Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi
13-46
Cisco IronPort AsyncOS 8.0 for Security Management User Guide
Chapter 13 Common Administrative Tasks
The closing
</config>
tag should follow your configuration information. The values in XML syntax are
parsed and validated against the DTD located in the
configuration
directory on your Cisco IronPort
appliance. The DTD file is named
config.dtd
. If validation errors are reported at the command line
when you use the
loadconfig
command, the changes are not loaded. You can download the DTD to
validate configuration files outside of the appliance before uploading them.
In either method, you can import an entire configuration file (the information defined between the
highest level tags:
highest level tags:
<config></config>
), or a complete and unique subsection of the configuration file,
as long as it contains the declaration tags (above) and is contained within the
<config></config>
tags.
“Complete” means that the entire start and end tags for a given subsection as defined by the DTD are
included. For example, uploading or pasting the following code causes validation errors:
included. For example, uploading or pasting the following code causes validation errors:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE config SYSTEM "config.dtd">
<config>
<autosupport_enabled>0</autosu
</config>
However, uploading or pasting the following code does not cause validation errors:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE config SYSTEM "config.dtd">
<config>
<autosupport_enabled>0</autosupport_enabled>
</config>
“Unique” means that the subsection of the configuration file being uploaded or pasted is not ambiguous
for the configuration. For example, a system can have only one hostname, so uploading the following
code (including the declarations and
for the configuration. For example, a system can have only one hostname, so uploading the following
code (including the declarations and
<config></config>
tags) is allowed:
<hostname>mail4.example.com</hostname>
However, a system can have multiple listeners defined, each with different Recipient Access Tables
defined, so uploading only the following code is considered ambiguous:
defined, so uploading only the following code is considered ambiguous:
<rat>
<rat_entry>
<rat_address>ALL</rat_address>
<access>RELAY</access>
</rat_entry>
</rat>
Because it is ambiguous, it is not allowed, even though it is “complete” syntax.
Warning
When uploading or pasting a configuration file or subsections of a configuration file, you have the
potential to erase uncommitted changes that may be pending.
potential to erase uncommitted changes that may be pending.
Empty Versus Omitted Tags
Use caution when uploading or pasting sections of configuration files. If you do not include a tag, then
its value in the configuration is not modified when you load a configuration file. However, if you include
an empty tag, then its configuration setting is cleared.
its value in the configuration is not modified when you load a configuration file. However, if you include
an empty tag, then its configuration setting is cleared.
For example, uploading the following code removes all listeners from the system: