Cisco Unified Communications Operating System Administration Guide

Cisco Unified Communications Operating
System Administration Guide

Release 5.0(4)
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Text Part Number: OL-10062-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn,
and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco
Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel,
EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard,
LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect,
RateMUX, ScriptShare, SlideCast, SMARTnet, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or
its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0601R)
Cisco Unified Communications Operating System Administration Guide

© 2006 Cisco Systems, Inc. All rights reserved.
C O N T E N T S
Preface vii
Purpose vii
Audience vii
Organization vii
Related Documentation viii
Conventions viii
Obtaining Documentation x
Cisco.com x
Product Documentation DVD x
Ordering Documentation x
Documentation Feedback xi
Cisco Product Security Overview xi

Reporting Security Problems in Cisco Products xii
Obtaining Technical Assistance xii

Cisco Technical Support & Documentation Website xii
Submitting a Service Request xiii
Definitions of Service Request Severity xiii
Obtaining Additional Publications and Information xiv
CHAPTER 1 Introduction 1-1
Overview 1-1
Browser Requirements 1-2
Operating System Status and Configuration 1-2
Settings 1-2
Restart Options 1-2
Security Configuration 1-3
Software Upgrades 1-3
Services 1-3
Command Line Interface 1-3

OL-10062-01 iii
Contents
CHAPTER 2 Log Into Cisco Unified Communications Operating System Administration 2-1
Logging Into Cisco Unified Communications Operating System Administration 2-1
Recovering the Administrator Password 2-2
CHAPTER 3 Platform Status and Configuration 3-1
Cluster Nodes 3-1
Hardware Status 3-2
Logs 3-2
Network Status 3-2
Installed Software 3-3
System Status 3-4
CHAPTER 4 Settings 4-1
IP Settings 4-1
Ethernet Settings 4-1
Publisher Settings 4-2
Changing IP Address on a Subsequent Cisco Unified CallManager Node 4-2
NTP Servers 4-3
SMTP Settings 4-3
Time Settings 4-4
CHAPTER 5 System Restart 5-1
Switch Versions and Restart 5-1
Restart Current Version 5-2
Shut Down the System 5-2
CHAPTER 6 Security 6-1
Set Internet Explorer Security Options 6-1
Manage Certificates and Certificate Trust Lists 6-2

Display Certificates 6-2
Download a Certificate or CTL 6-3
Delete and Regenerate a Certificate 6-3
Deleting a Certificate 6-3
Regenerating a Certificate 6-4
Upload a Certificate or Certificate Trust List 6-4
Download a Certificate Signing Request 6-5
Monitor Certificate Expiration Dates 6-5

iv OL-10062-01
Contents
IPSEC Management 6-6

Display or Change an Existing IPSec Policy 6-6
Set Up a New IPSec Policy 6-7
CHAPTER 7 Software Upgrades 7-1
Software Upgrade and Installation 7-1

From Local Source 7-1
From Remote Source 7-3
Dial Plan Installation 7-4
Locale Installation 7-4

Installing Locales 7-5
Locale Files 7-5
Error Messages 7-5
Supported Cisco Unified Communications Products 7-7
Caveats 7-7
Obtaining the Release Notes for the Cisco Unified CallManager Locale Installer 7-8
Uploading TFTP Server Files 7-8
CHAPTER 8 Services 8-1
Ping 8-1
Remote Support 8-2
APPENDIX A Command Line Interface A-1
Overview A-1
Starting a CLI Session A-1
CLI Basics A-2

Completing Commands A-2
Getting Help on Commands A-2
Ending a CLI Session A-3
Cisco IPT Platform CLI Commands A-4
File Commands A-4
Show Commands A-10
Set Commands A-22
Unset Commands A-29
Delete Commands A-29
Utility Commands A-30
Run Commands A-38
INDEX

OL-10062-01 v
Contents

vi OL-10062-01
Preface
Purpose
The Cisco Unified Communications Operating System Administration Guide provides information
about using the Cisco Unified Communications Operating System graphical user interface (GUI) and the
command line interface (CLI) to perform many common system- and network-related tasks.
Audience
The Cisco Unified Communications Operating System Administration Guide provides information for
network administrators who are responsible for managing and supporting the
Cisco Unified CallManager system. Network engineers, system administrators, or telecom engineers use
this guide to learn about, and administer, the operating system features. This guide requires knowledge
of telephony and IP networking technology.
Organization
The following table shows how this guide is organized:
Chapter Description
Introduction This chapter provides an overview of the functions that are available
through the Cisco Unified Communications Operating System.
Log Into Cisco Unified This chapter provides procedures for logging in to the
Communications Operating Cisco Unified Communications Operating System and for recovering a
System Administration lost Administrator password.
Platform Status and This chapter provides procedures for displaying operating system status
Configuration and configuration settings.
Settings This chapter provides procedures for viewing and changing the Ethernet
settings, IP settings, and NTP settings.
System Restart This chapter provides procedures for restarting and shutting down the
system.
Security This chapter provides procedures for certificate management and for
IPSec management.

OL-10062-01 vii
Preface
Related Documentation
Chapter Description
Software Upgrades This chapter provides procedures for installing software upgrades and
for uploading files to the TFTP server.
Services This chapter provides procedures for using the utilities that the
operating system provides, including ping and remote support.
Command Line Interface This appendix provides information on the Command Line Interface,
including available commands, command syntax, and parameters.
Related Documentation
Refer to the following documents for further information about related Cisco IP telephony applications
and products:
• Cisco Unified CallManager Administration Guide and Cisco Unified CallManager System Guide
The Cisco Unified CallManager Administration Guide provides step-by-step instructions for
configuring, maintaining, and administering the Cisco Unified CallManager voice over IP network.
The Cisco Unified CallManager System Guide provides descriptions of the
Cisco Unified CallManager system and its components, configuration checklists, and links to
associated Cisco Unified CallManager Administration Guide procedures.
• Cisco Unified CallManager Features and Services Guide
This document describes how to configure features and services for Cisco Unified CallManager,
including Cisco Music On Hold, Cisco Unified CallManager Extension Mobility, and so on.
• The Cisco Unified CallManager Serviceability System Guide and Cisco Unified CallManager
Serviceability Administration Guide
This document provides descriptions of Cisco Unified CallManager serviceability and remote
serviceability and step-by-step instructions for configuring alarms, traces, and other reporting.
• Disaster Recovery System Administration Guide
This document describes how to configure the backup settings, back up Cisco Unified CallManager
data, and restore the data.
• Cisco Unified CallManager Security Guide
This document provides instructions on how to configure and troubleshoot authentication and
encryption for Cisco Unified CallManager, Cisco Unified IP Phones, SRST references, and
Cisco MGCP gateways
Conventions
This document uses the following conventions:
Convention Description
boldface font Commands and keywords are in boldface.
italic font Arguments for which you supply values are in italics.
[ ] Elements in square brackets are optional.

viii OL-10062-01
Preface
Conventions
Convention Description
{x|y|z} Alternative keywords are grouped in braces and separated by vertical bars.
[x|y|z] Optional alternative keywords are grouped in brackets and separated by
vertical bars.
string A nonquoted set of characters. Do not use quotation marks around the
string or the string will include the quotation marks.
screen font Terminal sessions and information the system displays are in screen font.
boldface screen font Information you must enter is in boldface screen font.
italic screen font Arguments for which you supply values are in italic screen font.
This pointer highlights an important line of text in an example.
^ The symbol ^ represents the key labeled Control—for example, the key
combination ^D in a screen display means hold down the Control key
while you press the D key.
< > Nonprinting characters, such as passwords, are in angle brackets.
Notes use the following conventions:
Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the
publication.
Timesavers use the following conventions:
Timesaver Means the described action saves time. You can save time by performing the action described in the
paragraph.
Tips use the following conventions:
Tip Means the information contains useful tips.
Cautions use the following conventions:
Caution Means reader be careful. In this situation, you might do something that could result in equipment
damage or loss of data.
Warnings use the following conventions:
Warning This warning symbol means danger. You are in a situation that could cause bodily injury. Before you
work on any equipment, you must be aware of the hazards involved with electrical circuitry and
familiar with standard practices for preventing accidents.

OL-10062-01 ix
Preface
Obtaining Documentation
Obtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several
ways to obtain technical assistance and other technical resources. These sections explain how to obtain
technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/tech support
You can access the Cisco website at this URL:
http://www.cisco.com
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
Product Documentation DVD

Cisco documentation and additional literature are available in the Product Documentation DVD
package, which may have shipped with your product. The Product Documentation DVD is updated
regularly and may be more current than printed documentation.
The Product Documentation DVD is a comprehensive library of technical product documentation on
portable media. The DVD enables you to access multiple versions of hardware and software installation,
configuration, and command guides for Cisco products and to view technical documentation in HTML.
With the DVD, you have access to the same documentation that is found on the Cisco website without
being connected to the Internet. Certain products also have.pdf versions of the documentation available.
The Product Documentation DVD is available as a single unit or as a subscription. Registered Cisco.com
users (Cisco direct customers) can order a Product Documentation DVD (product number
DOC-DOCDVD=) from Cisco Marketplace at this URL:
http://www.cisco.com/go/marketplace/
Ordering Documentation
Beginning June 30, 2005, registered Cisco.com users may order Cisco documentation at the Product
Documentation Store in the Cisco Marketplace at this URL:
Nonregistered Cisco.com users can order technical documentation from 8:00 a.m. to 5:00 p.m.
(0800 to 1700) PDT by calling 1 866 463-3487 in the United States and Canada, or elsewhere by
calling 011 408 519-5055. You can also order documentation by e-mail at
tech-doc-store-mkpl@external.cisco.com or by fax at 1 408 519-5001 in the United States and Canada,
or elsewhere at 011 408 519-5001.

x OL-10062-01
Preface
Documentation Feedback
Documentation Feedback
You can rate and provide feedback about Cisco technical documents by completing the online feedback
form that appears with the technical documents on Cisco.com.
You can send comments about Cisco documentation to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your
document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate your comments.
Cisco Product Security Overview

This product contains cryptographic features and is subject to United States and local country laws
governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors
and users are responsible for compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local
laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to export@cisco.com.
Cisco provides a free online Security Vulnerability Policy portal at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
From this site, you can perform these tasks:
• Report security vulnerabilities in Cisco products.
• Obtain assistance with security incidents that involve Cisco products.
• Register to receive security information from Cisco.
A current list of security advisories and notices for Cisco products is available at this URL:
http://www.cisco.com/go/psirt
If you prefer to see advisories and notices as they are updated in real time, you can access a Product
Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL:
http://www.cisco.com/en/US/products/products_psirt_rss_feed.html

OL-10062-01 xi
Preface
Obtaining Technical Assistance
Reporting Security Problems in Cisco Products

Cisco is committed to delivering secure products. We test our products internally before we release
them, and we strive to correct all vulnerabilities quickly. If you think that you might have identified a
vulnerability in a Cisco product, contact PSIRT:
• Emergencies — security-alert@cisco.com
An emergency is either a condition in which a system is under active attack or a condition for which
a severe and urgent security vulnerability should be reported. All other conditions are considered
nonemergencies.
• Nonemergencies — psirt@cisco.com
In an emergency, you can also reach PSIRT by telephone:
• 1 877 228-7302
• 1 408 525-6532
Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product to encrypt any sensitive
information that you send to Cisco. PSIRT can work from encrypted information that is compatible with
PGP versions 2.x through 8.x.
Never use a revoked or an expired encryption key. The correct public key to use in your correspondence
with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page
at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
The link on this page has the current PGP key ID in use.

Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco
Technical Support & Documentation website on Cisco.com features extensive online support resources.
In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC)
engineers provide telephone support. If you do not have a valid Cisco service contract, contact your
reseller.
Cisco Technical Support & Documentation Website

The Cisco Technical Support & Documentation website provides online documents and tools for
troubleshooting and resolving technical issues with Cisco products and technologies. The website is
available 24 hours a day, at this URL:
http://www.cisco.com/techsupport
Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user
ID and password. If you have a valid service contract but do not have a user ID or password, you can
register at this URL:
http://tools.cisco.com/RPF/register/register.do

xii OL-10062-01
Preface
Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting
a web or phone request for service. You can access the CPI tool from the Cisco Technical Support &
Documentation website by clicking the Tools & Resources link under Documentation & Tools. Choose
Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco
Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by
product ID or model name; by tree view; or for certain products, by copying and pasting show command
output. Search results show an illustration of your product with the serial number label location
highlighted. Locate the serial number label on your product and record the information before placing a
service call.
Submitting a Service Request

Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3
and S4 service requests are those in which your network is minimally impaired or for which you require
product information.) After you describe your situation, the TAC Service Request Tool provides
recommended solutions. If your issue is not resolved using the recommended resources, your service
request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:
http://www.cisco.com/techsupport/servicerequest
For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone.
(S1 or S2 service requests are those in which your production network is down or severely degraded.)
Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business
operations running smoothly.
To open a service request by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447
For a complete list of Cisco TAC contacts, go to this URL:
http://www.cisco.com/techsupport/contacts
Definitions of Service Request Severity

To ensure that all service requests are reported in a standard format, Cisco has established severity
definitions.
Severity 1 (S1)—Your network is “down,” or there is a critical impact to your business operations. You
and Cisco will commit all necessary resources around the clock to resolve the situation.
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your
business operation are negatively affected by inadequate performance of Cisco products. You and Cisco
will commit full-time resources during normal business hours to resolve the situation.
Severity 3 (S3)—Operational performance of your network is impaired, but most business operations
remain functional. You and Cisco will commit resources during normal business hours to restore service
to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or
configuration. There is little or no effect on your business operations.

