Cisco Content Services Switch Basic Configuration Guide
Transcript of Cisco Content Services Switch Basic Configuration Guide
170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.com
Cisco Systems, Inc.Corporate Headquarters
Tel:800 553-NETS (6387)408 526-4000
Fax: 408 526-4100
Cisco Content Services Switch Basic Configuration GuideSoftware Version 4.01December, 2000
Text Part Number: 78-11424-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Access Registrar, AccessPath, Are You Ready, ATM Director, Browse with Me, CCDA, CCDE, CCDP, CCIE, CCNA, CCNP, CCSI, CD-PAC, CiscoLink, the Cisco NetWorks logo, Cisco Powered Network logo, Cisco Systems Networking Academy, Fast Step, FireRunner, Follow Me Browsing, FormShare, GigaStack, IGX, Intelligence in the Optical Core, Internet Quotient, IP/VC, iQ Breakthrough, iQ Expertise, iQ FastTrack, iQ Logo, iQ Readiness Scorecard, Kernel Proxy, MGX, Natural Network Viewer, Network Registrar, the Networkers logo, Packet, PIX, Point and Click Internetworking, Policy Builder, RateMUX, ReyMaster, ReyView, ScriptShare, Secure Script, Shop with Me, SlideCast, SMARTnet, SVX, TrafficDirector, TransPath, VlanDirector, Voice LAN, Wavelength Router, WebViewer, Workgroup Director, and Workgroup Stack are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, Empowering the Internet Generation, are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, Cisco, the Cisco Certified Internetwork Expert Logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Collision Free, Enterprise/Solver, EtherChannel, EtherSwitch, FastHub, FastLink, FastPAD, IOS, IP/TV, IPX, LightStream, LightSwitch, MICA, NetRanger, Post-Routing, Pre-Routing, Registrar, StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc. or its affiliates in the U.S. and certain other countries.
All other brands, names, or trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0010R)
Content Services Switch Basic Configuration GuideCopyright © 2000, Cisco Systems, Inc.All rights reserved.
C O N T E N T S
About This Guide xxi
Audience xxii
How to Use This Guide xxii
Related Documentation xxiii
Documentation Map xxv
Symbols and Conventions xxvi
C H A P T E R 1 Logging in and Getting Started 1-1
Configuration Quick Start 1-2
Logging into the CSS 1-5
Changing the Administrative Username and Password 1-5
Configuring Usernames and Passwords 1-6
Configuring an IP Address and Subnet Mask for the Ethernet Management Port 1-8
Configuring an IP Address 1-8
Configuring a Subnet Mask 1-9
Configuring a Default IP Route 1-9
Configuring Date and Time 1-10
Configuring European Date 1-11
Configuring an FTP Record 1-11
Copying Files from an FTP Server 1-12
Rebooting the CSS 1-13
Shutting Down the CSS 1-13
iiiContent Services Switch Basic Configuration Guide
78-11424-01
Contents
Using the Offline Diagnostic Monitor Menu 1-13
Accessing the Offline Diagnostic Monitor Main Menu 1-14
Using the Boot Configuration Menu 1-17
Setting Primary Boot Configuration 1-19
Setting Secondary Boot Configuration 1-23
Setting IP Address, and Subnet Mask 1-28
Showing the Boot Configuration 1-29
Using the Advanced Options 1-30
Deleting a Software Version 1-30
Using the Security Options 1-31
Using the Disk Options 1-33
Enabling and Disabling Core Dumps 1-38
Showing Core Dumps 1-39
CSS Software Overview 1-39
Using the Running-Config and Startup-Config 1-42
Clearing the Running-Config and the Startup-Config 1-43
Showing the Running-Config 1-43
Showing the Startup-Config 1-46
Creating a Running-Config or Startup-Config Using a Text Editor 1-47
Archiving Files to the Archive Directory 1-48
Archiving a Log File 1-48
Archiving the Running-Config 1-49
Archiving Scripts 1-49
Archiving the Startup-Config 1-49
Clearing the Archive Directory 1-49
