Software Configuration Guide
Page 6
... the Active Management Port: Example 5-7 Configuring Management Interface Redundancy 5-7 About Management Port Redundancy 5-7 How to Configure the Management Ports for Redundancy 5-8 Configuring the Fail-Over Mode 5-8 Options 5-8 How to Enable Automatic Fail-Over Mode 5-8 How to Disable Automatic Fail-Over Mode 5-9 Configuring Management Interface Security 5-9 Configuring the IP Fragment Filter 5-9 Options 5-9 How to Enable the IP Fragment Filter 5-10 How to Disable the IP Fragment Filter 5-10 Configuring the Permitted and Not-permitted IP Address Monitor 5-10 Cisco SCE...
... the Active Management Port: Example 5-7 Configuring Management Interface Redundancy 5-7 About Management Port Redundancy 5-7 How to Configure the Management Ports for Redundancy 5-8 Configuring the Fail-Over Mode 5-8 Options 5-8 How to Enable Automatic Fail-Over Mode 5-8 How to Disable Automatic Fail-Over Mode 5-9 Configuring Management Interface Security 5-9 Configuring the IP Fragment Filter 5-9 Options 5-9 How to Enable the IP Fragment Filter 5-10 How to Disable the IP Fragment Filter 5-10 Configuring the Permitted and Not-permitted IP Address Monitor 5-10 Cisco SCE...
Software Configuration Guide
Page 21
... Addresses for the Health Check Packets 12-23 How to Configure a VAS Server Group 12-25 About VAS Server Groups 12-25 How to Add and Remove Servers 12-25 How to Configure VAS Server Group Failure Parameters 12-26 Monitoring VAS Traffic Forwarding 12-28 How to Display Global VAS Status and Configuration 12-28 Example 12-28 How to Display Operational and Configuration Information for a Specific VAS Server...
... Addresses for the Health Check Packets 12-23 How to Configure a VAS Server Group 12-25 About VAS Server Groups 12-25 How to Add and Remove Servers 12-25 How to Configure VAS Server Group Failure Parameters 12-26 Monitoring VAS Traffic Forwarding 12-28 How to Display Global VAS Status and Configuration 12-28 Example 12-28 How to Display Operational and Configuration Information for a Specific VAS Server...
Software Configuration Guide
Page 22
... in the MPLS/VPN Solution 13-6 SM Tasks in the MPLS/VPN Solution 13-6 Service Control MPLS/VPN Concepts 13-6 Non-VPN-Based Subscribers 13-6 Bypassing Unknown VPNs 13-7 Additional MPLS Pattern Support 13-7 VPN Identifier (RD or RT) 13-8 Service Control MPLS/VPN Requirements 13-8 Topology 13-8 Cisco SCE 2000 and SCE 1000 Software Configuration Guide xx OL-7827-12
... in the MPLS/VPN Solution 13-6 SM Tasks in the MPLS/VPN Solution 13-6 Service Control MPLS/VPN Concepts 13-6 Non-VPN-Based Subscribers 13-6 Bypassing Unknown VPNs 13-7 Additional MPLS Pattern Support 13-7 VPN Identifier (RD or RT) 13-8 Service Control MPLS/VPN Requirements 13-8 Topology 13-8 Cisco SCE 2000 and SCE 1000 Software Configuration Guide xx OL-7827-12
Software Configuration Guide
Page 38
... Control Application for Cisco Service Control Engine (SCE). • For installation and configuration of the other components of all CLI commands, refer to the Cisco SCE 2000 and SCE 1000 CLI Command Reference • For information regarding the Service Control CLI and a complete listing of the Service Control Management Suite refer to the relevant installation guide: - Cisco SCE 2000 4xGBE Installation and Configuration Guide - Cisco SCE 2000 4/8xFE Installation and Configuration Guide - Cisco Service Control Application Reporter User Guide • To view Cisco documentation...
... Control Application for Cisco Service Control Engine (SCE). • For installation and configuration of the other components of all CLI commands, refer to the Cisco SCE 2000 and SCE 1000 CLI Command Reference • For information regarding the Service Control CLI and a complete listing of the Service Control Management Suite refer to the relevant installation guide: - Cisco SCE 2000 4xGBE Installation and Configuration Guide - Cisco SCE 2000 4/8xFE Installation and Configuration Guide - Cisco Service Control Application Reporter User Guide • To view Cisco documentation...
