Administration Guide
Page 8
Contents 5 C H A P T E R Managing the ACE Software 5-1 Saving Configuration Files 5-1 Saving the Configuration File in Flash Memory 5-3 Saving Configuration Files to a Remote Server 5-4 Copying the Configuration File to the disk0: File System 5-5 Merging the Startup-Configuration File with the Running-Configuration File 5-6 Viewing Configuration Files 5-7 Viewing User Context Running-Config Files from the Admin Context 5-10 Clearing the Startup-Configuration File 5-10 Loading Configuration Files from a Remote Server 5-11 Using the File System on the ACE 5-12 Listing the Files in...
Contents 5 C H A P T E R Managing the ACE Software 5-1 Saving Configuration Files 5-1 Saving the Configuration File in Flash Memory 5-3 Saving Configuration Files to a Remote Server 5-4 Copying the Configuration File to the disk0: File System 5-5 Merging the Startup-Configuration File with the Running-Configuration File 5-6 Viewing Configuration Files 5-7 Viewing User Context Running-Config Files from the Admin Context 5-10 Clearing the Startup-Configuration File 5-10 Loading Configuration Files from a Remote Server 5-11 Using the File System on the ACE 5-12 Listing the Files in...
Administration Guide
Page 26
...LOSS OF USE, DATA, OR PROFITS; xxvi Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 If you include any publicly available version or derivative of this code cannot simply be changed. i.e. IN NO EVENT SHALL ...SERVICES; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The license and distribution terms for any Windows specific code...
...LOSS OF USE, DATA, OR PROFITS; xxvi Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 If you include any publicly available version or derivative of this code cannot simply be changed. i.e. IN NO EVENT SHALL ...SERVICES; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The license and distribution terms for any Windows specific code...
Administration Guide
Page 28
.... Use a straight-through the console port; Any device connected to the console port on the rear panel that operates as the console port. The Port Properties window appears. For instructions on , 1 stop bit, no parity. From the drop-down list, choose the COM port to which the device is accessible through cable to connect the switch to your ACE appliance, see the Cisco Application Control Engine Appliance Hardware Installation Guide. Connection requires a terminal configured as 9600 baud, 8 data bits, hardware flow control on connecting a console cable to a DTE device...
.... Use a straight-through the console port; Any device connected to the console port on the rear panel that operates as the console port. The Port Properties window appears. For instructions on , 1 stop bit, no parity. From the drop-down list, choose the COM port to which the device is accessible through cable to connect the switch to your ACE appliance, see the Cisco Application Control Engine Appliance Hardware Installation Guide. Connection requires a terminal configured as 9600 baud, 8 data bits, hardware flow control on connecting a console cable to a DTE device...
Administration Guide
Page 29
... Control Engine Appliance Device Manager GUI Quick Configuration Guide). OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-3 Otherwise, a blank screen appears without configuring a new HyperTerminal session. The primary intent of its Gigabit Ethernet ports. Using the Setup Script to Enable Connectivity to the Device Manager When you boot the ACE for management protocols HTTP, HTTPS, ICMP, SSH, Telnet, and XML-HTTPS. switch login: Once a session is listed...
... Control Engine Appliance Device Manager GUI Quick Configuration Guide). OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-3 Otherwise, a blank screen appears without configuring a new HyperTerminal session. The primary intent of its Gigabit Ethernet ports. Using the Setup Script to Enable Connectivity to the Device Manager When you boot the ACE for management protocols HTTP, HTTPS, ICMP, SSH, Telnet, and XML-HTTPS. switch login: Once a session is listed...
Administration Guide
Page 31
... address to the management VLAN interface. Chapter 1 Setting Up the ACE Using the Setup Script to Enable Connectivity to the Device Manager Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 At the prompt "Would you like to enter the basic configuration dialog? (yes/no):", type yes to continue the setup (or select no to access the Device Manager GUI. At the prompt "Which port is the Management...
... address to the management VLAN interface. Chapter 1 Setting Up the ACE Using the Setup Script to Enable Connectivity to the Device Manager Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 At the prompt "Would you like to enter the basic configuration dialog? (yes/no):", type yes to continue the setup (or select no to access the Device Manager GUI. At the prompt "Which port is the Management...
Administration Guide
Page 33
... the dm user password from the ACE console port. If this occurs, restart the Device Manager using a Telnet or SSH session. Later, when you configure interfaces and IP addresses on the ACE itself, you can configure the ACE to access the dm reload command). You can then log in software versions A1(8.0) and higher. • The ACE uses the www user account for the Device Manager to the ACE. The ACE creates the following default users at startup...
