System Commands
The Policy Manager command line interface (CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.) includes the following commands:
system reset-server-certificate
system admin-password-reset
Resets the admin password for the Policy Manager WebUI back to the default setting.
system apps-access-reset
Use the Policy Manager.
command to reset the access control restrictions forSyntax
system apps-access-reset
Example
The following example resets the access control restrictions for Policy Manager:
[appadmin]# system apps-access-reset
Policy Manager application access is restored
system boot-image
Use the
command to set system boot image control options.Syntax
system boot-image [-l] [-a <version>]
The following table describes the required and optional parameters for the
command:
Flag/Parameter |
Description |
-l |
Lists the boot images installed on the system. |
-a <version> |
Sets the active boot image version in A.B.C.D syntax. This field is optional. |
Example
The following example sets the system boot image control options:
[appadmin]# system boot-image -l
system cleanup
Use the
command to perform a system cleanup operation that purges the following records:System and application log files
Past authentication records
Audit records
Expired guest accounts
Past auto and manual backups
Stored reports
Syntax
system cleanup <num_days
The following table describes the required parameter for the
command:
Flag/Parameter |
Description |
<num_days> |
This is the cleanup interval that specifies the number of days to retain the data. This field is mandatory. |
Example
The following example performs a system cleanup operation that retains records for four days:
[appadmin]# system cleanup 4
********************************************************
* *
* WARNING: This command will perform system cleanup *
* operation that will result in purging of: *
* [*] system and application log files *
* [*] past authentication records *
* [*] audit records *
* [*] expired guest accounts *
* [*] past auto and manual backups *
* [*] stored reports etc... *
* *
********************************************************
Are you sure you want to continue? [y|n]: y
INFO - Starting system cleanup
INFO - Purging diagnostic dumps
INFO - Detected empty core directory
INFO - Performing system cleanup tasks
INFO - Purging platform logs
INFO - Purging application logs
INFO - Performing database cleanup tasks
INFO - Completed system cleanup
system create-api-client
command create a newSyntax
system create-api-client <Client_ID> <Client_Secret>
Example
The following example creates an APIApplication Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. client and specifies the client ID and client secret:
[appadmin]#system create-api-client Win.139 college52
system export-endpoints-csv
use this command to export endpoints and endpoint profile details to a zip file that can be downloaded from XMLExtensible Markup Language. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. file to export or import a very large number of endpoints, performance is sometimes degraded.
under When using anWhen using an XMLExtensible Markup Language. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. file to export a very large number of endpoints (> 250 K), performance is sometimes degraded or the user interface hangs and out-of-memory error messages are logged. Although exporting CSVComma-Separated Values. A file format that stores tabular data in the plain text format separated by commas. files through the CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. is still supported, users should be aware that importing ZIP files that contain CSVComma-Separated Values. A file format that stores tabular data in the plain text format separated by commas. files of endpoints and endpoint profiles is not currently allowed through either the CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. or the user interface (UIUser Interface.).
system factory-reset
The Policy Manager hardware appliance to factory defaults. This command is available only to the appadmin user on a physical appliance. It is not available on a virtual machine.
command restores a
| The Policy Manager server before running this command. This command is not available on Policy Manager installations hosted on a cloud services platform such as Amazon Web ServicesWeb services allow businesses to share and process data programmatically. Developers who want to provide integrated applications can use the API to programmatically perform actions that would otherwise require manual operation of the user interface. (AWS) or Azure. command is inherently a destructive one as it wipes out data, including any licenses on the current partition and any backups currently stored on the server. Hence, the user should create data backups outside of the target |
The
command essentially consists of two operations:Resets all Policy Manager configurations in the current partition only, including Policy Manager server settings, all ClearPass Guest, Onboard and extensions, Active DirectoryMicrosoft Active Directory. The directory server that stores information about a variety of things, such as organizations, sites, systems, users, shares, and other network objects or components. It also provides authentication and authorization mechanisms, and a framework within which related services can be deployed. domain settings, NTPNetwork Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. settings, hostname, network settings, and date, time, and password settings.
Cleans and resets Policy Manager logs and configuration files, including those for Policy Manager Guest.
When running the Policy Manager cluster:
in aIf the current server is a publisher, running this command will drop it from the cluster. The standby publisher then becomes the publisher.
If the current server is a subscriber node, it will be dropped from the cluster, and will become a stand-alone node.
After successful configuration and reboot, you will be presented with the bootstrap configuration screen, where you will have to reset all the Policy Manager parameters.