OL-10062-01 xiii
Preface
Obtaining Additional Publications and Information
Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online
and printed sources.
• Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo
merchandise. Visit Cisco Marketplace, the company store, at this URL:
• Cisco Press publishes a wide range of general networking, training and certification titles. Both new
and experienced users will benefit from these publications. For current Cisco Press titles and other
information, go to Cisco Press at this URL:
http://www.ciscopress.com
• Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and
networking investments. Each quarter, Packet delivers coverage of the latest industry trends,
technology breakthroughs, and Cisco products and solutions, as well as network deployment and
troubleshooting tips, configuration examples, customer case studies, certification and training
information, and links to scores of in-depth online resources. You can access Packet magazine at
this URL:
http://www.cisco.com/packet
• iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies
learn how they can use technology to increase revenue, streamline their business, and expand
services. The publication identifies the challenges facing these companies and the technologies to
help solve them, using real-world case studies and business strategies to help readers make sound
technology investment decisions. You can access iQ Magazine at this URL:
http://www.cisco.com/go/iqmagazine
or view the digital edition at this URL:
http://ciscoiq.texterity.com/ciscoiq/sample/
• Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering
professionals involved in designing, developing, and operating public and private internets and
intranets. You can access the Internet Protocol Journal at this URL:
http://www.cisco.com/ipj
• Networking products offered by Cisco Systems, as well as customer support services, can be
obtained at this URL:
http://www.cisco.com/en/US/products/index.html
• Networking Professionals Connection is an interactive website for networking professionals to
share questions, suggestions, and information about networking products and technologies with
Cisco experts and other networking professionals. Join a discussion at this URL:
http://www.cisco.com/discuss/networking
• World-class networking training is available from Cisco. You can view current offerings at
this URL:
http://www.cisco.com/en/US/learning/index.html

xiv OL-10062-01
C H A P T E R 1
Introduction
For Cisco Unified CallManager 5.0(4), you can perform many common system administration functions
through the Cisco Unified Communications Operating System.
This chapter comprises the following topics:
• Overview
• Browser Requirements
• Operating System Status and Configuration
• Restart Options
• Security Configuration
• Software Upgrades
• Services
• Command Line Interface
Overview
Cisco Unified Communications Operating System Administration allows you to configure and manage
the Cisco Unified Communications Operating System by doing these tasks:
• Check software and hardware status.
• Check and update IP addresses.
• Ping other network devices.
• Manage NTP servers.
• Upgrade system software and options.
• Restart the system.
The following sections describe each operating system function in more detail.
OL-10062-01
OL-10062-01 1-1
Chapter 1 Introduction
Browser Requirements
Browser Requirements
You can access Cisco Unified CallManager Administration, Cisco Unified CallManager Serviceability,
and Cisco Unified Communications Administration by using the following browsers:
• Microsoft Internet Explorer version 6.0 or later
• Netscape Navigator version 7.1 or later
Note Cisco does not support or test other browsers, such as Mozilla Firefox.
Operating System Status and Configuration

From the Show menu, you can check the status of various operating system components, including
• Cluster and nodes
• Hardware
• Network
• System
• Installed software and options
Settings
From the Settings menu, you can view and update the following operating system settings:
• Ethernet—Updates the IP addresses and Dynamic Host Configuration Protocol (DHCP) settings that
were entered when the application was installed.
• NTP Server settings—Configures the IP addresses of an external NTP server; add or delete an NTP
server.
• SMTP settings—Configures the SMTP host that the operating system will use for sending e-mail
notifications.
Restart Options
From the Restart menu, you can choose from the following options for restarting or shutting down the
system:
• Switch Versions—Switches the active and inactive disk partitions and restarts the system. You
normally choose this option after the inactive partition has been updated and you want to start
running a newer software version.
• Current Version—Restarts the system without switching partitions.
• Shutdown System—Stops all running software and shuts down the server.

1-2 OL-10062-01
Security Configuration
Security Configuration
The operating system security options enable you to manage security certificates and Secure Internet
Protocol (IPSec). From the Security menu, you can choose the following security options:
• Certificate Management—Manages certificates, Certificate Trust Lists (CTL), and Certificate
Signing Requests (CSR). You can display, upload, download, delete, and regenerate certificates.
Through Certificate Management, you can also monitor the expiration dates of the certificates on
the server.
• IPSEC Management—Displays or updates existing IPSEC policies; sets up new IPSEC policies and
associations.
Software Upgrades
The software upgrade options enable you to upgrade the software version that is running on the operating
system or to install specific software options, including Cisco Unified CallManager Locale Installers,
dial plans, and TFTP server files.
From the Install/Upgrade menu option, you can upgrade system software from either a local disc or a
remote server. The upgraded software gets installed on the inactive partition, and you can then restart
the system and switch partitions, so the system starts running on the newer software version.
Note For Cisco Unified CallManager 5.0(4), you must do all software installations and upgrades by using the
Software Upgrades menu options. The system can upload and process only software that Cisco Systems
approved. You cannot install or use third-party or Windows-based software applications that you may
have been using with a previous version of Cisco Unified CallManager with
Cisco Unified CallManager 5.0(4).
Services
The application provides the following operating system utilities:
• Ping—Checks connectivity with other network devices.
• Remote Support—Sets up an account that Cisco support personnel can use to access the system.
This account automatically expires after the number of days that you specify.
Command Line Interface

The command line interface, which you can access from the console or through a secure shell connection
to the server, provides a subset of the operating system functionality that is available through the
operating system user interface. Keep in mind that the command line interface is designed for system
emergencies and not as a replacement for the user interface.

OL-10062-01 1-3

1-4 OL-10062-01
C H A P T E R 2
Log Into Cisco Unified Communications
Operating System Administration
This chapter describes the procedure for accessing the Cisco Unified Communications Operating
System Administration and also provides procedures for recovering a lost password.
Logging Into Cisco Unified Communications Operating System

Administration
To access Cisco Unified Communications Operating System Administration and log in, follow this
procedure:
Procedure
Step 1 Log in to Cisco Unified CallManager Administration.

Step 2 From the Navigation menu in the upper, right corner of the Cisco Unified CallManager Administration
window, choose Cisco Unified OS Administration and click Go.
The Cisco Unified Communications Operating System Administration Logon window displays.
Note You can also access Cisco Unified Communications Operating System Administration directly
by entering the following URL:
http://server-name/iptplatform.
Step 3 Enter your Administrator username and password.
Note The Administrator username and password get established during installation or created using
the command line interface.
Step 4 Click Submit.

The Cisco Unified Communications Operating System Administration window displays.

Cisco Unified Communications Operating System Administration Guide 2-1
Chapter 2 Log Into Cisco Unified Communications Operating System Administration
Recovering the Administrator Password
Recovering the Administrator Password

If you lose the Administrator password and cannot access the system, use the following procedure to
reset the Administrator password.
Note During this procedure, you will be required to remove and then insert a valid CD or DVD in the disk
drive to prove that you have physical access to the system.
Procedure
Step 1 Log in to the system with the following username and password:
• Username: pwrecovery
• Password: pwreset
The Welcome to admin password reset window displays.
Step 2 Press any key to continue.
Step 3 If you have a CD or DVD in the disk drive, remove it now.
Step 4 Press any key to continue.
The system tests to ensure that you have removed the CD or DVD from the disk drive.
Step 5 Insert a valid CD or DVD into the disk drive.
The system tests to ensure that you have inserted the disk.
Step 6 After the system verifies that you have inserted the disk, you get prompted to enter a new Administrator
password.
Note The system resets the Administrator username to admin. If you want to set up a different
Administrator username and password, use the CLI command set password. For more
information, see Appendix A, “Command Line Interface.”
Step 7 Reenter the new password.

The system checks the new password for strength. If the password does not contain enough different
characters, you get prompted to enter a new password.
Step 8 After the system verifies the strength of the new password, the password gets reset, and you get prompted
to press any key to exit the password reset utility.

2-2 OL-10062-01
C H A P T E R 3
Platform Status and Configuration
This chapter provides information on administering the system and contains the following topics:
• Cluster Nodes
• Hardware Status
• Logs
• Network Status
• Installed Software
• System Status
You can view the status of the operating system, platform hardware, or the network.
Cluster Nodes
To view information on the nodes in the cluster, follow this procedure:
Procedure
Step 1 From the Cisco Unified Communications Operating System Administration window, navigate to
Show>Cluster.
The Cluster Nodes window displays.
Step 2 For a description of the fields on the Cluster Nodes window, see Table 3-1.
Table 3-1 Cluster Nodes Field Descriptions
Field Description
Hostname Displays the complete hostname of the server.
IP Address Displays the IP address of the server.
Alias Displays the alias name of the server, when defined.
Type of Node Indicates whether the server is a publisher node or a subscriber
node.

OL-10062-01 3-1
Chapter 3 Platform Status and Configuration
Hardware Status
Hardware Status
To view the hardware status, follow this procedure:
Procedure
Show>Hardware.
The Platform Hardware status window displays.
Step 2 For descriptions of the fields on the Platform Hardware status window, see Table 3-2.
Table 3-2 Platform Hardware Status Field Descriptions
Field Description
Hardware Platform Displays the model identity of the platform server.
Number of Processors Displays the number of processors in the platform server.
CPU Type Displays the type of processor in the platform server.
Memory Displays the total amount of memory in MBytes.
Detailed Report Displays a detailed summary of the platform hardware.
Logs
To view system logs, you must install the Cisco Unified CallManager Real-Time Monitoring Tool
(RTMT). For more information on installing and using the RTMT, see the Cisco Unified CallManager
Serviceability Administration Guide.
Network Status
The network status information that displays depends on whether Network Fault Tolerance is enabled.
When Network Fault Tolerance is enabled, Ethernet port 1 automatically takes over network
communications if Ethernet port 0 fails. If Network Fault Tolerance is enabled, network status
information displays for the network ports Ethernet 0, Ethernet 1, and Bond 0. If Network Fault
Tolerance is not enabled, status information displays only for Ethernet 0.
To view the network status, follow this procedure:
Procedure
Show>Network.
The Network Settings window displays.

3-2 OL-10062-01
Installed Software
Step 2 See Table 3-5 for descriptions of the fields on the Network Settings window.
Table 3-3 Network Settings Field Descriptions
Field Description
Status Indicates whether the port is Up or Down for
Ethernet ports 0 and 1.
DHCP Indicates whether DHCP is enabled for Ethernet
port 0.
MAC Address Displays the hardware address of the port.
Speed Displays the speed of the connection.
Duplex Displays the duplex mode.
IP Address Shows the IP address of Ethernet port 0 (and
Ethernet port 1 if Network Fault Tolerance (NFT)
is enabled).
IP Mask Shows the IP mask of Ethernet port 0 (and
Ethernet port 1 if NFT is enabled).
Link Detected Indicates whether there is an active link.
Auto Negotiation Indicates whether auto negotiation is active.
MTU Displays the maximum transmission unit.
Queue Length Displays the length of the queue.
Receive Statistics Displays information on received bytes and
packets.
Transmit Statistics Displays information on transmitted bytes and
packets.
Primary DNS Displays the IP address of the primary domain
name server.
Secondary DNS Displays the IP address of the secondary domain
name server.
Domain Displays the domain of the server.
Gateway Displays the IP address of the network gateway on
Ethernet port 0.
Installed Software
To view the software versions and installed software options, follow this procedure:
Procedure
Show>Software.
The Software Packages window displays.