... the dm user password from the ACE console port. If this occurs, restart the Device Manager using a Telnet or SSH session. Later, when you configure interfaces and IP addresses on the ACE itself, you can configure the ACE to access the dm reload command). You can then log in software versions A1(8.0) and higher. • The ACE uses the www user account for the Device Manager to the ACE. The ACE creates the following default users at startup...
Administration Guide
Page 34
... start-up script is not intended for the first time and the appliance does not detect a startup-configuration file, a setup script appears to enable connectivity to the ACE Device Manager GUI. Caution For software versions A1(8.0a) and higher, you must be able to log in to the ACE only through the console port. Connection requires a terminal configured as the console port. Note When you boot the ACE for use of the setup script...
... start-up script is not intended for the first time and the appliance does not detect a startup-configuration file, a setup script appears to enable connectivity to the ACE Device Manager GUI. Caution For software versions A1(8.0a) and higher, you must be able to log in to the ACE only through the console port. Connection requires a terminal configured as the console port. Note When you boot the ACE for use of the setup script...
Administration Guide
Page 36
... Guide OL-11157-01 Note Only the Admin context is accessible through the console port to be able to reset the password for the ACE administrator account and cannot access the ACE, you forget the password for the Admin user back to create a user named user1 that uses the clear text password mysecret_801, enter the following command: switch/Admin(config)# username user1 password 0 mysecret_801 To remove the username from the configuration...
... Guide OL-11157-01 Note Only the Admin context is accessible through the console port to be able to reset the password for the ACE administrator account and cannot access the ACE, you forget the password for the Admin user back to create a user named user1 that uses the clear text password mysecret_801, enter the following command: switch/Admin(config)# username user1 password 0 mysecret_801 To remove the username from the configuration...
Administration Guide
Page 37
...: Entering runlevel: 3 Testing PCI path .... See the "Connecting and Logging into the ACE" section. Press ESC when the "Starting services..." If you miss the time window, wait for the ACE to properly complete booting, reboot the ACE, and try again to the ACE. During the bootup process, output appears on the console terminal. The setup mode appears. Log in to access the setup mode by pressing ESC. Reboot the ACE. Daughter Card Found.
...: Entering runlevel: 3 Testing PCI path .... See the "Connecting and Logging into the ACE" section. Press ESC when the "Starting services..." If you miss the time window, wait for the ACE to properly complete booting, reboot the ACE, and try again to the ACE. During the bootup process, output appears on the console terminal. The setup mode appears. Log in to access the setup mode by pressing ESC. Reboot the ACE. Daughter Card Found.
Administration Guide
Page 108
... displays error messages on the ACE by entering the show license status command in Exec mode of all the user context configurations, please backup the !! !!! During the license removal, the ACE removes the user context configurations from the remote server. If the Admin running configuration contains more contexts than what the ACE supports and you saved the running configurations for the Admin and user contexts to keep in the running -config 3-12 Cisco 4700 Series Application Control...
... displays error messages on the ACE by entering the show license status command in Exec mode of all the user context configurations, please backup the !! !!! During the license removal, the ACE removes the user context configurations from the remote server. If the Admin running configuration contains more contexts than what the ACE supports and you saved the running configurations for the Admin and user contexts to keep in the running -config 3-12 Cisco 4700 Series Application Control...
Administration Guide
Page 242
.... Virtual memory addresses where the code, data heap, and stack of the Intel Pentium processor 6-10 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 Universal unique identifier of the process are located. Brief description of the service. Service access point. Current working directory. System manager option that indicates the process restartability characteristics (that the process was active. Displaying System Processes Chapter 6 Viewing ACE Hardware...
.... Virtual memory addresses where the code, data heap, and stack of the Intel Pentium processor 6-10 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 Universal unique identifier of the process are located. Brief description of the service. Service access point. Current working directory. System manager option that indicates the process restartability characteristics (that the process was active. Displaying System Processes Chapter 6 Viewing ACE Hardware...
Administration Guide
Page 249
... by the ACE Displaying Technical Support Information To display general information about your ACE and provide the output of this command varies depending on your terminal length as required (see Chapter 1, Setting Up the ACE). You can also use this command to technical support representatives when you report a problem, use the show tech-support command in Exec mode. Note Explicitly set the terminal length command to 0 (zero) to view the configured terminal size...
... by the ACE Displaying Technical Support Information To display general information about your ACE and provide the output of this command varies depending on your terminal length as required (see Chapter 1, Setting Up the ACE). You can also use this command to technical support representatives when you report a problem, use the show tech-support command in Exec mode. Note Explicitly set the terminal length command to 0 (zero) to view the configured terminal size...
