Page 1
Cisco 4700 Series Application Control Engine Appliance Administration Guide Software Version A3(2.x) October 2009 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-20823-01...
Setting the BOOT Environment Variable 1-28 Configuring the ACE to Bypass the Startup Configuration File During the Boot Process 1-29 Restarting the ACE 1-31 Restarting the ACE From the CLI 1-31 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 4
C H A P T E R Information about ACE Licenses Guidelines and Limitations Prerequisites Default License Feature Capabilities Managing ACE Appliance Software Licenses Tasks for Ordering an Upgrade License and Generating a Key Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 5
4-16 Displaying Files Residing On the ACE 4-18 Saving show Command Output to a File 4-19 Managing Core Dump Files 4-21 Copying Core Dumps 4-21 Clearing the Core Directory 4-22 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 6
FT VLAN Configuration Synchronization Redundancy State for Software Upgrade or Downgrade Guidelines and Limitations Default Settings Configuring Redundant ACEs Task Flow for Configuring Redundancy Configuring Redundancy Configuring an FT VLAN Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 7
Managers and Agents SNMP Manager and Agent Communication SNMP Traps and Informs SNMPv3 CLI User Management and AAA Integration CLI and SNMP User Synchronization Multiple String Index Guidelines Supported MIBs and Notifications Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 8
HTTP and HTTPS Support with the ACE HTTP Return Codes Document Type Definition Guidelines and Limitations Default Settings Configuring the XML Interface Task Flow for Configuring XML Configuring HTTP and HTTPS Management Traffic Services Cisco 4700 Series Application Control Engine Appliance Administration Guide viii OL-20823-01...
Page 9
Configuring the Configuration Register to Autoboot the Boot Variable A-10 Reloading the ACE A-11 Displaying Software Image Information A-11 Displaying the Boot Variable and Configuration Register A-12 Displaying the Software Version A-12 N D E X Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 10
Contents Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 11
Preface This guide provides instructions for the administration of the Cisco 4700 Series Application Control Engine (ACE) appliance. It describes how to perform administration tasks on the ACE, including initial setup, establish remote access, manage softw are licenses, configure class maps and policy maps, manage the ACE software, configure SNMP, configure redundancy, configure the XML interface, and upgrade your ACE software.
ACE. Chapter 2, Enabling Remote Describes how to configure remote access to the Cisco 4700 Series Access to the ACE Application Control Engine (ACE) appliance by establishing a remote connection using the Secure Shell (SSH) or Telnet protocols. It also describes how to configure the ACE to provide direct access to a user context from SSH.
ACE: and Bridging Configuration Guide Configuring Ethernet ports • Configuring VLAN interfaces • Configuring routing • Configuring bridging • Configuring Dynamic Host Configuration Protocol (DHCP) • Cisco 4700 Series Application Control Engine Appliance Administration Guide xiii OL-20823-01...
Page 14
ACE. Cisco 4700 Series Application Provides an alphabetical list and descriptions of all CLI Control Engine Appliance commands by mode, including syntax, options, and related Command Reference commands. Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 15
A bulleted list indicates that the order of the list topics is unimportant. • An indented list indicates that the order of the list subtopics is unimportant. – Notes use the following conventions: Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 16
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html...
For details on configuring the GigabitEthernet ports, assigning VLANs to the ACE, configuring VLAN interfaces on the ACE, and configuring a default or static route on the ACE, see the Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide.
Adapter—RJ45 to DB-9 male – Cable type—Rollover serial cable to connect the ACE to a DTE device – For instructions on connecting a console cable to your ACE, see the Cisco Application Control Engine Appliance Hardware Installation Guide. Default Settings Table 1-1 lists the default settings for the ACE setup parameters.
Page 19
ICMP, SSH, Telnet, and XML-HTTPS. HTTPS is dedicated for connectivity with the Device Manager GUI. VLAN interface configured on the ACE and a • policy map assigned to the VLAN interface. Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Enter a name for your session in the Name field. Step 3 Click OK. The Connect To window appears. Step 4 From the drop-down list, choose the COM port to which the device is connected. Step 5 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
This section describes how to use the setup script to simplify connectivity to the Device Manager GUI (as described in the Cisco 4700 Series Application Control Engine Appliance Device Manager GUI Quick Configuration Guide). When you boot the ACE for the first time and the appliance does not detect a startup-configuration file, a setup script appears to guide you through the process of configuring a management VLAN on the ACE through one of its Gigabit Ethernet ports.
Page 22
(see the “Establishing a Console Connection on the ACE” section). Press the power button on the front of the ACE and the boot process occurs. See the Cisco Application Step 2 Control Engine Appliance Hardware Installation Guide for details. At the login prompt, log into the ACE by entering the login username and password. By default, the Step 3 username and password are admin.
Page 23
The prompt “Submit the configuration including security settings to the ACE Appliance? (yes/no/details): [y]:” reappears. Enter one of the following replies: Type y to apply the appropriate configuration and save the running-configuration to the • startup-configuration file. This is the default. Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Chapter 2, Enabling Remote Access to the ACE. For details on configuring interfaces on the ACE, see the Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide. You can configure the ACE to provide a higher level of security for users accessing the ACE. For information about configuring user authentication for login access, see the Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide.
Changing or Resetting the Administrative Password This section describes how to change or reset the administrative password and includes the following topics: Changing the Administrative Password • Resetting the Administrator Account Password • Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
ACE, it reads the username and password from Flash memory. Global administrative status is assigned to the administrative username by default. For information about changing a user password, see the Cisco 4700 Series Application Control Engine Note Appliance Virtualization Configuration Guide.
ACE through the console port to be able to reset the password for the Admin user back to the factory-default value of admin. Restrictions Only the Admin context is accessible through the console port. Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-11 OL-20823-01...
By default, the hostname for the ACE is “switch.” Restrictions Only the Admin context is accessible through the console port. Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-12 OL-20823-01...
ACE terminates the session. Valid entries are host1/Admin(config)# login timeout 10 from 0 to 60 minutes. A value of 0 instructs the ACE never to timeout. The default is 5 minutes. Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-13 OL-20823-01...
Exec mode prompt. Restrictions If you connect to the ACE by using an SSH version 1 remote access session, the message-of-the-day banner is not displayed. Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-14 OL-20823-01...
Page 31
For multi-line input, double quotes (“) are not required for the token because the input mode is different from signal-line mode. When you operate in multi-line mode, the ACE interprets the double quote character (“) literally. Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-15 OL-20823-01...
(such as a radio clock or an atomic clock), see the “Synchronizing the ACE with an NTP Server” section. In this case, the NTP time server automatically sets the ACE system clock. Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-16 OL-20823-01...
Fri Aug 7 01:38:30 PST 2009 Configuring the Time Zone This section describes how to set the time zone of the ACE. The ACE keeps time internally in Universal Time Coordinated (UTC) offset. Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-17 OL-20823-01...
Page 34
MST—Mountain Standard Time, as UTC –7 hours – PST—Pacific Standard Time, as UTC –8 hours – WEST—Western Europe Summer Time, as UTC + 1 hour – WST—Western Standard Time, as UTC + 8 hours – Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-18 OL-20823-01...
Page 35
Eastern Daylight Saving Time, as UTC – 4 hours Mountain Time, either as MST or MDT, depending on the place and time of the year Mountain Daylight Saving Time, as UTC – 6 hours Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-19 OL-20823-01...
If the starting month is after the ending month, the ACE assumes that you are located in the Southern Hemisphere. Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-20 OL-20823-01...
Page 37
– April to 2 a.m. last Sunday Oct, + 60 min PDT—Pacific Daylight Time: 2 a.m. 1st Sunday April – to 2 a.m. last Sunday Oct, + 60 min Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-21 OL-20823-01...
• Cisco 4700 Series Application Control Engine Appliance Application Acceleration and Optimization Configuration Guide), and you plan to use an optional Cisco AVS 3180A Management Console with multiple ACE nodes, we strongly recommend that you synchronize the system clock of each ACE node with an NTP server. AppScope performance monitoring relies on very accurate time measurement, in the millisecond range.
Page 39
Examples For example, to specify multiple NTP server IP addresses and identify a preferred server, enter: host1/Admin(config)# ntp server 192.168.10.10 prefer host1/Admin(config)# ntp server 192.168.4.143 host1/Admin(config)# ntp server 192.168.5.10 Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-23 OL-20823-01...
This section describes how to specify the number of lines and the width for displaying information on a terminal during a console session. Restrictions The maximum number of displayed screen lines is 511 columns. Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-24 OL-20823-01...
Page 41
Step 2 terminal monitor terminal. To enable the various levels of syslog messages to the terminal, Example: use the logging monitor command (see the Cisco 4700 Series host1/Admin# terminal monitor Application Control Engine Appliance System Message Guide for %ACE-7-111009: User 'admin' details).
Example: host1/Admin(config-line)# no session-limit (Optional) Copies the running configuration to the startup Step 4 do copy running-config startup-config configuration. Example: host1/Admin(config-line)# do copy running-config startup-config Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-26 OL-20823-01...
BOOT environment variable to attain the desired order or you can clear the entire BOOT environment variable and then redefine the list in the desired order. Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-28...
For the procedure on resetting the administrator CLI account password, see the “Resetting the Note Administrator Account Password” section. Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-29 OL-20823-01...
Page 46
If necessary, you can manually launch the setup script using the setup command in Exec mode. kernel=(hd0,1)/c4710ace-mz.A3_1_0.bin ro root=LABEL=/ auto console=ttyS0,96 00n8 quiet bigphysarea=32768 Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-30 OL-20823-01...
Using the GRUB Boot Loader to Specify the System Boot Image During a Reload • Restarting the ACE From the CLI This section describes how to reboot the ACE directly from its CLI. Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-31 OL-20823-01...
Page 48
Type e to edit the commands before booting. • Type c to access a command line. • If no ACE images are loaded in the Flash memory, the GNU GRUB multiboot loader appears as follows: Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-32 OL-20823-01...
• Displaying NTP Statistics and Information This section describes how to instruct the ACE to display the following NTP statistics and information: NTP peer statistics • Input/output statistics • Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-33 OL-20823-01...
Page 50
IP address of each associated peer Serv/Peer Indication of whether the peer functions as an NTP server or NTP peer Table 1-3 describes the fields in the show ntp peers command output. Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-34 OL-20823-01...
Page 51
Number of NTP packets received and processed by the ACE. Bad authentication Number of packets not verified as authentic. Table 1-6 describes the fields in the show ntp statistics memory command output. Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-35 OL-20823-01...
Order in which the ACE may consider this server when it chooses the master. Displaying Other ACE Setup Configuration Information To display the ACE setup configuration information, use the following show commands from Exec mode: Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-36 OL-20823-01...
Display Attributes” section). For detailed information about the fields in the output from these commands, refer to the Cisco 4700 Series Application Control Engine Appliance Command Reference. Clearing NTP Statistics To clear the NTP statistical information, use the following command from Exec mode:...
Page 54
Chapter 1 Setting Up the ACE Displaying or Clearing the ACE Setup Configuration and Statistics Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-38 OL-20823-01...
C H A P T E R Enabling Remote Access to the This chapter describes how to configure remote access to the Cisco 4700 Series Application Control Engine (ACE) appliance by establishing a remote connection by using the Secure Shell (SSH) or Telnet protocols.
Ability of an ACE interface to receive ICMP messages or allow ICMP messages to pass Disabled through it Status of the following match protocol command protocols: http, https, icmp, kalap-udp, Disabled snmp, ssh, telnet, and xml-https. Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
C1 host1/C1# The rest of the examples in this table use the Admin context, unless otherwise specified. For details on creating contexts, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide. Enter configuration mode. Step 2 host1/Admin# config Enter configuration commands, one per line.
Policy map—Enables remote network management access for a traffic classification that matches • the criteria listed in the class map. Service policy—Activates the policy map and attaches the traffic policy to an interface or globally • on all interfaces. Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Enabling Remote Access to the ACE Telnet and SSH remote access sessions are established to the ACE on a per context basis. For details on creating users and contexts, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
Page 60
(Optional) Remove a Layer 3 and Layer 4 network management no class-map type management [match-all | class map from the ACE. match-any] map_name Example: host1/Admin(config)# no class-map type management match-all SSH-TELNET_ALLOW_CLASS Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 61
KAL-AP • over UDP. The configuration of the KAL-AP management access is described in the “Configuring Health Monitoring” chapter of the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide. snmp—Specifies the Simple Network Management •...
Page 62
(Optional) Removes the description from the class map. no description text Example: host1/Admin(config-cmap-mgmt)# no description (Optional) Copies the running configuration to the startup Step 5 do copy running-config startup-config configuration. Example: ACE_1/Admin(config-cmap-mgmt))# do copy running-config startup-config Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
The text argument specifies the description that you want to host1/Admin(config-pmap-mgmt)# description provide. Enter an unquoted text string with a maximum of Allow Telnet access to the ACE 240 alphanumeric characters. Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 64
(Optional) Remove a class map from a Lay er 3 and Layer 4 policy no class { name1 [insert-before name2 ] | map. class-default} Example: host1/Admin(config-pmap-mgmt)# no class L4_REMOTE_ACCESS_CLASS Cisco 4700 Series Application Control Engine Appliance Administration Guide 2-10 OL-20823-01...
You can remove a traffic policy map from a VLAN by using either of the following methods: Individually from the last VLAN interface on which you applied the service policy • Globally from all VLAN interfaces in the same context • Cisco 4700 Series Application Control Engine Appliance Administration Guide 2-11 OL-20823-01...
Page 66
VLANs associated with a context. Example: host1/Admin(config)# no service-policy input REMOTE_MGMT_ALLOW_POLICY (Optional) Copies the running configuration to the startup Step 3 do copy running-config startup-config configuration. Example: host1/Admin(config)# do copy running-config startup-config Cisco 4700 Series Application Control Engine Appliance Administration Guide 2-12 OL-20823-01...
Policy Globally to All VLAN Interfaces in the Same Context” section. Restrictions The ACE allows only one policy of a specific feature type to be activated on a given interface and only in the input direction. Cisco 4700 Series Application Control Engine Appliance Administration Guide 2-13 OL-20823-01...
Page 68
For the policy_name argument, enter the identifier of an existing Example: policy map that is currently in service (applied to an interface). host1/Admin(config-if)# do clear service-policy REMOTE_MGMT_ALLOW_POLICY Cisco 4700 Series Application Control Engine Appliance Administration Guide 2-14 OL-20823-01...
IP address to it, and then log into the ACE by using Telnet to connect to that IP address. This capability allows you to specify a particular context when accessing the ACE. For details on creating users and contexts, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
ACE by using SSH to connect to thatIP address. This capability allows you to specify a particular context when accessing the ACE. For details on creating users and contexts, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide. This section contains the following topics: Configuring Maximum Number of SSH Sessions •...
SSH versions 1 and 2. Generate the SSH host key pair according to the SSH client version used. The number of bits specified for each key pair ranges from 768 to 4096. Cisco 4700 Series Application Control Engine Appliance Administration Guide 2-17 OL-20823-01...
Page 72
Step 5 do show ssh key [dsa | rsa | rsa1] or for all keys if you do not specify a key. Example: host1/Admin(config)# do show ssh key rsa Cisco 4700 Series Application Control Engine Appliance Administration Guide 2-18 OL-20823-01...
L3BmhQYQW7hkTK0oS4kVawI1VmW2kvrqoGQnLNQRMvisAXuJWKk1Ln6vWPGZZe8KoALv0GXxsOv2gk/z TDk01oCaTVw//bXJtoVRgIlWXLIP bitcount:1024 fingerprint: 8e:13:5c:3e:1a:9c:7a:ed:d0:84:eb:96:12:db:82:be ************************************** Terminating an Active User Session This section describes how to terminate an active SSH or Telnet session for the active context. Cisco 4700 Series Application Control Engine Appliance Administration Guide 2-19 OL-20823-01...
To allow ICMP messages to pass through the ACE, configure an ICMP ACL to permit or deny network connections based on the ICMP type (for example, echo, echo-reply, or unreachable). See the Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide for details.
Associate an existing VLAN with the user context so that the context can receive traffic classified for it Step 2 by entering the following command: host1/Admin(config-context)# allocate-interface vlan 100 See the Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide. Generate the SSH host key pair by entering the following command: Step 3...
For example, assign an IP address to the interface and reenable the interface within the context with the no shutdown command. See the Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide. Create an SSH remote management policy and apply the associated service policy to all VLAN...
Unique session identifier for the SSH session. Remote Host IP address and port of the remote SSH client. Active Time Time since the SSH connection request was received by the ACE. Cisco 4700 Series Application Control Engine Appliance Administration Guide 2-23 OL-20823-01...
[context_name] Display the maximum number of enabled Telnet sessions. Only context administrators can view Telnet session information associated with a particular context. See the “Configuring the Maximum Number of Telnet Management Sessions” section. Cisco 4700 Series Application Control Engine Appliance Administration Guide 2-24 OL-20823-01...
Create and configure an access control list. The sample access control list shown in this step allows Step 2 network traffic from any source. For details about configuring an access control list, see the Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide.
Page 80
Chapter 2 Enabling Remote Access to the ACE Configuration Example for Enabling Remote Access to the ACE Cisco 4700 Series Application Control Engine Appliance Administration Guide 2-26 OL-20823-01...
C H A P T E R Managing ACE Software Licenses This chapter describes how to manage the software licenses for your Cisco Application Control Engine (ACE) module. It contains the following major sections: Information about ACE Licenses • Guidelines and Limitations •...
Page 83
Upgrade from 2-Gbps to 4-Gbps throughput. Virtualization Default 1 admin/5 user contexts. ACE-AP-VIRT-020 1 admin/20 user contexts. Default 100 TPS. ACE-AP-SSL-05K-K9 5000 TPS. ACE-AP-SSL-07K-K9 7500 TPS. ACE-AP-SSL-UP1-K9 Upgrade from 5000 TPS to 7500 TPS. Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 84
ACE can provide greater than 50 concurrent connections. This license increases the operating capabilities of the following features: Delta optimization • Adaptive dynamic caching • FlashForward • Dynamic Etag • Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Exec mode (see the “Displaying ACE License Configurations and Statistics” section). ACE demo licenses are available through your Cisco account representative. If you need to replace the ACE, you can copy and install the license file for the license onto the •...
Step 1 available Cisco ordering tools on cisco.com. When you receive the Software License Claim Certificate from Cisco, follow the instructions that direct Step 2 you to the Cisco.com website. As a registered user of Cisco.com, go to this URL: http://www.cisco.com/go/license...
If you allow a context license to expire, the ACE automatically removes all user contexts from the Admin running configuration and all configurations for the user contexts. Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
• configured user contexts on the ACE. However, if you allow a context license to expire, the ACE automatically removes all user contexts from the Admin running configuration and all Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Performance throughput license removal—Table 3-4 lists the currently installed performance • throughput, the type of license on the ACE, and the remaining number of context after the license is removed. Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 90
When you uninstall the software feature pack, the ACE is capable of 50 connections per second. For more information on the application acceleration and optimization capabilities of the ACE and configuring these capabilities, see the Cisco 4700 Series Application Control Engine Appliance Application Acceleration and Optimization Configuration Guide.
For example, to copy the Admin running configuration to an TFTP server as R-CONFIG-ADM, enter: host1/Admin# copy running-config tftp://192.168.1.2/R-CONFIG-ADM To copy the C1 user context running configuration to an TFTP server, access the C1 context and enter: host1/C1# copy running-config tftp://192.168.1.2/R-CONFIG-C1 Cisco 4700 Series Application Control Engine Appliance Administration Guide 3-11 OL-20823-01...
Page 92
R-CONFIG-ADM Admin running configuration from the TFTP server, enter: host1/Admin# copy tftp://192.168.1.2/R-CONFIG-ADM running-config Copy the Admin running configuration to the startup-configuration file. For example, enter: Step 7 host1/Admin# copy running-config startup-config Cisco 4700 Series Application Control Engine Appliance Administration Guide 3-12 OL-20823-01...
This section describes how retrieve an ACE license file. If you accidently remove or lose the license on the ACE, you can untar your backup license file and then reinstall it. Restrictions You must be in the Admin context to retrieve an ACE license file. Cisco 4700 Series Application Control Engine Appliance Administration Guide 3-13 OL-20823-01...
(Gbps). This information also provides the default number of contexts, SSL TPS, and appliance bandwidth that the ACE supports when a license is not installed. Cisco 4700 Series Application Control Engine Appliance Administration Guide 3-14 OL-20823-01...
Page 95
Current state of the feature (In use or Unused). Expiry Date Date when the demo license expires, as defined in the license file. If the license is permanent, this field displays Never. Comments Licensing errors, if any. Cisco 4700 Series Application Control Engine Appliance Administration Guide 3-15 OL-20823-01...
Page 96
Chapter 3 Managing ACE Software Licenses Displaying ACE License Configurations and Statistics Cisco 4700 Series Application Control Engine Appliance Administration Guide 3-16 OL-20823-01...
C H A P T E R Managing the ACE Software This chapter describes how to manage the software running on the Cisco 4700 Series Application Control Engine (ACE) appliance and contains the following major sections: Saving Configuration Files •...
Copying the Configuration File to the disk0: File System This section describes how to copy the running-configuration file or the startup-configuration file to the disk0: file system in Flash memory on the ACE. Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Example: host1/Admin# copy startup-config running-config Displaying Configuration File Content To display the content of the running- and startup-configuration files, perform one of the following tasks: Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 101
Displays sticky information. • Displays the contents of the running configuration associated with the write terminal current context. The write terminal command is equivalent to the show running-config command. Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
“Removing a License” section on page 3-9.). Crypto files—To remove crypto files, use the crypto delete filename or the crypto delete all • command (see the Cisco 4700 Series Application Control Engine Appliance SSL Configuration Guide). Detailed Steps Command Purpose...
Exec mode. See the Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide for details on how to use the ping and traceroute commands.
• core:—Contains the core files generated after each time that the ACE becomes unresponsive. • probe:—Contains the Cisco-supplied scripts. For more information about these scripts, see the • Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide. Both the Admin context and user contexts support the probe: directory.
Page 105
This section describes how to create a backup license for the ACE licenses in .tar format and copy it to the disk0: file system. To protect your license files, we recommend that you back up your license files to the ACE Flash memory as tar files. Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 106
SFTP, or TFTP . The copy serves as a backup file for such files as the capture buffer file, core dump, ACE licenses in .tar format, running-configuration file, or startup-configuration file. Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-10...
Page 107
Prompts you for the server information if you do not • provide the information with the command. Copies the file to the root directory of the destination file • system if you do not provide path information. Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-11 OL-20823-01...
Page 108
This section describes how to copy an ACE software system image from Flash memory to a remote server using FTP, SFTP, or TFTP. Restrictions The copy image: command is available in the Admin context only. Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-12 OL-20823-01...
The filename must end with a .gz extension for the file to be uncompressed using the gunzip command. The .gz extension indicates a file zipped by the gzip (GNU zip) compression utility. Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-13...