OL-10062-01 3-3
System Status
Step 2 For a description of the fields on the Software Packages window, see Table 3-4.
Table 3-4 Software Packages Field Descriptions
Field Description
Partition Versions Displays the software version that is running on
the active and inactive partitions.
Active Version Installed Software Options Displays the versions of installed software
options, including locales and dial plans, that are
installed on the active version.
Inactive Version Installed Software Options Displays the versions of installed software
options, including locales and dial plans, that are
installed on the inactive version.
System Status
To view the system status, follow this procedure:
Procedure
Show>System.
The System Status window displays.
Step 2 See Table 3-5 on page 3-4 for descriptions of the fields on the Platform Status window.
Table 3-5 Platform Status Field Descriptions
Field Description
Host Name Displays the name of the Cisco MCS host where Cisco Unified
Communications Operating System is installed.
Date/Time Displays the date and time based on the continent and region that were
specified during operating system installation.
Time Zone Displays the time zone that was chosen during installation.
Locale Displays the language that was chosen during operating system
installation.
Product Ver Displays the operating system version.
Platform Ver Displays the platform version.
Uptime Displays system uptime information.
CPU Displays the percentage of CPU capacity that is idle, the percentage that
is running system processes, and the percentage that is running user
processes.

3-4 OL-10062-01
System Status
Table 3-5 Platform Status Field Descriptions
Field Description
Memory Displays information about memory usage, including the amount of total
memory, free memory, and used memory in KBytes.
Disk/active Displays the amount of total, free, and used disk space on the active disk.
Disk/inactive Displays the amount of total, free, and used disk space on the inactive
disk.
Disk/logging Displays the amount of total, free, and disk space that is used for disk
logging.

OL-10062-01 3-5
System Status

3-6 OL-10062-01
C H A P T E R 4
Settings
Use the Settings options to display and change IP settings, host settings, and Network Time Protocol
(NTP) settings.
IP Settings
The IP Settings options allow you to view and change IP and port setting for the Ethernet connection
and, on subsequent nodes, to set the IP address of the publisher.
Ethernet Settings
The IP Settings window indicates whether Dynamic Host Configuration Protocol (DHCP) is active and
also provides the related Ethernet IP addresses, as well as the IP address for the network gateway.
To view or change the IP settings, follow this procedure:
Procedure
Settings>IP>Ethernet.
The Ethernet Settings window displays.
Step 2 To modify the Ethernet settings, enter the new values in the appropriate fields. For a description of the
fields on the Ethernet Settings window, see Table 4-1.
Note If you enable DHCP, then the Port and Gateway setting get disabled and cannot be changed.
Step 3 To preserve your changes, click Save.

OL-10062-01 4-1
Chapter 4 Settings
IP Settings
Table 4-1 Ethernet Settings Fields and Descriptions
Field Description
DHCP Indicates whether DHCP is Enabled or Disabled.
Port Settings IP Address Shows the IP address of the system.
Mask Shows the IP subnet mask address.
Gateway IP Address Shows the IP address of the network gateway.
Publisher Settings
On subsequent or subscriber nodes, you can view or change the IP address of the first node or publisher
for the node.
To view or change the publisher IP settings, follow this procedure:
Procedure
Settings>IP>Publisher.
The Publisher Settings window displays.
Note You can only view and change the publisher IP address on subsequent nodes of the cluster, not
on the publisher itself.
Step 2 Enter the new publisher IP address.

Step 3 Click Save.
Changing IP Address on a Subsequent Cisco Unified CallManager Node

If the IP address of the first Cisco Unified CallManager node gets changed while a subsequent node is
offline, you may not be able to log in to Cisco Unified CallManager Administration on the subsequent
node. If this occurs, follow this procedure:
Step 1 Log in directly to operating system administration on the subsequent node by using the following IP
address:
http://server-name/iptplatform
where server-name specifies the host name or IP address of the subsequent node.
Step 2 Enter your Administrator user name and password and click Submit.
Step 3 Navigate to Settings>IP>Publisher.

4-2 OL-10062-01
Chapter 4 Settings
NTP Servers
Step 4 Enter the new IP address for the publisher and click Save.
Step 5 Restart the subsequent node.
NTP Servers
To add, delete, or modify an external NTP server, follow this procedure:
Note You can only configure the NTP server settings on the first node or publisher.
Procedure
Settings>NTP Servers.
The NTP Server Settings window displays.
Step 2 You can add, delete, or modify an NTP server:
– To delete an NTP server, check the check box in front of the appropriate server and click Delete.
– To add an NTP server, click Add, enter the hostname or IP address, and then click Save.
– To modify an NTP server, click the IP address, modify the hostname or IP address, and then
click Save.
Note Any change you make to the NTP servers can take up to five minutes to complete. Whenever you
make any change to the NTP servers, you must refresh the window to display the correct status.
Step 3 To refresh the NTP Server Settings window and display the correct status, choose Settings>NTP.
Note After deleting, modifying, or adding NTP server, you must restart all the other nodes in the
cluster for the changes to take affect.
SMTP Settings
The SMTP Settings window allows you to view or set the SMTP hostname and indicates whether the
SMTP host is active.
Tip If you want the system to send you e-mail, from the Certificate Expiry Monitor, for example, you must
configure an SMTP host.

OL-10062-01 4-3
Chapter 4 Settings
Time Settings
To access the SMTP settings, follow this procedure:
Procedure
Settings>SMTP.
The SMTP Settings window displays.
Step 2 Enter or modify the SMTP hostname or IP address.
Step 3 Click Save.
Time Settings
To manually configure the time, follow this procedure:
Note Before you can manually configure the server time, you must delete any NTP servers that you have
configured. See NTP Servers for more information.
Procedure
Settings>Time.
Step 2 Enter the date and time for the system.
Step 3 Click Save.

4-4 OL-10062-01
C H A P T E R 5
System Restart
This section provides procedures for using the following restart options:
• Switch Versions and Restart
• Restart Current Version
• Shut Down the System
Switch Versions and Restart

You can use this option both when you are upgrading to a newer software version or when you need to
fall back to an earlier software version. To shut down the system that is running on the active disk
partition and then automatically restart the system using the software version on the inactive partition,
follow this procedure:
Caution This procedure causes the system to restart and become temporarily out of service.
Procedure
Restart>Switch Versions.
The Switch Software Version window displays, which shows the software version on both the active and
inactive partitions.
Step 2 To switch versions and restart, click Switch Version. To stop the operation, click Cancel.
If you click Switch Version, the system restarts, and the partition that is currently inactive becomes
active.

OL-10062-01 5-1
Chapter 5 System Restart
Restart Current Version
Restart Current Version

To restart the system on the current partition without switching versions, follow this procedure:
Caution This procedure causes the system to restart and become temporarily out of service.
Procedure
Restart>Current Version.
The Restart Current Version window displays.
Step 2 To restart the system, click Restart, or to stop the operation, click Cancel.
If you click Restart, the system restarts on the current partition without switching versions.
Shut Down the System

To shut down the system, follow this procedure:
Caution This procedure causes the system to shut down completely.
Procedure
Restart>Shutdown System.
The Shutdown System window displays.
Step 2 To shut down the system, click Shutdown, or to stop the operation, click Cancel.
If you click Shutdown, the system halts all processes and shuts down.

5-2 OL-10062-01
C H A P T E R 6
Security
This chapter describes Certificate Management and IPSec Management and provides procedures for
performing the following tasks:
• Manage Certificates and Certificate Trust Lists
• Display Certificates
• Download a Certificate or CTL
• Delete and Regenerate a Certificate
• Upload a Certificate or Certificate Trust List
• Download a Certificate Signing Request
• Monitor Certificate Expiration Dates
• IPSEC Management
• Display or Change an Existing IPSec Policy
• Set Up a New IPSec Policy
Set Internet Explorer Security Options

To download certificates from the server, ensure your Internet Explorer security settings are configured
as follows:
Procedure
Step 1 Start Internet Explorer.

Step 2 Navigate to Tools>Internet Options.
Step 3 Click the Advanced tab.
Step 4 Scroll down to the Security section on the Advanced tab.
Step 5 If necessary, clear the Do not save encrypted pages to disk check box.
Step 6 Click OK.

OL-10062-01 6-1
Chapter 6 Security
Manage Certificates and Certificate Trust Lists

The Certificate Management menu options allow you to perform the following functions:
• Display certificates
• Upload certificates and Certificate Trust Lists (CTL)
• Download certificates and CTLs
• Delete certificates
• Regenerate certificates
• Download and generate Certificate Signing Requests (CSR)
• Monitor certificate expiration dates
Note To access the Security menu items, you must re-log in to Cisco Unified Communications Operating
System Administration using your Administrator password.
Display Certificates
To display existing certificates, follow this procedure:
Procedure
Step 1 Navigate to Security>Certificate Management>Display Cert.

The Select Certificates or Trust Store window displays.
Step 2 Check the check box for the type of certificate that you want to display: Own Certificates or Trust
Certificates.
The Display Certificates or Trust Units window displays.
Step 3 Check the check box for the certificate type that you want to display.
The Display Certificates or Trust Store window displays.
Step 4 Check the check box for the certificate of trust store that you want to display.
The Details of a Certificate window displays.
Step 5 After you have viewed the certificate details, choose another menu option to close the Details of
Certificate window.

6-2 OL-10062-01
Chapter 6 Security
Download a Certificate or CTL

To download a certificate or CTL from the Cisco Unified Communications Operating System to your
PC, follow this procedure:
Procedure
Step 1 Navigate to Security>Cerificate Management>Download Cert/CTL.

The Select Certificate/CTL/CSR Download windows displays.
Step 2 Check the check box for the appropriate download type: Own Cert, Trust Cert, or CTL file. Click Next.
The Download Certificates or Trust Units window displays.
Step 3 Check the check box for the existing certificate type that you want to download and click Next.
The Display Certificate/CTL/CSR Download window displays.
Step 4 Check the check box for existing certificates that you want to download and click Next.
The Certificate/CTL/CSR Download window displays.
Step 5 Click the Continue link.
A directory listing that shows the certificates that you chose displays.
Step 6 To save the certificate or CTL to your PC, right-click the name of the certificate or CTL and choose Save
As.
Step 7 Enter the location where you want to save the certificate or CTL.
Step 8 Click Save.
Delete and Regenerate a Certificate
Deleting a Certificate
To delete a trusted certificate, follow this procedure:
Caution Deleting a certificate can affect your system operations.
Procedure
Step 1 Navigate to Security>Certificate Management>Delete/Regenerate Cert.

Step 2 Check the Delete Trust Cert check box and click Next.
The Display Certificates or Trust Units For Delete/Regenerate window displays.

OL-10062-01 6-3
Chapter 6 Security
Step 3 Check the check box for the existing certificate type that you want to delete and click Next.
The Delete Certificates or Trust Store window displays.
Step 4 Check the Existing Certificate Name check box for the certificate that you want to delete and click
Delete.
Regenerating a Certificate
To regenerate a certificate, follow this procedure:
Caution Regenerating a certificate can affect your system operations.
Procedure
Step 1 Navigate to Security>Certificate Management>Delete/Regenerate Cert.

The Select Certificates or Trust Store for Deletion window displays.
Step 2 Check the Regenerate Self-Signed Cert check box and click Next.
Step 3 Check the appropriate Existing Certificates Types check box for the certificate that you want to
regenerate, and click Next.
Step 4 Check the appropriate Existing Certificate check box and click Regenerate.
Upload a Certificate or Certificate Trust List

When you save certificates that you obtained from a third-party Certificate Authority (CA) to your PC,
Cisco recommends that you use Notepad to open and save the certificate because this method maintains
the certificate format.
To upload a certificate or CTL to the server, follow this procedure:
Caution Uploading a new certificate or CTL can affect your system operations.
Procedure
Step 1 Navigate to Security>Certificate Management>Delete/Upload Cert/CTL.

The Select Certificate/CTL Upload window displays.
Step 2 Check the existing certificate types check box for the certificate or CTL that you want to upload.
The Select Certificate/CTL Upload window displays.
Step 3 Enter the name of the certificate or CTL that you want to upload or click Browse to browse for the file.
Step 4 To upload the certificate or CTL, click Upload.

6-4 OL-10062-01
Chapter 6 Security
Note The system does not distribute trust certificates to other cluster nodes automatically. If you need
to have the same certificate on more than one node, you must upload the certificate to each node
individually.
Download a Certificate Signing Request

To download a Certificate Signing Request, follow this procedure:
Procedure
Step 1 Navigate to Security>Certificate Management>Download/Generate CSR.

