database
Enables automatic repairing (vacuuming)
and dropping databases. Also enables keyfile generation.
If enforcing authenticated access
to a database, use this command to generate the keyfile. Every keyfile has a set of
associated users having a username and password. Access to the database is allowed only if
the user credentials entered during database login are valid. For more information on
enabling database authentication, see Enabling Database Authentication.
Note
This command and its syntax is common to both
the
User Executable and
Privilege Executable configuration
modes.
Supported in the following platforms
- Service Platforms —
NX9500, NX9600, VX9000
Syntax
database [drop|keyfile|repair]
database drop [all|captive-portal]
database repair {on <DEVICE-NAME>}
database keyfile [export|generate|import|zerzoise]
database keyfile generate
database keyfile [export|import] <URL>
database keyfile zerzoise
Parameters
database drop [all|captive-portal]
| database drop [all|captive-portal|] |
Drops (deletes) all or a specified database. Execute the command on the device
hosting the database.
- all – Drops all databases,
captive portal and NSight
- captive-portal – Drops the
captive-portal database
|
|
database repair {on <DEVICE-NAME>}
| database repair on <DEVICE-NAME> |
Enables automatic repairing of all databases. Repairing (vacuuming a database
refers to the process of finding and reclaiming space left over from previous DELETE
statements. Execute the command on the database host.
- on <DEVICE-NAME> –
Optional. Specifies the name of the database host. When specified, databases on
the specified host are periodically checked to identify and remove obsolete data
documents.
- <DEVICE-NAME> –
Specify the name of the access point, wireless controller, or service
platform.
Note: If no device is specified,
the system repairs all databases.
|
|
database keyfile generate
| database keyfile generate |
Enables database keyfile management. This command is part
of a set of configurations required to enforce database
authentication. Use this command to generate database keyfiles.
After generating the keyfile, create the username and password
combination required to access the database. For information on
creating database users, see service. For information on enabling database
authentication, see Enabling Database Authentication.
- generate –
Generates the keyfile. In case of a replica-set deployment,
execute the command on the primary database host. Once
generated, export the keyfile to a specified location from
where it is imported on to the replica-set hosts.
|
|
database keyfile [export|import] <URL>
| database keyfile [export|import] <URL> |
Enables database keyfile management. This command is part of a set of
configurations required to enforce database authentication. Use this command to
exchange keyfiles between replica set members.
- export – Exports the keyfile to
a specified location on an FTP/SFTP/TFTP server. Execute the command on the
database host on which the keyfile has been generated.
- import – Imports the keyfile
from a specified location. Execute the command on the replica set members.
The following parameter is common to both of the above keywords:
- <URL> – Specify the
location to/from where the keyfile is to be exported/imported. Use one of the
following options to specify the keyfile location:
ftp://<user>:<passwd>@<hostname|IP>[:port]/path/file
sftp://<user>:<passwd>@<hostname|IP>[:port]/path/file
tftp://<hostname|IP>[:port]/path/file
|
|
database keyfile zerzoise
| database keyfile zerzoise |
Enables database keyfile management. Use this command to delete keyfiles
- zerzoise – Deletes an existing
keyfile.
|
|
Examples
vx9000-1A1809#database keyfile generate
Database keyfile successfully generated
vx9000-1A1809#
vx9000-1A1809#database keyfile export ftp://1.1.1.111/db-key
Database keyfile successfully exported
vx9000-1A1809#
vx9000-D031F2#database keyfile import ftp://1.1.1.111/db-key
Database keyfile successfully imported
vx9000-D031F2#
Example: Enabling Database Authentication
Follow the steps below to enable database authentication and set up the onboard database.
Note, the example uses replica set database deployment.
- On the primary database host,
- Generate the database
keyfile.
Primary-DB-HOST>database keyfile generate
Database keyfile successfully generated
Primary-DB-HOST>
- Use the show > database
> keyfile command to view the generated keyfile.
- Export the keyfile to an external
location. This is required only in case of database replica-set
deployment.
Primary-DB-HOST>database keyfile export ftp://1.1.1.111/db-key
Database keyfile successfully exported
Primary-DB-HOST>
- Create the users that are allowed
access to the
database.
Primary-DB-HOST#service database authentication create-user username techpubs password techPubs@123
Database user [techpubs] created.
Primary-DB-HOST#
- View the database user account
created.
Primary-DB-HOST#show database users
--------------------------------
DATABASE USER
--------------------------------
techpubs
--------------------------------
Primary-DB-HOST#
- On the replica set host, import the
keyfile from the location specified in Step 1 c.
Secondary-DB-HOST#database keyfile import ftp://1.1.1.111/db-key
- In the database-policy context, – (used
on the WiNG device hosting the captive-portal database)
- Enable
authentication.
Primary-DB-HOST(config-database-policy-techpubs)#authentication
- Configure the user accounts created
in Step 1
d.
Primary-DB-HOST(config-database-policy-techpubs)#authentication username techpubs password S540QFZz9LzSOdX1ZJEqDgAAAAy3b7GtyO4Z/Ih2ruxnOYnr
Primary-DB-HOST(config-database-policy-techpubs)#show context
database-policy techpubs
authentication
authentication username techpubs password 2 S540QFZz9LzSOdX1ZJEqDgAAAAy3b7GtyO4Z/Ih2ruxnOYnr
replica-set member nx7500-A02B91 arbiter
replica-set member vx9000-1A1809 priority 1
replica-set member vx9000-D031F2 priority 20
Primary-DB-HOST(config-database-policy-techpubs)#
- Use the database policy created in the previous step on the primary
database.
Primary-DB-HOST(config-device-B4-C7-99-6C-88-09)#use database-policy techpubs
- In the database-client policy
context
Note
This configuration is needed in deployments implementing captive-portal
registration and database authentication with an onboard database.
- Configure the user credentials
created in Step 1
d.
NOC-Controller(config-database-client-policy-techpubs)#authentication username techpubs password S540QFZz9LzSOdX1ZJEqDgAAAAy3b7GtyO4Z/Ih2ruxnOYnr
- View the
configuration.
NOC-Controller(config-database-client-policy-techpubs)#show context
database-client-policy techpubs
authentication username techpubs password 2 S540QFZz9LzSOdX1ZJEqDgAAAAy3b7GtyO4Z/Ih2ruxnOYnr
NOC-Controller(config-database-client-policy-techpubs)#
- Use the database client policy configured in the previous step on the WiNG device that
will access the
database.
<DB-CLIENT>(config-device-B4-C7-99-6C-88-09)#use database-client-policy techpubs
Related Commands
| database-backup |
Backs up all databases to a specified location and file on an FTP or SFTP
server |
| database-restore |
Restores a previously exported databases |
| database-policy global config |
Documents database-policy configuration commands. Use this option to enable a
WiNG device as the database. |
| database-client-policy global-config |
Documents database-client-policy configuration commands. The
database-client-policy is only needed in deployments implementing captive-portal
registration and database authentication with an onboard database. Use this command
to enable the controller or RF Domain manager to authenticate with the
database. |
| service |
Documents the database user account configuration details |
|
Print
this page
Email this topic
Feedback
View PDF
Download EPUB