Example
The following example restores a Policy Manager hardware appliance to factory defaults:
[appadmin]# system factory-reset
system gen-recovery-key
Use the Policy Manager server.
command to generate the recovery key for theExample
The following example generates the recovery key for the system:
[appadmin]# system gen-recovery-key
Recovery key='04U22FsdGVkX318To8NDW4ayzi6Q17Lz3KA417DW5y+2A2ZvGj41c='
system gen-support-key
The Policy Manager server. With this password, the Support Engineer gains previleged access to the Policy Manager server.
command uses the Support Engineer's email ID and outputs a token. The Support Engineer uses this token to generate a password in anSyntax
system gen-support-key
Example
The following example generates the support key for the system:
[appadmin]#system gen-support-key
system gen-support-key
Support key='01U2FsdGVkX1+/WS9jZKQajERyzXhM8mF6zAKrzxrHvaM='
system install-image
The Policy Manager hardware appliance.
command installs a fresh image of the major product version specified in the second partition of aThis command is available only for the appadmin user on a physical appliance. It is not available on a virtual machine.
| The Policy Manager versions prior to 6.7 as well as versions 6.7 and above. This command is not available on Policy Manager installations hosted on a cloud services platform such as Amazon Web ServicesWeb services allow businesses to share and process data programmatically. Developers who want to provide integrated applications can use the API to programmatically perform actions that would otherwise require manual operation of the user interface. (AWS) or Azure. command is supported for |
After successful execution of the
command, the system will reboot and you will return to the installed image.After successful configuration and reboot, you will be presented with the bootstrap configuration screen, where you will have to reset all the ClearPass parameters.
| Any data present in the second partition prior to the execution of the command will be wiped out. Also, no licensing information from where the command is executed is carried forward. |
You can apply the
command in the following ways:System install-image Method | Description |
---|---|
system install-image http(s)://hostname/<filename> | Installs the Policy Manager image through http or https. |
system install-image user@hostname:/<filename> | Installs the image through SCPSecure Copy Protocol. SCP is a network protocol that supports file transfers between hosts on a network. (Secure Copy Protocol). |
system install-image <filename> | Installs the image imported to the Policy Manager server and available locally (offline install-image). |
Example
[appadmin]#system install-image CPPM-x86_64-6.X.Y.Z-<any-image>.signed.tar
X.Y.Z stands for a specific patch release version.
<any-image> stands for the description of the patch.
signed.tar is common nomenclature for all types of updates.
system morph-vm
Use the VMVirtual Machine. A VM is an emulation of a computer system. VMs are based on computer architectures and provide functionality of a physical computer.) to a production virtual machine. With this command, licenses are still required to be installed after the morph operation is completed.
command to convert an evaluation virtual machine (
| When you use the CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command in Policy Manager 6.7 or later to morph a virtual appliance (VAVirtual Appliance. VA is a pre-configured virtual machine image, ready to run on a hypervisor.) to a larger size, all the licenses are deleted. This issue does not affect configuration data. After the upgrade, contact Aruba's Technical Assistance Center (TACTechnical Assistance Center.) to have the licenses activated again. |
To convert an evaluation virtual machine to a production virtual machine:
1. Determine the type of the appliance to which you want to morph your evaluation virtual machine .
2. Procure the license for the target virtual appliance.
3. Shut down the virtual machine.
4. Determine the required capacity of an additional hard disk and attach it to the target virtual appliance.
5. Adjust the CPUCentral Processing Unit. A CPU is an electronic circuitry in a computer for processing instructions. and Memory settings for the evaluation virtual machine to match the target virtual appliance.
6. Boot the virtual machine.
7. Execute the command. The configuration data from the evaluation virtual machine will migrate to the newly-attached disk. The node will reboot as a virtual machine of the selected appliance model.
8. Log in to the user interface and enter the permanent license. The evaluation virtual machine is now a production virtual machine. The licenses present on the system before running the system morph-vm command will be retained.
Syntax
system morph-vm <C1000V | C2000V | C3000V>
The following table describes the parameters for the
command:Flag/Parameter | Description |
<vm-version> | This is the updated Policy Manager version of the virtual appliances. The following options are available: C1000V C2000V C3000V This field is mandatory. |
Example
The following example converts an evaluation virtual machine to a production C3000V virtual appliance:
[appadmin]# system morph-vm C3000V
system patch-rollback
The appadmin credentials to revert to the most recent installed version of Policy Manager. For example, if a Policy Manager system is at 6.9.1 and cumulative update 6.9.x is applied, Policy Manager can be reverted to 6.9.1 through the command.
command allows a user withThis command can also be used if there is a problem that occurs after the patch update process—for example, if an issue is identified in production that was not identified during testing, resulting in a degradation of capabilities.
| Before using this command to revert command to revert from 6.9.x to 6.9.0, you must first download the from the page and install it (see Software Updates). |
Important Points
When issuing the
command, keep in mind the following points:Patch-rollback is supported only for Policy Manager versions 6.7 and above.