The Select Certificate type for CSR window displays.
Step 2 Check the Existing Certificate Types check box for the CSR that you want to download.
Step 3 Check the Download CSR if any check box.
The Certificate/CTL/CSR Download window displays.
Step 4 Click Continue.
A directory listing shows the certificates that you chose.
Step 5 To save the CSR to your PC, right-click the name of the certificate or CTL and choose Save As.
Step 6 Enter the location where you want to save the certificate or CTL.
Step 7 Click Save.
Monitor Certificate Expiration Dates

The system can automatically send you an e-mail when a certificate is close to its expiration date. To
view and configure the Certificate Expiration Monitor, follow this procedure:
Procedure
Step 1 To view the current Certificate Expiration Monitor configuration, navigate to Security>Certificate
Management>Cert Expiry Monitor>Display Config.
The Show Cert Expiry Monitoring Config window, which shows a summary of the current configuration
information, displays.
Step 2 To configure the Certificate Expiration Monitor, navigate to Security>Certificate Management>Cert
Expiry Monitor>Change Config.
The Change Cert Expiry Monitoring Config window displays.
Step 3 Enter the required configuration information. See Table 6-1 for a description of the Certificate
Expiration Monitor fields.

OL-10062-01 6-5
Chapter 6 Security
IPSEC Management
Step 4 To save your changes, click Submit.
Table 6-1 Certificate Expiration Monitor Field Descriptions
Field Description
Notification/Alert Start Time Enter the number of days before the certificate
expires that you want to be notified.
Initial Frequency of Notification Enter the frequency for notification, either in
hours or days.
Click on the right to Enable/Disable To turn on e-mail notification, click Enable.
Email IDs entered for Notification Enter the e-mail address to which you want
notifications sent.
Note For the system to send notifications, you
must configure an SMTP host.
IPSEC Management
The IPSec menu options allow you to perform the following functions:
• Display or change an existing IPSec policy
• Set up a new IPSec policy
Note IPSec does not get automatically set up between nodes in the cluster during installation.
Display or Change an Existing IPSec Policy

To display or change an existing IPSec policy, follow this procedure:
Note Because any changes that you make to an IPSec policy during a system upgrade will get lost, do not
modify or create IPSec policies during an upgrade.
Caution IPSec, especially with encryption, will affect the performance of you system.
Procedure
Step 1 Navigate to Security>IPSEC Management>Display/Change IPSEC.
Note To access the Security menu items, you must re-log in to Cisco Unified Communications
Operating System Administration using your Administrator password.
The Display IPSEC Policy window displays.

6-6 OL-10062-01
Chapter 6 Security
IPSEC Management
Step 2 Check the appropriate Existing Policy check box, and click Next.
Step 3 Perform one of the following actions:
– To view an IPSec policy, click the Display Detail link.
– To delete an IPSec policy, click Delete.
– To activate an IPSec policy, click Enable.
– To deactivate an IPSec policy, click Disable.
Caution Any changes that you make to the existing IPSec policies can impact your normal system operations.
Step 4 If you click the Display Detail link, the Association Details window displays. For an explanation of the
fields in this window, see Table 6-2.
Set Up a New IPSec Policy

To set up a new IPSec policy and association, follow this procedure:
Note Because any changes you make to an IPSec policy during a system upgrade will get lost, do not modify
or create IPSec policies during an upgrade.
Caution IPSec, especially with encryption, will affect the performance of you system.
Procedure
Step 1 Navigate to Security > IPSEC Management > Setup New IPSEC.
The Setup Select window displays.
Step 2 Check the Certificate or Pre-Shared Key check box.
– If you check Certificate, check Same Type or Different Type node.
– If you check Pre-Shared Key, enter the key name.
Step 3 Click Next.
The Setup IPSEC Policy and Association window displays.
Step 4 Enter the appropriate information on the Setup IPSEC Policy and Association window. For a description
of the fields on this window, see Table 6-2.
Step 5 To set up the new IPSec policy, click Submit.

OL-10062-01 6-7
Chapter 6 Security
IPSEC Management
Table 6-2 IPSEC Policy and Association Field Descriptions
Field Description
Policy Name Specifies the name of the IPSec policy.
Dest. Address Type Specifies the Destination Address Type:
• IP—Dotted IP address of the destination
• FQDN—Fully qualified domain name of the destination
Source Address Type Specifies the Source Address Type:
• IP—Dotted IP address of the source
• FQDN—Fully qualified domain name of the source
Tunnel/Transport Specifies tunnel or transport.
Protocol Specifies the specific protocol, or Any:
• TCP
• UDP
• Any
Dest. Port Specifies the port number to use at the destination.
Phase 1 Life Time in Seconds Specifies the lifetime for phase 1, IKE negotiation, in seconds.
Hash Algorithm Specifies the hash algorithm:
• SHA1—Hash algorithm that is used in phase 1 IKE
negotiation
• MD5—Hash algorithm that is used in phase 1 IKE
negotiation
Phase 2 Life Time in Seconds Specifies the lifetime for phase 2, IKE negotiation, in seconds.
AH Algorithm Specifies the AH algorithm:
• HMAC_MD5—Authentication algorithm that is used to
authenticate IP packets
• HMAC_SHA1—Authentication algorithm that is used to
authenticate IP packets
Assoc. Name Specifies the association name that is given to each IPSec
association.
Dest. Address Specifies the IP address or FQDN of the destination.
Source Address Specifies the IP address or FQDN of the source.
Remote Port Specifies the port number at the destination.
Source Port Specifies the port number at the source.
Encryption Algorithm From the drop-down list, choose the encryption algorithm.
Choices include:
• DES
• 3DES
Phase 1 DH Value From the drop-down list, choose the phase 1 DH value. Choices
include: 2, 1, 5, 14, 16, 17, and 18.

6-8 OL-10062-01
Chapter 6 Security
IPSEC Management
Table 6-2 IPSEC Policy and Association Field Descriptions (continued)
Field Description
ESP Algorithm From the drop-down list, choose the ESP algorithm. Choices
include:
• NULL_ENC
• DES
• 3DES
• BLOWFISH
• RIJNDAEL
Phase 2 DH Value From the drop-down list, choose the phase 2 DH value. Choices
include: 2, 1, 5, 14, 16, 17, and 18.

OL-10062-01 6-9
Chapter 6 Security
IPSEC Management

6-10 OL-10062-01
C H A P T E R 7
Software Upgrades
You can use the Software Upgrades options to perform the following types of installations and upgrades:
• Install/Upgrade—Use this option to upgrade the application software, install
Cisco Unified CallManager Locale Installers and dial plans, and upload and install device packs,
phone firmware loads, and other COP files.
• Upload TFTP Server Files—Use this option to upload various device files for use by the phones to
the TFTP server. The TFTP server files that you can upload include custom phone rings, callback
tones, and phone backgrounds.
Software Upgrade and Installation

The Software Upgrade windows enable you to upgrade the Cisco Unified Communications Operating
System software from either a local or a remote source.
The software upgrade process also enables you to back out of an upgrade if problems occur. You install
the software for the upgrade on the system inactive partition and perform a restart to switch the system
to the newer version of the software. During this process, the upgraded software becomes the active
partition, and your current software becomes the inactive partition. Your configuration information
migrates automatically to the upgraded version in the active partition.
If for any reason you decide to back out of the upgrade, you can restart the system to the inactive partition
that contains the older version of the software. However, any configuration changes that you made since
upgrading the software will be lost.
Starting with Cisco Unified CallManager version 5.0(4), CAPF uses the Certificate Manager
Infrastructure to manage its certificates and keys. Because of this, when you upgrade to version 5.0(4),
CAPF keys and certificates are automatically regenerated. You must then rerunning the CTL Client
application to upgrade the CTL file. For information on using CAPF with
Cisco Unified CallManager 5.0(4), refer to the Cisco Unified CallManager Security Guide.
From Local Source

You can install software from a CD or DVD that is located in the local disc drive and then start the
upgrade process.
Note Be sure to back up your system data before starting the software upgrade process. For more information,
see the Disaster Recovery System Administration Guide.

OL-10062-01 7-1
Chapter 7 Software Upgrades
To install or upgrade software from a CD or DVD, follow this procedure:
Procedure
Step 1 Download the appropriate upgrade file from Cisco.com.
Note Do not unzip or untar the file. If you do, the system may not be able to read the upgrade files.
Step 2 Copy the upgrade file to a writeble CD or DVD.

Step 3 Insert the new CD or DVD into the disc drive on the local server that is to be upgraded.
Note Because of their size, some upgrade files may not fit on a CD and will require a DVD.
Step 4 Choose Software Upgrades>Install/Upgrade.

Step 5 For the software location source, choose DVD/CD.
Step 6 If you burned the patch file to a subdirectory on the CD or DVD, enter the path in the Directory field.
Step 7 To continue the upgrade process, click Next.
Step 8 Choose the upgrade version that you want to install and click Next.
Step 9 In the next window, monitor the progress of the download, which includes the filename and the number
of megabytes that are getting transferred.
When the download completes, the Checksum window displays.
Step 10 Verify the checksum value against the checksum for the file you that downloaded that is shown on
Cisco.com.
Caution The two checksum values must match to ensure the authenticity and integrity of the upgrade file. If the
checksum values do not match, download a fresh version of the file from Cisco.com and try the upgrade
again.
Step 11 After determining that the cheksums match, click Next to proceed with the software upgrade.
A Warning window displays the current and upgrade software versions.
Step 12 To continue with the software upgrade, click Next.
The Post Installation Options window displays.
Step 13 Choose whether you want the system to automatically reboot to the upgraded partition after installing
the upgrade software:
– To install the upgrade and automatically reboot to the upgraded partition, choose Reboot to
upgraded partition.
– To install the upgrade and then manually reboot to the upgraded partition at a later time, choose
Do not reboot after upgrade.
Step 14 Click Upgrade.
The Upgrade Status windows displays and displays the Upgrade log.
Step 15 When the installation completes, click Finish.

7-2 OL-10062-01
Step 16 To restart the system and activate the upgrade, choose Restart>Switch Versions.
The Switch Software Version window displays.
Step 17 To switch software versions and restart the system, click Switch Versions.
The system restarts running the upgraded software.
From Remote Source

To install software from a network drive or remote server, use the following procedure.
Note Be sure to back up your system data before starting the software upgrade process. For more information,
see the Disaster Recovery System Administration Guide.
Procedure
Step 1 Navigate to Software Upgrades>Install.

Step 2 For the Software Location Source, choose Remote File System.
Step 3 Enter the directory name for the software upgrade, if required.
If the upgrade file is located on a Linux or Unix server, you must enter a forward slash at the beginning
of the directory path you want to specify. For example, if the upgrade file is in the patches directory, you
must enter /patches. If the upgrade file is located on a Windows server, check with your system
administrator for the correct directory path.
Step 4 Enter the required upgrade information as described in the following table:
Field Description
Remote Server Host name or IP address of the remote server from which software will
be downloaded.
Remote User Name of a user who is configured on the remote server.
Remote Password Password that is configured for this user on the remote server.
Download Protocol Choose sftp or ftp.
Note You must choose Remote File System to enable the remote server configuration fields.
Step 5 Click Next.

The system checks for available upgrades.
Step 6 Choose the upgrade or option that you want to install and click Next.
Step 7 In the next window, monitor the progress of the download, which includes the filename and the number
of megabytes that are getting transferred.
When the download completes, the Checksum window displays.
Step 8 Verify the checksum value against the checksum for the file that you downloaded that was shown on
Cisco.com.

OL-10062-01 7-3
Dial Plan Installation
Caution The two checksum values must match to ensure the authenticity and integrity of the upgrade file. If the
checksum values do not match, download a fresh version of the file from Cisco.com and try the upgrade
again.
Step 9 After determining that the cheksums match, click Next to proceed with the software upgrade.
A Warning window displays the current and upgrade software versions.
Step 10 To continue with the software upgrade, click Next.
The Post Installation Options window displays.
Step 11 Choose whether you want the system to automatically reboot to the upgraded partition after installing
the upgrade software:
– To install the upgrade and automatically reboot to the upgraded partition, choose Reboot to
upgraded partition.
– To install the upgrade and then manually reboot to the upgraded partition at a later time, choose
Do not reboot after upgrade.
Step 12 Click Upgrade.
The Upgrade Status window, which shows the Upgrade log, displays.
Step 13 When the installation completes, click Finish.
Step 14 To restart the system and activate the upgrade, choose Restart>Switch Versions.
The system restarts running the upgraded software.
Dial Plan Installation

You can install dial plan files from either a local or a remote source by using the same process that is
described earlier in this chapter for installing software upgrades. See Software Upgrade and Installation
for more information about this process.
After the dial plan files are installed on the system, log in to Cisco Unified CallManager Administration
and then navigate to Call Routing>Dial Plan Installer to complete installing the dial plans.
Locale Installation
Cisco provides locale-specific versions of the Cisco Unified CallManager Locale Installer on
www.cisco.com. Installed by the system administrator, the locale installer allows the user to view/receive
the chosen translated text or tones, if applicable, when a user works with supported interfaces.
User Locales
User locale files provide translated text and voice prompts, if available, for phone displays, user
applications, and user web pages in the locale that the user chooses. User-only locale installers exist on
the web.