The filename argument identifies the name of the .tar file in the disk0: file Example: system. You can optionally provide a path to the .tar file if it exists in host1/Admin# untar disk0:mylicenses.tar another directory in the disk0: file system. Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-14 OL-20823-01...
This section describes how to move a file between directories in the disk0: file system. If a file with the same name already exists in the destination directory, that file is overwritten by the moved file. Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-15...
ACE erases the file from the specified file system. To remove a directory from the ACE file system, use the rmdir command (see the “Deleting an Existing Note Directory” section). Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-16 OL-20823-01...
Page 113
• file system. The delete image: command is available only in the Admin context. volatile:filename—Deletes the specified file from the • volatile: file system. Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-17 OL-20823-01...
This • directory contains the Cisco-supplied scripts. For more information about these scripts, see the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide. volatile:—Displays the contents of the volatile: file system.
For example, you can enter show interface > filename at the Exec mode CLI prompt to redirect the interface configuration command output to a file created at the same directory level. Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-19...
Page 116
FTP network server and, • optionally, a filename. sftp://[username@]server/path[/filename]—Specifies the SFTP • network server and, optionally, a filename. tftp://server[:port]/path[/filename]—Specifies the TFTP network • server and, optionally, a filename. Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-20 OL-20823-01...
The core: file system is available from the Admin context only. • Core dump information is for Cisco Technical Assistance Center (TAC) use only. If the ACE • becomes unresponsive, you can view the dump information in the core through the show cores command.
This section describes how to clear out all of the core dumps stored in the core: file system. Restrictions You must perform this task from the Admin context only. Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-22 OL-20823-01...
This section contains the following topics: Enabling the Packet Capture Function • Copying Packet Capture Buffer Information • Displaying or Clearing Packet Information • Clearing Capture Buffer Information • Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-23 OL-20823-01...
ACE. Prerequisites To create a capture based on an access list, the access list must already exist. For information about creating an access list, see the Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide. Restrictions...
To capture application acceleration and optimization traffic bound for the Note optional Cisco AVS 3180A Management Station interface, use the all keyword. This keyword captures all the traffic on all interfaces. You can then transfer the packet capture file to a remote machine to be scanned for traffic that is specific to the Management Station interface.
Displays capture status information for each • packet. For all types of received packets, the console display is in tcpdump format. Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-26 OL-20823-01...
The ACE supports a maximum of 10 checkpoints for each context. • You must perform this task in the Exec mode of the context for which you want to create a • checkpoint. Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-27 OL-20823-01...
The name argument specifies the unique identifier of the Example: checkpoint. Enter a text string with no spaces and a maximum of host1/Admin# checkpoint delete 25 alphanumeric characters. MYCHECKPOINT Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-28 OL-20823-01...
Table 4-1 Field Descriptions for the show checkpoint all Command Output Field Description Checkpoint Name of the checkpoint Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-29 OL-20823-01...
Running-configuration file of each context • Core dump files of each context • Packet capture buffers of each context • SSL certificate and key pair files of each context • Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-30 OL-20823-01...
Page 127
FTP, SFTP, or TFTP server. See the Cisco 4700 Series Application Control Engine Appliance SSL Configuration Guide for details on how to use the crypto export command to export SSL certificate and key pair files to a remote FTP, SFTP, or TFTP server.
Page 128
Import SSL certificate files and key pair files into the associated context using by the crypto import • command (see the Cisco 4700 Series Application Control Engine Appliance SSL Configuration Guide). Cisco 4700 Series Application Control Engine Appliance Administration Guide...
The show buffer, show fifo, show netio, show np, and show vnet commands display internal system-level hardware show output for use by trained Cisco personnel as an aid in debugging and troubleshooting the ACE. For background information about theose show commands, see the Cisco 4700 Series Application Control Engine Appliance Command Reference.
Version identifier of the ACE. Serial number of the ACE. Examples The following example shows the output of the show hardware command: host1/Admin # show hardware Hardware Product Number: ACE-4710-K9 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Cisco Application Control Software (ACSW) TAC support: http://www.cisco.com/tac Copyright (c) 1985-2009 by Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained herein are owned by other third parties and are used and distributed under license.
• details—Displays process log information for all process identifiers • pid process_id—Displays information about a specific process • identifier memory—Displays memory information about the processes • Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 133
CPU utilization as a percentage for the last 5 seconds 1 Min CPU utilization as a percentage for the last minute 5 Min CPU utilization as a percentage for the last 5 minutes Process Name of the process Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 134
Field Descriptions for the show processes memory Command Field Description Process identifier MemAlloc Total memory allocated by the process StackBase/Ptr Process stack base and current stack pointer in hex format Process Name of the process Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Table 5-8 Field Descriptions for the show terminal internal info Command Field Description Process Information Name Name of the executable that started the process. Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
CPU and memory statistics. • skbtrack—Displays the socket buffer (network buffer) allocations in • the kernel loadable modules. uptime—Displays how long the ACE has been up and running. • Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 138
For example, if you dynamically allocate 1 GB of memory, no demand is placed on that memory until you actually start using it. The Committed_AS is an estimate of how much RAM or swap memory you would need in a worst-case scenario. Cisco 4700 Series Application Control Engine Appliance Administration Guide 5-10 OL-20823-01...
Number of ICMP unreachable packets transmitted or received by the ACE TTL Expired Number of ICMP TTL-expired messages transmitted or received by the ACE Redirect Number of ICMP redirect messages transmitted or received by the ACE Cisco 4700 Series Application Control Engine Appliance Administration Guide 5-11 OL-20823-01...
Page 140
Source Quench Number of ICMP Source Quench messages transmitted or received by the ACE Time Stamp Number of ICMP Time Stamp (request) messages transmitted or received by the ACE Cisco 4700 Series Application Control Engine Appliance Administration Guide 5-12 OL-20823-01...
The default output of the show tech-support command includes, for example, the output of the following commands: show hardware—See the “Displaying Hardware Information” section • show interface—See the Cisco 4700 Series Application Control Engine • Appliance Routing and Bridging Configuration Guide show process—See the “Displaying General System Process Information” •...
Page 142
`show version` Cisco Application Control Software (ACSW) TAC support: http://www.cisco.com/tac Copyright (c) 1985-2008 by Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained herein are owned by other third parties and are used and distributed under license.
Page 143
0 days 18 hours 59 minute(s) 49 second(s) `show clock` Tue Aug 5 10:13:57 UTC 2008 `show inventory` NAME: "chassis", DESCR: "ACE 4710 Application Control Engine Appliance" PID: ACE-4710-K9 , VID: , SN: 2061 --More-- Cisco 4700 Series Application Control Engine Appliance Administration Guide 5-15 OL-20823-01...
Page 144
Chapter 5 Displaying ACE Hardware and Software System Information Displaying or Collecting Technical Information for Reporting Problems Cisco 4700 Series Application Control Engine Appliance Administration Guide 5-16 OL-20823-01...
C H A P T E R Configuring Redundant ACEs This chapter describes how to configure the Cisco 4700 Series Application Control Engine (ACE) appliance for redundancy, which provides fault tolerance for the stateful switchover of flows. It contains the following major sections: Information About Redundancy •...
(FT) groups. Each FT group consists of two members: one active context and one standby context. For more information about contexts, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide. An FT group has a unique group ID that you assign.
(context). With a single context, the ACE supports active-backup redundancy and each group member is an Admin context. For details about configuring contexts, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.
After the ACE synchronizes the redundancy configuration from the active member to the standby peer, it disables configuration mode on the standby. For information about configuring config sync, see the “Synchronizing Redundant Configurations” section. Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
To avoid MAC address conflicts, be sure that the two pools are different on the two ACEs. For more information about VMACs and MAC address pools, see the Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide.