The
command reverts only the most recently installed cumulative patch update within the major version. After the cumulative patch is reverted, the user will be in the patch version that was installed prior to the patch update.
| The command cannot be used after an upgrade to revert to an earlier major version. |
Although you can only roll back to the last version that was installed, if multiple hotfix patches are included within the cumulative patch version you are rolling back from, then you can roll back multiple hotfix patches, one at a time, to a specific hotfix within the current version. To roll back to the previously installed version, you must first roll back each intervening hotfix patch.
As best practice, users should always back up all data before proceeding with an update.
This command can also be used at the cluster level. In this case, Policy Manager server in the cluster to rollback the last applied patch.
must be run individually on each appliance in the cluster within 24 hours after the rollback in order to maintain the cluster status. For patch rollback across a cluster, the appadmin user must go to eachAny custom skins that are installed in the current version are retained after the rollback to the earlier version.
System rollback events are logged in the Event Viewer.
Syntax
system patch-rollback
Example
[appadmin]# system patch-rollback
****************************************************************************************
* WARNING: This command is recommended to be executed from local console unless otherwise instructed by TAC * Execution through SSH console may result in system instability.
*
* WARNING: This command will undo software changes done by the currently installed patch. Configuration
*changes should not be affected by this action.
* As a best practice, please be sure to back-up this system before starting the operation.
*
* Are you sure you want to continue?
*******************************************************************************************
INFO: Preparing for rollback
INFO: 2018022-clearpass-6.8-updates-2 will be rolled back
INFO: This will take a few minutes to complete. Please wait.
INFO: Running pre-rollback scripts
INFO: Executing rollback
INFO: Running post-rollback scripts
INFO: Please reboot now for the changes to take effect.
*******************************************************************************************
For example, if Policy Manager has been installed in the order 6.9.0 > 6.9.1 > 6.9.2, when the appadmin user executes the command, the system would revert to a time just before Policy Manager 6.9.2 was installed.
If, in this example, the installed 6.9.2 patch added an rpm-X, deletes rpm-Y, and updates rpm-Z to rpm-Z+1 version. Then deletes rpm-X, adds rpm-Y, and restores rpm-Z.
Also note that if, for example, a system was at 6.9.0 and cumulative update 6.9.3 is applied, the system can only be reverted to 6.9.0 because that was the last installed version. It cannot be reverted to 6.9.2.
| For more information, refer to the "After You Update: Performing a Patch Rollback" section in the most recent version of the ClearPass 6.9 Release Notes. |
| The command also removes any configuration and database changes that were done as part of post-installation during the patch update. |
system refresh-license
Use the .
command to refresh the license count informationSyntax
system refresh-license
Example
The following example refreshes the license count information:
[appadmin]# system refresh-license
INFO: Refreshing license count information
INFO: Successfully refreshed license count information
system refresh-network
Use the Policy Manager so that they are reflected in the system. This command also enforces network adapter ordering and associates the lower-order MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address to eth0 and the next higher-order MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address to eth1, and so on. Ensure that you have the console session available.
command to refresh the newly added or removed network adapters inThe MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. addresses as a result).
command is useful when you bring up a virtual machine without one or more of the network interface cards (NICs) and you then add them at a later stage. This command is required when you delete NICs and add them back into the system (VMware ESXi may generate newFor the network refresh to take effect, you must reboot the Policy Manager server.
| Using this command may result in loss of network connectivity. |
Syntax
system refresh-network
This command includes no additional parameters
system reset-server-certificate
Use the HTTPHypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. server certificate or RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. /EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication. server certificate or both.
command to reset theAfter executing the command, the Policy Manager services are restarted to reflect the changes.
Syntax
system reset-server-certificate
Example
The following example resets the HTTPHypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands., RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. /EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication. , and RadSec server certificates:
[appadmin]# system reset-server-certificate
******************************************************************
* *
* WARNING: When the command is completed Policy Manager services *
* are restarted to reflect the changes. *
* *
******************************************************************
Continue? [y|n]: y
0: Reset Http and Radius/EAP Server Certificates
1: Reset Radius/EAP Server Certificate
2: Reset Http Server Certificate
3: Reset RadSec Server Certificate
4: Quit
Updating the server certificate...