7-4 OL-10062-01
Locale Installation
Network Locales
Network locale files provide country-specific phone tones and gateway tones, if available. Network-only
locale installers exist on the web.
Cisco may combine multiple network locales in a single locale installer.
Note The Cisco Media Convergence Server (MCS) or Cisco-approved, customer-provided server can support
multiple locales. Installing multiple locale installers ensures that the user can choose from a multitude
of locales.
Changes do not take effect until you reboot every server in the cluster. Cisco strongly recommends that
you do not reboot the servers until you have installed all locales on all servers in the cluster. Minimize
call-processing interruptions by rebooting the servers after regular business hours.
Installing Locales
You can install locale files from either a local or a remote source by using the same process that is
described earlier in this chapter for installing software upgrades. See Software Upgrade and Installation
for more information about this process.
Note To activate the newly installed locales, you must restart the server.
See Locale Files for information on the locale files that you must install. You can install more than one
locale before you restart the server.
Locale Files
When installing locales, you must install both the following files:
• User Locale files—Contain language information for a specific language and country and use the
following convention:
cm-locale-language-country-version.cop
• Combined Network Locale file—Contains country-specific files for all countries for various
network items, including phone tones, annunciators, and gateway tones. The combined network
locale file uses the following naming convention:
cm-locale-combinednetworklocale-version.cop
Error Messages
See Table 7-1 for a description of the error messages that can occur during Locale Installer activation.
If an error occurs, you can view the error messages in the installation log.

OL-10062-01 7-5
Locale Installation
Table 7-1 Locale Installer Error Messages and Descriptions
Message Description
[LOCALE] File not found: This error occurs when the system cannot locate
<language>_<country>_user_locale.csv, the user the CSV file, which contains user locale
locale has not been added to the database. information to add to the database. This indicates
an error with the build process.
[LOCALE] File not found: This error occurs when the system cannot locate
<country>_network_locale.csv, the network the CSV file, which contains network locale
locale has not been added to the database. information to add to the database This indicates
an error with the build process.
[LOCALE] CallManager CSV file installer A Cisco Unified CallManager application called
installdb is not present or not executable installdb must be present; it reads information that
is contained in a CSV file and applies it correctly
to the Cisco Unified CallManager database. If
this application is not found, it either was not
installed with Cisco Unified CallManager (very
unlikely), has been deleted (more likely), or the
server does not have Cisco Unified CallManager
installed (most likely). Installation of the locale
will terminate because locales will not work
without the correct records that are held in the
database.
[LOCALE] Could not create These errors could occur when the system fails to
/usr/local/cm/application_locale/cmservices/ipm create a checksum file, caused by an absent Java
a/com/cisco/ipma/client/locales/maDialogs_<ll> executable,
_<CC>.properties.Checksum. /usr/local/thirdparty/java/j2sdk/jre/bin/java, an
[LOCALE] Could not create absent or damaged Java archive file,
/usr/local/cm/application_locale/cmservices/ipm /usr/local/cm/jar/cmutil.jar, or absent or damaged
a/com/cisco/ipma/client/locales/maMessages_<ll Java class, com.cisco.ccm.util.Zipper. Even if
>_<CC>.properties.Checksum. these errors occur, the locale will continue to
work correctly, with the exception of
[LOCALE] Could not create Unified CM Assistant, which cannot detect a
/usr/local/cm/application_locale/cmservices/ipm change in localized Unified CM Assistant files.
a/com/cisco/ipma/client/locales/maGlobalUI_<ll
>_<CC>.properties.Checksum.
[LOCALE] Could not create
/usr/local/cm/application_locale/cmservices/ipm
a/LocaleMasterVersion.txt.Checksum.
[LOCALE] Could not find This error occurs when the file has not been found
/usr/local/cm/application_locale/cmservices/ipm in the correct location, which is most likely due to
a/LocaleMasterVersion.txt in order to update an error in the build process.
Unified CM Assistant locale information.
[LOCALE] Addition of <RPM-file-name> to the This error occurs because of the collective result
Cisco Unified CallManager database has failed! of any failure that occurs when a locale is being
installed; it indicates a terminal condition.

7-6 OL-10062-01
Locale Installation
Supported Cisco Unified Communications Products

For a list of products that Cisco Unified CallManager Locale Installers support, see the Cisco IP
Telephony Locale Installer for Cisco CallManager 5.0, which is available at this URL:
http://www.cisco.com/cgi-bin/tablebuild.pl/callmgr-locale-50
Caveats
See the following caveats and refer to the latest version of the Cisco Unified CallManager release notes
for caveats that are specific to the Cisco Unified CallManager Locale Installer.
English_United_States phrases and voice prompts display after the installation completes.
This situation causes no problems in your cluster. You may not have the latest locale installer that is
available on the web. Furthermore, Cisco may choose to update the Cisco Unified CallManager database
and not immediately update the Cisco Unified CallManager Locale Installer.
Attempt to install the locale installer on all servers again. If English_United_States phrases or voice
prompts display, wait until an updated version of the locale installer displays on the web. Download and
install the updated version of the locale installer.
Note Unified CM Auto-Register Phone Tool voice prompts and Cisco Non-IOS gateway network tones do not
fall back to English_United_States.
Cisco Unified CallManager only supports the English character set in the User area of Cisco Unified CallManager
Administration.
After you download the locale installer, you can display field names in the User area of
Cisco Unified CallManager Administration in your chosen language. However,
Cisco Unified CallManager only supports the English character set, also known as ISO-Latin1 or
ISO-8859-1, in the fields and in all user accounts and passwords that are needed to access these windows.
If a user enters data that is not in the English character set, a dialog box displays and states that the user
must enter data from the English character set.
You can choose different phone and gateway tones for the system.
If you choose to use different network locales, make sure that you choose a network locale in the
parameters or the device pool that is supported by all gateway and phone device types that use the locale
installer.
A new locale installer exists.

You can install the new locale installer with any version of Cisco CallManager Release 3.3 or later,
unless otherwise indicated in this document, the Cisco Unified CallManager release notes, or the
Cisco Unified CallManager Compatibility Matrix.
Be aware that all phrases may not display in the desired locale.
You cannot uninstall a locale or the Cisco Unified CallManager Locale Installer.
No option exists to modify, repair, or remove the locale or the locale installer. Running the locale
installer multiple times results in a reinstallation of the locale, as if it is not already installed on the
server.

OL-10062-01 7-7
Uploading TFTP Server Files
You must reinstall the locale installer after you perform restoration procedures.
The Cisco Unified Communications Applications Server Restore Utility does not restore the locale
installer.
Cisco does not support the localization of speed dials or the Personal Address Book on the Cisco Unified IP Phone.
Speed Dial and Personal Address Book text displays in English only.
Obtaining the Release Notes for the Cisco Unified CallManager Locale Installer
To obtain the release notes for the Cisco Unified CallManager Locale Installer, click the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/voice/c_callmg/locinst/index.htm
Uploading TFTP Server Files

You can use the Upload TFTP Server File option to upload various files for use by the phones to the
server. Files that you can upload include custom phone rings, callback tones, and backgrounds. This
option uploads files only to the specific server to which you connected, and other nodes in the cluster do
not get upgraded.
Files upload into the tftp directory by default. You can also upload files to a subdirectory of the tftp
directory.
To upload TFTP server files, follow this procedure:
Procedure
Software Upgrades>Upload TFTP Server File.
The Upload TFTP Server File window displays and shows a listing of the current uploaded files.
Step 2 To upload a file, click Browse and then choose the file that you want to upload.
Step 3 To upload the file to a subdirectory of the tftp directory, enter the subdirectory in the Subdirectory of
the tftp directory where file will be uploaded field.
Step 4 To start the upload, click Upload File.
The Status area indicates when the file uploads successfully.
Note If you want to modify a file that is already in the TFTP directory, you can use the CLI command file list
tftp to see the files in the TFTP directory and file get tftp to get a copy of a file in the TFTP directory.
For more information, see Appendix A, “Command Line Interface.”

7-8 OL-10062-01
C H A P T E R 8
Services
This chapter describes the utility functions that are available on the operating system, which include
pinging another system and setting up remote support.
Ping
The Ping Utility window enables you to ping another server in the network.
To ping another system, follow this procedure:
Procedure
Services>Ping.
The Ping Remote window displays.
Step 2 Enter the IP address or network name for the system that you want to ping.
Step 3 Enter the ping interval in seconds.
Step 4 Enter the packet size.
Step 5 Enter the ping count, the number of times that you want to ping the system.
Note When you specify multiple pings, the ping command does not display the ping date and time in
real time. Be aware that the Ping command displays the data after the number of pings that you
specified complete.
Step 6 Choose whether you want to validate IPSec.

Step 7 Click Ping.
The Ping Remote window displays the ping statistics.

OL-10062-01 8-1
Chapter 8 Services
Remote Support
Remote Support
From the Remote Account Support window, you can set up a remote account that Cisco support
personnel can use to access the system for a specified period of time.
The remote support process works like this:
1. The customer sets up a remote support account. This account includes a configurable time limit on
how long Cisco personnel can access it.
2. When the remote support account is set up, a pass phrase gets generated.
3. The customer calls Cisco support and provides the remote support account name and pass phrase.
4. Cisco support enters the pass phrase into a decoder program that generates a password from the pass
phrase.
5. Cisco support logs into the remote support account on the customer system by using the decoded
password.
6. When the account time limit expires, Cisco support can no longer access the remote support account.
To set up remote support, follow this procedure:
Procedure
Services>Remote Support.
The Remote Support Window displays.
Step 2 If no remote support account is configured, click Add.
Step 3 Enter an account name for the remote account and the account life in days.
Note The account name must be at least six-characters long and all lowercase, alphabetic characters.
Step 4 Click Save.

The Remote Support Status window displays. For descriptions of fields on the Remote Support Status
window, see Table 8-1.
Step 5 To access the system by using the generated pass phrase, contact your Cisco personnel.
Table 8-1 Remote Support Status Fields and Descriptions
Field Description
Decoder version Indicates the version of the decoder in use.
Account name Displays the name of the remote support account.
Expires Displays the date and time when access to the remote account expires.
Pass phrase Displays the generated pass phrase.

8-2 OL-10062-01
A P P E N D I X A
Overview
This appendix describes commands that you can use on the Cisco IPT Platform to perform basic
operating system functions. The Cisco IPT Platform Administration GUI application also makes these
functions available. Typically you would use the command-line interface (CLI) only when a problem
occurs while you are using the Cisco IPT Platform Administration interface.
Starting a CLI Session

You can access the Cisco IPT Platform CLI remotely or locally:
• From a web client workstation, such as the workstation that you use for Cisco IPT Platform
Administration, you can use SSH to connect securely to the Cisco IPT Platform.
• You can access the Cisco IPT Platform CLI directly by using the monitor and keyboard that you used
during installation or by using a terminal server that is connected to the serial port. Use this method
if a problem exists with the IP address.
Before You Begin

Ensure you have the following information that gets defined during installation:
• A primary IP address and hostname
• An administrator ID
• A password
You will need this information to log in to the Cisco IPT Platform.
Perform the following steps to start a CLI session:
Step 1 Do one of the following actions depending on your method of access:

• From a remote system, use SSH to connect securely to the Cisco IPT Platform. In your SSH client,
enter
ssh adminname@hostname
where adminname specifies the Administrator ID and hostname specifies the hostname that was
defined during installation.
For example, ssh admin@ipt-1.

OL-10062-01 A-1
Appendix A Command Line Interface
CLI Basics
• From a direct connection, you receive this prompt automatically:

ipt-1 login:
where ipt-1 represents the host name of the system.

Enter the administrator ID that was defined during installation.
In either case, the system prompts you for a password.
Step 2 Enter the password that was defined at installation.
The CLI prompt displays. The prompt represents the Administrator ID; for example:
admin:
You can now use any CLI command.
CLI Basics
The following section contains basic tips for using the command line interface.
Completing Commands
To complete commands, use Tab:
• Enter the start of a command and press Tab to complete the command. For example, if you enter se
and press Tab, set gets completed.
• Enter a full command name and press Tab to display all the commands or subcommands that are
available. For example, if you enter set and press Tab, you see all the set subcommands. An *
identifies the commands that have subcommands.
• If you reach a command, keep pressing Tab, and the current command line repeats; this indicates
that no additional expansion is available.
Getting Help on Commands

You can get two kinds of help on any command:
• Detailed help that includes a definition of the command and an example of its use
• Short query help that includes only command syntax

A-2 OL-10062-01
CLI Basics
Procedure
To get detailed help, at the CLI prompt, enter

help command
Where command specifies the command name or the command and parameter. See Example 1.
To query only command syntax, at the CLI prompt, enter
command?
Where command represents the command name or the command and parameter. See Example 2.
Note If you enter a ? after a menu command, such as set, it acts like the Tab key and lists the commands that
are available.
Example 1 Detailed Help Example:
admin:help file list activelog
activelog help:
This will list active logging files
options are:
page - pause output
detail - show detailed listing
reverse - reverse sort order
date - sort by date
size - sort by size
file-spec can contain '*' as wildcards
Example:
admin:file list activelog platform detail
02 Dec,2004 12:00:59 <dir> drf
02 Dec,2004 12:00:59 <dir> log
16 Nov,2004 21:45:43 8,557 enGui.log
27 Oct,2004 11:54:33 47,916 startup.log
dir count = 2, file count = 2
Example 2 Query Example:
admin:file list activelog?