Priority setting of an FT group on the active member. Priority setting of an FT group on the remote standby member. Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
C1 host1/C1# The rest of the examples in this table use the Admin context, unless otherwise specified. For details on creating contexts, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide. Enter configuration mode. Step 2...
Page 152
Step 15 host1/Admin(config)# exit host1/Admin# copy running-config startup-config (Recommended) Verify your redundancy configuration by using the following commands in Exec mode: Step 16 host1/Admin# show running-config ft host1/Admin# show running-config interface Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
VLAN as the only VLAN associated with the Ethernet port or to include it as part of a VLAN trunk link (see the Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide). Note that the ACE automatically includes the FT VLAN in the VLAN trunk link.
Page 154
IP address of the remote • address 192.168.12.15 255.255.255.0 peer. netmask—Subnet mask of the remote peer. Enter a subnet • mask in dotted-decimal notation. Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-10 OL-20823-01...
The ip_address netmask arguments specify the IP address and Example: netmask for the VLAN interface. Enter the IP address and subnet host1/Admin(config-if)# alias 192.168.1.1 mask in dotted-decimal notation. 255.255.255.0 Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-11 OL-20823-01...
Associates an FT VLAN with a peer. Step 3 ft-interface vlan vlan_id The vlan_id argument specifies the identifier of an existing Example: VLAN. Enter an integer from 2 to 4094. host1/Admin(config-ft-peer) ft-interface vlan 200 Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-12 OL-20823-01...
Page 157
(Optional) Copies the running configuration to the startup Step 6 do copy running-config startup-config configuration. Example: host1/Admin(config-ft-peer)# do copy running-config startup-config Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-13 OL-20823-01...
(Optional) Removes the FT group from the configuration. no ft group group_id Example: host1/Admin(config) no ft group 1 Associates a context with an FT group. Step 3 associate-context name Example: host1/Admin(config-ft-group)# associate-context C1 Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-14 OL-20823-01...
Page 159
By default, host1/Admin(config-ft-group)# preempt preemption is enabled. (Optional) Disables preemption. no preempt Example: host1/Admin(config-ft-group)# no preempt Places an FT group in service. Step 8 inservice Example: host1/Admin(config-ft-group)# inservice Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-15 OL-20823-01...
Specifies the hostname of a peer ACE. For details about this Step 2 peer hostname name command, see the “Assigning a Name to the ACE” section. Example: host1/Admin(config)# peer hostname ACE_2 Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-16 OL-20823-01...
ACE with a shared VLAN (FT VLAN). You configure these commands to prevent MAC address conflicts between the two peer ACEs. For details about these commands, see the Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide.
To use the ft switchover command, you must disable preemption by using the no preempt command. For information on the preempt command, see the “Configuring an FT Group” section. Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-18 OL-20823-01...
Dynamic config sync—Synchronizes the configuration applied to the active context to the standby • context if the peer is already up Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-19 OL-20823-01...
Page 164
FT group. If the ACE performs a configuration synchronization and does not find the necessary certificates and keys in the standby context, config sync fails and the standby context enters the STANDBY_COLD state. Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-20 OL-20823-01...
FTP or TFTP server using the crypto export command, and then import the certificates and keys to the standby context using the crypto import command. For more information about importing and exporting certificates and keys, see the Cisco 4700 Series Application Control Engine Appliance SSL Configuration Guide.
Configuring Tracking and Failure Detection for an Interface • • Configuring Tracking and Failure Detection for a Host or Gateway This section describes how to configure tracking and failure detection for a gateway or a host. Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-22 OL-20823-01...
Page 167
If the resulting priority of the FT group on the active member is less than the priority of the FT group on the standby member, a switchover occurs. Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-23 OL-20823-01...
Page 168
(Optional) Removes the tracking probe from the standby no peer probe name member. Example: host1/Admin(config-ft-track-host)# no peer probe TCP_PROBE1 Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-24 OL-20823-01...
This section describes how to configure tracking and failure detection for an interface. Restrictions You cannot delete an interface if the ACE is using the interface for tracking. Also, you cannot configure the FT VLAN for tracking. Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-25 OL-20823-01...
Page 170
The vlan_id argument is a VLAN ID of an existing VLAN con- host1/Admin(config-ft-track-intf)# peer figured on the standby member as an integer from 2 to 4094. track-interface vlan 200 Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-26 OL-20823-01...
Displaying or Clearing Redundancy Information This section describes how to display or clear information about redundancy and contains the following sections: Displaying Redundancy Information • Clearing Redundancy Statistics • Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-27 OL-20823-01...
In the Admin context, the optional context_name argument is the nameof a user context. If you do not enter the argument, the command uses the Admin context. In a user context, this argument is not available. Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-28 OL-20823-01...
• specified FT group. brief—Displays the group ID, local state, peer state, context name, and • context ID of all the FT groups that are configured in the ACE. Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-29 OL-20823-01...
Page 174
The active peer context receives a notification to send a snapshot of the current state information for all applications to the standby context. Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-30 OL-20823-01...
Page 175
Bulk Sync Done for Number of “bulk synchronization done” messages received on the standby ACE during state synchronization from the ICM input connection manager module in the data plane. Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-31 OL-20823-01...
Object Name REAL ID RSERVER ID SERVERFARM ID POLICY ID STICKY GROUP ID IF ID CONTEXT ID Displaying Memory Statistics To display redundancy statistics per context, perform the following task: Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-32 OL-20823-01...
FSM_PEER_STATE_PEER_IPADDR—Peer IP address is missing. Waiting for the peer IP address to be configured. FSM_PEER_STATE_START_HB—Peer configuration is complete. Starting the heartbeat to see if there is a peer device. Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-33 OL-20823-01...
Page 178
Rx Bytes Total number of bytes that the local ACE received from the peer. Rx Error Bytes Total number of error bytes that the local ACE received from the peer. Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-34 OL-20823-01...
HBs. The remote peer is sending heartbeats, but not receiving any. Both peer appliances send heartbeat packets and each packet indicates whether the Note other peer has been receiving heartbeats. Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-35 OL-20823-01...
Number of times that the remote ACE sent packets to the local ACE, but the local ACE failed Failures to receive them. Displaying FT Tracking Information To display tracking information, perform the following task: Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-36 OL-20823-01...
Page 181
MAINT_MODE_FULL—All contexts on the ACE become nonredundant causing their peer • contexts to become active. The ACE enters this mode just before you reboot the appliance and is used primarily when you upgrade the ACE software. Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-37 OL-20823-01...
Page 182
Name of the context that is associated with the FT group. Context ID Identifier of the context that is associated with the FT group. Track Type Type of object being tracked. Possible values are TRACK_HOST or TRACK_INTERFACE. Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-38 OL-20823-01...
This command clears the following transport-layer counters: Tx Packets • Tx Bytes • Rx Packets • Rx Bytes • Rx Error Bytes • For an explanation of these fields, see the “Displaying Peer Information” section. Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-39 OL-20823-01...
For details, see the “Clearing the Redundancy History” section. Clearing the Redundancy History To clear the redundancy history, perform the following task in the Admin context only: Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-40 OL-20823-01...
8 match protocol xml-https any policy-map type management first-match L4_REMOTE-MGT_POLICY class L4_REMOTE-MGT_CLASS permit interface vlan 100 ip address 192.168.83.219 255.255.255.0 peer ip address 192.168.83.230 255.255.255.0 alias 192.168.83.200 255.255.255.0 access-group input ACL1 Cisco 4700 Series Application Control Engine Appliance Administration Guide 6-41 OL-20823-01...
Configuring SNMP This chapter describes how to configure Simple Network Management Protocol (SNMP) to query the Cisco 4700 Series Application Control Engine (ACE) appliance for Cisco Management Information Bases (MIBs) and to send event notifications to a network management system (NMS).
(OID)=value pairs that make it easy for the NMS to identify the information that it needs when the recipient fills the request and sends back a response. Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
(USM) for message security and role-based access control. SNMP v3 user management can be centralized at the authentication and accounting (AAA) server level (as described in the Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide). This centralized user management allows the ACE SNMP agent to use the user authentication service of an AAA server.
SNMP user is created with the noAuthNoPriv security level. For information about creating a CLI user by using the username command, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide. To create an SNMP user by using the snmp-server user command, see the “Configuring SNMP Users”...
Product Name (PID)/entPhysicalVendorType ACE4710-K9 cevChassisACE4710K9 {cevChassis 610} Power Supply cevPowerSupplyAC345 {cevPowerSupply 190} CPU fan cevFanACE4710K9CpuFan {cevFan 91} DIMM fan cevFanACE4710K9DimmFan {cevFan 92} PCI fan cevFanACE4710K9PciFan {cevFan 93} Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 192
The ENTITY-SENSOR-MIB is supported only in the Admin context. The ENTITY-SENSOR-MIB is described in RFC 3433. Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 193
Multiple transport end points may be associated with a particular set of SNMP parameters, or a particular transport end point may be associated with several sets of SNMP parameters. The SNMP-TARGET-MIB is described in RFC 3413. Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 194
• accounting module. Configuration settings (settings for all the AAA servers • instrumented in one instance of this MIB). AAA server group configuration. • Application-to-AAA function-to-server group mapping • configuration. Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 195
The cesServerFarmRserverTable and cesRserverTable tables in the CISCO-ENHANCED-SLB-MIB provide details about the data available in the show rserver command output. Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 196
The CISCO-L4L7MODULE- REDUNDANCY-MIB provides details about the fault tolerance statistics available in the show ft peer, show ft group detail, and show ft stats command output. Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-10 OL-20823-01...
Page 197
CISCO-PROCESS-MIB CISCO-PROCESS- Displays memory and process CPU utilization on Cisco devices. CAPABILITY This information should be used only as an estimate. The v alue of cpmCPUTotalPhysicalIndex will always be 1.
Page 198
• slbStatsReassignedConnections • CISCO-SLB-EXT-MIB CISCO-SLB-EXT- Acts as an extension to the Cisco server load-balancing MIB CAPABILITY (CISCO-SLB-MIB). It provides tables for the sticky configuration. The cslbxServerFarmStatsTable table in the CISCO-SLB-EXT-MIB provides details about the data available in the show serverfarm command output.
Page 199
SNMP MIB Support (continued) MIB Support Capability MIB Description CISCO-SLB-HEALTH- CISCO-SLB-HEALTH- Acts as an extension to the Cisco server load-balancing MIB MON-MIB MON-CAPABILITY (CISCO-SLB-MIB). It provides tables for the health probe configuration and statistics of the ACE. The cshMonSfarmRealProbeStatsTable and cslbxProbeCfgTable...
Page 200
The TCP MIB is described in RFC 4022. UDP-MIB CISCO-UDP-STD- Defines managed objects for managing implementation of the CAPABILITY User Datagram Protocol (UDP). The UDP MIB is described in RFC 4113. Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-14 OL-20823-01...
Page 201
All tables and objects are supported. Scalar Objects: sysDescr sysName sysLocation sysContact sysObjectID sysServices sysORLastChange snmpInPkts snmpOutPkts snmpInBadVersions snmpInBadCommunityNames snmpInBadCommunityUses snmpInASNParseErrs snmpInTooBigs snmpInNoSuchNames snmpInBadValues snmpInReadOnlys snmpInGenErrs snmpInTotalReqVars snmpInTotalSetVars snmpInGetRequests snmpInGetNexts Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-15 OL-20823-01...
Page 202
All tables and objects are supported. Scalar Objects: snmpUnknownSecurityModels snmpInvalidMsgs snmpUnknownPDUHandlers SNMP-NOTIFICA- All tables and objects are supported. Tables: TION-MIB snmpNotifyTable snmpNotifyFilterProfileTable snmpNotifyFilterTable SNMP-TARGET-MIB Scalar Objects: Scalar Objects: snmpUnavailableContexts snmpTargetSpinLock snmpUnknownContexts Tables: snmpTargetAddrTable snmpTargetParamsTable Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-16 OL-20823-01...
Page 203
Objects: entPhysicalAlias entPhysicalAssetID entPhysicalMfgDate ENTITY-SENSOR-MIB entPhySensorTable All tables and objects are supported. IF-MIB Scalar Objects: Tables: ifStackTable ifNumber ifTableLastChange ifRcvAddressTable Tables: ifTestTable ifTable Objects: ifXTable ifStackLastChange Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-17 OL-20823-01...
Page 212
Mismatches clrHAStatsPeerUpEvents clrHAStatsPeerDownEvents CISCO-SSL-PROXY- Scalar Objects: All remaining tables and objects are not supported. cspTlcFullHandShake cspTlcResumedHandShake cspS3cFullHandShake cspS3cResumedHandShake cspTlcHandShakeFailed cspTlcDataFailed cspS3cHandShakeFailed cspS3cDataFailed cspScActiveSessions cspScConnInHandShake cspScConnInDataPhase cspScConnInReneg Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-26 OL-20823-01...
Page 213
SLB-MIB user intervention. The notification is sent with the following varbinds: cesRealServerName • cesServerFarmRserverBackupPort • cesServerFarmName • cesServerFarmRserverAdminStatus • cesServerFarmRserverOperStatus • cesServerFarmRserverStateDescr • cesRserverIpAddressType • cesRserverIpAddress • cesServerFarmRserverDescr • Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-27 OL-20823-01...
Page 214
This notification is sent for situations such as ARP failures, probe failures, and so No separate cesRealServerStateChangeRev1 Note notifications are sent for each real server that listens on this rserver. Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-28 OL-20823-01...
Page 215
Notification that the system detects that no license is installed Notify MGR-MIB for a specific feature. cmVirtContextAdded, CISCO-MODULE- Notification that you created or deleted an ACE user context, cmVirtContextRemoved VIRTUALIZATION- also referred as a virtual context. Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-29 OL-20823-01...
SNMP Trap Support (continued) Location of the Notification Name Notification Description cslbxServerFarmStateChange CISCO-SLB-EXT-MIB Notification that all real servers in a server farm are down and the server farm has changed state. The varbind contains the following details: cslbxServerFarmName • cslbxServerFarmState •...
C1 host1/C1# The rest of the examples in this procedure use the Admin context, unless otherwise specified. For details on creating contexts, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide. Enter configuration mode. Step 2 host1/Admin# config Enter configuration commands, one per line.
You must recreate all SNMP users by using the snmp-server user command in configuration mode. For more information on the SNMPv3 engine ID, see the “Configuring an SNMPv3 Engine ID for an ACE Context” section. Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-32 OL-20823-01...
Page 219
ACE implementation of SNMP. In this case, all SNMP users are automatically assigned the system-defined default group of Network-Monitor. For details on creating users, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide. auth—(Optional) Sets authentication parameters for the •...
Page 220
Network-Monitor auth sha abcd1234 (Optional) Copies the running configuration to the startup Step 3 do copy running-config startup-config configuration. Example: host1/Admin(config)# do copy running-config startup-config Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-34 OL-20823-01...
• this case, all SNMP users are automatically assigned the system-defined default group of Network-Monitor. For details on creating users, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide. Cisco 4700 Series Application Control Engine Appliance Administration Guide...
Configuring an SNMP Contact This section describes how to specify the contact information for the SNMP system. Restrictions You can specify information for one contact name only. Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-36 OL-20823-01...
Enter a text string with a maximum of 240 alphanumeric host1/Admin(config)# snmp-server location characters, including spaces. If the string contains more than one “Boxborough MA” word, enclose the string in quotation marks (“ ”). Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-37 OL-20823-01...