Software Configuration Guide
Page 64
... SCE# prompt, type show running -config. After reboot, the SCE platform loads the startup-config, which includes the non-default configuration as saved by the user, into the running -config. The running configuration. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 3-2 OL-7827-12 Viewing Configurations When you enter configuration commands, it is up . This file contains results of configuration commands entered by the user. Managing Configurations Chapter 3 Operations The SCE platform uses two configuration files: •...
... SCE# prompt, type show running -config. After reboot, the SCE platform loads the startup-config, which includes the non-default configuration as saved by the user, into the running -config. The running configuration. Cisco SCE 2000 and SCE 1000 Software Configuration Guide 3-2 OL-7827-12 Viewing Configurations When you enter configuration commands, it is up . This file contains results of configuration commands entered by the user. Managing Configurations Chapter 3 Operations The SCE platform uses two configuration files: •...
Software Configuration Guide
Page 97
... Parameters This interface has a transmission rate of the Management Interface, page 5-4 • Configuring the Management Interface Speed and Duplex Parameters, page 5-5 • Specifying the Active Management Port, page 5-6 OL-7827-12 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-3 The command prompt changes to the remote management console via the LAN. Chapter 5 Configuring the Management Interface and Security Entering Management Interface Configuration Mode Step 1 Step 2 Step 3 Cable the desired management port, connecting it to SCE(config)#. Mng port 1 •...
... Parameters This interface has a transmission rate of the Management Interface, page 5-4 • Configuring the Management Interface Speed and Duplex Parameters, page 5-5 • Specifying the Active Management Port, page 5-6 OL-7827-12 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-3 The command prompt changes to the remote management console via the LAN. Chapter 5 Configuring the Management Interface and Security Entering Management Interface Configuration Mode Step 1 Step 2 Step 3 Cable the desired management port, connecting it to SCE(config)#. Mng port 1 •...
Software Configuration Guide
Page 101
... management interface, thus ensuring management access to the SCE platform even if there is a failure in one port is active at any time. • The same virtual IP address and MAC address are assigned to both ports must be connected to the management console via a switch. Port 1 = active - Step 1 From the SCE# prompt, type Interface Mng {0/1 | 0/2} active-port and press Enter. Note that both ports. • Default: - OL-7827-12 Cisco...
... management interface, thus ensuring management access to the SCE platform even if there is a failure in one port is active at any time. • The same virtual IP address and MAC address are assigned to both ports must be connected to the management console via a switch. Port 1 = active - Step 1 From the SCE# prompt, type Interface Mng {0/1 | 0/2} active-port and press Enter. Note that both ports. • Default: - OL-7827-12 Cisco...
Software Configuration Guide
Page 109
... appropriate configuration guide for the client and server to Configure the Global Default Timeout, page 5-18 OL-7827-12 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-15 specify the password - login authentication methods - Use the " show running-config " command to work with TACACS+ server: - define the privilege level 4. Review the configuration. Chapter 5 Configuring the Management Interface and Security Configuring the Available Interfaces 1. shared encryption key (the configured encryption key must match the encryption key configured...
... appropriate configuration guide for the client and server to Configure the Global Default Timeout, page 5-18 OL-7827-12 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-15 specify the password - login authentication methods - Use the " show running-config " command to work with TACACS+ server: - define the privilege level 4. Review the configuration. Chapter 5 Configuring the Management Interface and Security Configuring the Available Interfaces 1. shared encryption key (the configured encryption key must match the encryption key configured...
Software Configuration Guide
Page 129
... Commands for read and write operations. All the SNMP commands are all ] • [no] snmp-server contact • [no ] snmp-server host [all performed in a single Request / response transaction. Furthermore, an ACL (Access List) may be associated with a community to allow SNMP management to a restricted set of managers IP addresses. In addition, the SCE platform supports the option to configure community of managers for read-write accessibility or for Monitoring SNMP...
... Commands for read and write operations. All the SNMP commands are all ] • [no] snmp-server contact • [no ] snmp-server host [all performed in a single Request / response transaction. Furthermore, an ACL (Access List) may be associated with a community to allow SNMP management to a restricted set of managers IP addresses. In addition, the SCE platform supports the option to configure community of managers for read-write accessibility or for Monitoring SNMP...
Software Configuration Guide
Page 145
... the new passwords permanent. This will not be saved (use the CLI command copy running-config startup-config ) to restore the saved user configuration • If passwords were not encrypted-the user-configured passwords that begin with enable password. The configuration should be able to the SCE platform and enable the admin authorization level. Type reboot and press Enter. OL-7827-12 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-51
... the new passwords permanent. This will not be saved (use the CLI command copy running-config startup-config ) to restore the saved user configuration • If passwords were not encrypted-the user-configured passwords that begin with enable password. The configuration should be able to the SCE platform and enable the admin authorization level. Type reboot and press Enter. OL-7827-12 Cisco SCE 2000 and SCE 1000 Software Configuration Guide 5-51
Software Configuration Guide
Page 165
... the SCE(config if)# prompt, type speed 10|100|auto and press Enter. Configures the speed of the Management Interface: Example The following example shows how to use this command to configure both management ports to half duplex mode. Configures the duplex operation of the currently selected management port (0/1 or 0/2): - 10 - 100 - auto-negotiation (do not force speed on the link) If the speed parameter is configured to auto, changing the speed parameter...
... the SCE(config if)# prompt, type speed 10|100|auto and press Enter. Configures the speed of the Management Interface: Example The following example shows how to use this command to configure both management ports to half duplex mode. Configures the duplex operation of the currently selected management port (0/1 or 0/2): - 10 - 100 - auto-negotiation (do not force speed on the link) If the speed parameter is configured to auto, changing the speed parameter...
Software Configuration Guide
Page 166
... display the following information for the management interface specified in the command. 5-72 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12 SCE#config SCE(config)#interface mng 0/1 SCE(config if)#speed 100 SCE(config if)#exit SCE(config)#interface mng 0/2 SCE(config if)#speed 100 Monitoring the Management Interface Use this command to configure both management ports to either interface. • speed • duplex • IP address • active port Step 1 From the SCE# prompt, type show interface...
... display the following information for the management interface specified in the command. 5-72 Cisco SCE 2000 and SCE 1000 Software Configuration Guide OL-7827-12 SCE#config SCE(config)#interface mng 0/1 SCE(config if)#speed 100 SCE(config if)#exit SCE(config)#interface mng 0/2 SCE(config if)#speed 100 Monitoring the Management Interface Use this command to configure both management ports to either interface. • speed • duplex • IP address • active port Step 1 From the SCE# prompt, type show interface...
Software Configuration Guide
Page 178
... Interface About Changing Managed VPN Modes Managed VPNs can only exist in either the LNS or LAC IP address. Note Non-first fragments of the traffic passing through the SCE platform. Configuring the L2TP Environment Use this command to restore the default VLAN or MPLS configuration. This can be removed. This can only be done via the SM CLU (which means that the connection...
... Interface About Changing Managed VPN Modes Managed VPNs can only exist in either the LNS or LAC IP address. Note Non-first fragments of the traffic passing through the SCE platform. Configuring the L2TP Environment Use this command to restore the default VLAN or MPLS configuration. This can be removed. This can only be done via the SM CLU (which means that the connection...
Software Configuration Guide
Page 200
... link mode options are different for all -links option). • Cutoff - Cisco SCE 2000 and SCE 1000 Software Configuration Guide 7-6 OL-7827-12 How to Configure the Link Mode Chapter 7 Configuring the Connection About the Link Mode The SCE platform has an internal hardware card used to enforce a specific desired mode. Traffic still flows on the specified link through the specified link. • link# - completely cuts off flow of the link being configured Use the all-links...
... link mode options are different for all -links option). • Cutoff - Cisco SCE 2000 and SCE 1000 Software Configuration Guide 7-6 OL-7827-12 How to Configure the Link Mode Chapter 7 Configuring the Connection About the Link Mode The SCE platform has an internal hardware card used to enforce a specific desired mode. Traffic still flows on the specified link through the specified link. • link# - completely cuts off flow of the link being configured Use the all-links...
Software Configuration Guide
Page 274
... system monitors all the traffic only through the SCE platform. - This is used, management port link failure will cause an SM connection failure and this, in failure/boot status. However, when SM is not a failure that it is in turn, will be declared as a failure of the SCE platform. When operating in deployments of single SCE platform with two data links, link failure is reflected in the SCE platform. Link reflection, like fail...
