The Change NWS Configuration (CHGNWSCFG) command changes a network server configuration.

Restrictions:

• This command is shipped with public exclude (*EXCLUDE) authority. When this command is shipped, authority is issued only to the security officer. The security officer can grant the use of this command to other users.
• You must have input/output system configuration (*IOSYSCFG) special authority to use this command.
• To make changes to the IPSECRULE, CHAPAUT, or SPCERTID parameters, you must have security administrator (*SECADM) special authority.
• This command cannot be run if an active network server description is associated with this network server configuration.

Parameters

Keyword	Description	Choices	Notes
NWSCFG	Network server configuration	Communications name	Required, Key, Positional 1
IPSECRULE	IP security rules	Single values: *SAME, *NONE Other values (up to 16 repetitions): Character value, *GEN, *REGEN	Optional
INZSP	Initialize service processor	*SAME, *MANUAL, *AUTO, *NONE	Optional
ENBUNICAST	Enable unicast	*SAME, *NO, *YES	Optional
SPNAME	Service processor name	Character value, *SAME, *SPINTNETA	Optional
SPINTNETA	SP internet address	Character value, *SAME	Optional
SPCERTID	SP certificate identifier	Single values: *SAME, *NONE Other values: Element list	Optional
	Element 1: Component	*COMMONNAME, *EMAIL, *ORGUNIT
	Element 2: Compare value	Character value
EID	Enclosure identifier	Single values: *SAME, *AUTO Other values: Element list	Optional
	Element 1: Serial number	Character value
	Element 2: Manufacturer type and model	Character value
SPNWSCFG	SP configuration name	Communications name, *SAME	Optional
RMTSYSID	Remote system identifier	Single values: *SAME, *SPNWSCFG Other values: Element list	Optional
	Element 1: Serial number	Character value
	Element 2: Manufacturer type and model	Character value
DELIVERY	Delivery method	Character value, *SAME, *DYNAMIC, *MANUAL	Optional
CHAPAUT	CHAP authentication	Single values: *SAME, *NONE Other values: Element list	Optional
	Element 1: CHAP name	Character value, *NWSCFG
	Element 2: CHAP secret	Character value, *GEN
BOOTDEVID	Boot device ID	Single values: *SAME, *SINGLE Other values: Element list	Optional
	Element 1: Bus	0-255
	Element 2: Device	0-31
	Element 3: Function	0-7
DYNBOOTOPT	Dynamic boot options	Single values: *SAME Other values: Element list	Optional
	Element 1: Vendor ID	Character value, *DFT
	Element 2: Alternate client ID	Character value, *ADPT
RMTIFC	Remote interfaces	Single values: *SAME Other values (up to 4 repetitions): Element list	Optional
	Element 1: SCSI interface	Element list
	Element 1: Adapter address	Hexadecimal value, *NONE
	Element 2: Internet address	Character value
	Element 3: Subnet mask	Character value
	Element 4: Gateway address	Character value
	Element 5: iSCSI qualified name	Character value, *GEN
	Element 2: LAN interface	Element list
	Element 1: Adapter address	Hexadecimal value, *NONE
	Element 2: Internet address	Character value
	Element 3: Subnet mask	Character value
	Element 4: Gateway address	Character value
TEXT	Text 'description'	Character value, *SAME, *BLANK	Optional

Top

Network server configuration (NWSCFG)

Specifies the name of the network server configuration.

name

Specify the name of the network server configuration to be changed.

IP security rules (IPSECRULE)

Specifies the configuration IP Security (IPSec) rules used between the hosting and remote system.

This parameter is only valid when TYPE(*CNNSEC) is specified in the corresponding CRTNWSCFG command.

Single values

*SAME

The value does not change.

*NONE

IP Security (IPSec) protocol security settings are not configured.

Other values (up to 16 repetitions)

*GEN

Generate a random pre-shared key.

*REGEN

Automatically generate a random pre-shared key every time the system is varied on.

character-string

Specify the pre-shared key.

A pre-shared key is a nontrivial string up to 32 characters long.

Valid characters are upper case A through Z, lower case a through z, numbers 0 through 9, and the following special characters:

• Plus sign
• Equal sign
• Percent
• Ampersand
• Left parenthesis
• Right parenthesis
• Comma
• Underline
• Minus sign
• Period
• Colon
• Semicolon

Initialize service processor (INZSP)

Specifies how the remote system's service processor is secured.

This parameter is only valid when TYPE(*SRVPRC) is specified in the corresponding CRTNWSCFG command.

*SAME

The value does not change.

*MANUAL

Security parameters are manually configured on remote system's service processor. *MANUAL provides the highest security.

To use this option, it is required that the remote system's service processor is pre-configured with a user name, password and certificate. Certificate management will be required. This method is appropriate when connecting to the service processor via public networks to protect the password.

*AUTO

Parameters are automatically configured on the remote system's service processor.

*AUTO provides security without requiring pre-configuration of the remote system's service processor. The remote system's service processor will have certificates automatically regenerated when the certificates are near expiration. This option is appropriate if the interconnecting network is physically secure or is protected by a firewall.

Note: An administrator will need to regenerate the certificate using the Initialize NWS Configuration (INZNWSCFG) command when the service processor certificate has expired, or if a new certificate and password are desired at any time before the certificate expires.

*NONE

Provides no security.

Use this only if the interconnecting network is physically secure.

Note: Some service processors do not support secure connections. Use *NONE for these service processors. Additional information can be found at Integrated xSeries solutions at http://www.ibm.com/servers/eserver/iseries/integratedxseries.

Enable unicast (ENBUNICAST)

Specifies whether unicast packet distribution is to be used. Unicast is a transmission method where packets are sent directly to the specified Service processor name (SPNAME) or SP internet address (SPINTNETA) parameter.

The system identification for the Enclosure identifier (EID) parameter is automatically retrieved if *AUTO is specified and the system hardware supports it.

This parameter is only valid when TYPE(*SRVPRC) is specified in the corresponding CRTNWSCFG command.

*SAME

The value does not change.

*NO

Disable unicast

*YES

Enable unicast.

Service processor name (SPNAME)

Specifies the remote system's service processor host name.

Note: This parameter is required when ENBUNICAST(*YES) is specified.

This parameter is only valid when TYPE(*SRVPRC) is specified in the corresponding CRTNWSCFG command.

*SAME

The value does not change.

*SPINTNETA

The remote system is identified by the value specified for the SP internet address (SPINTNETA) parameter.

host-name

Specify the remote system's service processor host name.

SP internet address (SPINTNETA)

Specifies the remote system's service processor internet address.

This parameter is only valid when TYPE(*SRVPRC) is specified in the corresponding CRTNWSCFG command.

This parameter is only valid when SPNAME(*SPINTNETA) is specified.

Note: This parameter is ignored when ENBUNICAST(*NO) is specified.

*SAME

The value does not change.

internet-address

Specify the internet address of the service processor.

The value is entered in the decimal form nnn.nnn.nnn.nnn , where nnn is a decimal number ranging from 0 through 255.

SP certificate identifier (SPCERTID)

The SP certificate identifier specifies one of three possible fields that identifies the service processor's certificate.

This parameter is specified to provide additional validation that the certificate is from the service processor. The contents of the selected field must exactly match the value of the field that was entered when the certificate was generated or requested from a certificate authority.

This parameter is only valid when TYPE(*SRVPRC) is specified in the corresponding CRTNWSCFG command.

This parameter is required when INZSP(*MANUAL) is specified.

Single values

*SAME

The value does not change.

*NONE

Service processor certificate is not configured.

Element 1: Component

*COMMONNAME

Selects the certificate's common name specified when the certificate was generated or requested from a certificate authority. On the remote supervisor adapter II this correlates to the "ASM Domain Name" field used to generate a self-signed certificate or generate a certificate signing request.

*EMAIL

Selects the certificate's e-mail address specified when the certificate was generated or requested from a certificate authority. On the remote supervisor adapter II this correlates to the "Email Address" field used to generate a self-signed certificate or generate a certificate signing request.

*ORGUNIT

Selects the certificate's organizational unit specified when the certificate was generated or requested from a certificate authority. On the remote supervisor adapter II this correlates to the "Organizational Unit" field used to generate a self-signed certificate or generate a certificate signing request.

Element 2: Compare value

character-string

Specify the certificates component compare value. Enter no more than 255 characters of text, enclosed in apostrophes.

Enclosure identifier (EID)

Specifies the identifying serial number, type and model of the enclosure containing the service processor.

When specified, they are used to locate the system on the network.

Look for these values on the label of the system.

This parameter is only valid when TYPE(*SRVPRC) is specified in the corresponding CRTNWSCFG command.

Single values

*SAME

The value does not change.

*AUTO

Automatically retrieve the identifier when ENBUNICAST(*YES) is specified.

Element 1: Serial number

character-string

Specify the machine serial number.

Element 2: Manufacturer type and model

character-string

Specify the machine type and model.

The value is entered in the form ttttmmm where tttt is the machine type and mmm is the machine model number.

SP configuration name (SPNWSCFG)

Specifies the name of the service processor network server configuration to be used to manage the remote server.

*SAME

The value does not change.

name

Specifies the name of the service processor network server configuration.

Remote system identifier (RMTSYSID)

Specifies the identifying serial number, type and model of the remote system. When specified, they are used to locate the remote system on the network.

Look for these values on the label of the system.

Note: The machine type and model may be omitted if the system's serial number is unique on the network.

This parameter is only valid when TYPE(*RMTSYS) is specified in the corresponding CRTNWSCFG command.

Single values

*SAME

The value does not change.

*SPNWSCFG

Use the serial number and type/model specified in the Enclosure identifier (EID) parameter of the service processor (*SRVPRC) network server configuration.

Element 1: Serial number

character-string

Specify the machine serial number.

Element 2: Manufacturer type and model

character-string

Specify the machine type and model.

The value is entered in the form ttttmmm where tttt is the machine type and mmm is the machine model number.

Delivery method (DELIVERY)

Specifies how the parameters necessary to configure the remote system are delivered.

This parameter is only valid when TYPE(*RMTSYS) is specified in the corresponding CRTNWSCFG command.

*SAME

The value does not change.

*DYNAMIC

Parameters are dynamically delivered to the remote system using Dynamic Host Configuration Protocol (DHCP).

*MANUAL

Parameters are manually configured on the remote system using the BIOS utilities (System BIOS or Adapter BIOS - CTRL-Q).

CHAP authentication (CHAPAUT)

Specifies the Challenge Handshake Authentication Protocol (CHAP) for the host system iSCSI target to authenticate the remote system initiator node.

This parameter is only valid when TYPE(*RMTSYS) is specified in the corresponding CRTNWSCFG command.

Single values

*SAME

The value does not change.

*NONE

CHAP authentication is not enabled.

Element 1: CHAP name

*NWSCFG

The system will automatically generate a name for CHAP using the Network server configuration name.

character-string

Specify the name you want to use for the Challenge Handshake Authentication Protocol.

Valid characters are upper case A through Z, lower case a through z, numbers 0 through 9, and the following special characters:

• Plus sign
• Equal sign
• Percent
• Ampersand
• Left parenthesis
• Right parenthesis
• Comma
• Underline
• Minus sign
• Period
• Colon
• Semicolon

Element 2: CHAP secret

*GEN

The system will automatically generate a random CHAP secret.

character-string

Specify the secret you want to use for the Challenge Handshake Authentication Protocol.

Valid characters are upper case A through Z, lower case a through z, numbers 0 through 9, and the following special characters:

• Plus sign
• Equal sign
• Percent
• Ampersand
• Left parenthesis
• Right parenthesis
• Comma
• Underline
• Minus sign
• Period
• Colon
• Semicolon

Boot device ID (BOOTDEVID)

Specifies the PCI Function Address (Bus/Device/Function) of the iSCSI adapter in the remote system that will be used to boot from.

Note: Remote systems with more than one iSCSI adapter installed in the server are required to specify which adapter will be used to boot from.

This parameter is only valid when TYPE(*RMTSYS) is specified in the corresponding CRTNWSCFG command.

Single values

*SAME

The value does not change.

*SINGLE

The single iSCSI adapter is used on the remote system

Element 1: Bus

number

Specify the bus number of the remote system's iSCSI adapter that will be used to boot.

Valid values range from 0 through 255.

Element 2: Device

number

Specify the device number of the remote system's iSCSI adapter that will be used to boot.

Valid values range from 0 through 31.

Element 3: Function

number

Specify the function number of the remote system's iSCSI adapter that will be used to boot.

Valid values range from 0 through 7.

Dynamic boot options (DYNBOOTOPT)

Specifies the internal Dynamic Host Configuration Protocol (DHCP) Server configuration.

Note: This is an advanced configuration function.

This parameter is used to configure the internal DHCP Server that is part of the iSCSI Target Host Bus Adapter firmware. It is used to provide IP address and diskless boot parameters for the remote iSCSI Initiator.

This parameter is only valid when TYPE(*RMTSYS) is specified in the corresponding CRTNWSCFG command.

This parameter is only valid when DELIVERY(*DYNAMIC) is specified.

Single values

*SAME

The value does not change.

Element 1: Vendor ID

The client and server are pre-configured to a default vendor ID. Network administrators can configure clients to define their own identifying values to convey hardware, operating system or other identifying information. DHCP option 60 described in the IETF RFC 2132 is used for this function.

