Administration Guide
Page 5
...Pairs 2-17 Terminating an Active User Session 2-19 Enabling ICMP Messages to the ACE 2-19 Directly Accessing a User Context Through SSH 2-21 Example of a Remote Access Configuration 2-23 Viewing Session Information 2-24 Showing Telnet Session Information 2-24 Showing SSH ...ACE 3-6 Installing a New or Upgrade License File 3-7 Replacing a Demo License with a Permanent License 3-8 Removing a License 3-9 Removing an Appliance Performance Throughput License 3-10 Removing an SSL TPS License 3-10 Removing a Virtualization Context License 3-10 Removing an HTTP Compression Performance License 3-13 Cisco...
...Pairs 2-17 Terminating an Active User Session 2-19 Enabling ICMP Messages to the ACE 2-19 Directly Accessing a User Context Through SSH 2-21 Example of a Remote Access Configuration 2-23 Viewing Session Information 2-24 Showing Telnet Session Information 2-24 Showing SSH ...ACE 3-6 Installing a New or Upgrade License File 3-7 Replacing a Demo License with a Permanent License 3-8 Removing a License 3-9 Removing an Appliance Performance Throughput License 3-10 Removing an SSL TPS License 3-10 Removing a Virtualization Context License 3-10 Removing an HTTP Compression Performance License 3-13 Cisco...
Administration Guide
Page 7
... Layer 7 Load-Balancing Example 4-63 Layer 3 and Layer 4 Load-Balancing Example 4-65 VIP With Connection Parameters Example 4-66 Example of a Traffic Policy Configuration 4-68 Viewing Class Maps, Policy Maps, and Service Policies 4-71 Displaying Class Map Configuration Information 4-71 Displaying Policy Map Configuration Information 4-71 Displaying Service Policy Configuration Information 4-72 OL-11157-01 Cisco 4700 Series Application Control...
... Layer 7 Load-Balancing Example 4-63 Layer 3 and Layer 4 Load-Balancing Example 4-65 VIP With Connection Parameters Example 4-66 Example of a Traffic Policy Configuration 4-68 Viewing Class Maps, Policy Maps, and Service Policies 4-71 Displaying Class Map Configuration Information 4-71 Displaying Policy Map Configuration Information 4-71 Displaying Service Policy Configuration Information 4-72 OL-11157-01 Cisco 4700 Series Application Control...
Administration Guide
Page 11
... for a Tracked Interface on the Active Member 7-36 Configuring the Interface Tracked by the Standby Member 7-37 Configuring a Priority for a Tracked Interface on the Standby Member 7-37 Example of a Tracking Configuration for an Interface 7-38 Example of a Redundancy Configuration 7-38 Displaying Redundancy Information 7-41 Displaying Redundancy Configurations 7-41 Displaying FT Group Information 7-41 Displaying the IDMAP Table...
... for a Tracked Interface on the Active Member 7-36 Configuring the Interface Tracked by the Standby Member 7-37 Configuring a Priority for a Tracked Interface on the Standby Member 7-37 Example of a Tracking Configuration for an Interface 7-38 Example of a Redundancy Configuration 7-38 Displaying Redundancy Information 7-41 Displaying Redundancy Configurations 7-41 Displaying FT Group Information 7-41 Displaying the IDMAP Table...
Administration Guide
Page 13
...Policy 8-45 Example of an SNMP Configuration 8-47 Displaying SNMP Statistics 8-50 Configuring the XML Interface 9-1 XML Overview 9-2 XML Usage with the ACE 9-2 HTTP and HTTPS Support with the ACE 9-4 HTTP Return Codes 9-5 Document Type Definition 9-7 Sample XML Configuration 9-9 XML Configuration Quick Start 9-11 Configuring HTTP and HTTPS... the Display of Raw XML Request show Command Output in XML Format 9-24 Accessing the ACE DTD File 9-27 Upgrading Your ACE Software A-1 Overview of Upgrading ACE Software A-2 Cisco 4700 Series Application Control Engine Appliance Administration Guide xiii
...Policy 8-45 Example of an SNMP Configuration 8-47 Displaying SNMP Statistics 8-50 Configuring the XML Interface 9-1 XML Overview 9-2 XML Usage with the ACE 9-2 HTTP and HTTPS Support with the ACE 9-4 HTTP Return Codes 9-5 Document Type Definition 9-7 Sample XML Configuration 9-9 XML Configuration Quick Start 9-11 Configuring HTTP and HTTPS... the Display of Raw XML Request show Command Output in XML Format 9-24 Accessing the ACE DTD File 9-27 Upgrading Your ACE Software A-1 Overview of Upgrading ACE Software A-2 Cisco 4700 Series Application Control Engine Appliance Administration Guide xiii
Administration Guide
Page 30
...Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-4 OL-11157-01 Using the Setup Script to Enable Connectivity to skip the remaining dialogs. By default, the username and password are admin. For example, enter: switch login: admin Password: admin ---- Note The script configuration process described in to the ACE... only through the basic configuration of the ACE and the boot process occurs. At the login...
...Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-4 OL-11157-01 Using the Setup Script to Enable Connectivity to skip the remaining dialogs. By default, the username and password are admin. For example, enter: switch login: admin Password: admin ---- Note The script configuration process described in to the ACE... only through the basic configuration of the ACE and the boot process occurs. At the login...
Administration Guide
Page 36
...or MD5 strong encryption, depending on the numbered option (0 or 5) that the ACE encrypts clear text passwords in configuration mode. You must have access to the ACE through the console port. 1-10 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 Note Only the Admin... the ACE To change the default administrative password, use the username command in the running-config. If you can recover the admin password during the initial bootup sequence of this command is in a password Note that you enter. The syntax of the ACE. For example, to...
...or MD5 strong encryption, depending on the numbered option (0 or 5) that the ACE encrypts clear text passwords in configuration mode. You must have access to the ACE through the console port. 1-10 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 Note Only the Admin... the ACE To change the default administrative password, use the username command in the running-config. If you can recover the admin password during the initial bootup sequence of this command is in a password Note that you enter. The syntax of the ACE. For example, to...
Administration Guide
Page 37
... miss the time window, wait for the ACE to properly complete booting, reboot the ACE, and try again to the ACE. The setup mode appears. During the bootup process, output appears on the terminal (see the example below). Continuing... Reboot the ACE. This may take some time, Please wait... .... Log in to access the setup mode by pressing ESC. Chapter 1 Setting Up the ACE Changing the Administrative Password To reset the password that allows...
... miss the time window, wait for the ACE to properly complete booting, reboot the ACE, and try again to the ACE. The setup mode appears. During the bootup process, output appears on the terminal (see the example below). Continuing... Reboot the ACE. This may take some time, Please wait... .... Log in to access the setup mode by pressing ESC. Chapter 1 Setting Up the ACE Changing the Administrative Password To reset the password that allows...
Administration Guide
Page 38
... ACE_1, enter the following command: switch/Admin(config)# hostname ACE_1 ACE_1/Admin(config)# Configuring an ACE Inactivity Timeout By default, the inactivity timeout value is 5 minutes. 1-12 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 For example, to change the hostname of time that a user session can be idle before...
... ACE_1, enter the following command: switch/Admin(config)# hostname ACE_1 ACE_1/Admin(config)# Configuring an ACE Inactivity Timeout By default, the inactivity timeout value is 5 minutes. 1-12 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 For example, to change the hostname of time that a user session can be idle before...
Administration Guide
Page 39
... minutes. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-13 Once connected to a maximum of 3000 characters (3000 bytes) total for each line by the login banner and Exec mode prompt. Chapter 1 Setting Up the ACE Configuring a Message-of-the-Day Banner For example, to the ACE. For example, enter the following...
... minutes. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-13 Once connected to a maximum of 3000 characters (3000 bytes) total for each line by the login banner and Exec mode prompt. Chapter 1 Setting Up the ACE Configuring a Message-of-the-Day Banner For example, to the ACE. For example, enter the following...
Administration Guide
Page 40
...beginning of -the-Day Banner Chapter 1 Setting Up the ACE You can include tokens in the form $(token) in the single line. Configuring a Message-of a variable in the message text. For example: • $(hostname)-Displays the hostname for the ACE during run time. • $(line)-Displays the tty... the input mode is interpreted as follows: host1/Admin# show banner motd command in multi-line mode, the ACE interprets the double quote character (") literally. To use the show banner motd 1-14 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01
...beginning of -the-Day Banner Chapter 1 Setting Up the ACE You can include tokens in the form $(token) in the single line. Configuring a Message-of a variable in the message text. For example: • $(hostname)-Displays the hostname for the ACE during run time. • $(line)-Displays the tty... the input mode is interpreted as follows: host1/Admin# show banner motd command in multi-line mode, the ACE interprets the double quote character (") literally. To use the show banner motd 1-14 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01
Administration Guide
Page 41
...example, to specify a time of 1:38:30 and a date of October 7, 2007, enter: host1/Admin# clock set the date and time of the ACE by synchronizing to a Network Time Protocol (NTP) server. You can automatically set 01:38:30 7 October 2007 Tues Oct 7 01:38:30 PST 2007 OL-11157-01 Cisco...name of this command, the ACE displays the current configured date and time. For details, see the "Synchronizing the ACE with an NTP Server" section. Chapter 1 Setting Up the ACE Configuring the Time, Date, and Time Zone Configuring the Time, Date, and Time Zone To manually configure the date, time, and ...