Administration Guide
Page 250
... version` Cisco Application Control Software (ACSW) TAC support: http://www.cisco.com/tac Copyright (c) 1985-2007 by Cisco Systems, Inc. Displaying Technical Support Information Chapter 6 Viewing ACE Hardware and Software Configuration Information Note You can save this file, verify that you have sufficient space to the show tech-support command (see Chapter 5, Managing the ACE Software). All rights reserved. Some parts of this command to a file by other third parties and are covered...
... version` Cisco Application Control Software (ACSW) TAC support: http://www.cisco.com/tac Copyright (c) 1985-2007 by Cisco Systems, Inc. Displaying Technical Support Information Chapter 6 Viewing ACE Hardware and Software Configuration Information Note You can save this file, verify that you have sufficient space to the show tech-support command (see Chapter 5, Managing the ACE Software). All rights reserved. Some parts of this command to a file by other third parties and are covered...
Administration Guide
Page 251
... Software Configuration Information Displaying Technical Support Information Software loader: Version 0.95 system: Version A1(7) [build 3.0(0)AB0(0.488) adbuild_04:53:21-2007/10/09_ auto/adbure_nightly1/nightly_id2/REL_3_0_0_AB0_0_488] system image file: information unavailable from GRUB Device Manager version 1.0 (0) 20071009:0434 installed license: ACE-AP-VIRT-020 ACE-AP-OPT-LIC-K9 ACE-AP-SSL-10K-K9 Hardware cpu info: number of cpu(s): 1 cpu type: Pentium(R) --More--Generating configuration.... `show pvlans` *** Context 0: cmd parse error *** cpu: 0, model: Intel(R) Pentium(R) 4, speed...
... Software Configuration Information Displaying Technical Support Information Software loader: Version 0.95 system: Version A1(7) [build 3.0(0)AB0(0.488) adbuild_04:53:21-2007/10/09_ auto/adbure_nightly1/nightly_id2/REL_3_0_0_AB0_0_488] system image file: information unavailable from GRUB Device Manager version 1.0 (0) 20071009:0434 installed license: ACE-AP-VIRT-020 ACE-AP-OPT-LIC-K9 ACE-AP-SSL-10K-K9 Hardware cpu info: number of cpu(s): 1 cpu type: Pentium(R) --More--Generating configuration.... `show pvlans` *** Context 0: cmd parse error *** cpu: 0, model: Intel(R) Pentium(R) 4, speed...
Administration Guide
Page 320
...message. The Dispatcher in RFC 3413. A Message Processing Model processes an SNMP version-specific message and coordinates the interaction with several sets of SNMP Management Frameworks, including an SNMP engine and Access Control Subsystem. The SNMP-MPD-MIB is described in the SNMP engine sends and receives SNMP messages. SNMP Overview Chapter 8 Configuring SNMP Table 8-1 SNMP MIB Support (continued) MIB Support SNMP-FRAMEWORKMIB Capability MIB CISCO-SNMPFRAMEWORKCAPABILITY SNMP-MPD-MIB CISCO-SNMP-MPDCAPABILITY.my SNMP-NOTIFICATIONMIB CISCO-SNMPNOTIFICATIONCAPABILITY SNMP...
...message. The Dispatcher in RFC 3413. A Message Processing Model processes an SNMP version-specific message and coordinates the interaction with several sets of SNMP Management Frameworks, including an SNMP engine and Access Control Subsystem. The SNMP-MPD-MIB is described in the SNMP engine sends and receives SNMP messages. SNMP Overview Chapter 8 Configuring SNMP Table 8-1 SNMP MIB Support (continued) MIB Support SNMP-FRAMEWORKMIB Capability MIB CISCO-SNMPFRAMEWORKCAPABILITY SNMP-MPD-MIB CISCO-SNMP-MPDCAPABILITY.my SNMP-NOTIFICATIONMIB CISCO-SNMPNOTIFICATIONCAPABILITY SNMP...
Administration Guide
Page 337
... user, the authentication password, and message encryption parameters. To assign multiple roles to a role when accessed from the ACE CLI. Note User configuration through the snmp-server user command is defined by the role configuration mode command, as specifying the role group that the user belongs to a user through the ACE CLI are organized by the snmp-server user command; updates to , authentication parameters for SNMPv3; OL-11157-01 Cisco 4700 Series Application Control...
