ACLI Configuration Element Changes
The following tables summarize the ACLI configuration element changes in the Oracle Communications Session Border Controller S-Cz10.0.0 release.
Security Configuration Element
| Modified Element | Description |
|---|---|
| security, authentication, radius-servers | This element is only available when FIPS is not enabled. |
| security, authentication, tacacs-servers | This element is only available when FIPS is not enabled. |
| security, authentication | When FIPS is enabled, the following attributes are not configurable: source-port, protocol, tacacs-authentication-only, tacacs-authorization, tacacs-accounting, server-assigned-privilege, allow-local-authorization, management-strategy, ike-radius-params-name, and management-servers. |
| security, authentication, type | When FIPS is enabled, this attribute is always local. |
| security, authentication, tacacs-authorization-arg-mode | A new value enabled-include-show is added to include show commands in the arg-mode of TACACS authorization requests. |
| security, authentication, rest-authorization-accounting | Enable TACACS+ accounting for REST users. |
| security, certificate-record, key-size | When FIPS is enabled, you cannot set this attribute to 1024. |
| security, certificate-record, digest-algor | When FIPS is enabled, you cannot set this attribute to sha1. |
| security, certificate-record, key-algor | Adds the value rsapss. |
| security, ike, ike-key-id | Adds a new attribute id-type. |
| security, ike, ike-sainfo | Adds new attributes
local-id-profile and
remote-id-profile.
When FIPS is enabled, the option any is not available for either auth-algo or encryption-algo. |
| security, ike, ike-sainfo, auth-algo | Removes the value aes-xcbc. |
| security, ike, ike-sainfo, encryption-algo | When FIPS is enabled, the option any is not available. |
| security, certificate-record, key-algor | Adds the value rsapss. |
| security, ike, ike-config, phase1-dh-mode | When FIPS is enabled, you cannot select the value dh-group5. |
| security, ike, ike-config, phase2-exchange-mode | When FIPS is enabled, you cannot select the value dh-group5. |
| security, ike, ike-config, eap-protocol | Removes the value eap-md5. |
| security, ike, ike-interface, eap-protocol | Removes the value eap-md5. |
| security, ims-aka-profile, auth-alg-list | Removes the value hmac-md5-96. |
| security, ims-aka-profile, encr-alg-list | Removes the value des-ede3-cbc. |
| security, ipsec, security-association, manual, auth-algo | Removes the value aes-xcbc-mac. When FIPS is enabled, you cannot select null. |
| security, ipsec, security-association, manual, encr-algo | When FIPS is enabled, you cannot select null. |
| security, media-profile, sdes-profile, crypto-list | When FIPS is enabled, you cannot select AES_CM_128_HMAC_SHA1_32. |
| security, ssh-config, keyex-algorithms | When FIPS is enabled, you cannot select:
|
| security, tls-global, diffie-hellman-key-size | When FIPS is enabled, this value must be DH_KeySize_2048. |
Media Manager Configuration Element
| Modified Element | Description |
|---|---|
| media-manager, codec-policy | Adds support for the following codecs:
T.38, G711FB,
T.38OFD, G711OFD
and OFDFB.
On most platforms, removes ptime 90 from the G723 codec and adds ptime 60 to G722. |
| media-manager, codec-policy, tone-detection | This attribute is now available on software platforms. |
| media-manager, codec-policy, fax-single-m-line | This attribute is now available on software platforms. |
| media-manager, media-manager | Removed the attributes home-realm-id, percent-sub, and pss-wd-key. |
| media-manager, realm-config | Adds new attributes interim-qos-enable and multi-tenancy-fqdn. The auth-attribute attribute is renamed auth-attributes. |
System Configuration Element
| Modified Element | Description |
|---|---|
| system, system-config, collect, group-settings, group-name | Adds the value latest-peak-license-usage. |
| system, system-config | Adds a new attribute peak-concurrent-license. |
| system, system-config, comm-monitor | Adds the filter-profile configuration element. |
| system, system-config, comm-monitor, monitor-collector | Adds the attribute filter-profile-list. |
| system, http-client | Adds the media-policy attribute. |
| system, redundancy | Adds attributes wancom-ping-interval and wancom-ping-retry. |
| system, resource-monitor-profile | Adds the attribute processName. Adds the subelements minor-config, major-config, and critical-config. Moves the attributes *-threshold and *-precaution-action into their respective *-config subelements. Each subelement also has its own healthscore-decrement-value attribute. |
| system, system-config, schedule-backup | Adds a new attribute logs-backup. |
| system, system-config | Adds new attribute peak-concurrent-license, ldap-trace, and log-curl-tls-key |
Session Router Configuration Element
| Modified Element | Description |
|---|---|
| The account-servers element is found under session-router, account-group; or session-router, account-config. | Adds a new attribute dns-query-type to specify A or AAAA records. |
| session-router, sti-config | Adds new attribute sti-reason-header-config-name to identify the name of the STI Reason Header config configured under sti-reason-header-config. |
| session-router, sti-server | Adds new attribute sti-reason-header-config-name to identify the name of the STI Reason Header config configured under sti-reason-header-config. |
| session-router, session-agent | The auth-attribute attribute is renamed auth-attributes. |
| session-router, sip-config | Adds new attribute surrogate-reg-switchover. |
| session-router, sti-config | Adds attributes sti-reason-header-config-name, stop-adding-verstat-towards-caller, stivs-bypass-header, and stias-bypass-header |
| session-router, sti-server | Adds attributes sti-reason-header-config-name and sti-reason-header-config-name |