Syntax:
file list activelog file-spec [options]
file-spec mandatory file to view
options optional page|detail|reverse|[date|size]
Ending a CLI Session

At the CLI prompt, enter quit. If you are logged in remotely, you get logged off, and the ssh session gets
dropped. If you are logged in locally, you get logged off, and the login prompt returns.

OL-10062-01 A-3
Cisco IPT Platform CLI Commands

The following tables list and describe the CLI commands that are available for the
Cisco Unified Communications Operating System and for Cisco Unified CallManager.
File Commands
The following table lists and explains the CLI File commands:
Table A-1 File Commands
Command Parameters and Options Description

file check [detection-size-kb] This command checks the /usr directory tree
to see whether any files or directories have
Where
been added, removed, or changed in size
detection-size-kb specifies the minimum file size change that since the last fresh installation or upgrade and
is required for the command to display the file as changed. displays the results. The display includes
Default minimum size: 100 KB both deleted and new files.
The command notifies you about a possible impact to system Command privilege level: 0
performance and asks you whether you want to continue. Allowed during upgrade: No
Warning Because running this command can affect

system performance, Cisco recommends that you
run the command during off-peak hours.
Options
None

A-4 OL-10062-01
Table A-1 File Commands (continued)

file delete activelog directory/filename [detail] [noconfirm] This command deletes one or more files.
inactivelog directory/filename [detail] [noconfirm] Command privilege level: 1
install directory/filename [detail] [noconfirm] Allowed during upgrade: Yes
tftp directory/filename [detail]
Example: Delete the install log
Where file delete install install.log
• activelog specifies a log on the active side.
• inactivelog specifies a log on the inactive side.
• install specifies an installation log.
• tftp specifies a TFTP file.
You can use the wildcard character, *, for filename.
Caution You cannot recover a deleted file except,

possibly, by using the Disaster Recovery System.
If you delete a TFTP data file on the inactive side, you may
need to manually restore that file if you switch versions to
the inactive side.
Options
• detail—Displays a listing of deleted files with the date
and time.
• noconfirm—Deletes files without asking you to
confirm each deletion.
file dump activelog directory/filename [detail] [hex] This command dumps the contents of a file to
the screen, a page at a time.
inactivelog directory/filename [detail] [hex]
Command privilege level: 1 for logs, 0 for
install directory/filename [detail] [hex]
TFTP files
tftp directory/filename [detail] [hex]
Allowed during upgrade: Yes
Where
• activelog specifies a log on the active side. Example: Dump contents of file _cdrIndex.idx
file dump activelog
• inactivelog specifies a log on the inactive side. cm/cdr/_cdrIndex.idx
You can use the wildcard character, *, for filename as long
as it resolves to one file.
Options
• detail—Displays listing with the date and time.
• hex—Displays output in hexadecimal.

OL-10062-01 A-5

file get activelog directory/filename [reltime] [abstime] [match] This command sends the file to another
[recurs] system by using SFTP.
inactivelog directory/filename [reltime] [abstime] [match] Command privilege level: 0
[recurs]
install directory/filename [reltime] [abstime] [match]
[recurs] Example 1: Get all files in the activelog operating
system directory that match the string “plat”
tftp directory/filename [reltime] [abstime] [match]
[recurs] file get activelog platform match plat
Where Example 2: Get all operating system log files for a

• activelog specifies a log on the active side. particular time period
file get activelog platform/log abstime
• inactivelog specifies a log on the inactive side. 18:00:9/27/200 18:00:9/28/2005
Options
• abstime—Absolute time period, specified as
hh:mm:MM/DD/YY hh:mm:MM/DD/YY
• reltime—Relative time period, specified as

minutes | hours | days | weeks | months <value>
• match—Match a particular string in the filename,

specified as
<string value>
• recurs—Get all files, including subdirectories

After the command identifies the specified files, you get
prompted to enter an SFTP host, username, and password.

A-6 OL-10062-01

file list activelog directory [page] [detail] [reverse] [date | size] This command lists the log files in an
inactivelog directory [page] [detail] [reverse] [date | size] available log directory.
install directory [page] [detail] [reverse] [date | size]
TFTP files
tftp directory [page] [detail] [reverse] [date | size]
Where
• activelog specifies a log on the active side. Example 1: List Operating System Log files with
details
file list activelog platform/log page
• install specifies an installation log. detail

Example 2: List directories in CDR Repository
Note You can use a wildcard character, *, for directory file list activelog cm/cdr_repository
name as long as it resolves to one directory.
Example 3: List CDR files in a specified directory
Options by size
• detail—Long listing with date and time file list activelog
cm/cdr_repository/processed/20050812
• date—Sort by date size
• size—Sort by file size
• reverse—Reverse sort direction
• page—Displays the output one screen at a time

OL-10062-01 A-7

file search activelog directory/filename reg-exp [abstime hh:mm:ss This command searches the content of a log
mm/dd/yyyy hh:mm:ss mm/dd/yyyy] [ignorecase] [reltime and displays the matching lines a page at a
{days|hours|minutes} timevalue] time.
inactivelog directory/filename reg-exp [abstime hh:mm:ss Write the search term in the form of a regular
mm/dd/yyyy hh:mm:ss mm/dd/yyyy] [ignorecase] [reltime expression, which is a special text string for
{days|hours|minutes} timevalue] describing a search pattern.
install directory/filename reg-exp [abstime hh:mm:ss If the search term is found in only one file, the
mm/dd/yyyy hh:mm:ss mm/dd/yyyy] [ignorecase] [reltime filename appears at the top of the output. If
{days|hours|minutes} timevalue] the search term is found in multiple files,
each line of the output begins with the
tftp directory/filename reg-exp [abstime hh:mm:ss
filename in which the matching line was
mm/dd/yyyy hh:mm:ss mm/dd/yyyy] [ignorecase] [reltime
found.
{days|hours|minutes} timevalue]
Where Command privilege level: 0
• inactivelog specifies a log on the inactive side. Example
• install specifies an installation log. file search activelog
platform/log/platform.log Err[a-z]
• tftp specifies a TFTP file. ignorecase
• reg-exp represents a regular expression.
Note You can use the wildcard character, *, to represent
all or part of the filename.
Options
• abstime—Specifies which files to search based on file
creation time. Enter a start time and an end time.
• days|hours|minutes—Specifies whether the file age is
in days, hours, or minutes.
• ignorecase—Ignores case when searching
• reltime—Specifies which files to search based on file
creation time. Enter the age of files to search.
• hh:mm:ss mm/dd/yyyy—An absolute time, in the format
hours:minutes:seconds month/day/year.
• timevalue—The age of files to search. The unit of this
value is specified with the {days|hours|minutes}
option.

A-8 OL-10062-01

file tail activelog directory/filename [detail] [hex] [lines] This command tails (prints the last few lines)
inactivelog directory/filename [detail] [hex] [lines] of a log file.
install directory/filename [detail] [hex] [lines]
TFTP files
tftp directory/filename [detail] [hex] [lines]
Where
• activelog specifies a log on the active side. Example: Tail the operating system CLI log file
file tail activelog
• inactivelog specifies a log on the inactive side. platform/log/cli00001.log
You can use the wildcard character, *, for filename so long
as it resolves to one file.
Options
• detail—Long listing with date and time
• hex—Hexadecimal listing
• lines—Number of lines to display
file view activelog directory/filename This command displays the contents of a file.
inactivelog directory/filename Command privilege level: 0
install directory/filename Allowed during upgrade: Yes
tftp directory/filename
Example 1: Display the install log
Where file view install install.log
Example 2: Display a particular CDR file
file view activelog
• install specifies an installation log. /cm/cdr_repository/processed/20058012/{
filename}
Note You can use the wildcard character, *, for filename
so long as it resolves to one file.
Caution Do not use this command to view binary files

because this can corrupt the terminal session.

OL-10062-01 A-9
Show Commands
The following table lists and explains the CLI Show commands:
Table A-2 Show Commands

show account None This command lists current administrator
accounts, except the master administrator
account.
Command privilege level: 4
show cert own filename This command displays certificate
contents and certificate trust lists.
trust filename
list {own | trust} Command privilege level: 1
Where
• filename represents the name of the certificate file. Example: Display own certificate trust lists
• own specifies owned certificates. show cert list own
• trust specifies trusted certificates.

• list specifies a certificate trust list.
Options
None
show firewall list [detail] [page] [file filename] This command displays system aspects of
the server.
Where
• detail—Displays detailed statistics on every available
device on the system Allowed during upgrade: Yes
• page—Displays the output one page at a time
• file filename—Outputs the information to a file
Note The file option saves the information to
platform/cli/filename.txt. The file name cannot contain
the “.” character.

A-10 OL-10062-01
Table A-2 Show Commands (continued)

show None This command displays the following
hardware information on the platform hardware:
• Platform
• Serial number
• BIOS build level
• BIOS manufacturer
• Active processors
• RAID controller status
show ipsec policy This command displays information on
association policy IPSec policies and associations.
information policy association
Allowed during upgrade: yes
Where
• policy displays all IPSec policies on the node. Example: Display IPSec policies
• association displays the association list and status for the show ipsec policy
policy.
• information displays the association details and status for
the policy.
• policy represents the name of a specific IPSec policy.
• association represents the association name.
Options
None
show myself None This command displays information about
the current account.

OL-10062-01 A-11

show network eth0 [detail] This command displays network
failover [detail] [page] information.
The eth0 parameter Ethernet port 0
route [detail]
settings, including DHCP and DNS
status [detail] [listen] [process] [all] [nodns] [search stext] configurations.
all [detail] Command privilege level: 0
Where Allowed during upgrade: Yes
• eth0 specifies Ethernet 0.
Example: Display active Internet connections
• failover specifies Network Fault Tolerance information.
show network status
• route specifies network routing information.
• status specifies active Internet connections.
• all specifies all basic network information.
Options
• detail—Displays additional information
• page—Displays information 1 page at a time.
• listen—Displays only listening sockets
• process—Displays the process ID and name of the
program to which each socket belongs
• all—Displays both listening and nonlistening sockets
• nodns—Displays numerical addresses without any DNS
information
• search stext—Searches for the stext in the output
show packages active name [page] This command displays the name and
version for installed packages.
inactive name [page]
name represents the package name.
To display all active or inactive packages, use the wildcard
character, *.
Options
page—Displays the output one page at a time

A-12 OL-10062-01

show perf counterhelp class-name counter-name This command displays the explanation
Where text for the specified perfmon counter.
• class-name represents the class name that contains the
counter. Allowed during upgrade: Yes
• counter-name represents the counter that you want to view.
Note If the class name or counter name contains white
spaces, enclose the name in double quotation marks.
Options
None
show perf list categories This command lists all categories in the
perfmon system.
Options Command privilege level: 0
None
show perf list classes [-t category] [-d] This commands lists the perfmon classes
or objects.
• -d—Displays detailed information
• -t category—Displays perfmon classes for the specified
category
show perf list counters class-name [-d] This command lists perfmon counters for
the specified perfmon class.
Where
class-name represents a perfmon class name for which you
want to list the counters. Allowed during upgrade: Yes
Note If the class name contains white spaces, enclose the
name in double quotation marks.
Options
-d—Displays detailed information
show perf list instances class-name [-d] The command lists the perfmon instances
for the specified perfmon class.
Where
class-name represents a perfmon class name for which you Command privilege level: 0
want to list the counters. Allowed during upgrade: Yes
Options
-d—Displays detailed information

OL-10062-01 A-13

show perf query class class-name [,class-name ...] This command queries a perfmon class
Where and displays all the instances and counter
values of each instance.
class-name specifies the perfmon class that you want to query.
You can specify a maximum of 5 classes per command.
Options
None
show perf query counter class-name counter-name [,counter-name...] This command queries the specified
counter and displays the counter value of
Where
all instances.
• class-name specifies the perfmon class that you want to
query. Command privilege level: 0
• counter-name specifies the counter to view.
You can specify a maximum of 5 counters per command.
Note If the class name or counter name contains white
Options
None
show perf query instance class-name instance-name [,instance-name...] This command queries the specified
instance and displays all its counter
Where
values.
• class-name specifies the perfmon class that you want to
query. Note This command does not apply to
singleton perfmon classes.
• instance-name specifies the perfmon instance to view.
You can specify a maximum of 5 instances per command.
Note If the class name or instance name contains white Allowed during upgrade: Yes
Options
None

A-14 OL-10062-01

show perf query path path-spec [,path-spec...] This command queries a specified
Where path-spec gets defined as follows: perfmon path.
• For an instance-based perfmon class, specify path-spec as
class-name(instance-name)\counter-name. Allowed during upgrade: Yes
• For a noninstance-based perfmon class (a singleton),
specify path-spec as class-name\counter-name. Example
show perf query path “Cisco
You can specify a maximum of 5 paths per command. Phones(phone-0)\CallsAttempted”,
“Cisco Unified CallManager\T1Channel
Note If the path name contains white spaces, enclose the
sActive”
Options
None

OL-10062-01 A-15

show process load [cont] [clear] [noidle] [num xx] [thread] [cpu] This command displays process and load
[memory] [time] [specified] [page] information.
list [page] [short] [detail] [thread] [fd] [cont] [clear] Command privilege level: 1
[process id id] [argument id id] [owner name name]
Where
• load displays the CPU load for each active process. Example: Show detailed process listing one
page at a time
• list displays all processes. show process list detail page
Options
• cont—Command repeats continuously
• clear—Clears screen before displaying output
• noidle—Ignore idle or zombie processes
• num xx—Sets the number of processes to display
(Default=10, all = all processes)
• thread—Displays threads
• cpu—Displays output by CPU usage
• memory—Sorts output by memory usage
• short—Displays short listing
• time—Sorts output by time usage
• page—Displays one page at a time
• detail—Displays a detailed listing
• process id id—Shows only specific process number or
command name
• argument name name—Show only specific process with
argument name
• thread—Include thread processes in the listing
• fd—Show file descriptors that are associated with a
process
show registry system component [name] [page] This command displays the contents of the
registry.
Where
• system represents the registry system name.
• component represents the registry component name. Allowed during upgrade: Yes
• name represents the name of the parameter to show. Example: show contents of the cm system,
Note To display all items, enter the wildcard character, *. dbl/sdi component
show registry cm dbl/sdi
Display Options
page—Displays one page at a time

A-16 OL-10062-01

show risdb list [file filename] This command displays RIS database
query table1 table2 table3 ... [file filename] table information.
Where
• list displays the tables supported in the Realtime
Information Service (RIS) database.
Example: Display list of RIS database tables
• query displays the contents of the RIS tables. show risdb list
Options
file filename—Outputs the information to a file
show smtp None This command displays the name of the
SMTP host.
show stats io [kilo] [detail] [page] [file filename] This command displays system IO
statistics.
• kilo—Displays statistics in kilobytes
• detail—Displays detailed statistics on every available
device on the system and overrides the kilo option
show status None This command displays the following
basic platform status:
• Host name
• Date
• Time zone
• Locale
• Product version
• Platform version
• CPU usage
• Memory and disk usage

OL-10062-01 A-17

show tech all [page] [file filename] This command displays the combined
output of all show tech commands.
show tech ccm_service This command displays information on all
Cisco Unified CallManager services that
Options can run on the system.
None Command privilege level: 0
show tech database This command creates a CSV file of the
entire database.
None
show tech dbinuse This command displays the database in
use.
None
show tech dbschema This command displays the database
schema in a CSV file.
None
show tech devdefaults This command displays the device
defaults table.
None
show tech gateway This command displays the gateway table
from the database.
None
show tech locales This command displays the locale
information for devices, device pools, and
Options end users.

A-18 OL-10062-01

show tech network [page] [file filename] This command displays network aspects
of the server.
show tech notify This command displays the database
change notify monitor.
None
show tech params all This command displays all the database
parameters.
None
show tech params enterprise This command displays the database
enterprise parameters.
None
show tech params service This command displays the database
service parameters.
None
show tech procedures This command displays the procedures in
use for the database.
None
show tech routepatterns This command displays the route patterns
that are configured for the system.
None
show tech routeplan This command displays the route plan that
are configured for the system.
None

OL-10062-01 A-19

show tech runtime [page] [file filename] This command displays runtime aspects
of the server.
show tech systables This command displays the name of all
tables in the sysmaster database.
None
show tech system [page] [file filename] This command displays system aspects of
the server.
show tech table table_name [page] [csv] This command displays the contents of the
Where specified database table.
table_name represents the name of the table to display.
Options
csv—Sends the output to a comma separated values file
show tech triggers This command displays table names and
the triggers that are associated with those
Options tables.
show tech version [page] This command displays the version of the
installed components.
Page—Displays the output one page at a time

A-20 OL-10062-01

show timezone config This command displays time zone
list [page] information.
Where
• config displays the current time zone settings.
• list displays the available time zones.
Options
show trace [task_name] This command displays trace information
for a particular task.
Where
task_name represents the name of the task for which you want Command privilege level: 0
to display the trace information. Allowed during upgrade: Yes
Note If you do not enter any parameters, the command
returns a list of available tasks. Example: Display trace information for cdp
show trace cdps
Options
None
show version active This command displays the software
inactive version on the active or inactive partition.
Options Allowed during upgrade: Yes
None
show None This command displays the contents of the
web-security current web-security certificate.
show None This command retrieves the current
workingdir working directory for activelog,
inactivelog, install, and TFTP.

OL-10062-01 A-21
Set Commands
The following table lists and explains the CLI Set commands.
Table A-3 Set Commands
Command Parameters Description

set account name This command sets up a new account on
the operating system.
Where
name represents the username for the new account.
Note After you enter the username, the system prompts you to Allowed during upgrade: No
enter the privilege level and password for the new
account.
Options
None
set cert regen unit-name This command enables you to regenerate
the specified security certificate.
Where
unit-name represents the name of the certificate that you want to Command privilege level: 1
regenerate. Allowed during upgrade: No
Options
None
set ipsec policy {ALL | policy-name} This command allows you to set IPSec
policies and associations.
association policy-name {ALL | association-name}
Allowed during upgrade: No
• policy-name represents an IPSec policy.
• association-name represents an IPSec association.
Options
None
set logging {enable | disable} This command allows you to enable or
disable logging.
None

A-22 OL-10062-01
Table A-3 Set Commands (continued)

set network dhcp eth0 {enable | disable} This command enables or disables DHCP
Where for Ethernet interface 0.
• eth0 specifies Ethernet interface 0.
The system asks whether you want to continue to execute this
command.
Warning If you continue, this command causes the system to

restart. Cisco also recommends that you restart all
nodes whenever any IP address gets changed.
Options
None
set network dns {primary | secondary} ip-address This command sets the IP address for the
primary or secondary DNS server.
Where
ip-address represents the IP address of the primary or secondary Command privilege level: 1
DNS server. Allowed during upgrade: No
command.
Warning If you continue, this command causes a temporary

loss of network connectivity.
Options
None
set network dns options [timeout seconds] [attempts number] [rotate] This command sets DNS options.
• timeout sets the DNS request timeout. Allowed during upgrade: Yes
• attempts sets the number of times to attempt a DNS request
before quitting.
• rotate causes the system to rotate among the configured
DNS servers, distributing the load.
• seconds specifies the DNS timeout period, in seconds.
• number specifies the number of attempts.
Options
None

OL-10062-01 A-23

set network domain domain-name This command sets the domain name for
Where the system.
domain-name represents the system domain that you want to
assign. Allowed during upgrade: No
command.

Options
None
set network failover {enable | disable} This command enables and disables
Network Fault Tolerance.
Where
• enable enables Network Fault Tolerance. Command privilege level: 1
• disable disables Network Fault Tolerance.
Options
None
set network gateway ip-address This command enables you to configure
Where the IP address of the network gateway.
ip-address represents the IP address of the network gateway that
you want to assign. Allowed during upgrade: No
command.

restart.
Options
None

A-24 OL-10062-01

set network ip eth0 ip-address ip-mask This command sets the IP address for
Where Ethernet interface 0.
• ip-address represents the IP address that you want assign.
• ip-mask represents the IP mask that you want to assign.
command.

restart.
Options
None
set network nic eth0 [auto en | dis] [speed 10 | 100] [duplex half | full] This command sets the properties of the
Network Interface Card (NIC).
Where
• auto specifies whether auto negotiation gets enabled or Allowed during upgrade: No
disabled.
• speed specifies whether the speed of the Ethernet
connection: 10 or 100 Mbps.
• duplex specifies half-duplex or full-duplex.
command.
Note You can enable only one active NIC at a time.

loss of network connections while the NIC gets
reset.
Options
None
set network status eth0 {up | down} This command sets the status of Ethernet 0
to up or down.
Where
eth0 specifies Ethernet interface 0. Command privilege level: 1
Options
None

OL-10062-01 A-25

set output {enable | disable} This command allows you to enable or
disable the operating system output.
None
set password {admin | security} This command allows you to change the
administrator and security passwords.
The systems prompts you for the old and new passwords.
Note The password must contain at least six characters, and
the system checks it for strength. Allowed during upgrade: No
set smtp hostname This command sets the SMTP server
hostname.
Where
hostname represents the SMTP server name.
Options
None
set timezone timezone This command lets you change the system
time zone.
Note Enter enough characters to uniquely identify the new
time zone. Be aware that the time-zone name is Command privilege level: 0
case-sensitive.
Example: Set the time zone to Pacific time

Caution You must restart the system after you change the time set timezone Pac
zone.
Options
None

A-26 OL-10062-01

set trace enable Error tname This command sets trace activity for the
enable Special tname the specified task.
enable State_Transition tname
enable Significant tname
enable Entry_exit tname
enable Arbitrary tname
enable Detailed tname
disable tname
Where
• tname represents the task for which you want to enable or
disable traces.
• enable Error sets task trace settings to the error level.
• enable Special sets task trace settings to the special level.
• enable State_Transition sets task trace settings to the state
transition level.
• enable Significant sets task trace settings to the significant
level.
• enable Entry_exit sets task trace settings to the entry_exit
level.
• enable Arbitrary sets task trace settings to the arbitrary
level.
• enable Detailed sets task trace settings to the detailed level.
• disable unsets the task trace settings.
Options
None

OL-10062-01 A-27

set orgunit orgname locality state country This command sets the web security
web-security Where certificate information for the operating
system.
• orgunit represents the organizational unit.
• orgname represents the organizational name.
• locality represents the organization’s location.
• state represents the organization’s state.
• country represents the organization’s country.
Options
None
set activelog directory This command sets the working directory
workingdir for active, inactive, and installation logs.
inactivelog directory
install directory
TFTP
tftp directory
Where
• activelog sets the working directory for active logs.
• inactivelog set the working directory for inactive logs.
• install sets the working directory for installation logs.
• tftp sets the working directory for TFTP files.
• directory represents the current working directory.
Options
None

A-28 OL-10062-01
Unset Commands
The following table lists and explains the CLI Unset commands:
Table A-4 Unset Commands

unset ipsec policy {ALL | policy-name} This command allows you to disable
IPSec policies and associations.
association policy-name {ALL | association-name}
Where
• policy-name represents the name of an IPSec policy. Allowed during upgrade: No
• association-name represents the name of an IPSec

association.
Options
None
Delete Commands
The following table lists and explains the CLI Delete commands:
Table A-5 Delete Commands

delete account account-name This command allows you to delete an
Where administrator account.
account-name represents the name of an administrator account.
Options
None
delete dns ip-address This command allows you to delete the IP
Where address for a DNS server.
ip-address represents the IP address of the DNS server you want
to delete. Allowed during upgrade: No
command.