Updating of server certificate complete
system restart
Use the
command to restart the system.
| Executing this command shuts down all running applications and reboots the system. |
Syntax
system restart
Example
The following example restarts the system with a confirmation before proceeding:
[appadmin]# system restart
system restart
*********************************************************
* WARNING: This command will shut down all applications *
* and reboot the system *
********************************************************
Are you sure you want to continue? [y|Y]: y
system shutdown
Use the Policy Manager server.
command to shut down the current
| Executing this command shuts down all running applications and powers off the system. |
Syntax
[appadmin]# system shutdown
Example
The following example shuts down the system with a confirmation before proceeding:
[appadmin]# system shutdown
********************************************************
* WARNING: This command will shut down all applications *
* and power off the system *
********************************************************
Are you sure you want to continue? [y|Y]: y
system sso-reset
command to reset the Single Sign-On (Syntax
system sso-reset
system start-rasession
command to start a Remote Assistance (Syntax
system start-rasession [duration_hours | duration_mins | contact_id | cppm_server_ip]
The following table describes the parameters for the
command:Parameter | Action/Description |
---|---|
duration_hours | Specify the session duration in hours. You can specify values from 0 to 12. |
duration_mins | Specify the session duration in minutes. You can specify values from 0 to 59. |
contact_id | Enter the username ID part of the Aruba TACTechnical Assistance Center. or Engineering contact. |
cppm_server_ip | Specify the Policy Manager server IP address. |
system status-rasession
Use the
command to view the status of a Remote Assistance session.Syntax
system status-rasession <session_id>
Example
The following example displays the status of a Remote Assistance session 3001:
[appadmin]# system status-rasession 3001
system terminate-rasession
Use the
command to terminate a running Remote Assistance session.Syntax
system terminate-rasession <session_id>
Example
The following example terminates a running RemoteAssist session 3001:
[appadmin]# system terminate-rasession 3001
system update
The
command provides options to manage system patch updates.Syntax
system update [-i [-f] <user@hostname:/<filename> | http://hostname/<filename>>]
system update [-f]
system update [-l]
The following table describes the required and optional parameters for the
command:Flag/Parameter | Description |
-i user@hostname:/<filename> | http://hostname/<filename> | Installs the specified patch on the system. This field is optional. |
-f | Reinstalls the patch in the event of a problem with the initial installation attempt. This field is optional. |
-l | Lists the patches installed on the system. This field is optional. |
Example
The following example of the system update command will reinstall the patch if necessary and list the patches currently installed on the Policy Manager server:
[appadmin]# system update -f -l
system upgrade
The
command upgrades the system. This command provides you with the following system upgrade options:From a Linux server
From a Web server
Performing an offline upgrade
Syntax
system upgrade <session_id>
Syntax
system upgrade user@hostname:/<filepath> [-w] [-l] [-L]
See Example 1: Upgrading from a Linux Server.
system upgrade http://hostname/<filepath> [-w] [-l] [-L]
See Example 2: Upgrading from a Web Server.
system upgrade <filepath> [-w] [-l] [-L]
See Example 3: Performing an Offline Upgrade.
Flag/Parameter | Description |
-w | Restores last (one) week of access tracker records after the upgrade. |
-l | Restores all access tracker records from this version. |
-L | Does not backup or restore access tracker records from this version. |
<filepath> | Enter the filepath using the syntax provided in the two examples below. This field is mandatory. |
| If none of these command options are specified, Access Tracker records are backed up, but they are not restored by default. |
Example 1:
To upgrade the Policy Manager image from a Linux server:
1. Upload the upgrade image to a Linux server.
2. Use the following syntax to upload the upgrade image:
system upgrade user@hostname:/<filepath> [-w] [-l] [-L]
For example:
[appadmin]# system upgrade admin@sun.us.
Example 2:
To upgrade the Policy Manager image from a Web server:
1. Upload the upgrade image to a Web server.
2. Use the following syntax to upload the upgrade image:
system upgrade http://hostname/<filepath> [-w] [-l] [-L]
For example:
[appadmin]# system upgrade http://sun.us.
Example 3: Performing an Offline Upgrade
To perform an offline upgrade:
1.
2. Navigate to the > > Current Release folder > folder.
The
page opens.3. In the section, click the link for the appropriate upgrade.
The upgrade file is uploaded to your local system.
4. Navigate to the Policy Manager page at > > .
5. In the section of the page, click the button.
The
dialog opens.6. Browse to the location of the upgrade file on your system, then click .
The selected upgrade file is uploaded to the Policy Manager.
7. Log in to the Policy Manager command line interface (CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.) with the following user name: appadmin.
8. Initiate the upgrade process by entering the following command:
system upgrade <filepath> [-w] [-l] [-L]
For example:
[appadmin]# system upgrade CPPM-upgradeimage.bin
9. After the upgrade process is complete, restart the machine by issuing the following command in the CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.:
system restart
The Policy Manager restarts and boots up to the most recent version of Policy Manager.
Was this information helpful?
Great! Thanks for the feedback
Sorry about that! How can we improve it? Send your comments and suggestions!