... system monitors all the traffic only through the SCE platform. - This is used, management port link failure will cause an SM connection failure and this, in failure/boot status. However, when SM is not a failure that it is in turn, will be declared as a failure of the SCE platform. When operating in deployments of single SCE platform with two data links, link failure is reflected in the SCE platform. Link reflection, like fail...
Software Configuration Guide
Page 291
... Identifying and Preventing Distributed-Denial-Of-Service Attacks Configuring Attack Detectors Configuring Attack Detectors • How to Enable Specific-IP Detection, page 11-9 • How to Configure the Default Attack Detector, page 11-10 • Specific Attack Detectors, page 11-13 • Sample Attack Detector Configuration, page 11-17 The Cisco attack detection mechanism is controlled by default. Therefore setting a threshold of 1000 for all...
... Identifying and Preventing Distributed-Denial-Of-Service Attacks Configuring Attack Detectors Configuring Attack Detectors • How to Enable Specific-IP Detection, page 11-9 • How to Configure the Default Attack Detector, page 11-10 • Specific Attack Detectors, page 11-13 • Sample Attack Detector Configuration, page 11-17 The Cisco attack detection mechanism is controlled by default. Therefore setting a threshold of 1000 for all...
Software Configuration Guide
Page 297
... either disabled (default) or enabled. Settings for other attack types are permitted by a number (1-100). Chapter 11 Identifying and Preventing Distributed-Denial-Of-Service Attacks Configuring Attack Detectors Specific Attack Detectors Use these commands to define thresholds, actions, subscriber notification setting, and sending an SNMP trap for a specific attack detector for selected set for all IP addresses are not affected by this attack-detector. detect a specific destination port). OL...
... either disabled (default) or enabled. Settings for other attack types are permitted by a number (1-100). Chapter 11 Identifying and Preventing Distributed-Denial-Of-Service Attacks Configuring Attack Detectors Specific Attack Detectors Use these commands to define thresholds, actions, subscriber notification setting, and sending an SNMP trap for a specific attack detector for selected set for all IP addresses are not affected by this attack-detector. detect a specific destination port). OL...
Software Configuration Guide
Page 316
... and flexibility for the third party devices, no special support is a special case of the Cisco Multi-Gigabit Service Control Platform (MGSCP) solution, supporting only one external 10G link and using different VAS Server Groups. How VAS Traffic Forwarding Works Chapter 12 Value Added Services (VAS) Traffic Forwarding The VAS feature enables the user to divert a specified part of the traffic streams to...
... and flexibility for the third party devices, no special support is a special case of the Cisco Multi-Gigabit Service Control Platform (MGSCP) solution, supporting only one external 10G link and using different VAS Server Groups. How VAS Traffic Forwarding Works Chapter 12 Value Added Services (VAS) Traffic Forwarding The VAS feature enables the user to divert a specified part of the traffic streams to...
Software Configuration Guide
Page 326
... the VAS server-SCE platform connectivity is not supported. Alternatively, it is a special case of Cisco Multi-Gigabit Service Control Platform (MGSCP) solution, supporting only one or more VAS servers through the same network channels as reported by the user - Note A topology in which is specifically configured to identify the failure. The two Ethernet switches are two assumptions the VAS servers should still be used between...
... the VAS server-SCE platform connectivity is not supported. Alternatively, it is a special case of Cisco Multi-Gigabit Service Control Platform (MGSCP) solution, supporting only one or more VAS servers through the same network channels as reported by the user - Note A topology in which is specifically configured to identify the failure. The two Ethernet switches are two assumptions the VAS servers should still be used between...
Software Configuration Guide
Page 329
... specific IP DDoS mechanism uses software counters. Chapter 12 Value Added Services (VAS) Traffic Forwarding SNMP Support for VAS SNMP Support for VAS The following items in the operational status of the user to make sure that are incompatible with VAS mode: • Line-card connection modes - Before enabling VAS traffic forwarding, it is the responsibility of a VAS server. OL-7827-12 Cisco SCE 2000 and SCE 1000 Software Configuration Guide...
... specific IP DDoS mechanism uses software counters. Chapter 12 Value Added Services (VAS) Traffic Forwarding SNMP Support for VAS SNMP Support for VAS The following items in the operational status of the user to make sure that are incompatible with VAS mode: • Line-card connection modes - Before enabling VAS traffic forwarding, it is the responsibility of a VAS server. OL-7827-12 Cisco SCE 2000 and SCE 1000 Software Configuration Guide...