Options
None

OL-10062-01 A-29
Table A-5 Delete Commands (continued)

delete ipsec policy {ALL | policy-name} This command allows you to delete IPSec
association policy name {ALL | association-name} policies and associations.
Where
• policy-name represents an IPSec policy.
• association-name represents an IPSec association.
Options
None
delete process process-id [force | terminate | crash] This command allows you to delete a
particular process.
Where
• process-id represents the process ID number. Command privilege level: 1
Options
• force—Tells the process to stop
• terminate—Tells the operating system to terminate the
process
• crash—Crashes the process and produces a crash dump
Note Use the force option only if the command alone does
not delete the process and use the terminate option
only if force does not delete the process.
delete smtp None This command allows you to delete the
SMTP host.
Utility Commands
The following table lists and explains the CLI Utility commands:
Table A-6 Utility Commands

utils csa disable This command stops Cisco Security
The system disables CSA. Agent (CSA).
Options Allowed during upgrade: No
None

A-30 OL-10062-01
Table A-6 Utility Commands (continued)

utils csa enable This command enables Cisco Security
The system prompts you to confirm that you want to enable Agent (CSA).
CSA. Command privilege level: 1
Caution You must restart the system after you start CSA.
Options
None
utils csa status This command displays the current status
of Cisco Security Agent (CSA).
The system indicates whether CSA is running or not.
Options Allowed during upgrade: No
None
utils disaster_ backup tape tapeid This command starts a backup job and
recovery stores the resulting tar file on tape.
Where
tapeid represents the ID of an available tape device.
Options
None
utils disaster_ backup network path servername username This command starts a backup job and
recovery stores the resulting tar file on a remote
Where
server.
• path represents the location of the backup files on the
remote server.
• servername represents the IP address or host name of the Allowed during upgrade: No
server where you stored the backup files.
• username represents the username that is needed to log in
to the remote server.
Note The system prompts you to enter the password for the
account on the remote server.
Options
None
utils disaster_ cancel_bakckup This command cancels the ongoing
recovery backup job.
The system prompts you to confirm that you want to cancel the
backup job. Command privilege level: 1
Options
None

OL-10062-01 A-31

utils disaster_ restore tape server tarfilename tapeid This command starts a restore job and
recovery Where takes the backup tar file from tape.
• server specifies the hostname of the server that you want to
restore. Allowed during upgrade: No
• tarfilename specifies the name of the file to restore.
• tapeid specifies the name of the tape device from which to
perform the restore job.
Options
None
utils disaster_ restore network restore_server tarfilename path servername This command starts a restore job and
recovery username takes the backup tar file from a remote
server.
Where
• restore_server specifies the hostname of the server that Command privilege level: 1
you want to restore. Allowed during upgrade: No
• tarfilename specifies the name of the file to restore.
remote server.
• servername represents the IP address or host name of the
Options
None
utils disaster_ show_backupfiles network path servername username This command displays information about
recovery the backup files that are stored on a
Where
remote server.
remote server.
• servername represents the IP address or host name of the Allowed during upgrade: Yes
Options
None

A-32 OL-10062-01

utils disaster_ show_bakcupfiles tape tapeid This command displays information about
recovery Where the backup files that are stored on a tape.
tapeid represents the ID of an available tape device.
Options
None
utils disaster_ show_registration hostname This command displays the registered
recovery Where features and components on the specified
server.
hostname specifies the server for which you want to display
registration information.
Options
None
utils disaster_ show_tapeid This command displays a list of tape
recovery device IDs.
None
utils disaster_ status operation This command displays the status of the
recovery Where current backup or restore job.
operation specifies the name of the ongoing operation: backup
or restore. Allowed during upgrade: Yes
Options
None
utils netdump client start ip-address-of-netdump-server This command configures the netdump
client status client.
In the event of a kernel panic crash, the
client stop
netdump client sends diagnostic
Where information about the crash to a netdump
• client start starts the netdump client. server.
• client status displays the status of the netdump client. Command privilege level: 0
• client stop stops the netdump client. Allowed during upgrade: No
• ip-address-of-netdump-server specifies the IP address of

the netdump server to which the client will send diagnostic
information.
Options
None

OL-10062-01 A-33

utils netdump server add-client ip-address-of-netdump-client This command configures the netdump
server delete-client ip-address-of-netdump-client server.
In the event of a kernel panic crash, a
server list-clients
netdump-enabled client system sends
server start diagnostic information about the crash to
server status the netdump server.
server stop netdump diagnostic information is stored

in the following location on the netdump
Where server: /var/log/active/crash/. The
• server add-client adds a netdump client. subdirectories whose names consist of a
client IP address and a date contain
• server delete-client deletes a netdump client.
netdump information.
• server list-clients lists the clients that are registered with
You can configure each
this netdump server.
Cisco Unified Communications
• server start starts the netdump server. Operating System server as both a
• server status displays the status of the netdump server. netdump client and server.
• server stop stops the netdump server. If the server is on another

Cisco Unified Communications
• ip-address-of-netdump-client specifies the IP address of a Operating System server, only the kernel
netdump client. panic trace signature is sent to the server;
otherwise, an entire core dump gets sent.
Options
None
utils network arp list [host host][page][numeric] This command lists, sets, or deletes
Address Resolution Protocol (ARP) table
arp set {host} {address}
entries.
arp delete host
Where
• arp list lists the contents of the address resolution protocol
table.
• arp set sets an entry in the address resolution protocol
table.
• arp delete deletes an entry in the address resolution table.
• host represents the host name or IP address of the host to
add or delete to the table.
• address represents the MAC address of the host to be
added. Enter the MAC address in the following format:
XX:XX:XX:XX:XX:XX.
Options
numeric—Displays hosts as dotted IP addresses

A-34 OL-10062-01

utils network capture eth0 [page] [numeric] [file fname] [count num] [size This command captures IP packets on the
bytes] [src addr] [dest addr] [port num] specified Ethernet interface. You can
Where display the packets on the screen or save
them to a file. Line wrapping can occur in
eth0 specifies Ethernet interface 0. the output.
Options
• page—Displays the output one page at a time Allowed during upgrade: Yes
Note When you use the page or file options, the complete
capture of all requested packets must occur before the
command completes.
• numeric—Displays hosts as dotted IP addresses

• file fname—Outputs the information to a file
platform/cli/fname.cap. The filename cannot contain
count num—Sets a count of the number of packets to capture

Note For screen output, the maximum count equals 1000,
and, for file output, the maximum count equals 10,000.
• size bytes—Sets the number of bytes of the packet to

capture
Note For screen output, the maximum number of bytes
equals 128, for file output, the maximum of bytes can
be any number or ALL
• src addr—Specifies the source address of the packet as a

host name or IPV4 address
• dest addr—Specifies the destination address of the packet
as a host name or IPV4 address
• port num—Specifies the port number of the packet, either
source or destination
utils network host hostname [server server-name] [page] [detail] [srv] This command resolves a host name to an
Where address or an address to a host name.
hostname represents the host name or IP address that you want
to resolve. Allowed during upgrade: Yes
Options
server-name—Specifies an alternate domain name server
page—Displays the output one screen at a time
detail—Displays a detailed listing
srv—Displays DNS SRV records.

OL-10062-01 A-35

utils network ping destination [count] This command allows you to ping another
Where server.
destination represents the hostname or IP address of the server
that you want to ping. Allowed during upgrade: Yes
Options
count—Specifies the number of times to ping the external
server. The default count equals 4.
utils network tracert destination This command traces IP packets that are
Where sent to a remote destination.
destination represents the hostname or IP address of the server
to which you want to send a trace. Allowed during upgrade: Yes
Options
None
utils ntp {status | config} This command displays the NTP status or
configuration.
utils remote_ status This command allows you to enable,
account enable disable, create, and check the status of a
remote account.
disable
Note A remote account generates a pass
create username life phrase that allows Cisco Systems
Where support personnel to get access to
the system for the specified life of
username specifies the name of the remote account. The the account.
username can contain only lowercase characters and must be
more than six-characters long. Command privilege level: 1
life specifies the life of the account in days. After the specified Allowed during upgrade: Yes
number of day, the account expires.
Note You can have only one remote account that is enabled Example
at a time. utils remote_account status
Options
None
utils service list [page] This command retrieves a list of all
services and their status.

A-36 OL-10062-01

utils service start service-name This command stops, starts, or restarts a
stop service-name service.
restart service-name
Where
service-name represents the name of the service that you want
to stop or start the following services:
• System NTP
• System SSH
• Service Manager
• A Cisco DB
• Cisco Tomcat
• Cisco Database Layer Monitor
• Cisco Unified CallManager Serviceability
Options
None
utils snmp test This commands tests the SNMP host by
sending sample alarms to local syslog,
Options remote syslog, and SNMP trap.
utils soap realtimeservice test remote-ip remote-https-user This command executes a number of test
remote-https-password cases on the remote server.
• remote-ip specifies the IP address of the server under test. Allowed during upgrade: N
• remote-https-user specifies a username with access to the
SOAP API.
• remote-https-password specifies the password for the
account with SOAP API access.
Options
None
utils system {restart | shutdown | switch-version} This command allows you to restart the
system on the same partition, restart the
Note The system prompts you to confirm the action that you
system on the inactive partition, or shut
choose.
down the system.
The utils system shutdown command has a 5-minute timeout. Command privilege level: 1
If the system does not shut down within 5 minutes, the
command gives you the option of doing a forced shutdown.

OL-10062-01 A-37
Run Commands
The following table lists and explains the CLI Run commands:
Table A-7 Run Commands

run sql sql_statement This command allows you to run an SQL
command.
Where
sql_statement represents the SQL command to run.
Options
None Example: Run an SQL command
run sql select name from device

A-38 OL-10062-01
I N D EX
Set A-21
A
Show A-9
administrator password 2-2 Unset A-28
Utility A-29
ending session A-3
B
overview A-1
browser requirements 1-2 starting a session A-1
cluster nodes
fields (table) 3-1
C
procedure 3-1
caveats Command Line Interface
locale installer 7-7 See CLI
certificates configuration
deleting 6-3 operating system 1-2, 3-1
displaying 6-2 CTL
downloading 6-3 downloading 6-3
downloading a signing request 6-5 managing 6-2
expiration monitor fields (table) 6-6 uploading 6-4
managing 6-2
monitoring expiration dates 6-5
D
regenerating 6-3, 6-4
uploading 6-4 Delete commands A-28
Certificate Trust List dial plan installation 7-4
See CTL
CLI
E
basics A-2
commands error messages
completing A-2 descriptions (table) 7-6
Delete A-28 Ethernet settings 4-1
described (table) A-4
File A-4
getting help A-2
F
Run A-37 File commands A-4

OL-10062-01 IN-1
Index
H M
hardware, status menu

fields (table) 3-2 install/upgrade 1-3
procedure 3-2 restart 1-2
security 1-3
settings 1-2
I
show 1-2
install/upgrade, menu 1-3 messages, error
installed software
fields (table) 3-4
N
procedure 3-3
installing network status
dial plan 7-4 fields (table) 3-3
locales 7-4, 7-5 procedure 3-2
Internet Explorer nodes, cluster
set security options 6-1 fields (table) 3-1
IPSec procedure 3-1
changing policy 6-6 NTP server settings 4-3
displaying policy 6-6
management 6-6
O
policy fields (table) 6-8
setting up new policy 6-7 operating system
administrator password 2-2
browser requirements 1-2
L
configuration 1-2, 3-1
locales hardware status
files 7-5 fields (table) 3-2
installation 7-4 procedure 3-2
installer introduction 1-1
caveats 7-7 logging in 2-1
error messages (table) 7-6 logs 3-2
release notes 7-8 network status fields (table) 3-3
installing 7-5 overview 1-1
logging in restart 5-2
overview 2-1 restart options 1-2
procedure 2-1 security 1-3
logs 3-2 services 1-3
settings 1-2, 4-1

IN-2 OL-10062-01
Index
operating system (continued) fields (table) 4-2

software upgrades 1-3 procedure 4-1
status 1-2, 3-1 IP 4-1
menu 1-2
NTP servers 4-3
P
overview 4-1
password, recovering 2-2 publisher 4-2
ping 8-1 SMTP 4-3
publisher settings 4-2 time 4-4
show, menu 1-2
Show commands A-9
R shutdown, operating system 5-2
remote support SMTP settings 4-3
setting up 8-2 software

status fields (table) 8-2 installation 7-1
restart installed
current version 5-2 fields (table) 3-4
menu 1-2 procedure 3-3
options 1-2 upgrades 1-3
system 5-1 from local source 7-1
Run commands A-37 from remote source 7-3

overview 7-1
procedure 7-1
S status
security hardware
configuration 1-3 fields (table) 3-2
menu 1-3 procedure 3-2
overview 6-1 network
set IE options 6-1 fields (table) 3-3
services procedure 3-2
overview 8-1 operating system 1-2, 3-1
ping 1-3, 8-1 system
remote support 1-3 fields (table) 3-4
overview 8-2 procedure 3-4
setting up 8-2 supported products 7-7
Set commands A-21 system
settings restart 5-1
Ethernet shutdown 5-2

status

OL-10062-01 IN-3
Index
system (continued)
fields (table) 3-4
procedure 3-4
TFTP server, installing files 7-8

time settings 4-4
Unset commands A-28

Utility commands A-29
version, restart 5-2

IN-4 OL-10062-01

Cisco Unified Communications Operating System Administration Guide

Uploaded by

Copyright:

Available Formats

Cisco Unified Communications Operating System Administration Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cisco Unified Communications Operating System Administration Guide

Uploaded by

Copyright:

Available Formats

Cisco Unified Communications Operating

System Administration Guide

Text Part Number: OL-10062-01