Command Default

SSL agent is disabled by default.

Command Modes

Global configuration

Command History

Release Modification
Release 7.0.12

This command was introduced.

Usage Guidelines

The k9sec package is required to use the SSL agent. The configuration is rejected during commit when the security software package is not active on the system. When the security software package is deactivated after configuring SSL agent, the following syslog message is displayed to report that the SSL agent is no longer available.


xml_dedicated_ssl_agent[420]:
%MGBL-XML_TTY-7-SSLINIT : K9sec pie is not active, XML service over
SSL is not available.

Task ID

Task ID

Operations

config-services

read, write

Examples

This example shows how to enable XML requests over SSL:


RP/0/RP0/CPU0:router(config)# xml agent ssl
    

xml agent tty

To enable Extensible Markup Language (XML) requests over Secure Shell (SSH) and Telnet and enter TTY XML agent configuration mode, use the xml agent tty command in

global configuration

mode. To disable XML requests over SSH and Telnet, use the no form of this command.


Note


This command enables a legacy XML agent that has been superceded by an enhanced performance XML agent and is supported only for backward compatibility. To enable the enhanced-performance XML agent, use the xml agent command.


xml agent tty

no xml agent tty

Command Default

XML requests over SSH and Telnet are disabled.

Command Modes

Global configuration

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

There are two XML agents: a legacy XML agent and an enhanced-performance XML agent. We recommend that you use the enhanced-performance agent. The legacy agent is supported for backward compatibility. The xml agent tty command enables the legacy XML agent. Use the xml agent command to enable the enhanced-performance XML agent.

Use the no form of the xml agent tty command to disable the legacy XML agent.

Task ID

Task ID

Operations

config-services

read, write

Examples

This example shows how to enable XML requests over Secure Shell (SSH) and Telnet:


RP/0/RP0/CPU0:router(config)# xml agent tty