*DFT

The default vendor ID will be used.

character-string

Vendor ID of the remote system's iSCSI adapter that will be used.

Element 2: Alternate client ID

Used by clients to specify their unique identifier to the server. Each client's identifier must be unique among all other client identifiers used on the effective DHCP network to which the client is attached (that is, the client's local subnet and any remote subnets reachable using DHCP relay). Vendors and system administrators are responsible for choosing client identifiers that meet this requirement for uniqueness. DHCP option 61 described in the IETF RFC 2132 is used for this function.

*ADPT

The default Client ID consists of the adapter address for the remote system's iSCSI adapter. This value will be used to identify the remote system.

character-string

Specify the Client ID of the remote system's iSCSI adapter that will be used to boot.

Remote interfaces (RMTIFC)

Specifies the remote system's interfaces. This information is used to identify and configure the remote system's interfaces. Each adapter has two functions to support a SCSI and a LAN interface.

Note: A minimum of one SCSI interface and one LAN interface is required though they may reside on different adapters in the remote system.

This parameter is only valid when TYPE(*RMTSYS) is specified in the corresponding CRTNWSCFG command.

Single values

*SAME

The value does not change.

You can specify up to 4 repetitions for this parameter.

Element 1: SCSI interface

Specifies the remote system's SCSI interfaces.

Element 1: Adapter address

*NONE

No SCSI interface is configured for this adapter.

adapter-address

Specify the 12-character hexadecimal adapter address for the remote system's iSCSI interface.

Element 2: Internet address

internet-address

Specify the internet address for the remote system's SCSI interface.

The value is entered in the decimal form nnn.nnn.nnn.nnn , where nnn is a decimal number ranging from 0 through 255.

Element 3: Subnet mask

subnet-mask

Specify the subnet mask for the remote system's SCSI interface.

The value is entered in the decimal form nnn.nnn.nnn.nnn , where nnn is a decimal number ranging from 0 through 255.

Element 4: Gateway address

gateway-address

Specify the gateway address for the remote system's SCSI interface.

The value is entered in the decimal form nnn.nnn.nnn.nnn , where nnn is a decimal number ranging from 0 through 255.

Element 5: iSCSI qualified name

*GEN

The system will automatically generate the iSCSI qualified name.

name

Specify the iSCSI qualified name for the remote system's SCSI interface.

The following characters are allowed in iSCSI qualified names:

• Alphabetical characters A through Z converted to lower case (refer to RFC 3722)
• Alphabetical characters a through z
• Digits 0 through 9
• Period (.)
• Dash (-)
• colon (:)

Element 2: LAN interface

Specifies the remote system's LAN interfaces.

Element 1: Adapter address

*NONE

No LAN interface is configured for this adapter.

adapter-address

Specify the 12-character hexadecimal adapter address for the remote system's LAN or TCP Offload Engine (TOE) interface.

Element 2: Internet address

internet-address

Specify the internet address for the remote system's LAN interface.

The value is entered in the decimal form nnn.nnn.nnn.nnn , where nnn is a decimal number ranging from 0 through 255.

Element 3: Subnet mask

subnet-mask

Specify the subnet mask for the remote system's LAN interface.

The value is entered in the decimal form nnn.nnn.nnn.nnn , where nnn is a decimal number ranging from 0 through 255.

Element 4: Gateway address

gateway-address

Specify the gateway address for the remote system's LAN interface.

The value is entered in the decimal form nnn.nnn.nnn.nnn , where nnn is a decimal number ranging from 0 through 255.

Text 'description' (TEXT)

Specifies text that briefly describes the network server configuration.

*SAME

The value does not change.

Specifies text that briefly describes the network server configuration.

*BLANK

Text is not specified.

character-value

Specify no more than 50 characters of text, enclosed in apostrophes.

Examples

Example 1: Change Service Processor Address

CHGNWSCFG NWSCFG(CAT4SP)
          SPINTNETA('1.5.6.7')

This command changes the IP address for the service processor.

Example 2: Change description

CHGNWSCFG NWSCFG(MYSEC)
          TEXT('My Connection security')

This command changes the description for the network server configuraiton.

Error messages

*ESCAPE Messages

CPF2105

Object &1 in &2 type *&3 not found.

CPF2114

Cannot allocate object &1 in &2 type *&3.

CPF90A8

*SECADM special authority required to do requested operation.

CPF96CA

Network server configuration &1 not changed.

CPFA1B8

*IOSYSCFG authority required to use &1.