Administration Guide
Page 2
... Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive...THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Any use of California. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT ...
... Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive...THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Any use of California. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT ...
Administration Guide
Page 11
... contains the following major sections: • Audience • How to properly manage and maintain your organization's specific network configuration. OL-10413-01 Cisco Global Site Selector CLI-Based Global Server Load-Balancing Configuration Guide xi It describes the procedures necessary to Use ...Berkeley Internet Name Domain (BIND) software or similar DNS products, and your Global Site Selector Manager (GSSM) and GSS devices, including login security, GSS software upgrades, GSSM database administration, and log files. Preface This guide includes information on configuring the...
... contains the following major sections: • Audience • How to properly manage and maintain your organization's specific network configuration. OL-10413-01 Cisco Global Site Selector CLI-Based Global Server Load-Balancing Configuration Guide xi It describes the procedures necessary to Use ...Berkeley Internet Name Domain (BIND) software or similar DNS products, and your Global Site Selector Manager (GSSM) and GSS devices, including login security, GSS software upgrades, GSSM database administration, and log files. Preface This guide includes information on configuring the...
Administration Guide
Page 16
..., are in italic screen font. An exclamation point (!) or a pound sign (#) at the beginning of a line of the equipment. Indicates text that a specific action you press the D key. Cisco Global Site Selector CLI-Based Global Server Load-Balancing Configuration Guide xvi OL-10413-01 Note A note provides important related information, reminders, and...
..., are in italic screen font. An exclamation point (!) or a pound sign (#) at the beginning of a line of the equipment. Indicates text that a specific action you press the D key. Cisco Global Site Selector CLI-Based Global Server Load-Balancing Configuration Guide xvi OL-10413-01 Note A note provides important related information, reminders, and...
Administration Guide
Page 37
... Access Key (PAK) number. Stop and then disable the GSS as described in your GSS must separately purchase and install these two licenses. OL-10410-01 Cisco Global Site Selector Administration Guide 2-3 The CNR and DDoS licenses are available and configurable immediately except for the specifically licensed features. For a detailed overview and description of...
... Access Key (PAK) number. Stop and then disable the GSS as described in your GSS must separately purchase and install these two licenses. OL-10410-01 Cisco Global Site Selector Administration Guide 2-3 The CNR and DDoS licenses are available and configurable immediately except for the specifically licensed features. For a detailed overview and description of...
Administration Guide
Page 57
... Users You can display the username and permission status for a specific user or for all users of the file in to, enter: gssm1.example.com# scp username@remote-host:target-path Deleting Files The GSS allows you want to remove older files or files that you ... -------- ---------- OL-10410-01 Cisco Global Site Selector Administration Guide 2-23 The username argument identifies the name of the GSS user that you no longer use the del command. You may want to display information for. • Use the show users command to remove a specific file (startup-config, logs,...
... Users You can display the username and permission status for a specific user or for all users of the file in to, enter: gssm1.example.com# scp username@remote-host:target-path Deleting Files The GSS allows you want to remove older files or files that you ... -------- ---------- OL-10410-01 Cisco Global Site Selector Administration Guide 2-23 The username argument identifies the name of the GSS user that you no longer use the del command. You may want to display information for. • Use the show users command to remove a specific file (startup-config, logs,...
Administration Guide
Page 81
gssm1.example.com# show memory Table 2-1 describes the fields in the GSS network from the CLI Displaying GSS System Configuration Information To obtain specific license file details, enter: gssm1.example.com# show license file-name ddos_new.lic FEATURE ddos cisco 1 permanent uncounted HOSTID=ANY \ NOTICE="ddos_new.lic0 \ 1XIOS2C84AB" SIGN=CFF95D462F42 To obtain a complete picture of...
gssm1.example.com# show memory Table 2-1 describes the fields in the GSS network from the CLI Displaying GSS System Configuration Information To obtain specific license file details, enter: gssm1.example.com# show license file-name ddos_new.lic FEATURE ddos cisco 1 permanent uncounted HOSTID=ANY \ NOTICE="ddos_new.lic0 \ 1XIOS2C84AB" SIGN=CFF95D462F42 To obtain a complete picture of...
Administration Guide
Page 91
... Table 3-1 outlines the supported primary GSSM GUI functionality and accessibility for Using the Primary GSSM GUI As the GSS administrator, you can control the GUI pages that a user accesses and the associated functions that a user can ...-balancing statistics. You control primary GSSM GUI access through the assignment of one of the following roles grants specific access to the GUI based on the assigned role: • Administrator-Full configuration privileges and complete access to... can perform from the primary GSSM GUI. OL-10410-01 Cisco Global Site Selector Administration Guide 3-5
... Table 3-1 outlines the supported primary GSSM GUI functionality and accessibility for Using the Primary GSSM GUI As the GSS administrator, you can control the GUI pages that a user accesses and the associated functions that a user can ...-balancing statistics. You control primary GSSM GUI access through the assignment of one of the following roles grants specific access to the GUI based on the assigned role: • Administrator-Full configuration privileges and complete access to... can perform from the primary GSSM GUI. OL-10410-01 Cisco Global Site Selector Administration Guide 3-5
Administration Guide
Page 115
... This chapter describes how to record the specific CLI commands and GUI pages accessed by a GSS user. This chapter contains the following major sections: • TACACS+ Overview • TACACS+ Configuration Quick Start • Configuring a TACACS+ Server for separate authentication, authorization, and accounting (AAA) services. Configuring the GSS as a client of a TACACS+ server provides...
... This chapter describes how to record the specific CLI commands and GUI pages accessed by a GSS user. This chapter contains the following major sections: • TACACS+ Overview • TACACS+ Configuration Quick Start • Configuring a TACACS+ Server for separate authentication, authorization, and accounting (AAA) services. Configuring the GSS as a client of a TACACS+ server provides...
Administration Guide
Page 117
... for administrating multi-user GSS devices. The timeout value applies to ensure network connectivity and TACACS+ application operation. The GSS uses TCP keepalives as the default to access a GSS. Cisco Global Site Selector Administration Guide 4-3 Chapter 4 Managing GSS User Accounts Through a TACACS...connectivity with the active TACACS+ server. GSS users are prohibited from the TACACS+ server into a spreadsheet application. Accounting enables system administrators to a user accessing the primary GSSM GUI. • Accounting-Records the specific CLI commands and GUI pages accessed ...
... for administrating multi-user GSS devices. The timeout value applies to ensure network connectivity and TACACS+ application operation. The GSS uses TCP keepalives as the default to access a GSS. Cisco Global Site Selector Administration Guide 4-3 Chapter 4 Managing GSS User Accounts Through a TACACS...connectivity with the active TACACS+ server. GSS users are prohibited from the TACACS+ server into a spreadsheet application. Accounting enables system administrators to a user accessing the primary GSSM GUI. • Accounting-Records the specific CLI commands and GUI pages accessed ...
Administration Guide
Page 118
... TACACS+ server that contains the TACACS+ authentication, authorization, and accounting databases. gssm1.example.com(config)# aaa authentication ssh Cisco Global Site Selector Administration Guide 4-4 OL-10410-01 Specify the IP address or hostname for a specific GSS access method. Local authentication is 49. TACACS+ Configuration Quick Start Table 4-1 provides a quick overview of the steps...
... TACACS+ server that contains the TACACS+ authentication, authorization, and accounting databases. gssm1.example.com(config)# aaa authentication ssh Cisco Global Site Selector Administration Guide 4-4 OL-10410-01 Specify the IP address or hostname for a specific GSS access method. Local authentication is 49. TACACS+ Configuration Quick Start Table 4-1 provides a quick overview of the steps...
Administration Guide
Page 119
... interface, the Add AAA Client page (see the documentation provided with the GSS Table 4-1 TACACS+ Configuration Quick Start (continued) Task and Command Example 6. Enable the TACACS+ accounting service to specific GSS CLI commands, as defined by each GSS user. OL-10410-01 Cisco Global Site Selector Administration Guide 4-5 gssm1.example.com(config)# aaa accounting commands...
... interface, the Add AAA Client page (see the documentation provided with the GSS Table 4-1 TACACS+ Configuration Quick Start (continued) Task and Command Example 6. Enable the TACACS+ accounting service to specific GSS CLI commands, as defined by each GSS user. OL-10410-01 Cisco Global Site Selector Administration Guide 4-5 gssm1.example.com(config)# aaa accounting commands...
Administration Guide
Page 123
...GSS sends to be entered in the Arguments text box as follows: a. A new command configuration section appears for a specified CLI command by clicking the Submit button after each argument of permitting and denying CLI commands: • To deny all arguments not specifically listed. 8. The specified commands are examples of the Cisco... IOS command, specify whether the argument is to the Cisco Secure ACS. Click the Deny option. Leave the command ...
...GSS sends to be entered in the Arguments text box as follows: a. A new command configuration section appears for a specified CLI command by clicking the Submit button after each argument of permitting and denying CLI commands: • To deny all arguments not specifically listed. 8. The specified commands are examples of the Cisco... IOS command, specify whether the argument is to the Cisco Secure ACS. Click the Deny option. Leave the command ...
Administration Guide
Page 130
...privileges from the TACACS+ Server For a user with the GSS 6. See the "Custom User View Overview" section in the primary GSSM GUI. 4-16 Cisco Global Site Selector Administration Guide OL-10410-01 Chapter 4 Managing GSS User Accounts Through a TACACS+ Server Configuring a TACACS+ ...Server for Use with an assigned operator or observer role, a TACACS+ server does not directly support control over additional primary GSSM GUI application-specific...
...privileges from the TACACS+ Server For a user with the GSS 6. See the "Custom User View Overview" section in the primary GSSM GUI. 4-16 Cisco Global Site Selector Administration Guide OL-10410-01 Chapter 4 Managing GSS User Accounts Through a TACACS+ Server Configuring a TACACS+ ...Server for Use with an assigned operator or observer role, a TACACS+ server does not directly support control over additional primary GSSM GUI application-specific...
Administration Guide
Page 131
... a random setting. When you configure TACACS+ authentication on the GSS from a TACACS+ server. The Edit page appears (see the "Configuring Authentication Settings on the TACACS+ Server" section), ensure that you set the user account GUI-specific password to maintain the security of the Cisco Secure ACS interface, the Logging Configuration page, click CSV...
... a random setting. When you configure TACACS+ authentication on the GSS from a TACACS+ server. The Edit page appears (see the "Configuring Authentication Settings on the TACACS+ Server" section), ensure that you set the user account GUI-specific password to maintain the security of the Cisco Secure ACS interface, the Logging Configuration page, click CSV...
Administration Guide
Page 137
... gss1.example.com(config)# no tacacs-server timeout 60 Specifying TACACS+ Authentication of keepalives, you enable TACACS+ authentication for the specific GSS access method. The syntax for this global configuration command is as follows: tacacs-server timeout seconds The seconds argument is 5 seconds...tacacs-server timeout command. See the Cisco Global Site Selector Getting Started Guide for details. Chapter 4 Managing GSS User Accounts Through a TACACS+ Server Specifying the TACACS+ Server Timeout on the GSS Specifying the TACACS+ Server Timeout on the GSS As a secondary measure, if ...
... gss1.example.com(config)# no tacacs-server timeout 60 Specifying TACACS+ Authentication of keepalives, you enable TACACS+ authentication for the specific GSS access method. The syntax for this global configuration command is as follows: tacacs-server timeout seconds The seconds argument is 5 seconds...tacacs-server timeout command. See the Cisco Global Site Selector Getting Started Guide for details. Chapter 4 Managing GSS User Accounts Through a TACACS+ Server Specifying the TACACS+ Server Timeout on the GSS Specifying the TACACS+ Server Timeout on the GSS As a secondary measure, if ...
Administration Guide
Page 138
...-level EXEC mode commands, including global configuration and interface configuration commands. 4-24 Cisco Global Site Selector Administration Guide OL-10410-01 The command authorizes all attempts to specific GSS CLI commands. For example, to enable TACACS+ authentication for an SSH remote ...)# aaa authentication ssh local Use the no aaa authentication ssh Specifying TACACS+ Authorization of the GSS TACACS+ authorization enables you to set parameters that restrict user access to specific GSS CLI commands, as follows: • ftp-Enables the TACACS+ authentication service for a File...
...-level EXEC mode commands, including global configuration and interface configuration commands. 4-24 Cisco Global Site Selector Administration Guide OL-10410-01 The command authorizes all attempts to specific GSS CLI commands. For example, to enable TACACS+ authentication for an SSH remote ...)# aaa authentication ssh local Use the no aaa authentication ssh Specifying TACACS+ Authorization of the GSS TACACS+ authorization enables you to set parameters that restrict user access to specific GSS CLI commands, as follows: • ftp-Enables the TACACS+ authentication service for a File...
Administration Guide
Page 141
...keepalive function, the show statistics tacacs command output. OL-10410-01 Cisco Global Site Selector Administration Guide 4-27 Each server is a PASS, FAIL, and ERROR counter for the GSS, enter: gss1.example.com# show statistics tacacs Server 192.168.1...., along with a GSS, the GSS increments the Authentication Pass counter. Table 4-2 Field Descriptions for the specific service. Counter that increments when a "pass" condition occurs for show statistics tacacs command to access a specific CLI command through authorization, the GSS increments the Authorization Pass...
...keepalive function, the show statistics tacacs command output. OL-10410-01 Cisco Global Site Selector Administration Guide 4-27 Each server is a PASS, FAIL, and ERROR counter for the GSS, enter: gss1.example.com# show statistics tacacs Server 192.168.1...., along with a GSS, the GSS increments the Authentication Pass counter. Table 4-2 Field Descriptions for the specific service. Counter that increments when a "pass" condition occurs for show statistics tacacs command to access a specific CLI command through authorization, the GSS increments the Authorization Pass...
Administration Guide
Page 146
... statements. However, the return inbound traffic must be explicitly permitted because GSS access lists are collections of filtering rules that you create a criteria statement that explicitly permits all traffic. Cisco Global Site Selector Administration Guide 5-2 OL-10410-01 After creating an ...order that the statements were created. Filtering GSS Traffic Using Access Lists Chapter 5 Configuring Access Lists and Filtering GSS Traffic Access List Overview The packet filtering tools on the GSS instruct each device to permit or refuse specific packets based on a combination of criteria ...
... statements. However, the return inbound traffic must be explicitly permitted because GSS access lists are collections of filtering rules that you create a criteria statement that explicitly permits all traffic. Cisco Global Site Selector Administration Guide 5-2 OL-10410-01 After creating an ...order that the statements were created. Filtering GSS Traffic Using Access Lists Chapter 5 Configuring Access Lists and Filtering GSS Traffic Access List Overview The packet filtering tools on the GSS instruct each device to permit or refuse specific packets based on a combination of criteria ...
Administration Guide
Page 161
.... OL-10410-01 Cisco Global Site Selector Administration Guide 6-1 SNMP implementations typically consist of network management standards for standard MIB resources. CH A PTE R 6 Configuring SNMP This chapter describes how to configure Simple Network Management Protocol (SNMP) to query GSS devices for IP-based internetworks. SNMP includes a protocol, a database-structure specification, and a set of...
.... OL-10410-01 Cisco Global Site Selector Administration Guide 6-1 SNMP implementations typically consist of network management standards for standard MIB resources. CH A PTE R 6 Configuring SNMP This chapter describes how to configure Simple Network Management Protocol (SNMP) to query GSS devices for IP-based internetworks. SNMP includes a protocol, a database-structure specification, and a set of...
Administration Guide
Page 162
... enable gss1.example.com# 2. Access global configuration mode. gss1.example.com(config)# snmp enable Cisco Global Site Selector Administration Guide 6-2 OL-10410-01 Configuring SNMP on the GSS Chapter 6 Configuring SNMP SNMP obtains information from the SNMP manager and also sends management information back...are transmitted through a Management Information Base (MIB). Each MIB object controls one specific function, such as events occur. Each GSS or GSSM contains an SNMP agent, ucd-snmp v4.2.3, to monitor the GSS or GSSM, you also specify an SNMP community name, name of code ...
... enable gss1.example.com# 2. Access global configuration mode. gss1.example.com(config)# snmp enable Cisco Global Site Selector Administration Guide 6-2 OL-10410-01 Configuring SNMP on the GSS Chapter 6 Configuring SNMP SNMP obtains information from the SNMP manager and also sends management information back...are transmitted through a Management Information Base (MIB). Each MIB object controls one specific function, such as events occur. Each GSS or GSSM contains an SNMP agent, ucd-snmp v4.2.3, to monitor the GSS or GSSM, you also specify an SNMP community name, name of code ...