This topic includes the following restrictions: To send notifications, you must specify at least one host to receive SNMP notifications. • The ACE supports a maximum of 10 SNMP hosts per context. • Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-38 OL-20823-01...
Page 225
Enables Message Digest 5 (MD5) and • Secure Hash Algorithm (SHA) packet authentication. noauth—(Optional) Specifies the noAuthNoPriv security • level. priv—(Optional) Enables Data Encryption Standard (DES) • packet encryption (privacy). Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-39 OL-20823-01...
The snmp-server enable traps command is used with the snmp-server host command (see the “Configuring SNMP Notification Hosts” section). The snmp-server host command specifies which host receives the SNMP notifications. To send notifications, you must configure at least one SNMP server host. Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-40 OL-20823-01...
Page 227
See the Cisco 4700 Series Application Control Engine Appliance System Message Guide for details. virtual-context—Sends virtual context (ACE user – context) change notifications. This keyword appears only in the Admin context. Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-41 OL-20823-01...
(as outlined in RFC 2863) rather than send the Cisco implementation of linkUp and linkDown traps to the NMS. By default, the ACE sends Cisco 4700 Series Application Control Engine Appliance Administration Guide...
Chapter 7 Configuring SNMP Configuring SNMP the Cisco implementation of linkUp and linkDown traps to the NMS. The ACE sends the Cisco Systems IF-MIB variable bindings, which consists of ifIndex, ifAdminStatus, ifOperStatus, ifName, ifType, clogOriginID, and clogOriginIDType. The Cisco variable bindings are sent by default. To receive RFC 2863-compliant traps, you must specify Note the snmp-server trap link ietf command.
SNMP trap-source vlan 50 v1 trap PDU. Enter a value from 2 to 4094 for an existing VLAN interface. Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-44 OL-20823-01...
The following example shows how to return data for user context C1 when the Admin context has a configured community string of adminCommunity and an IP address of 10.6.252.63: snmpget -v2c -c adminCommunity@C1 10.6.252.63 udpDatagrams.0 Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-45 OL-20823-01...
SNMP communities are deleted. You must recreate all SNMP users by using the snmp-server user command in configuration mode, and recreate all SNMP communities by using the snmp-server community command in configuration mode (see the “Defining SNMP Communities” section). Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-46 OL-20823-01...
This section provides an overview on creating a class map, policy map, and service policy for SNMP access. SNMP remote access sessions are established to the ACE per context. For details on creating contexts and users, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide. This section contains the following topics: Creating and Configuring a Layer 3 and Layer 4 Class Map •...
(Optional) Removes a Layer 3 and Layer 4 SNMP protocol no class-map type management [match-all | map_name management class map from the ACE. match-any] Example: host1/Admin(config)# no class-map type management match-all SNMP-ALLOW_CLASS Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-48 OL-20823-01...
Page 235
Example: host1/Admin(config-cmap-mgmt)# no match protocol snmp (Optional) Copies the running configuration to the startup Step 5 do copy running-config startup-config configuration. Example: host1/Admin(config-cmap-mgmt)# do copy running-config startup-config Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-49 OL-20823-01...
This command enters the policy map management configuration mode. (Optional) Removes a network traffic management policy map no policy-map type management first-match from the ACE. map_name Example: host1/Admin(config)# no policy-map type management first-match SNMP-ALLOW_POLICY Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-50 OL-20823-01...
Page 237
Layer 3 and Layer 4 class map to be rejected by the ACE. Example: host1/Admin(config-pmap-mgmt-c)# deny (Optional) Copies the running configuration to the startup Step 5 do copy running-config startup-config configuration. Example: host1/Admin(config-pmap-mgmt-c)# do copy running-config startup-config Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-51 OL-20823-01...
The name can be a maximum of 40 alphanumeric characters. If you are applying the policy map globally to all of the VLANs associated with a context Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-52 OL-20823-01...
50 host1/Admin(config-if)# This commands enters the interface configuration mode commands for the VLAN. Specifies the VLAN IP address. Step 3 ip address address Example: host1/Admin(config-if)# ip address 172.20.1.100 255.255.0.0 Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-53 OL-20823-01...
Page 240
VLAN interface or globally to all VLAN interfaces in the same context. (Optional) Copies the running configuration to the startup Step 5 do copy running-config startup-config configuration. Example: host1/Admin(config-if)# do copy running-config startup-config Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-54 OL-20823-01...
Displays the IP address of the • targets for which traps or informs have been sent. user—(Optional) Displays SNMPv3 user information. • Table 7-6 describes the fields in the show snmp community command output. Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-55 OL-20823-01...
Page 242
Table 7-7 Field Descriptions for the show snmp community Command Output Field Description Community SNMP community name for the ACE Group/Access Access rights for the community, read-only Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-56 OL-20823-01...
Page 243
Table 7-11 Field Descriptions for the show snmp sessions Command Output Field Description Destination IP address of a target for which traps or informs have been sent Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-57 OL-20823-01...
The following examples shows how to display service policy statistics for the SNMP_MGMT_ALLOW_POLICY policy map: host1/Admin# show service-policy SNMP_MGMT_ALLOW_POLICY Status : ACTIVE Description: Allow mgmt protocols ----------------------------------------- Context Global Policy: service-policy: SNMP_MGMT_ALLOW_POLICY Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-58 OL-20823-01...
C H A P T E R Configuring the XML Interface This chapter describes how to use Extensible Markup Language (XML) to remotely configure a Cisco 4700 Series Application Control Engine (ACE) appliance from a network management station (NMS). You can transmit, exchange, and interpret data among the applications.
Not Found (“/xml-config” not specified) Method Not Allowed Not Acceptable Request Time-out (more than 30 seconds has passed waiting on receive) Missing Content-Length (missing or zero Content-Length field) Internal Server Error Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
DTD designates an XML list that specifies precisely which elements can appear in a request, query, or response document. It also specifies the contents and attributes of the elements. A DTD can be declared inline in your XML document or as an external reference. Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 251
--> <!ELEMENT rserver (description, ip_address, conn-limit, probe_rserver, weight, inservice, webhost-redirection)*> <!ATTLIST rserver sense CDATA #FIXED "no" type (redirect | host) #IMPLIED name CDATA #REQUIRED > Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
XML to remotely configure an ACE until you change the default www user password. See Chapter 2, Configuring Virtualization, in the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide for details on changing a user account password.
C1 host1/C1# The rest of the examples in this table use the Admin context, unless otherwise specified. For details on creating contexts, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide. Enter configuration mode. Step 2 host1/Admin# config Enter configuration commands, one per line.
• on all interfaces. HTTP or HTTPS sessions are established to the ACE per context. For details on creating contexts and users, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide. This section contains the following topics: Creating and Configuring a Class Map •...
Page 255
240 alphanumeric characters. description Allow HTTPS access to the ACE (Optional) Remove the description from the class map. no description Example: host1/Admin(config-cmap-mgmt)# no description Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Page 256
IP address of the client. • mask—Subnet mask of the client in dotted-decimal notation (for • example, 255.255.255.0). Cisco 4700 Series Application Control Engine Appliance Administration Guide 8-10 OL-20823-01...
This command enters the policy map management configuration mode. (Optional) Removes a network traffic management policy map no policy-map type management first-match from the ACE. map_name Example: host1/Admin(config)# no policy-map type management first-match MGMT_XML-HTTPS_POLICY Cisco 4700 Series Application Control Engine Appliance Administration Guide 8-11 OL-20823-01...
Page 258
Denies the HTTP or HTTPS management traffic listed in the deny Layer 3 and Layer 4 class map to be received by the ACE. Example: host1/Admin(config-pmap-mgmt-c)# deny Cisco 4700 Series Application Control Engine Appliance Administration Guide 8-12 OL-20823-01...
Page 259
“Applying a Service Policy to a Note Specific VLAN Interface” section. Restrictions The ACE allows only one policy of a specific feature type to be activated on an interface. Cisco 4700 Series Application Control Engine Appliance Administration Guide 8-13 OL-20823-01...
Policy Globally to All VLAN Interfaces in the Same Context” section. Restrictions The ACE allows only one policy of a specific feature type to be activated on an interface. Cisco 4700 Series Application Control Engine Appliance Administration Guide 8-14 OL-20823-01...
XML format. However, if you are running commands on the CLI console or you are running raw XML responses from NMS, the XML responses appear in regular CLI display format. Cisco 4700 Series Application Control Engine Appliance Administration Guide 8-15 OL-20823-01...
Page 263
• status: on or off. The status keyword allows you to determine the status of the xml show command setting. Cisco 4700 Series Application Control Engine Appliance Administration Guide 8-17 OL-20823-01...
Click Yes at the prompt to accept (trust) and install the signed certificate from Cisco. To install the signed certificate, do one of the following: If you are using Microsoft Internet Explorer, in the Security Alert dialog box, click View –...
For the policy_name argument, enter the identifier of an existing policy map that is currently in service (applied to an interface) as an unquoted text string with a maximum of 64 alphanumeric characters. Cisco 4700 Series Application Control Engine Appliance Administration Guide 8-19 OL-20823-01...
A P P E N D I X Upgrading or Downgrading Your ACE Software This appendix provides information to upgrade your Cisco Application Control Engine (ACE) module. It contains the following major sections: Overview of Upgrading ACE Software • Prerequisites for Upgrading Your ACE •...
Chapter 4, Managing the ACE Software. For information about downgrading your ACE, see the Downgrading Your ACE Software section in the Release Note for the Cisco 4700 Series Application Control Engine Appliance. Cisco 4700 Series Application Control Engine Appliance Administration Guide...
For DNS inspection, the class map must have UDP as the con figured protocol and a specific port or range of ports. For example, enter the following commands: host1/Admin(config)# class-map match-all L4_CLASS host1/Admin(config-cmap)# match port udp eq domain Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Password: xxxxxxxx Cisco Application Control Software (ACSW) TAC support: http://www.cisco.com/tac Copyright (c) 2002-2009, Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained herein are owned by other third parties and are used and distributed under license. Some parts of this software are covered under the GNU Public License.
Page 271
Check the MD5 checksum of the new software image on both ACEs to ensure that the new image is the Step 7 same as the image posted on Cisco.com. For example, enter: ACE-1/Admin# show file image:c6ace-t1k9-mz.A2_3_0.bin md5sum Configure ACE-1 to automatically boot from the new image. To set the boot variable and configuration...
Page 272
ACE-2, making ACE-2 the new standby. ACE-1 becomes the active ACE once again. Enter the show ft group detail command to verify that ACE-1 is in the ACTIVE state and ACE-2 is in Step 15 the STANDBY_HOT state. Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
ACE-1/Admin# changeto C1 ACE-1/C1# checkpoint create C1_CHECKPOINT For information about creating checkpoints and rolling back configurations, see the Cisco 4700 Series Application Control Engine Appliance Administration Guide. If necessary, enter the copy ftp, copy sftp, or the copy tftp command in Exec mode to copy the Step 6 downgrade software image to the image: directory of each ACE.
Page 274
This command will reboot the system Save configurations for all the contexts. Save? [yes/no]: [yes] After ACE-1 boots up, it assumes the role of standby and enters the STANDBY_HOT state (this may take several minutes). Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
• image copied to the ACE. If you do not enter the name argument, the ACE uses the default name of the image. Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-20823-01...
Configuring the Configuration Register to Autoboot the Boot Variable This section describes how to configure the ACE to autoboot the system image identified in the boot environment variable. Cisco 4700 Series Application Control Engine Appliance Administration Guide A-10 OL-20823-01...
Save configurations for all the contexts. Save? [yes/no]: [yes] Displaying Software Image Information This section describes how to display software image information and contains the following topics: Displaying the Boot Variable and Configuration Register • Cisco 4700 Series Application Control Engine Appliance Administration Guide A-11 OL-20823-01...
Cisco Application Control Software (ACSW) TAC support: http://www.cisco.com/tac Copyright (c) 1985-2008 by Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained herein are owned by other third parties and are used and distributed under license.
Page 279
/dev/hdb2 total: 935560 kB, used: 611564 kB, available: 276472 kB last boot reason: Unknown configuration register: kernel uptime is 0 days 21 hours 25 minute(s) 17 second(s) Cisco 4700 Series Application Control Engine Appliance Administration Guide A-13 OL-20823-01...
Page 280
Appendix A Upgrading or Downgrading Your ACE Software Displaying Software Image Information Cisco 4700 Series Application Control Engine Appliance Administration Guide A-14 OL-20823-01...
Page 282
1-27, A-10 user management of SNMP configuration synchronization clock overview daylight saving time, setting SSL certs and keys 1-20 6-19, 6-20 NTP server, sychronizing ACE system console clock 1-22 Cisco 4700 Series Application Control Engine Appliance Administration Guide IN-2 OL-20823-01...
Page 283
6-35 1-20 FT tracking information time zone setting 6-36 1-17 hardware information daylight saving time setting 1-20 ICMP statistics default user 5-11 information on ACE admin 1-8, 8-6 Cisco 4700 Series Application Control Engine Appliance Administration Guide IN-3 OL-20823-01...
Page 284
6-21 displaying information 6-33 fault tolerance FT tracking, displaying information 6-36 See redundancy FT VLAN 6-4, 6-9 file system copying files from remote server 4-12 copying files to directory Cisco 4700 Series Application Control Engine Appliance Administration Guide IN-4 OL-20823-01...
Page 285
BOOT environment variable 3-14 1-28 generating key copying to remote server 4-12 installing copying upgrade image to ACE list of available software image information, displaying A-11 Cisco 4700 Series Application Control Engine Appliance Administration Guide IN-5 OL-20823-01...
Page 286
7-41 See FT peer IETF standard, enabling 7-42 ping, enabling 2-20 options 7-42 policy map 7-41 Layer 3 and 4, for management traffic 8-11 SNMP 7-27, 7-38, 7-41 Cisco 4700 Series Application Control Engine Appliance Administration Guide IN-6 OL-20823-01...
Page 287
4-12 FT group information, displaying 6-29 copying files to 4-10 FT peer, configuring 6-12 copying image to 4-12 FT peer information, displaying 6-33 loading configuration files from Cisco 4700 Series Application Control Engine Appliance Administration Guide IN-7 OL-20823-01...
Page 288
ACE MIBs setting up ACE MIB table and object support 7-15 setup script notifications 7-38 configuring ACE overview Device Manager GUI, enabling connectivity policy map, creating 7-50 show command Cisco 4700 Series Application Control Engine Appliance Administration Guide IN-8 OL-20823-01...
Page 289
SNMP 7-31 copying to disk0 file system upgrading ignoring 1-29 merging with running technical support information, displaying 5-13 saving to remote server Telnet updating with running configuration Cisco 4700 Series Application Control Engine Appliance Administration Guide IN-9 OL-20823-01...
Page 290
DTD, accessing A-11 8-18 task flow DTD, overview user example of CLI command and XML equivalent 8-20 configuring for SNMP 7-32 HTTP and HTTPS support user context HTTP return codes Cisco 4700 Series Application Control Engine Appliance Administration Guide IN-10 OL-20823-01...
Page 291
Index management traffic, configuring 2-8, 8-8 overview policy map, creating 8-11 show command output 8-15 task flow Cisco 4700 Series Application Control Engine Appliance Administration Guide IN-11 OL-20823-01...
Page 292
Index Cisco 4700 Series Application Control Engine Appliance Administration Guide IN-12 OL-20823-01...