Administration Guide
Page 5
...Pairs 2-17 Terminating an Active User Session 2-19 Enabling ICMP Messages to the ACE 2-19 Directly Accessing a User Context Through SSH 2-21 Example of a Remote Access Configuration 2-23 Viewing Session Information 2-24 Showing Telnet Session Information 2-24 Showing SSH ...ACE 3-6 Installing a New or Upgrade License File 3-7 Replacing a Demo License with a Permanent License 3-8 Removing a License 3-9 Removing an Appliance Performance Throughput License 3-10 Removing an SSL TPS License 3-10 Removing a Virtualization Context License 3-10 Removing an HTTP Compression Performance License 3-13 Cisco...
...Pairs 2-17 Terminating an Active User Session 2-19 Enabling ICMP Messages to the ACE 2-19 Directly Accessing a User Context Through SSH 2-21 Example of a Remote Access Configuration 2-23 Viewing Session Information 2-24 Showing Telnet Session Information 2-24 Showing SSH ...ACE 3-6 Installing a New or Upgrade License File 3-7 Replacing a Demo License with a Permanent License 3-8 Removing a License 3-9 Removing an Appliance Performance Throughput License 3-10 Removing an SSL TPS License 3-10 Removing a Virtualization Context License 3-10 Removing an HTTP Compression Performance License 3-13 Cisco...
Administration Guide
Page 7
... Layer 7 Load-Balancing Example 4-63 Layer 3 and Layer 4 Load-Balancing Example 4-65 VIP With Connection Parameters Example 4-66 Example of a Traffic Policy Configuration 4-68 Viewing Class Maps, Policy Maps, and Service Policies 4-71 Displaying Class Map Configuration Information 4-71 Displaying Policy Map Configuration Information 4-71 Displaying Service Policy Configuration Information 4-72 OL-11157-01 Cisco 4700 Series Application Control...
... Layer 7 Load-Balancing Example 4-63 Layer 3 and Layer 4 Load-Balancing Example 4-65 VIP With Connection Parameters Example 4-66 Example of a Traffic Policy Configuration 4-68 Viewing Class Maps, Policy Maps, and Service Policies 4-71 Displaying Class Map Configuration Information 4-71 Displaying Policy Map Configuration Information 4-71 Displaying Service Policy Configuration Information 4-72 OL-11157-01 Cisco 4700 Series Application Control...
Administration Guide
Page 11
... for a Tracked Interface on the Active Member 7-36 Configuring the Interface Tracked by the Standby Member 7-37 Configuring a Priority for a Tracked Interface on the Standby Member 7-37 Example of a Tracking Configuration for an Interface 7-38 Example of a Redundancy Configuration 7-38 Displaying Redundancy Information 7-41 Displaying Redundancy Configurations 7-41 Displaying FT Group Information 7-41 Displaying the IDMAP Table...
... for a Tracked Interface on the Active Member 7-36 Configuring the Interface Tracked by the Standby Member 7-37 Configuring a Priority for a Tracked Interface on the Standby Member 7-37 Example of a Tracking Configuration for an Interface 7-38 Example of a Redundancy Configuration 7-38 Displaying Redundancy Information 7-41 Displaying Redundancy Configurations 7-41 Displaying FT Group Information 7-41 Displaying the IDMAP Table...
Administration Guide
Page 13
...Policy 8-45 Example of an SNMP Configuration 8-47 Displaying SNMP Statistics 8-50 Configuring the XML Interface 9-1 XML Overview 9-2 XML Usage with the ACE 9-2 HTTP and HTTPS Support with the ACE 9-4 HTTP Return Codes 9-5 Document Type Definition 9-7 Sample XML Configuration 9-9 XML Configuration Quick Start 9-11 Configuring HTTP and HTTPS... the Display of Raw XML Request show Command Output in XML Format 9-24 Accessing the ACE DTD File 9-27 Upgrading Your ACE Software A-1 Overview of Upgrading ACE Software A-2 Cisco 4700 Series Application Control Engine Appliance Administration Guide xiii
...Policy 8-45 Example of an SNMP Configuration 8-47 Displaying SNMP Statistics 8-50 Configuring the XML Interface 9-1 XML Overview 9-2 XML Usage with the ACE 9-2 HTTP and HTTPS Support with the ACE 9-4 HTTP Return Codes 9-5 Document Type Definition 9-7 Sample XML Configuration 9-9 XML Configuration Quick Start 9-11 Configuring HTTP and HTTPS... the Display of Raw XML Request show Command Output in XML Format 9-24 Accessing the ACE DTD File 9-27 Upgrading Your ACE Software A-1 Overview of Upgrading ACE Software A-2 Cisco 4700 Series Application Control Engine Appliance Administration Guide xiii
Administration Guide
Page 30
... ACE The ACE provides a default answer in brackets [ ] for each question in this section is present. Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-4 OL-11157-01 To skip the remaining configuration prompts, press Ctrl-C any time during the configuration sequence. So setup always assumes system defaults and not the current system configuration values. For example...
... ACE The ACE provides a default answer in brackets [ ] for each question in this section is present. Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-4 OL-11157-01 To skip the remaining configuration prompts, press Ctrl-C any time during the configuration sequence. So setup always assumes system defaults and not the current system configuration values. For example...
Administration Guide
Page 36
...administrative password, use the username command in clear text by default. You must have access to the ACE through the console port. 1-10 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 Enter a password as follows: username ...ACE. For example, to the factory-default value of 64 characters. If you do not enter a numbered option, the password is accessible through the console port to be able to reset the password for the ACE administrator account and cannot access the ACE, you enter. Note Only the Admin context is in configuration...
...administrative password, use the username command in clear text by default. You must have access to the ACE through the console port. 1-10 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 Enter a password as follows: username ...ACE. For example, to the factory-default value of 64 characters. If you do not enter a numbered option, the password is accessible through the console port to be able to reset the password for the ACE administrator account and cannot access the ACE, you enter. Note Only the Admin context is in configuration...
Administration Guide
Page 37
... Press ESC when the "Starting services..." Continuing... See the "Restarting the ACE" section. The setup mode appears. INIT: Entering runlevel: 3 Testing PCI path .... Daughter Card Found. Chapter 1 Setting Up the ACE Changing the Administrative Password To reset the password that allows the Admin user access... to the ACE, perform the following steps: Step 1 Step 2 Step 3 Step 4 Connect to the console port on the terminal (see the example below). During the bootup process, output appears on the console terminal. Log...
... Press ESC when the "Starting services..." Continuing... See the "Restarting the ACE" section. The setup mode appears. INIT: Entering runlevel: 3 Testing PCI path .... Daughter Card Found. Chapter 1 Setting Up the ACE Changing the Administrative Password To reset the password that allows the Admin user access... to the ACE, perform the following steps: Step 1 Step 2 Step 3 Step 4 Connect to the console port on the terminal (see the example below). During the bootup process, output appears on the console terminal. Log...
Administration Guide
Page 38
...5 minutes. 1-12 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 The syntax of time that contains from 1 to 32 alphanumeric characters. Enter a case-sensitive text string that a user can occur before the ACE terminates the console, Telnet...ACE is used for the ACE. The syntax for the ACE, use the host configuration mode command. Note The login timeout command setting overrides the terminal session-timeout setting (see the "Configuring Terminal Display Attributes" section). For example, to change the hostname of 0 instructs the ACE...
...5 minutes. 1-12 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 The syntax of time that contains from 1 to 32 alphanumeric characters. Enter a case-sensitive text string that a user can occur before the ACE terminates the console, Telnet...ACE is used for the ACE. The syntax for the ACE, use the host configuration mode command. Note The login timeout command setting overrides the terminal session-timeout setting (see the "Configuring Terminal Display Attributes" section). For example, to change the hostname of 0 instructs the ACE...
Administration Guide
Page 39
...of 5 minutes, enter the following command. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-13 For example, enter the following the first space until the end of the line (carriage return or line feed). The ACE appends each line by the login banner and Exec mode ...each line that you wish to the end of -the-day banner, precede each line to add. Chapter 1 Setting Up the ACE Configuring a Message-of-the-Day Banner For example, to the banner. The banner message is as the message-of-the-day banner when a user connects to be entered at...
...of 5 minutes, enter the following command. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-13 For example, enter the following the first space until the end of the line (carriage return or line feed). The ACE appends each line by the login banner and Exec mode ...each line that you wish to the end of -the-day banner, precede each line to add. Chapter 1 Setting Up the ACE Configuring a Message-of-the-Day Banner For example, to the banner. The banner message is as the message-of-the-day banner when a user connects to be entered at...
Administration Guide
Page 40
... replaced with the character Welcome to configure the banner message: switch/Admin(config)# banner motd # Enter TEXT message. Configuring a Message-of a variable in multi-line mode, the ACE interprets the double quote character (") literally. The following example shows how to span multiple lines and...banner motd command in Exec mode as a delimiting character in the message text. For example: switch/Admin(config)# banner motd #Welcome to "$(hostname)"...# Do not use the show banner motd 1-14 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01
... replaced with the character Welcome to configure the banner message: switch/Admin(config)# banner motd # Enter TEXT message. Configuring a Message-of a variable in multi-line mode, the ACE interprets the double quote character (") literally. The following example shows how to span multiple lines and...banner motd command in Exec mode as a delimiting character in the message text. For example: switch/Admin(config)# banner motd #Welcome to "$(hostname)"...# Do not use the show banner motd 1-14 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01
Administration Guide
Page 41
... OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-15 You can automatically set the date and time of this command, the ACE displays the current configured date and time. The syntax of the ACE by synchronizing to which the ACE clock is being reset. For example, to which the ACE clock is being...
... OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-15 You can automatically set the date and time of this command, the ACE displays the current configured date and time. The syntax of the ACE by synchronizing to which the ACE clock is being reset. For example, to which the ACE clock is being...
Administration Guide
Page 42
... Standard Time as UTC +1 hour 1-16 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 Configuring the Time, Date, and Time Zone Chapter 1 Setting Up the ACE Follow these guidelines when you use NTP to automatically configure the ACE system clock: • If you wish ...to use the clock timezone command in configuration mode. AST-Atlantic Standard Time as a radio clock or an atomic clock), see the "Synchronizing the ACE with an NTP Server" section for example, PDT) to be...
... Standard Time as UTC +1 hour 1-16 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 Configuring the Time, Date, and Time Zone Chapter 1 Setting Up the ACE Follow these guidelines when you use NTP to automatically configure the ACE system clock: • If you wish ...to use the clock timezone command in configuration mode. AST-Atlantic Standard Time as a radio clock or an atomic clock), see the "Synchronizing the ACE with an NTP Server" section for example, PDT) to be...
Administration Guide
Page 45
.... OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-19 the start time is relative to the standard time and the end time is as UTC +8 hours For example, to set the time zone to PDT and to the summer time. Chapter 1 Setting Up the ACE Configuring the Time, Date,...of the command specifies when summer time ends. See Table 1-1 for the list the common time zone acronyms used for Daylight Saving Time To configure the ACE to change the time automatically to the local time zone; For example, enter: host1/Admin(config)# no form of this command.
.... OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-19 the start time is relative to the standard time and the end time is as UTC +8 hours For example, to set the time zone to PDT and to the summer time. Chapter 1 Setting Up the ACE Configuring the Time, Date,...of the command specifies when summer time ends. See Table 1-1 for the list the common time zone acronyms used for Daylight Saving Time To configure the ACE to change the time automatically to the local time zone; For example, enter: host1/Admin(config)# no form of this command.
Administration Guide
Page 286
... track-host 192.161.100.1 probe GATEWAY_TRACK1 priority 10 probe GATEWAY_TRACK2 priority 20 priority 50 In this configuration example, if the gateway_track1 probe goes down , the ACE reduces the priority of the FT group on the standby member, a switchover occurs. If all the...the FT group on the standby member by 50. Configuring Tracking and Failure Detection Chapter 7 Configuring Redundant ACE Appliances The number argument specifies the priority of the probes configured for Multiple Probes" sections. 7-34 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-...
... track-host 192.161.100.1 probe GATEWAY_TRACK1 priority 10 probe GATEWAY_TRACK2 priority 20 priority 50 In this configuration example, if the gateway_track1 probe goes down , the ACE reduces the priority of the FT group on the standby member, a switchover occurs. If all the...the FT group on the standby member by 50. Configuring Tracking and Failure Detection Chapter 7 Configuring Redundant ACE Appliances The number argument specifies the priority of the probes configured for Multiple Probes" sections. 7-34 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-...
Administration Guide
Page 290
...Example of a Redundancy Configuration Chapter 7 Configuring Redundant ACE Appliances Example of a Tracking Configuration for an Interface The following example demonstrates a tracking configuration for an interface on the active member of an FT group: ft track interface TRACK_VLAN100 track-interface vlan 100 priority 50 In the above configuration example... of the FT group on the standby member, a switchover occurs. Note All FT parameters are configured in the example. 7-38 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 If at any time the priority ...
...Example of a Redundancy Configuration Chapter 7 Configuring Redundant ACE Appliances Example of a Tracking Configuration for an Interface The following example demonstrates a tracking configuration for an interface on the active member of an FT group: ft track interface TRACK_VLAN100 track-interface vlan 100 priority 50 In the above configuration example... of the FT group on the standby member, a switchover occurs. Note All FT parameters are configured in the example. 7-38 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 If at any time the priority ...
Administration Guide
Page 406
... capturing packets 5-30 copying buffer 5-32 displaying buffer 5-33 checkpoint, configuration creating 5-38 deleting 5-38 displaying 5-39 rolling back to 5-39 class map configuration, displaying 4-71 configuration example 4-68 example, firewall 4-60 example, Layer 3 and 4 load balancing 4-65 example, Layer 7 load balancing 4-63 example, VIP 4-66 Layer 3 and 4, access list match criteria 4-28... traffic 8-39 XML 9-14 CLI account password, changing 1-10 saving session 1-3 user management of SNMP 8-6 IN-2 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01
... capturing packets 5-30 copying buffer 5-32 displaying buffer 5-33 checkpoint, configuration creating 5-38 deleting 5-38 displaying 5-39 rolling back to 5-39 class map configuration, displaying 4-71 configuration example 4-68 example, firewall 4-60 example, Layer 3 and 4 load balancing 4-65 example, Layer 7 load balancing 4-63 example, VIP 4-66 Layer 3 and 4, access list match criteria 4-28... traffic 8-39 XML 9-14 CLI account password, changing 1-10 saving session 1-3 user management of SNMP 8-6 IN-2 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01
Administration Guide
Page 407
... saving time, setting 1-19 NTP server, sychronizing ACE system clock 1-21 setting 1-15 timezone, setting 1-16 viewing system clock settings 1-21 communities, SNMP 8-29 configurational examples redundancy 7-38 remote access 2-23 SLB traffic policy 4-68 SNMP 8-47 configuration checkpoint and rollback service creating configuration checkpoint 5-38 deleting configuration checkpoint 5-38 displaying checkpoint information 5-39 overview 5-37...
... saving time, setting 1-19 NTP server, sychronizing ACE system clock 1-21 setting 1-15 timezone, setting 1-16 viewing system clock settings 1-21 communities, SNMP 8-29 configurational examples redundancy 7-38 remote access 2-23 SLB traffic policy 4-68 SNMP 8-47 configuration checkpoint and rollback service creating configuration checkpoint 5-38 deleting configuration checkpoint 5-38 displaying checkpoint information 5-39 overview 5-37...
Administration Guide
Page 413
... map actions for remote access 2-12 actions for SNMP 8-44, 9-20 configuration, displaying 4-71 configuration example 4-68 connection redundancy 4-49 example, firewall 4-60 example, Layer 3 and 4 load balancing 4-65 example, Layer 7 load balancing 4-63 example, VIP 4-66 IP, TCP, and UDP connection behavior 4-49 Layer 3 and 4, configuring 4-43 Layer 3 and 4, for management traffic 2-9, 4-44, 9-17... map 2-7 Q query interface for FT peer 7-18 quick start Layer 3 and 4 class map for management traffic 4-12 OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide IN-9
... map actions for remote access 2-12 actions for SNMP 8-44, 9-20 configuration, displaying 4-71 configuration example 4-68 connection redundancy 4-49 example, firewall 4-60 example, Layer 3 and 4 load balancing 4-65 example, Layer 7 load balancing 4-63 example, VIP 4-66 IP, TCP, and UDP connection behavior 4-49 Layer 3 and 4, configuring 4-43 Layer 3 and 4, for management traffic 2-9, 4-44, 9-17... map 2-7 Q query interface for FT peer 7-18 quick start Layer 3 and 4 class map for management traffic 4-12 OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide IN-9
Administration Guide
Page 414
...A-4 XML 9-11 R redundancy configuration, displaying 7-41 configuration examples 7-38 configuration requirements 7-8 configuration synchronization 7-7 configuring 7-12 failure detection and tracking 7-28 forcing failover 7-24 FT group, configuring 7-19 FT group information, displaying 7-41 FT peer, configuring 7-16 FT peer information, ... class map, creating 2-5 class map description 2-6 class map protocol match criteria 2-7 configuration examples 2-23 enabling 2-1 network management traffic services, configuring 2-4 policy actions 2-12 policy map 2-9 quick start 2-2 service policy 2-13 Telnet...
...A-4 XML 9-11 R redundancy configuration, displaying 7-41 configuration examples 7-38 configuration requirements 7-8 configuration synchronization 7-7 configuring 7-12 failure detection and tracking 7-28 forcing failover 7-24 FT group, configuring 7-19 FT group information, displaying 7-41 FT peer, configuring 7-16 FT peer information, ... class map, creating 2-5 class map description 2-6 class map protocol match criteria 2-7 configuration examples 2-23 enabling 2-1 network management traffic services, configuring 2-4 policy actions 2-12 policy map 2-9 quick start 2-2 service policy 2-13 Telnet...
Administration Guide
Page 415
... 9-24 saving output to file 5-26 viewing hardware and software configuration information 6-1 shutting down ACE 1-42 Simple Network Management Protocol See SNMP SNMP AAA integration 8-6 agents, communication 8-4 agents, overview 8-3 class map, creating 8-39 CLI user management 8-6 communities 8-29 configuration examples 8-47 OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide IN-11
... 9-24 saving output to file 5-26 viewing hardware and software configuration information 6-1 shutting down ACE 1-42 Simple Network Management Protocol See SNMP SNMP AAA integration 8-6 agents, communication 8-4 agents, overview 8-3 class map, creating 8-39 CLI user management 8-6 communities 8-29 configuration examples 8-47 OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide IN-11