ADC CLI Commands

ns-config

The following operations can be performed on “ns-config”:

set ns config

Sets the Citrix ADC IP address and Citrix ADC VLAN. To set other Citrix ADC parameters, use the ‘set ns param’ command. Note: To change the NSIP address or the NSVLAN of an appliance that is part of a cluster, first remove the appliance from the cluster, change the NSIP or the NSVLAN, and then add the appliance back to the cluster.

Synopsis

set ns config [-IPAddress <ip_addr> -netmask ] \[-nsvlan <positive\_integer> -ifnum <interface\_name> ... \[-tagged \( YES | NO )]]

Arguments

IPAddress IP address of the Citrix ADC. Commonly referred to as NSIP address. This parameter is mandatory to bring up the appliance.

netmask Netmask corresponding to the IP address. This parameter is mandatory to bring up the appliance.

nsvlan VLAN (NSVLAN) for the subnet on which the IP address resides. Minimum value: 2 Maximum value: 4094

ifnum Interfaces of the appliances that must be bound to the NSVLAN. Minimum value: 1

tagged Specifies that the interfaces will be added as 802.1q tagged interfaces. Packets sent on these interface on this VLAN will have an additional 4-byte 802.1q tag which identifies the VLAN. To use 802.1q tagging, the switch connected to the appliance’s interfaces must also be configured for tagging.

Possible values: YES, NO Default value: YES

unset ns config

Removes the attributes of the Citrix ADC. Attributes for which a default value is available revert to their default values. Refer to the ‘set ns config’ command for a description of the parameters..Refer to the set ns config command for meanings of the arguments.

Synopsis

unset ns config [-nsvlan] [-IPAddress] [-netmask] [-ifnum] [-tagged]

show ns config

Displays the following details of the Citrix ADC:

  • Citrix ADC IP address and subnet mask
  • Number of mapped IP addresses
  • Identifies the appliance as a standalone appliance, a part of a HA pair, or is a cluster node
  • Current time on the system and timestamp when the appliance was last updated Note: To view the complete configurations that have been executed on the appliance, run the ‘show ns runningConfig’ command.

Synopsis

show ns config

Arguments

Output

IPAddress IP Address of the System.

netmask The netmask corresponding to the IP address.

mappedIP Mapped IP Address of the System.

range The range of Mapped IP addresses to be configured.

nsvlan The VLAN (NSVLAN) for the subnet on which the system IP resides.

ifnum Bind the given ports to the NSVLAN.

tagged Specifies that the interfaces will be added as 802.1q tagged interfaces. Packets sent on these interface on this VLAN will have an additional 4-byte 802.1q tag which identifies the VLAN. To use 802.1q tagging, the switch connected to the appliance’s interfaces must also be configured for tagging.

svmCmd Identifies the source of command. When SVM fires the nitro command, it will set the value of SVMCMD to be 1 and in other cases it will be 0.

httpPort The HTTP ports on the Web server.

maxConn Maximum Number of Connections.

maxReq Maxmimum Number of requests that can be handled.

cip Insertion of client IP address into the HTTP header.

cipHeader The text that will be used as the client IP header.

cookieversion The version of the cookie inserted by system.

secureCookie enable/disable secure flag for persistence cookie

failover Standalone node.

systemType The type of the System. Possible Values: Standalone, HA, Cluster

primaryIP HA Master Node IP address.

primaryIP6 pmtuMin The minimum Path MTU.

pmtuTimeout The timeout value in minutes.

ftpPortRange Port range configured for FTP services.

crPortRange Port range for cache redirection services.

flags The flags for this entry.

timezone Name of the timezone

LastConfigChangedTime Time when the configuration was last modified.

LastConfigSaveTime Time when the configuration was last saved through savensconfig.

currentSytemTime current system time in date format.

systemTime current system time.

grantQuotaMaxClient The percentage of shared quota to be granted at a time for maxClient

exclusiveQuotaMaxClient The percentage of maxClient to be given to PEs

grantQuotaSpillOver The percentage of shared quota to be granted at a time for spillover

exclusiveQuotaSpillOver The percentage of max limit to be given to PEs

nwfwmode Network Firewallmode

ConfigChanged returns True if configuration has changed since last saved config.

clear ns config

Clears the Citrix ADC running configurations based on different levels.

Synopsis

clear ns config [-force] \[-RBAconfig \( YES | NO )]

Arguments

force Configurations will be cleared without prompting for confirmation.

level Types of configurations to be cleared.

  • basic: Clears all configurations except the following:
  • NSIP, default route (gateway), static routes, MIPs, and SNIPs
  • Network settings (DG, VLAN, RHI and DNS settings)
  • Cluster settings
  • HA node definitions
  • Feature and mode settings
  • nsroot password
  • extended: Clears the same configurations as the ‘basic’ option. In addition, it clears the feature and mode settings.
  • full: Clears all configurations except NSIP, default route, and interface settings. Note: When you clear the configurations through the cluster IP address, by specifying the level as ‘full’, the cluster is deleted and all cluster nodes become standalone appliances. The ‘basic’ and ‘extended’ levels are propagated to the cluster nodes.

Possible values: basic, extended, full

RBAconfig RBA configurations and TACACS policies bound to system global will not be cleared if RBA is set to NO.This option is applicable only for BASIC level of clear configuration.Default is YES, which will clear rba configurations.

Possible values: YES, NO Default value: YES

query ns config

Queries NS config

Synopsis

query ns config [-weakpassword -changedpassword] [-config ]

Arguments

weakpassword Option to list all weak passwords (not adhering to strong password requirements). Takes config file as input, if no input specified, running configuration is considered. Command => query ns config -weakpassword / query ns config -weakpassword /nsconfig/ns.conf

changedpassword Option to list all passwords changed which would not work when downgraded to older releases. Takes config file as input, if no input specified, running configuration is considered. Command => query ns config -changedpassword / query ns config -changedpassword /nsconfig/ns.conf

config configuration File to be used to find weak passwords, if not specified, running config is taken as input.

Output

response

Example

query ns config -weakpassword query ns config -changedpassword query ns config -weakpassword -config query ns config -changedpassword -config

save ns config

Save the configurations to the appliances FLASH memory in the /nsconfig/ns.conf file. Backup configuration files are named ns.conf.n. The most recent backup file has the smallest value for n.

Synopsis

save ns config [-all]

Arguments

all Use this option to do saveconfig for all partitions

Output

message

diff ns config

Difference between two configuration

Synopsis

diff ns config [] \[] \[-outtype \( cli | xml )] \[-template] \[-ignoreDeviceSpecific]

Arguments

config1 Location of the configurations.

config2 Location of the configurations.

outtype Format to display the difference in configurations.

Possible values: cli, xml

template File that contains the commands to be compared.

ignoreDeviceSpecific Suppress device specific differences.

Output

response

Example

Generates the differences between two configurations. Note: If no parameters are provided, then the differences between the saved configurations and the running configurations are shown.

ns-config