Administration Guide
Page 2
..., ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED "AS IS" WITH ALL FAULTS. All rights reserved. The Cisco implementation of TCP header compression is unintentional and coincidental. All other company. (0501R) Any Internet Protocol (IP) addresses used in this document or Website are service marks of their respective owners. Cisco Global Site Selector Administration Guide © 2007 Cisco Systems, Inc...
..., ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED "AS IS" WITH ALL FAULTS. All rights reserved. The Cisco implementation of TCP header compression is unintentional and coincidental. All other company. (0501R) Any Internet Protocol (IP) addresses used in this document or Website are service marks of their respective owners. Cisco Global Site Selector Administration Guide © 2007 Cisco Systems, Inc...
Administration Guide
Page 14
... the supported operating systems: Windows, Solaris, and Linux. Preface Document Title Cisco Global Site Selector Getting Started Guide Cisco Global Site Selector GUI-Based Global Server Load-Balancing Configuration Guide Cisco Global Site Selector CLI-Based Global Server Load-Balancing Configuration Guide Cisco Global Site Selector Command Reference Description Information on getting your GSS set consists of the following documents: Document Title Release Notes for the Cisco CNS Network Registrar, Release 6.2 Cisco CNS Network Registrar Installation Guide Description...
... the supported operating systems: Windows, Solaris, and Linux. Preface Document Title Cisco Global Site Selector Getting Started Guide Cisco Global Site Selector GUI-Based Global Server Load-Balancing Configuration Guide Cisco Global Site Selector CLI-Based Global Server Load-Balancing Configuration Guide Cisco Global Site Selector Command Reference Description Information on getting your GSS set consists of the following documents: Document Title Release Notes for the Cisco CNS Network Registrar, Release 6.2 Cisco CNS Network Registrar Installation Guide Description...
Administration Guide
Page 37
... a Product Access Key (PAK) number. Stop and then disable the GSS as the primary GSSM. Uninstall the duplicate license file by using the license uninstall command. 2. If a clash of duplicate PAK numbers occurs between the primary GSSM and any potential problems. Do not install the same licence file (files with the Cisco Network Registrar (CNR). You can view a GSS software license as an upgrade to avoid...
... a Product Access Key (PAK) number. Stop and then disable the GSS as the primary GSSM. Uninstall the duplicate license file by using the license uninstall command. 2. If a clash of duplicate PAK numbers occurs between the primary GSSM and any potential problems. Do not install the same licence file (files with the Cisco Network Registrar (CNR). You can view a GSS software license as an upgrade to avoid...
Administration Guide
Page 41
... expired license key, an error message appears and the installation halts. Chapter 2 Managing the GSS from cli-install. primary [Thu Nov 8 14:27:33 EDT 2007] Normal Operation [runmode = 5] START Oct25 ? ? Oct25 Oct25 Oct25 Oct25 Oct25 Oct25 SERVER Boomerang CNR DNS Server CNR Server Agent Config Agent (crdirector) Config Server (crm) DNS Server Database GUI Server (tomcat) Keepalive Engine [ Server is not ready ] [ Server is running: gssm1.example.com# gss status Cisco GSS - 2.0(2) GSSM...
... expired license key, an error message appears and the installation halts. Chapter 2 Managing the GSS from cli-install. primary [Thu Nov 8 14:27:33 EDT 2007] Normal Operation [runmode = 5] START Oct25 ? ? Oct25 Oct25 Oct25 Oct25 Oct25 Oct25 SERVER Boomerang CNR DNS Server CNR Server Agent Config Agent (crdirector) Config Server (crm) DNS Server Database GUI Server (tomcat) Keepalive Engine [ Server is not ready ] [ Server is running: gssm1.example.com# gss status Cisco GSS - 2.0(2) GSSM...
Administration Guide
Page 43
... error message appears. 2. To access the nrcmd program, perform the following steps: 1. username: password: ****** 100 OK session: cluster = localhost current-vpn = global default-format = user groups = superuser roles = superuser scope-edit-mode = staged user-name = admin visibility = 5 zone-edit-mode = synchronous nrcmd> See the Cisco CNS Network Registrar CLI Reference Guide, 6.3 for instructions on the GSS before you to control your local cluster servers' operations by setting all configurable...
... error message appears. 2. To access the nrcmd program, perform the following steps: 1. username: password: ****** 100 OK session: cluster = localhost current-vpn = global default-format = user groups = superuser roles = superuser scope-edit-mode = staged user-name = admin visibility = 5 zone-edit-mode = synchronous nrcmd> See the Cisco CNS Network Registrar CLI Reference Guide, 6.3 for instructions on the GSS before you to control your local cluster servers' operations by setting all configurable...
Administration Guide
Page 47
... the running -config file until you boot the device. • Running configuration-Network configuration currently in use the hostname command in to the network configuration of the GSS device (enabled or disabled) Each GSS device tracks the following ways: • Save the running -config startup-config OL-10410-01 Cisco Global Site Selector Administration Guide 2-13 gssm1.example.com> enable gssm1.example.com# gssm1.example.com# config gssm1.example.com(config)# 2. In this case, the GSS device uses the running -config...
... the running -config file until you boot the device. • Running configuration-Network configuration currently in use the hostname command in to the network configuration of the GSS device (enabled or disabled) Each GSS device tracks the following ways: • Save the running -config startup-config OL-10410-01 Cisco Global Site Selector Administration Guide 2-13 gssm1.example.com> enable gssm1.example.com# gssm1.example.com# config gssm1.example.com(config)# 2. In this case, the GSS device uses the running -config...
Administration Guide
Page 59
...prompts related to the default of 23, enter: gssm1.example.com(config)# no form of the certificate set -attributes command, the GSS software displays a series of the security certificate issued by Cisco Systems and installed on the security certificate. Chapter 2 Managing the GSS from the CLI Modifying...continue with the primary GSSM GUI operation. By using the certificate set-attributes CLI command, you enter the certificate set -attributes command. To return the attributes for your changes and generate a a new certificate. The next time that you access the primary GSSM GUI, the...
...prompts related to the default of 23, enter: gssm1.example.com(config)# no form of the certificate set -attributes command, the GSS software displays a series of the security certificate issued by Cisco Systems and installed on the security certificate. Chapter 2 Managing the GSS from the CLI Modifying...continue with the primary GSSM GUI operation. By using the certificate set-attributes CLI command, you enter the certificate set -attributes command. To return the attributes for your changes and generate a a new certificate. The next time that you access the primary GSSM GUI, the...
Administration Guide
Page 117
... page accessed, the primary GSSM GUI page action performed, and the time that is denied, you disable the use with a TCP keepalive to ensure network connectivity and TACACS+ application operation. Chapter 4 Managing GSS User Accounts Through a TACACS+ Server TACACS+ Overview OL-10410-01 The TACACS+ server provides the following AAA independent services to the GSS operating as the default to monitor connectivity with an assigned password. The GSS uses TCP...
... page accessed, the primary GSSM GUI page action performed, and the time that is denied, you disable the use with a TCP keepalive to ensure network connectivity and TACACS+ application operation. Chapter 4 Managing GSS User Accounts Through a TACACS+ Server TACACS+ Overview OL-10410-01 The TACACS+ server provides the following AAA independent services to the GSS operating as the default to monitor connectivity with an assigned password. The GSS uses TCP...
Administration Guide
Page 118
... Administration Guide 4-4 OL-10410-01 Enable global configuration mode on the TACACS+ server, such as the Cisco Secure Access Control Server (ACS). 2. Specify the IP address or hostname for a specific GSS access method. gssm1.example.com# config gssm1.example.com(config)# 3. You can optionally define a different port number and, if required, a TACACS+ server encryption key. Each step includes the CLI command required to performing local user authentication through either the console port or a Telnet connection. For...
... Administration Guide 4-4 OL-10410-01 Enable global configuration mode on the TACACS+ server, such as the Cisco Secure Access Control Server (ACS). 2. Specify the IP address or hostname for a specific GSS access method. gssm1.example.com# config gssm1.example.com(config)# 3. You can optionally define a different port number and, if required, a TACACS+ server encryption key. Each step includes the CLI command required to performing local user authentication through either the console port or a Telnet connection. For...
Administration Guide
Page 130
...+ server does not directly support control over additional primary GSSM GUI application-specific functions such as user views. Each custom user view can define a set of custom views that view. See the "Custom User View Overview" section in Chapter 3, Creating and Managing User Accounts, for Use with that limit the data (configuration data and statistics) available on custom user views in the primary GSSM GUI. 4-16 Cisco Global Site Selector Administration Guide OL...
...+ server does not directly support control over additional primary GSSM GUI application-specific functions such as user views. Each custom user view can define a set of custom views that view. See the "Custom User View Overview" section in Chapter 3, Creating and Managing User Accounts, for Use with that limit the data (configuration data and statistics) available on custom user views in the primary GSSM GUI. 4-16 Cisco Global Site Selector Administration Guide OL...
Administration Guide
Page 131
... fails for a GUI connection. When you configure TACACS+ authentication on the GSS from a TACACS+ server. OL-10410-01 Cisco Global Site Selector Administration Guide 4-17 Chapter 4 Managing GSS User Accounts Through a TACACS+ Server Configuring a TACACS+ Server for Use with the user name to determine if there is an associated user view configured on the TACACS+ Server To configure the accounting service for the Cisco Secure ACS, perform the following steps: 1. Note A password will...
... fails for a GUI connection. When you configure TACACS+ authentication on the GSS from a TACACS+ server. OL-10410-01 Cisco Global Site Selector Administration Guide 4-17 Chapter 4 Managing GSS User Accounts Through a TACACS+ Server Configuring a TACACS+ Server for Use with the user name to determine if there is an associated user view configured on the TACACS+ Server To configure the accounting service for the Cisco Secure ACS, perform the following steps: 1. Note A password will...
Administration Guide
Page 133
... GSS attempts to connect to the next server in the list of keepalives, you can use , the GSS selects that server as the default to set up a TACACS+ server (the Cisco Secure ACS in the order that the GSS uses to wait for a response to a different port number. Use the tacacs-server host command to monitor connectivity with the GSS" section. As a secondary measure, if the TCP keepalives fail, or if you disable...
... GSS attempts to connect to the next server in the list of keepalives, you can use , the GSS selects that server as the default to set up a TACACS+ server (the Cisco Secure ACS in the order that the GSS uses to wait for a response to a different port number. Use the tacacs-server host command to monitor connectivity with the GSS" section. As a secondary measure, if the TCP keepalives fail, or if you disable...
Administration Guide
Page 136
... to a connection attempt from a nonoperational TACACS+ server before switching to the next server in the tacacs-server timeout command) to wait for use the TACACS+ timeout period (that the first TACACS server is as follows: no tacacs-server keepalive-enable If you disable TCP keepalives, the GSS will continue to use , the GSS selects that server as the backup server. To disable the use of configured TACACS+ servers. Chapter 4 Managing GSS User Accounts...
... to a connection attempt from a nonoperational TACACS+ server before switching to the next server in the tacacs-server timeout command) to wait for use the TACACS+ timeout period (that the first TACACS server is as follows: no tacacs-server keepalive-enable If you disable TCP keepalives, the GSS will continue to use , the GSS selects that server as the backup server. To disable the use of configured TACACS+ servers. Chapter 4 Managing GSS User Accounts...
Administration Guide
Page 157
... 5 Configuring Access Lists and Filtering GSS Traffic Deploying GSS Devices Behind Firewalls Table 5-2 Inbound Traffic Going Through a Firewall to the GSS Source Port (Remote Device) * 49 or user configured * 53 80 or userconfigured 123 * * 1304 1974 * * 2001-2005 * 3002-3008 * Destination Port (GSS) 20-23 * 53 * * 123 161 443 1304 1974 2000 2001-2005 * 3002-3008 * 5001 Protocol Details TCP FTP, SSH, and Telnet services...
... 5 Configuring Access Lists and Filtering GSS Traffic Deploying GSS Devices Behind Firewalls Table 5-2 Inbound Traffic Going Through a Firewall to the GSS Source Port (Remote Device) * 49 or user configured * 53 80 or userconfigured 123 * * 1304 1974 * * 2001-2005 * 3002-3008 * Destination Port (GSS) 20-23 * 53 * * 123 161 443 1304 1974 2000 2001-2005 * 3002-3008 * 5001 Protocol Details TCP FTP, SSH, and Telnet services...
Administration Guide
Page 158
... legal port number Table 5-3 Outbound Traffic Originating from the GSS Source Port (GSS) 20-23 * * 53 * * Destination Port (Remote Device) * 49 or user configured 20-23 * 53 80 or userconfigured Protocol TCP TCP Details Return traffic of FTP, SSH, and Telnet server services on the GSS TACACS+ TCP Traffic of FTP, SCP, and Telnet GSS CLI commands UDP, TCP Return traffic of GSS DNS server traffic UDP GSS software...
... legal port number Table 5-3 Outbound Traffic Originating from the GSS Source Port (GSS) 20-23 * * 53 * * Destination Port (Remote Device) * 49 or user configured 20-23 * 53 80 or userconfigured Protocol TCP TCP Details Return traffic of FTP, SSH, and Telnet server services on the GSS TACACS+ TCP Traffic of FTP, SCP, and Telnet GSS CLI commands UDP, TCP Return traffic of GSS DNS server traffic UDP GSS software...
Administration Guide
Page 162
... contact person, and the physical location for a GSS device, perform the following command. Access global configuration mode. Note Be aware that contact will be retained after a v2.0 software upgrade. gss1.example.com(config)# snmp enable Cisco Global Site Selector Administration Guide 6-2 OL-10410-01 Each MIB object controls one specific function, such as events occur. The MIB is completed. The SNMP agent receives instructions from the network through an agent's port.
... contact person, and the physical location for a GSS device, perform the following command. Access global configuration mode. Note Be aware that contact will be retained after a v2.0 software upgrade. gss1.example.com(config)# snmp enable Cisco Global Site Selector Administration Guide 6-2 OL-10410-01 Each MIB object controls one specific function, such as events occur. The MIB is completed. The SNMP agent receives instructions from the network through an agent's port.
Administration Guide
Page 183
... handling and specific code path tracking) are normal operational messages for use by technical support personnel. Domain Name System (DNS) logging messages Director Response Protocol (DRP) agent logging messages Keepalive Engine logging messages Node manager logging messages Proximity logging messages Sticky manager logging message System logging messages TACACS+ logging messages OL-10410-01 Cisco Global Site Selector Administration Guide 8-3 Chapter 8 Viewing Log Files Understanding GSS Logging Levels Table 8-1 GSS Logging Levels (continued) Level Number Level Name 6 Information...
... handling and specific code path tracking) are normal operational messages for use by technical support personnel. Domain Name System (DNS) logging messages Director Response Protocol (DRP) agent logging messages Keepalive Engine logging messages Node manager logging messages Proximity logging messages Sticky manager logging message System logging messages TACACS+ logging messages OL-10410-01 Cisco Global Site Selector Administration Guide 8-3 Chapter 8 Viewing Log Files Understanding GSS Logging Levels Table 8-1 GSS Logging Levels (continued) Level Number Level Name 6 Information...
Administration Guide
Page 217
... GSS Software Upgrading Your GSS Devices OL-10410-01 331 Password required for admin. Access restrictions apply. gssm1.example.com> enable gssm1.example.com# 7. If the GSS has CNR loaded on it . Install the upgrade by entering the enable command and then the config command. Note If you lose any network CLI connections. Enable privileged EXEC mode. Type exit to continue. After the GSS reboots, you did not previously save changes to transfer files. Console connections...
... GSS Software Upgrading Your GSS Devices OL-10410-01 331 Password required for admin. Access restrictions apply. gssm1.example.com> enable gssm1.example.com# 7. If the GSS has CNR loaded on it . Install the upgrade by entering the enable command and then the config command. Note If you lose any network CLI connections. Enable privileged EXEC mode. Type exit to continue. After the GSS reboots, you did not previously save changes to transfer files. Console connections...
Administration Guide
Page 221
... GSSM 1-6 CNR, installing 2-6 cold restart, performing 2-28 CPU or memory processes, displaying 2-49 deleting devices from primary GSSM 1-10 disabling GSS device 2-29 downgrading software 7-8 enabling GSS device 2-29 firewalls 5-12, 5-16 GSS-related port and protocols 5-3 hard disk information, displaying 2-50 inactivity timeout 2-24 inter-GSS communications 5-9 license data, displaying 2-46 license file, obtaining 2-4 logging levels 9-1, 9-5, 9-7 logically removing or replacing 1-11 login accounts 3-1 memory blocks and statistics, displaying 2-47 MIB files 6-9 Cisco Global Site Selector...
... GSSM 1-6 CNR, installing 2-6 cold restart, performing 2-28 CPU or memory processes, displaying 2-49 deleting devices from primary GSSM 1-10 disabling GSS device 2-29 downgrading software 7-8 enabling GSS device 2-29 firewalls 5-12, 5-16 GSS-related port and protocols 5-3 hard disk information, displaying 2-50 inactivity timeout 2-24 inter-GSS communications 5-9 license data, displaying 2-46 license file, obtaining 2-4 logging levels 9-1, 9-5, 9-7 logically removing or replacing 1-11 login accounts 3-1 memory blocks and statistics, displaying 2-47 MIB files 6-9 Cisco Global Site Selector...
Administration Guide
Page 228
... 2-4 sys.log 9-6, 9-8 syslog, configuring 9-4 system logging 9-4 message log 9-11 status, displaying 2-51, 8-4 system log messages 9-16 purging 9-15 severity 9-15 typical messages 9-16 viewing 9-13 viewing from CiscoWorks RME Syslog Analyzer 9-18 viewing from GUI 9-14 system uptime, displaying 2-50 T TAC displaying GSS operating configuration 8-8 tech report 8-8 TACACS+ accounting overview 4-3 authentication overview 4-3 authorization overview 4-3 Cisco Secure Access Control Server (ACS) 4-5 disabling 4-28 GSS, disabling/enabling keepalives 4-22 GSS, specifying accounting 4-25 GSS, specifying...
... 2-4 sys.log 9-6, 9-8 syslog, configuring 9-4 system logging 9-4 message log 9-11 status, displaying 2-51, 8-4 system log messages 9-16 purging 9-15 severity 9-15 typical messages 9-16 viewing 9-13 viewing from CiscoWorks RME Syslog Analyzer 9-18 viewing from GUI 9-14 system uptime, displaying 2-50 T TAC displaying GSS operating configuration 8-8 tech report 8-8 TACACS+ accounting overview 4-3 authentication overview 4-3 authorization overview 4-3 Cisco Secure Access Control Server (ACS) 4-5 disabling 4-28 GSS, disabling/enabling keepalives 4-22 GSS, specifying accounting 4-25 GSS, specifying...