...example, to specify a time of 1:38:30 and a date of October 7, 2007, enter: host1/Admin# clock set the date and time of the ACE by synchronizing to a Network Time Protocol (NTP) server. You can automatically set 01:38:30 7 October 2007 Tues Oct 7 01:38:30 PST 2007 OL-11157-01 Cisco...name of this command, the ACE displays the current configured date and time. For details, see the "Synchronizing the ACE with an NTP Server" section. Chapter 1 Setting Up the ACE Configuring the Time, Date, and Time Zone Configuring the Time, Date, and Time Zone To manually configure the date, time, and ...
Administration Guide
Page 42
...or an atomic clock), see the "Synchronizing the ACE with an NTP Server" section for more information. See the "Synchronizing the ACE with an NTP Server" section. ACST-Australian Central Standard Time as UTC +1 hour 1-16 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-...Available choices are : • zone_name-Eight-character name of the time zone (for example, PDT) to be displayed when the time zone is from the configuration before setting the clock on an ACE, the ACE prevents you from UTC. AST-Atlantic Standard Time as follows: - Setting the Time...
...or an atomic clock), see the "Synchronizing the ACE with an NTP Server" section for more information. See the "Synchronizing the ACE with an NTP Server" section. ACST-Australian Central Standard Time as UTC +1 hour 1-16 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-...Available choices are : • zone_name-Eight-character name of the time zone (for example, PDT) to be displayed when the time zone is from the configuration before setting the clock on an ACE, the ACE prevents you from UTC. AST-Atlantic Standard Time as follows: - Setting the Time...
Administration Guide
Page 45
... the common time zone acronyms used for the daylight_timezone_name argument. • start_week end_week-The week, ranging from 1 through 5. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-19 The first part of the command specifies when summer time begins, and the second part... hours For example, to set the time zone to PDT and to set an UTC offset of -8 hours, enter: host1/Admin(config)# clock timezone PDT -8 0 To remove the clock timezone setting, use the no clock timezone Adjusting for Daylight Saving Time To configure the ACE to change the...
... the common time zone acronyms used for the daylight_timezone_name argument. • start_week end_week-The week, ranging from 1 through 5. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-19 The first part of the command specifies when summer time begins, and the second part... hours For example, to set the time zone to PDT and to set an UTC offset of -8 hours, enter: host1/Admin(config)# clock timezone PDT -8 0 To remove the clock timezone setting, use the no clock timezone Adjusting for Daylight Saving Time To configure the ACE to change the...
Administration Guide
Page 286
... a Gateway The following example demonstrates a tracking configuration for Multiple Probes" sections. 7-34 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 If all the probes go down , the ACE reduces the priority of the FT group on the active member by... priority 10 probe GATEWAY_TRACK2 priority 20 priority 50 In this configuration example, if the gateway_track1 probe goes down , the ACE reduces the priority of the FT group on the standby member, a switchover occurs. For example, enter: host1/Admin(config-ft-track-host)# peer priority...
... a Gateway The following example demonstrates a tracking configuration for Multiple Probes" sections. 7-34 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 If all the probes go down , the ACE reduces the priority of the FT group on the active member by... priority 10 probe GATEWAY_TRACK2 priority 20 priority 50 In this configuration example, if the gateway_track1 probe goes down , the ACE reduces the priority of the FT group on the standby member, a switchover occurs. For example, enter: host1/Admin(config-ft-track-host)# peer priority...
Administration Guide
Page 290
... (FT) for a single ACE appliance operating in the example. 7-38 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 To configure tracking on the standby member, use the peer commands described in the Admin context. The redundancy configuration appears in bold in a redundancy configuration. Example of a Redundancy Configuration The following example illustrates a running-configuration that is associated...
... (FT) for a single ACE appliance operating in the example. 7-38 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 To configure tracking on the standby member, use the peer commands described in the Admin context. The redundancy configuration appears in bold in a redundancy configuration. Example of a Redundancy Configuration The following example illustrates a running-configuration that is associated...