... user, the authentication password, and message encryption parameters. To assign multiple roles to a role when accessed from the ACE CLI. Note User configuration through the snmp-server user command is defined by the role configuration mode command, as specifying the role group that the user belongs to a user through the ACE CLI are organized by the snmp-server user command; updates to , authentication parameters for SNMPv3; OL-11157-01 Cisco 4700 Series Application Control...
Administration Guide
Page 339
...(config)# snmp-server user Bill Network-Monitor auth sha abcd1234 priv abcdefgh To disable the SNMP user configuration or to read -only access to the community. An SNMP community determines the access rights for the user. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 8-29 You supply a name to the MIB tree for devices included in the running-config. Chapter 8 Configuring SNMP Defining SNMP Communities • password2-Encryption password for each SNMP device...
...(config)# snmp-server user Bill Network-Monitor auth sha abcd1234 priv abcdefgh To disable the SNMP user configuration or to read -only access to the community. An SNMP community determines the access rights for the user. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 8-29 You supply a name to the MIB tree for devices included in the running-config. Chapter 8 Configuring SNMP Defining SNMP Communities • password2-Encryption password for each SNMP device...
Administration Guide
Page 403
....168.65.34/scimitar.bin Device Manager version 1.0 (0) 20080408:0435 installed license: ACE-AP-VIRT-020 ACE-AP-OPT-LIC-K9 ACE-AP-SSL-10K-K9 Hardware cpu info: number of this command is available at http://www.gnu.org/licenses/gpl.html. Chapter A Upgrading Your ACE Software Displaying Software Image Information Displaying Software Image Information To display the software image on the ACE, use the show version TAC support: http://www.cisco.com/tac Copyright (c) 1985...
....168.65.34/scimitar.bin Device Manager version 1.0 (0) 20080408:0435 installed license: ACE-AP-VIRT-020 ACE-AP-OPT-LIC-K9 ACE-AP-SSL-10K-K9 Hardware cpu info: number of this command is available at http://www.gnu.org/licenses/gpl.html. Chapter A Upgrading Your ACE Software Displaying Software Image Information Displaying Software Image Information To display the software image on the ACE, use the show version TAC support: http://www.cisco.com/tac Copyright (c) 1985...
Administration Guide
Page 405
... rollback service 5-37 configuration files, loading from remote server 5-11 configuration files, saving 5-1 console connection 1-2 date and time, configuring 1-15 Flash memory, reformatting 5-40 inactivity timeout 1-12 information, displaying 6-1 licenses, managing 3-1 logging in 1-7 message-of-the-day banner 1-13 MIBs 8-7 naming 1-12 password, changing administrative 1-9 password, changing CLI account 1-10 policy maps, configuring 4-1 remote access 2-1 restarting 1-41 setting up 1-1 setup script 1-3 shutting down 1-42 SNMP 8-1 terminal settings 1-30 upgrading A-1 username, changing 1-9 using...
... rollback service 5-37 configuration files, loading from remote server 5-11 configuration files, saving 5-1 console connection 1-2 date and time, configuring 1-15 Flash memory, reformatting 5-40 inactivity timeout 1-12 information, displaying 6-1 licenses, managing 3-1 logging in 1-7 message-of-the-day banner 1-13 MIBs 8-7 naming 1-12 password, changing administrative 1-9 password, changing CLI account 1-10 policy maps, configuring 4-1 remote access 2-1 restarting 1-41 setting up 1-1 setup script 1-3 shutting down 1-42 SNMP 8-1 terminal settings 1-30 upgrading A-1 username, changing 1-9 using...
Administration Guide
Page 416
... version 2-8, 4-37 SSL certificates and keys, synchronizing 7-26 startup configuration copying to disk0 file system 5-5 ignoring 1-38 merging with running 5-6 saving to remote server 5-4 updating with running configuration 5-3 viewing 5-7 stateful failover 7-5 statistics FT 7-51 FT, clearing 7-58 license 3-16 memory 7-47 redundancy history, clearing 7-58 SNMP 8-50 stopping ACE 1-42 synchronizing configuration 7-7 redundant configurations 7-25 system information, displaying 6-14 IN-12 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL...
... version 2-8, 4-37 SSL certificates and keys, synchronizing 7-26 startup configuration copying to disk0 file system 5-5 ignoring 1-38 merging with running 5-6 saving to remote server 5-4 updating with running configuration 5-3 viewing 5-7 stateful failover 7-5 statistics FT 7-51 FT, clearing 7-58 license 3-16 memory 7-47 redundancy history, clearing 7-58 SNMP 8-50 stopping ACE 1-42 synchronizing configuration 7-7 redundant configurations 7-25 system information, displaying 6-14 IN-12 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL...