Administration Guide
Page 2
... Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Event Center, Fast... to be actual addresses. The use of their respective owners. Cisco 4700 Series Application Control Engine Appliance Administration Guide Copyright © 2007 Cisco Systems, Inc. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. ALL...
... Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Event Center, Fast... to be actual addresses. The use of their respective owners. Cisco 4700 Series Application Control Engine Appliance Administration Guide Copyright © 2007 Cisco Systems, Inc. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. ALL...
Administration Guide
Page 5
... Generating SSH Host Key Pairs 2-17 Terminating an Active User Session 2-19 Enabling ICMP Messages to the ACE 2-19 Directly Accessing a User Context Through SSH 2-21 Example of a Remote Access ...ACE 3-6 Installing a New or Upgrade License File 3-7 Replacing a Demo License with a Permanent License 3-8 Removing a License 3-9 Removing an Appliance Performance Throughput License 3-10 Removing an SSL TPS License 3-10 Removing a Virtualization Context License 3-10 Removing an HTTP Compression Performance License 3-13 Cisco 4700 Series Application Control Engine Appliance Administration Guide...
... Generating SSH Host Key Pairs 2-17 Terminating an Active User Session 2-19 Enabling ICMP Messages to the ACE 2-19 Directly Accessing a User Context Through SSH 2-21 Example of a Remote Access ...ACE 3-6 Installing a New or Upgrade License File 3-7 Replacing a Demo License with a Permanent License 3-8 Removing a License 3-9 Removing an Appliance Performance Throughput License 3-10 Removing an SSL TPS License 3-10 Removing a Virtualization Context License 3-10 Removing an HTTP Compression Performance License 3-13 Cisco 4700 Series Application Control Engine Appliance Administration Guide...
Administration Guide
Page 8
...Configuration File with the Running-Configuration File 5-6 Viewing Configuration Files 5-7 Viewing User Context Running-Config Files from the Admin Context 5-10 Clearing the Startup-Configuration File 5-10 Loading Configuration Files from a Remote Server 5-11 Using the File System on the ACE 5-12 Listing the Files in a Directory 5-13 Copying Files 5-15...Deleting Files 5-24 Displaying File Contents 5-25 Saving show Command Output to a File 5-26 Viewing and Copying Core Dumps 5-27 Copying Core Dumps 5-28 Cisco 4700 Series Application Control Engine Appliance Administration Guide viii OL-11157-01
...Configuration File with the Running-Configuration File 5-6 Viewing Configuration Files 5-7 Viewing User Context Running-Config Files from the Admin Context 5-10 Clearing the Startup-Configuration File 5-10 Loading Configuration Files from a Remote Server 5-11 Using the File System on the ACE 5-12 Listing the Files in a Directory 5-13 Copying Files 5-15...Deleting Files 5-24 Displaying File Contents 5-25 Saving show Command Output to a File 5-26 Viewing and Copying Core Dumps 5-27 Copying Core Dumps 5-28 Cisco 4700 Series Application Control Engine Appliance Administration Guide viii OL-11157-01
Administration Guide
Page 12
...Agent Communication 8-4 SNMP Traps and Informs 8-5 SNMPv3 CLI User Management and AAA Integration 8-6 CLI and SNMP User Synchronization 8-6 Supported MIBs and Notifications 8-7 SNMP Limitations 8-24 SNMP Configuration Quick Start 8-25 Configuring SNMP Users 8-27 Defining SNMP Communities 8-29 Configuring an SNMP Contact ... 8-42 Creating a Layer 3 and Layer 4 Policy Map for SNMP Network Management Traffic Received by the ACE 8-42 Specifying a Layer 3 and Layer 4 Traffic Class with the Traffic Policy 8-43 Cisco 4700 Series Application Control Engine Appliance Administration Guide xii OL-11157-01
...Agent Communication 8-4 SNMP Traps and Informs 8-5 SNMPv3 CLI User Management and AAA Integration 8-6 CLI and SNMP User Synchronization 8-6 Supported MIBs and Notifications 8-7 SNMP Limitations 8-24 SNMP Configuration Quick Start 8-25 Configuring SNMP Users 8-27 Defining SNMP Communities 8-29 Configuring an SNMP Contact ... 8-42 Creating a Layer 3 and Layer 4 Policy Map for SNMP Network Management Traffic Received by the ACE 8-42 Specifying a Layer 3 and Layer 4 Traffic Class with the Traffic Policy 8-43 Cisco 4700 Series Application Control Engine Appliance Administration Guide xii OL-11157-01
Administration Guide
Page 14
... the www User Password A-3 Checking Your Configuration for FT Priority and Preempt A-3 Creating a Checkpoint A-3 Software Upgrade Quick Start A-4 Copying the Software Upgrade Image to the ACE A-7 Configuring the ACE to Autoboot the... Software Image A-8 Setting the Boot Variable A-8 Configuring the Configuration Register to Autoboot the Boot Variable A-9 Verifying the Boot Variable and Configuration Register A-10 Reloading the ACE A-10 Displaying Software Image Information A-11 Cisco 4700 Series Application Control Engine Appliance Administration Guide...
... the www User Password A-3 Checking Your Configuration for FT Priority and Preempt A-3 Creating a Checkpoint A-3 Software Upgrade Quick Start A-4 Copying the Software Upgrade Image to the ACE A-7 Configuring the ACE to Autoboot the... Software Image A-8 Setting the Boot Variable A-8 Configuring the Configuration Register to Autoboot the Boot Variable A-9 Verifying the Boot Variable and Configuration Register A-10 Reloading the ACE A-10 Displaying Software Image Information A-11 Cisco 4700 Series Application Control Engine Appliance Administration Guide...
Administration Guide
Page 15
..., Obtaining Support, and Security Guidelines • Open Source License Acknowledgements OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide xv You can configure the ACE by using the following major sections: • Audience • How to perform administration...and policy maps, manage the ACE software, configure SNMP, configure redundancy, configure the XML interface, and upgrade your ACE software. This preface contains the following interfaces: • The command-line interface (CLI), a line-oriented user interface that provides commands for ...
..., Obtaining Support, and Security Guidelines • Open Source License Acknowledgements OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide xv You can configure the ACE by using the following major sections: • Audience • How to perform administration...and policy maps, manage the ACE software, configure SNMP, configure redundancy, configure the XML interface, and upgrade your ACE software. This preface contains the following interfaces: • The command-line interface (CLI), a line-oriented user interface that provides commands for ...
Administration Guide
Page 16
...ACE. Preface Audience This guide is organized as follows: Chapter Description Chapter 1, Setting Up the ACE Describes how to configure basic settings on the ACE, including topics such as how to session and log in to the ACE, change the administrative username and password, assign a name to a user...qualified service personnel who are responsible for your ACE. Cisco 4700 Series Application Control Engine Appliance Administration Guide xvi OL-11157-01 It also describes how to configure the ACE to provide direct access to the ACE, configure a message-of classification for Maps ...
...ACE. Preface Audience This guide is organized as follows: Chapter Description Chapter 1, Setting Up the ACE Describes how to configure basic settings on the ACE, including topics such as how to session and log in to the ACE, change the administrative username and password, assign a name to a user...qualified service personnel who are responsible for your ACE. Cisco 4700 Series Application Control Engine Appliance Administration Guide xvi OL-11157-01 It also describes how to configure the ACE to provide direct access to the ACE, configure a message-of classification for Maps ...
Administration Guide
Page 20
... of all CLI commands by the ACE. Cisco 4700 Series Application Control Engine Appliance Administration Guide xx OL-11157-01 Preface Document Title Description Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide Describes how to perform following ACE security configuration tasks: • Security access control lists (ACLs) • User authentication and accounting using a Terminal Access...
... of all CLI commands by the ACE. Cisco 4700 Series Application Control Engine Appliance Administration Guide xx OL-11157-01 Preface Document Title Description Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide Describes how to perform following ACE security configuration tasks: • Security access control lists (ACLs) • User authentication and accounting using a Terminal Access...
Administration Guide
Page 21
... Series Application Control Engine Appliance Device Manager Configuration Guide Cisco CSS-to-ACE Conversion Tool User Guide Description Describes how to use the Device Manager GUI, which resides in flash memory on the ACE, to provide a browser-based interface for which you supply values are in italics. Arguments for configuring and managing the appliance. Optional alternative...
... Series Application Control Engine Appliance Device Manager Configuration Guide Cisco CSS-to-ACE Conversion Tool User Guide Description Describes how to use the Device Manager GUI, which resides in flash memory on the ACE, to provide a browser-based interface for which you supply values are in italics. Arguments for configuring and managing the appliance. Optional alternative...
Administration Guide
Page 33
... Application Control Engine Appliance Routing and Bridging Configuration Guide. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-7 For details on configuring interfaces on the ACE, see Chapter 2, Enabling Remote Access to the ACE. all other contexts can be deleted. The dm user is hidden on the ACE itself, you can remotely access the...
... Application Control Engine Appliance Routing and Bridging Configuration Guide. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-7 For details on configuring interfaces on the ACE, see Chapter 2, Enabling Remote Access to the ACE. all other contexts can be deleted. The dm user is hidden on the ACE itself, you can remotely access the...
Administration Guide
Page 35
...able to log in to the administrative username by default. For users that you reboot the ACE, it reads the username and password from Cisco Systems. Caution For software versions A1(8.0a) and higher, ...you must change the administrative password, security on contexts, user roles, and domains, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide...
...able to log in to the administrative username by default. For users that you reboot the ACE, it reads the username and password from Cisco Systems. Caution For software versions A1(8.0a) and higher, ...you must change the administrative password, security on contexts, user roles, and domains, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide...
Administration Guide
Page 36
... password for the Admin user back to reset the password for the ACE administrator account and cannot access the ACE, you can recover the admin password during the initial bootup sequence of admin. For example, to the ACE through the console port. 1-10 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 Changing...
... password for the Admin user back to reset the password for the ACE administrator account and cannot access the ACE, you can recover the admin password during the initial bootup sequence of admin. For example, to the ACE through the console port. 1-10 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 Changing...
Administration Guide
Page 37
...console terminal. Chapter 1 Setting Up the ACE Changing the Administrative Password To reset the password that allows the Admin user access to the ACE, perform the following steps: Step 1 Step 2 Step 3 Step 4 Connect to the ACE. See the "Connecting and Logging into the ACE" section. If you miss the time ...window, wait for the ACE to properly complete booting, reboot the ACE, and try again to...
...console terminal. Chapter 1 Setting Up the ACE Changing the Administrative Password To reset the password that allows the Admin user access to the ACE, perform the following steps: Step 1 Step 2 Step 3 Step 4 Connect to the ACE. See the "Connecting and Logging into the ACE" section. If you miss the time ...window, wait for the ACE to properly complete booting, reboot the ACE, and try again to...
Administration Guide
Page 38
.... If you enter commands. To specify a hostname for the ACE is 5 minutes. This command specifies the length of time that a user session can be idle before the ACE automatically logs off an inactive user by using the login timeout command in configuration mode. A value... timeout command is 5 minutes. 1-12 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 By default, the hostname for the ACE, use the host configuration mode command. Assigning a Name to the ACE Chapter 1 Setting Up the ACE Assigning a Name to multiple devices, the...
.... If you enter commands. To specify a hostname for the ACE is 5 minutes. This command specifies the length of time that a user session can be idle before the ACE automatically logs off an inactive user by using the login timeout command in configuration mode. A value... timeout command is 5 minutes. 1-12 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 By default, the hostname for the ACE, use the host configuration mode command. Assigning a Name to the ACE Chapter 1 Setting Up the ACE Assigning a Name to multiple devices, the...
Administration Guide
Page 39
... end of the line (carriage return or line feed). The syntax of this command is as the message-of-the-day banner when a user connects to a maximum of 3000 characters (3000 bytes) total for each line by the login banner and Exec mode prompt. To instruct the...message is empty, the ACE adds a carriage return (CR) to specify a timeout period of 10 minutes, enter the following command: host1/Admin(config)# login timeout 10 To restore the default timeout value of -the-day banner. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-13 host1/Admin(...
... end of the line (carriage return or line feed). The syntax of this command is as the message-of-the-day banner when a user connects to a maximum of 3000 characters (3000 bytes) total for each line by the login banner and Exec mode prompt. To instruct the...message is empty, the ACE adds a carriage return (CR) to specify a timeout period of 10 minutes, enter the following command: host1/Admin(config)# login timeout 10 To restore the default timeout value of -the-day banner. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-13 host1/Admin(...
Administration Guide
Page 47
..., an NTP network receives its time from an authoritative time source, such as Greenwich Mean Time. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-21 NTP is as follows: show clock For example, to view the current clock settings, enter: host1/Admin#... Oct 7 07:43:02 UTC 2007 Synchronizing the ACE with multiple ACE nodes, we strongly recommend that different parts of each ACE node with an NTP server. All NTP communication uses Coordinated Universal Time (UTC), which runs over User Datagram Protocol (UDP), which is documented in the ...
..., an NTP network receives its time from an authoritative time source, such as Greenwich Mean Time. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 1-21 NTP is as follows: show clock For example, to view the current clock settings, enter: host1/Admin#... Oct 7 07:43:02 UTC 2007 Synchronizing the ACE with multiple ACE nodes, we strongly recommend that different parts of each ACE node with an NTP server. All NTP communication uses Coordinated Universal Time (UTC), which runs over User Datagram Protocol (UDP), which is documented in the ...
Administration Guide
Page 48
...can also be a server association, which means that the ACE is as follows: ntp {peer ip_address1 [prefer] | server ip_address2 [prefer]} Note Only users authenticated in the Admin context can use the ntp command. the ACE uses the most accurate server. You can specify multiple ...syntax of the time server that provides the clock synchronization. 1-22 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 The keywords, arguments, and options are: • peer-Configure the ACE system clock to synchronize a peer or to be synchronized by a ...
...can also be a server association, which means that the ACE is as follows: ntp {peer ip_address1 [prefer] | server ip_address2 [prefer]} Note Only users authenticated in the Admin context can use the ntp command. the ACE uses the most accurate server. You can specify multiple ...syntax of the time server that provides the clock synchronization. 1-22 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 The keywords, arguments, and options are: • peer-Configure the ACE system clock to synchronize a peer or to be synchronized by a ...
Administration Guide
Page 50
... the reachability register (see RFC-1305) in octal The latest delay (in microseconds) 1-24 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 Synchronizing the ACE with an NTP Server Chapter 1 Setting Up the ACE Note Only users who are : • peer-status-Displays the status for all configured NTP servers and...
... the reachability register (see RFC-1305) in octal The latest delay (in microseconds) 1-24 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 Synchronizing the ACE with an NTP Server Chapter 1 Setting Up the ACE Note Only users who are : • peer-status-Displays the status for all configured NTP servers and...
Administration Guide
Page 58
.../Admin# terminal no parity. To configure the line console settings from 5 to configure the terminal line settings for accessing the ACE by a console or a virtual terminal. The range is from the console configuration mode, specify one or more of the ... 1-32 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 Use the line console configuration mode command to start the current terminal monitoring session, enter: host1/Admin# terminal monitor host/Admin# %ACE-7-111009: User 'admin' executed cmd: terminal monitor %ACE-7-111009: User 'admin'...
.../Admin# terminal no parity. To configure the line console settings from 5 to configure the terminal line settings for accessing the ACE by a console or a virtual terminal. The range is from the console configuration mode, specify one or more of the ... 1-32 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 Use the line console configuration mode command to start the current terminal monitoring session, enter: host1/Admin# terminal monitor host/Admin# %ACE-7-111009: User 'admin' executed cmd: terminal monitor %ACE-7-111009: User 'admin'...
Administration Guide
Page 69
... display attributes, and configure terminal line settings for accessing the ACE by using the Secure Shell (SSH) or Telnet protocols. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 2-1 It also describes how to configure the ACE to provide direct access to a user context from a host. CH A P T E R 2 Enabling Remote Access to the...
... display attributes, and configure terminal line settings for accessing the ACE by using the Secure Shell (SSH) or Telnet protocols. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 2-1 It also describes how to configure the ACE to provide direct access to a user context from a host. CH A P T E R 2 Enabling Remote Access to the...