Administration Guide
Page 406
... capturing packets 5-30 copying buffer 5-32 displaying buffer 5-33 checkpoint, configuration creating 5-38 deleting 5-38 displaying 5-39 rolling back to 5-39 class map configuration, displaying 4-71 configuration example 4-68 example, firewall 4-60 example, Layer 3 and 4 load balancing 4-65 example, Layer 7 load balancing 4-63 example, VIP 4-66 Layer 3 and 4, access list match criteria 4-28... traffic 8-39 XML 9-14 CLI account password, changing 1-10 saving session 1-3 user management of SNMP 8-6 IN-2 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01
... capturing packets 5-30 copying buffer 5-32 displaying buffer 5-33 checkpoint, configuration creating 5-38 deleting 5-38 displaying 5-39 rolling back to 5-39 class map configuration, displaying 4-71 configuration example 4-68 example, firewall 4-60 example, Layer 3 and 4 load balancing 4-65 example, Layer 7 load balancing 4-63 example, VIP 4-66 Layer 3 and 4, access list match criteria 4-28... traffic 8-39 XML 9-14 CLI account password, changing 1-10 saving session 1-3 user management of SNMP 8-6 IN-2 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01
Administration Guide
Page 407
... saving time, setting 1-19 NTP server, sychronizing ACE system clock 1-21 setting 1-15 timezone, setting 1-16 viewing system clock settings 1-21 communities, SNMP 8-29 configurational examples redundancy 7-38 remote access 2-23 SLB traffic policy 4-68 SNMP 8-47 configuration checkpoint and rollback service creating configuration checkpoint 5-38 deleting configuration checkpoint 5-38 displaying checkpoint information 5-39 overview 5-37...
... saving time, setting 1-19 NTP server, sychronizing ACE system clock 1-21 setting 1-15 timezone, setting 1-16 viewing system clock settings 1-21 communities, SNMP 8-29 configurational examples redundancy 7-38 remote access 2-23 SLB traffic policy 4-68 SNMP 8-47 configuration checkpoint and rollback service creating configuration checkpoint 5-38 deleting configuration checkpoint 5-38 displaying checkpoint information 5-39 overview 5-37...
Administration Guide
Page 413
... map actions for remote access 2-12 actions for SNMP 8-44, 9-20 configuration, displaying 4-71 configuration example 4-68 connection redundancy 4-49 example, firewall 4-60 example, Layer 3 and 4 load balancing 4-65 example, Layer 7 load balancing 4-63 example, VIP 4-66 IP, TCP, and UDP connection behavior 4-49 Layer 3 and 4, configuring 4-43 Layer 3 and 4, for management traffic 2-9, 4-44, 9-17... map 2-7 Q query interface for FT peer 7-18 quick start Layer 3 and 4 class map for management traffic 4-12 OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide IN-9
... map actions for remote access 2-12 actions for SNMP 8-44, 9-20 configuration, displaying 4-71 configuration example 4-68 connection redundancy 4-49 example, firewall 4-60 example, Layer 3 and 4 load balancing 4-65 example, Layer 7 load balancing 4-63 example, VIP 4-66 IP, TCP, and UDP connection behavior 4-49 Layer 3 and 4, configuring 4-43 Layer 3 and 4, for management traffic 2-9, 4-44, 9-17... map 2-7 Q query interface for FT peer 7-18 quick start Layer 3 and 4 class map for management traffic 4-12 OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide IN-9
Administration Guide
Page 414
...A-4 XML 9-11 R redundancy configuration, displaying 7-41 configuration examples 7-38 configuration requirements 7-8 configuration synchronization 7-7 configuring 7-12 failure detection and tracking 7-28 forcing failover 7-24 FT group, configuring 7-19 FT group information, displaying 7-41 FT peer, configuring 7-16 FT peer information, ... class map, creating 2-5 class map description 2-6 class map protocol match criteria 2-7 configuration examples 2-23 enabling 2-1 network management traffic services, configuring 2-4 policy actions 2-12 policy map 2-9 quick start 2-2 service policy 2-13 Telnet...
...A-4 XML 9-11 R redundancy configuration, displaying 7-41 configuration examples 7-38 configuration requirements 7-8 configuration synchronization 7-7 configuring 7-12 failure detection and tracking 7-28 forcing failover 7-24 FT group, configuring 7-19 FT group information, displaying 7-41 FT peer, configuring 7-16 FT peer information, ... class map, creating 2-5 class map description 2-6 class map protocol match criteria 2-7 configuration examples 2-23 enabling 2-1 network management traffic services, configuring 2-4 policy actions 2-12 policy map 2-9 quick start 2-2 service policy 2-13 Telnet...
Administration Guide
Page 415
... 9-24 saving output to file 5-26 viewing hardware and software configuration information 6-1 shutting down ACE 1-42 Simple Network Management Protocol See SNMP SNMP AAA integration 8-6 agents, communication 8-4 agents, overview 8-3 class map, creating 8-39 CLI user management 8-6 communities 8-29 configuration examples 8-47 OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide IN-11
... 9-24 saving output to file 5-26 viewing hardware and software configuration information 6-1 shutting down ACE 1-42 Simple Network Management Protocol See SNMP SNMP AAA integration 8-6 agents, communication 8-4 agents, overview 8-3 class map, creating 8-39 CLI user management 8-6 communities 8-29 configuration examples 8-47 OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide IN-11