ivContent Services Switch Basic Configuration Guide
78-11424-01
Contents
Restoring Files from the Archive Directory 1-50
Restoring an Archived Log File 1-50
Restoring an Archived Script File 1-51
Restoring an Archived Startup-Config 1-51
Copying Core Dumps to an FTP or TFTP Server 1-52
Copying Core Dumps to an FTP Server 1-52
Copying Core Dumps to a TFTP Server 1-53
Displaying CSS Configurations 1-53
Displaying Software Information 1-54
Displaying Hardware Information 1-54
Showing System Resources 1-56
Showing User Information 1-57
Showing Current Logins 1-58
Where to Go Next 1-58
C H A P T E R 2 Configuring User Profiles and CSS Parameters 2-1
Configuring User Profiles 2-2
Configuring User Terminal Parameters 2-3
Configuring Terminal Idle 2-3
Configuring Terminal Length 2-4
Configuring Terminal More 2-4
Configuring Terminal Netmask-Format 2-4
Configuring Terminal Timeout 2-5
Using Expert Mode 2-5
Changing the CLI Prompt 2-6
vContent Services Switch Basic Configuration Guide
78-11424-01
Contents
Modifying the History Buffer 2-6
Displaying the History Buffer 2-7
Copying and Saving User Profiles 2-8
Copying the Running Profile to the Default-Profile 2-8
Copying the Running Profile to a User Profile 2-8
Copying the Running Profile to an FTP Server 2-9
Copying the Running Profile to a TFTP Server 2-9
Boot Configuration Mode Commands 2-10
Unpacking an ArrowPoint Distribution Image (ADI) 2-10
Removing an ArrowPoint Distribution Image (ADI) 2-11
Specifying the Primary BOOT Configuration 2-11
Configuring the Primary Boot-File 2-11
Configuring the Primary Boot-Type 2-12
Configuring the Primary Config-Path 2-12
Specifying the Secondary Boot Configuration 2-13
Specifying the Secondary Boot-File 2-13
Specifying the Secondary Boot-Type 2-14
Specifying the Secondary Config-Path 2-14
Configuring a Boot Configuration Record for the Passive SCM 2-15
Configuring the Passive SCM IP Address 2-17
Configuring the Passive SCM Primary Boot File 2-17
Configuring the Passive SCM Primary Boot Type 2-17
Configuring the Passive SCM Primary Configuration Path 2-18
Configuring the Passive SCM Secondary Boot File 2-19
Configuring the Passive SCM Secondary Boot Type 2-19
Configuring the Passive SCM Secondary Configuration Path 2-20
Configuring the Passive SCM Subnet Mask 2-20
viContent Services Switch Basic Configuration Guide
78-11424-01
Contents
Copying the Boot Configuration Record from the Active SCM to the Passive SCM 2-21
Showing the BOOT Configuration 2-21
Booting the CSS from a Network Drive 2-21
Configuring Network Boot for a Primary SCM 2-22
Configuring Network Boot for a Passive SCM 2-23
Showing Network Boot Configurations 2-24
Configuring Host Name 2-25
Configuring Idle Timeout 2-25
Controlling Remote Access to the CSS 2-26
Restricting Console, FTP, SNMP, Telnet, XML, and Web Management Access to the CSS 2-27
Finding an IP Address 2-28
Configuring Flow Parameters 2-29
Configuring Permanent Connections for TCP Ports 2-29
Resetting Fast Ethernet and Gigabit Ethernet Ports 2-30
Reclaiming Reserved Telnet and FTP Control Ports 2-30
Showing Flow Statistics 2-32
Configuring Content API 2-32
Controlling Access to the CSS HTTP Server 2-33
Configuring the Command Scheduler 2-33
Showing Configured Command Scheduler Records 2-35
Where to Go Next 2-35
viiContent Services Switch Basic Configuration Guide
78-11424-01
Contents
C H A P T E R 3 Configuring CSS Network Protocols 3-1
Configuring Domain Name Service 3-2
Specifying a Primary DNS Server 3-2
Using DNS Resolve 3-2
Specifying a Secondary DNS Server 3-3
Specifying a DNS Suffix 3-3
Configuring Address Resolution Protocol 3-4
Configuring ARP 3-4
Configuring ARP Timeout 3-5
Configuring ARP Wait 3-6
Updating ARP Parameters 3-6
Clearing ARP Parameters 3-6
Showing ARP Information 3-7
Configuring Routing Information Protocol 3-8
Configuring RIP Advertise 3-8
Configuring RIP Redistribute 3-9
Configuring RIP Equal-Cost 3-9
Showing RIP Configurations 3-10
Configuring Internet Protocol 3-11
Configuring IP Record-Route 3-11
Configuring IP Redundancy 3-11
Configuring IP ECMP 3-12
Configuring an IP Route 3-13
Configuring IP Source-Route 3-15
Disabling an Implicit Service for Static Route Next Hop 3-15
Configuring IP Subnet-Broadcast 3-16
Showing IP Information 3-17
viiiContent Services Switch Basic Configuration Guide
78-11424-01
Contents
Showing IP Config 3-17
Showing IP Interfaces 3-17
Showing IP Routes 3-18
Showing IP Statistics 3-20
Showing IP Summary 3-21
Configuring Bridging for the CSS 3-21
Configuring Bridge Aging-Time 3-21
Configuring Bridge Forward-Time 3-22
Configuring Bridge Hello-Time 3-22
Configuring Bridge Max-Age 3-23
Configuring Bridge Priority for the CSS 3-23
Enabling and Disabling Bridge Spanning-Tree 3-24
Showing Bridge Configurations 3-24
Configuring Secure Shell Daemon 3-25
Configuring SSHD Keepalive 3-27
Configuring SSHD Port 3-27
Configuring SSHD Server-Keybits 3-27
Disabling and Enabling Telnet Access when using SSHD 3-28
Showing SSHD Configurations 3-28
Configuring Opportunistic Layer 3 Forwarding 3-28
Where to Go Next 3-30
ixContent Services Switch Basic Configuration Guide
78-11424-01
Contents
C H A P T E R 4 Configuring Interfaces and Circuits 4-1
Interface and Circuit Overview 4-1
Interface and Circuit Configuration Quick Start 4-3
Configuring Interfaces 4-4
Configuring an Interface 4-5
Entering a Description for the Interface 4-5
Configuring Interface Duplex and Speed 4-6
Setting the Interface Maximum Idle Time 4-7
Showing Interface Duplex and Speed 4-8
Bridging the Interface to a VLAN 4-8
Configuring Bridge Pathcost 4-9
Configuring Bridge Priority 4-9
Configuring Bridge State 4-10
Configuring the Low Water Mark of Flow Control Blocks on an Interface 4-10
Showing Bridge Configurations 4-10
Showing Interfaces 4-11
Showing Interface Statistics 4-12
Showing Ethernet Interface Errors 4-13
Shutting Down an Interface 4-14
Restarting the Interface 4-14
Shutting Down All Interfaces 4-14
Restarting All Interfaces 4-15
Configuring Circuits 4-15
Configuring Router-Discovery Lifetime 4-16
Configuring Router-Discovery Limited-Broadcast 4-16
xContent Services Switch Basic Configuration Guide
78-11424-01
Contents
Configuring Router-Discovery Max-Advertisement-Interval 4-16
Configuring Router-Discovery Min-Advertisement-Interval 4-17
Showing Circuits 4-17
Configuring a Circuit IP Interface 4-18
Configuring a Circuit IP Address 4-18
Configuring a Circuit-IP Broadcast Address 4-19
Configuring Circuit-IP Redirects 4-19
Configuring Circuit-IP Unreachables 4-20
Enabling Router-Discovery 4-20
Configuring Router-Discovery Preference 4-20
Enabling a Circuit IP 4-21
Disabling a Circuit IP 4-21
Showing IP Interfaces 4-21
Configuring RIP for an IP Interface 4-22
Configuring RIP Default-Route 4-22
Configuring RIP Receive 4-23
Configuring RIP Send 4-23
Showing RIP Configurations 4-23
Where to Go Next 4-24
C H A P T E R 5 Configuring Services 5-1
Service, Owner, and Content Rule Overview 5-1
Service Configuration Quick Start 5-4
Service Load Overview 5-5
Using ArrowPoint Content Awareness Based on Server Load and Weight 5-7
Using ACA Based on Server Load 5-7
Using ACA Based on Server Weight and Load 5-8
xiContent Services Switch Basic Configuration Guide
78-11424-01
Contents
Configuring Load for Services 5-9
Configuring Global Load Step 5-9
Configuring Global Load Threshold 5-10
Configuring Global Load Reporting 5-11
Configuring Load Tear Down Timer 5-11
Configuring Load Ageout Timer 5-12
Showing Global Service Loads 5-13
Global Keepalive Mode 5-13
Creating a Global Keepalive 5-14
Activating a Global Keepalive Active 5-15
Configuring a Global Keepalive Description 5-15
Configuring a Global Keepalive Frequency 5-15
Configuring a Global Keepalive IP Address 5-16
Configuring a Global Keepalive Max Failure 5-16
Configuring a Global Keepalive Method 5-16
Configuring a Global Keepalive Port 5-17
Configuring a Global Keepalive Retryperiod 5-17
Deactivating a Global Keepalive 5-17
Configuring a Global Keepalive Type 5-18
Configuring a Global Keepalive URI 5-18
Associating a Service with a Global Keepalive 5-19
Configuring Global Keepalive Hash 5-19
Showing Global Keepalive Configurations 5-21
xiiContent Services Switch Basic Configuration Guide
78-11424-01
Contents
Script Keepalives 5-22
Script Keepalive Considerations 5-22
Configuring Script Keepalives 5-24
Viewing a Script Keepalive in a Service 5-24
Script Keepalive Status Codes 5-26
Creating Services 5-26
Configuring Services 5-27
Assigning an IP Address to the Service 5-27
Specifying a Port 5-28
Specifying a Protocol 5-29
Specifying a Domain Name 5-29
Configuring an Advanced Load Balancing String 5-30
Configuring a Service HTTP Cookie 5-30
Configuring Weight 5-31
Specifying a Service Type 5-31
How the CSS Accesses Server Types 5-33
Configuring Service Access 5-33
Configuring Service Cache Bypass 5-34
Configuring Keepalives 5-34
Configuring Keepalive Frequency 5-36
Configuring Keepalive Maxfailure 5-36
Configuring Keepalive Method 5-36
Configuring Keepalive Port 5-37
Configuring Keepalive Retryperiod 5-38
Configuring Keepalive Type 5-38
Configuring Keepalive URI 5-39
Configuring Keepalive Hash 5-39
xiiiContent Services Switch Basic Configuration Guide
78-11424-01
Contents
Showing Keepalive Configurations 5-41
Configuring Maximum TCP Connections 5-42
Activating a Service 5-42
Suspending a Service 5-42
Removing a Service 5-43
Removing a Service From a Content Rule 5-43
Removing a Service From a Source Group 5-43
Showing Service Configurations 5-44
Where to Go Next 5-45
C H A P T E R 6 Configuring Owners 6-1
Owner Configuration Quick Start 6-2
Creating an Owner 6-2
Configuring an Owner DNS Balance Type 6-3
Specifying Owner Address 6-4
Specifying Owner Billing Information 6-4
Specifying Case 6-5
Specifying Owner DNS Type 6-5
Specifying Owner Email Address 6-6
Removing an Owner 6-6
Showing Owner Information 6-6
Showing Owner Summary 6-7
Where to Go Next 6-8
xivContent Services Switch Basic Configuration Guide
78-11424-01
Contents
C H A P T E R 7 Configuring Content Rules 7-1
Service, Owner, and Content Rule Overview 7-2
Content Rule Configuration Quick Start 7-5
Naming and Assigning a Content Rule to an Owner 7-6
Configuring a Virtual IP Address 7-7
Configuring a Domain Name Content Rule 7-10
Disabling a Domain Name System in a Content Rule 7-11
Matching Content Rules on Multiple Domain Names 7-11
Configuring a Content Rule using a Domain Name and a Virtual IP Address 7-13
Using Wildcards in Domain Name Content Rules 7-14
General Guidelines for Domain Name Wildcards in Content Rules 7-15
Adding Services to a Content Rule 7-16
Adding a Service to a Content Rule 7-17
Specifying a Service Weight 7-17
Adding a Primary Sorry Server to a Content Rule 7-17
Adding a Domain Name System to a Content Rule 7-18
Activating a Content Rule 7-19
Suspending a Content Rule 7-19
Removing a Content Rule 7-19
Removing a Service from a Content Rule 7-20
Configuring a Protocol 7-20
Configuring Port Information 7-20
Configuring Load Balancing 7-21
Configuring a DNS Balance Type 7-22
Configuring Hotlists 7-23
Configuring a Domain Hotlist 7-25
xvContent Services Switch Basic Configuration Guide
78-11424-01
Contents
Specifying a Uniform Resource Locator 7-26
Specifying an Extension Qualifier List in a Uniform Resource Locator 7-28
Specifying a Load Threshold 7-29
Redirecting Requests for Content 7-29
Configuring Persistence, Remapping, and Redirection 7-30
Content Rule Persistence 7-30
Configuring Bypass Persistence 7-31
Configuring HTTP Redirection and Service Remapping 7-32
Specifying an HTTP Redirect String 7-33
Using Show Remap 7-34
Defining Failover 7-35
Specifying an Application Type 7-38
Enabling Content Requests to Bypass Transparent Caches 7-39
Showing Content 7-40
Showing Content Rules 7-41
C H A P T E R 8 Using the CSS Logging Features 8-1
Logging Overview 8-2
Logging Quick Start Table 8-3
Specifying Logging Buffer Size 8-5
Specifying Log File Destination 8-6
Specifying Disk for a Log File Destination 8-6
Disabling Logging to Disk 8-6
Specifying Host for a Log File Destination 8-7
Specifying a Line for a Log File Destination 8-7
xviContent Services Switch Basic Configuration Guide
78-11424-01
Contents
Enabling Logging on a Subsystem 8-8
Disabling Logging for a Subsystem 8-10
Configuring a Log Message for a Subsystem at a Logging Level 8-11
Logging ACL Activity 8-12
Sending Log Messages to an Email Address 8-13
Logging CLI Commands 8-14
Showing Log Files 8-14
Copying Log Files to an FTP or TFTP Server 8-16
Copying Log Files to an FTP Server 8-17
Copying Log Files to a TFTP Server 8-17
A P P E N D I X A Upgrading Your CSS Software A-1
Before You Begin A-1
Copying the New CSS Software A-1
Configuring an FTP Server Record on the CSS A-2
Upgrading your CSS A-3
Using the Upgrade Script A-3
Automatically Running the Upgrade Script A-3
Interactively Using the Upgrade Script A-5
Manually Upgrading the CSS A-8
I N D E X
xviiContent Services Switch Basic Configuration Guide
78-11424-01
Contents
xviiiContent Services Switch Basic Configuration Guide
78-11424-01
F I G U R E S
Figure 1-1 Boot Configuration Flowchart 1-17
Figure 3-1 Opportunistic Layer 3 Forwarding Example 3-29
Figure 4-1 Content Services Switch Interfaces and Circuits 4-2
Figure 5-1 Services, Owners, and Content Rules Concepts 5-3
Figure 5-2 Load Calculation Example with Three Servers 5-6
Figure 7-1 Services, Owners, and Content Rules Concepts 7-4
Figure 7-2 Example of Configuring a Virtual IP Address 7-9
Figure 7-3 ServerB Configured for Failover Next 7-36
Figure 7-4 ServerC Configured for Failover Next 7-36
Figure 7-5 Suspended or Failed Service Configured for Failover Linear 7-37
Figure 7-6 Removing a Service Configured for Failover Linear 7-38
xviiContent Services Switch Basic Configuration Guide
78-11424-01
Figures
xviiiContent Services Switch Basic Configuration Guide
78-11424-01
T A B L E S
Table 1-1 Configuration Quick Start 1-3
Table 1-2 Offline Diagnostic Monitor Menu Options 1-15
Table 1-3 Boot Configuration Options 1-18
Table 4-1 Interface and Circuit Configuration Quick Start 4-3
Table 5-1 Service Configuration Quick Start 5-4
Table 6-1 Owner Configuration Quick Start 6-2
Table 6-2 Global Bypass Counter Descriptions 6-8
Table 7-1 Content Rule Configuration Quick Start 7-5
Table 8-1 CSS Log File Descriptions 8-2
Table 8-2 Configuring and Enabling Logging 8-4
Table 8-3 Logging Subsystems 8-8
Table 8-4 Subsystem Logging Levels 8-10
xixContent Services Switch Basic Configuration Guide
78-11424-01
Tables
xxContent Services Switch Basic Configuration Guide
78-11424-01
About This Guide
This guide provides instructions for the basic configuration of the CSS 11050, CSS 11150, and CSS 11800 content service switches (hereinafter referred to as the CSS) Information in this guide applies to all CSS models except where noted. For configuration information on advanced features, refer to the Content Services Switch Advanced Configuration Guide.
The CSS software is available in a Standard or Enhanced feature set. The Enhanced feature set contains all of the Standard feature set and also includes Network Address Translation (NAT) Peering, Domain Name Service (DNS), Demand-Based Content Replication (Dynamic Hot Content Overflow), Content Staging and Replication, and Network Proximity DNS. Proximity Database and SSH are optional features.
Note Access to the Standard and Enhanced feature sets or Proximity Database requires that you enter a software license key when you boot the CSS for the first time. For details, refer to the Content Services Switch Getting Started Guide, Chapter 4, Booting the CSS.
xxiContents Services Switch Basic Configuration Guide
78-11424-01
About This GuideAudience
Note If you are upgrading from the Standard to the Enhanced feature set or want to activate a CSS software option (for example, SSH Server) that you purchased, refer to the Content Services Switch Getting Started Guide, Chapter 4, Booting the CSS.
If you configure your CSS for Proximity Database, you cannot use the CSS for flow control. For details on Proximity Database, refer to the Content Services Switch Advanced Configuration Guide.
AudienceThis guide is intended for the following trained and qualified service personnel who are responsible for configuring the CSS:
• Web master
• System administrator
• System operator
How to Use This GuideThis section describes the chapters and contents in this guide.
Chapter Description
Chapter 1, Logging in and Getting Started
Log into the CSS and configure the CSS for operation. This chapter contains an overview of the CSS system software. It also contains information on using the Offline Diagnostic Monitor (Offline DM) menu.
Chapter 2, Configuring User Profiles and CSS Parameters
Configure user profile and CSS parameters. This chapter also contains information on using the Content API and Command Scheduler features.
Chapter 3, Configuring CSS Network Protocols
Configure the CSS DNS, ARP, RIP, IP, and bridging features.
xxiiContents Services Switch Basic Configuration Guide
78-11424-01
About This GuideRelated Documentation
Related DocumentationIn addition to this document, the Content Services Switch documentation set includes the following.
Chapter 4, Configuring Interfaces and Circuits
Configure the CSS management ports, interfaces, and circuits for operation.
Chapter 5, Configuring Services
Configure services.
Chapter 6, Configuring Owners
Create and configure owners.
Chapter 7, Configuring Content Rules
Create and configure content rules.
Chapter 8, Using the CSS Logging Features
Enable logging, set up the log buffer, and determine where to send the activity information.
Appendix A, Upgrading Your CSS Software
Upgrade your CSS software manually or use the upgrade script.
Chapter Description
Document Title Description
Cisco Content Services Switch Release Note
The release note provides information not in the previous guides and reference.
Content Services Switch Getting Started Guide
This guide is intended to help you quickly get your CSS installed and into operation. It provides you with instructions for installing, cabling, booting, and configuring the CSS.
xxiiiContents Services Switch Basic Configuration Guide
78-11424-01
About This GuideRelated Documentation
Content Services Switch Advanced Configuration Guide
This guide describes how to configure advanced CSS features, including
• Sticky parameters
• HTTP header load balancing
• Source groups, ArrowPoint Control Lists (ACLS), Extension Qualifier Lists (EQLs), Uniform Resource Locator Qualifier Lists (URQLs), Network Qualifier Lists (NQLs), and Domain Qualifier Lists (DQLs)
• VIP and CSS redundancy
• Content Smart Caching
• Domain Name Service (DNS)
• Demand-Based Content Replication and content staging and replication
• Firewall Load Balancing
• SNMP and RMON
• OSPF routing protocol
• Network proximity
Content Services Switch Command Reference
This guide provides an alphabetical list of all CSS Command Line Interface commands including syntax, options, and related commands.
Document Title Description
xxivContents Services Switch Basic Configuration Guide
78-11424-01
About This GuideRelated Documentation
Documentation MapThis section provides a map for using the CSS documentation set.
xxvContents Services Switch Basic Configuration Guide
78-11424-01
About This GuideSymbols and Conventions
Symbols and ConventionsThis guide uses the following symbols and conventions to identify different types of information.
Caution A caution means that a specific action you take could cause a loss of data or adversely impact use of the equipment.
Warning A warning describes an action that could cause you physical harm or damage the equipment.
Note A note provides important related information, reminders, and recommendations.
Bold text indicates a command in a paragraph.
Courier text indicates text that appears on a command line, including the CLI prompt.
Courier bold text indicates commands and text you enter in a command line.
Italics text indicates the first occurrence of a new term, book title, and emphasized text.
1. A numbered list indicates that the order of the list items is important.
a. An alphabetical list indicates that the order of the secondary list items is important.
• A bulleted list indicates that the order of the list topics is unimportant.
– An indented list indicates that the order of the list subtopics is unimportant.
xxviContents Services Switch Basic Configuration Guide
78-11424-01
Content Services S78-11424-01
C H A P T E R 1
Logging in and Getting StartedThis chapter describes how to log into the CSS and configure an IP address, subnet mask, and default route. Included in this chapter is a description of the system software. It also contains information on using the Offline Diagnostic Monitor (Offline DM) menu. Information in this chapter applies to all CSS models except where noted.
CSS software is available in a Standard or Enhanced feature set. The Enhanced feature set contains all of the Standard feature set and also includes Network Address Translation (NAT) Peering, Domain Name Service (DNS), Demand-Based Content Replication (Dynamic Hot Content Overflow), Content Staging and Replication, and Network Proximity DNS. Proximity Database and SSH are optional features.
Note When you boot the CSS for the first time, the software prompts you to enter a valid license key for the Standard or Enhanced feature set, or for Proximity Database, depending on your intended use for the CSS. For details, refer to the Content Services Switch Getting Started Guide, Chapter 4, Booting the CSS.
If you are upgrading from the standard to the enhanced feature set or want to activate another optional feature that you purchased, refer to the Content Services Switch Getting Started Guide, Chapter 4, Booting the CSS.
If you configure your CSS for Proximity Database, you cannot use the CSS for flow management. For details on Proximity Database, refer to the Content Services Switch Advanced Configuration Guide.
1-1witch Basic Configuration Guide
Chapter 1 Logging in and Getting StartedConfiguration Quick Start
This chapter contains the following sections:
• Configuration Quick Start
• Logging into the CSS
• Configuring an IP Address and Subnet Mask for the Ethernet Management Port
• Configuring a Default IP Route
• Configuring Date and Time
• Configuring an FTP Record
• Rebooting the CSS
• Shutting Down the CSS
• Using the Offline Diagnostic Monitor Menu
• Enabling and Disabling Core Dumps
• CSS Software Overview
• Using the Running-Config and Startup-Config
• Archiving Files to the Archive Directory
• Restoring Files from the Archive Directory
• Displaying CSS Configurations
Configuration Quick StartTable 1-1 is a Quick Start configuration table designed to help you configure the CSS quickly and easily. This table provides steps to:
• Log in and access config mode so you can configure the CSS for operation
• Access boot mode to configure an IP address for the Ethernet Management port
• From boot mode, configure a subnet mask
• Configure a default IP route
1-2Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedConfiguration Quick Start
• Enter the date and time
• Configure an FTP record (optional)
• Save your configuration from the running-config to the startup-config
Following Table 1-1 is an overview of the CSS system software and commands for saving, archiving, and restoring system configuration files.
Once you configure the Ethernet Management port IP address, you can continue to use the Console port or you can use the Ethernet Management port to Telnet into the CSS and configure it remotely
.Table 1-1 Configuration Quick Start
Task and Command Example
1. Log into the CSS using the default administrative username admin and password system or the username and password you assigned during the boot process.
2. Access config mode.
# config(config)#
3. Access boot mode to configure an IP address for the Ethernet Management port. This IP address must be on a different subnet than any other CSS VLAN circuit IP subnet or you will not be able to access the port. You must reboot the CSS for the new IP address to take effect.
(config)# boot(config-boot)# ip address 172.3.6.58
4. Configure a subnet mask in boot mode.
(config-boot)# subnet mask 255.255.255.0
5. Exit from boot mode to config mode to configure a default route as required.
(config-boot)# exit(config)# ip route 0.0.0.0/0 192.168.3.123
1-3Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedConfiguration Quick Start
6. Exit from config mode to configure a date. The clock and date commands do not allow backspacing. If you enter a wrong date, re-enter the command with the new information.
Enter the date in the format mm-dd-yy.
# clock dateEnter date: [03-11-00] 03-12-00
Use the date european-date command to enable the clock date command to accept date input in the format of day, month, and year.
# date european-date 12/03/00
7. Configure the time using the clock command. The clock command does not allow backspacing. If you enter the wrong time, re-enter the command with the new information.
Enter the time in the format hh:mm:ss.
# clock timeEnter time: [15:17:33] 16:17:33
8. Configure a File Transfer Protocol (FTP) record file to use when accessing an FTP server from the CSS. This step is optional.
# ftp-record arrowrecord 192.168.19.21 bobo password "secret" /outgoing
9. Save your configuration changes (recommended). Configuration changes reside in a virtual file called the running-configuration. To save your current configuration, use the copy running-config startup-config command. If you do not save the running-config, all configuration changes are lost upon reboot.
# copy running-config startup-config
Table 1-1 Configuration Quick Start (continued)
Task and Command Example
1-4Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedLogging into the CSS
rname e but
Logging into the CSSTo log into the CSS, use the default administrative username admin and default password system, or use the administrative username and password you configured during the boot process. The default username admin enables you to log in with SuperUser status.
If you have not changed the default administrative username and password, it is recommended that you change them immediately to safeguard the CSS against unauthorized logins.
Note When you power up the CSS (after initial start-up), the boot process provides access to the Offline Diagnostic Monitor (Offline DM) menu. The Offline DM Main menu allows you to set the boot configuration, show the boot configuration, select Advanced Options, or reboot the system. For details on using the Offline DM Main menu, refer to “Using the Offline Diagnostic Monitor Menu” in this chapter.
Changing the Administrative Username and PasswordThe administrative username and password are stored in non-volatile RAM (NVRAM). Each time you reboot the CSS, it reads them from NVRAM and reinserts them into the user database. You can change the administrative useand password, but because the information is stored in NVRAM, you cannotdelete them permanently. If you delete the administrative username using thno username command, the CSS deletes the username from the running-config,restores it from NVRAM when you reboot.
SuperUser status is assigned to the administrative username by default.
To change the administrative username or password, you may either:
• Access the Offline Diagnostic Monitor (Offline DM) menu during the boot process. For information on the Offline DM Main menu see “Using the Offline Diagnostic Monitor Menu” in this chapter.
• Use the username-offdm name password text command.
1-5Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedLogging into the CSS
The following example uses the CLI command to change the default administrative username and password.
(config)# username-offdm bobo password secret
Configuring Usernames and PasswordsUse the username command to configure usernames and passwords for logging into the CSS. The CSS can support up to 32 usernames including the administrator and technician usernames. You can assign each user with SuperUser or User status.
• User - Allows access to a limited set of commands that enable you to monitor and display CSS parameters, but not change them. A User prompt ends with the > symbol.
• SuperUser - Allows access to the full set of CLI commands, including those in User mode, that enable you to configure the CSS. A SuperUser prompt ends with the # symbol.
From SuperUser, you can enter global configuration mode and its subordinate configuration modes. If you do not specify superuser when configuring a new user, the new user has only user level status by default.
The syntax for this global configuration mode command is:
username name [des-password|encrypted-password|password] password {superuser}
The example below creates a SuperUser named picard with a password of captain.
(config)# username picard password “captain” superuser
The options and variables are:
• name - The username you want to assign or change. Enter an unquoted text string with no spaces and a maximum of 16 characters. To see a list of existing usernames, enter username ?.
• des-password - Specify that the password is Data Encryption Standard (DES) encrypted. Use this option only when you are creating a file for use as a script or a startup configuration file. Enter the DES password as a case-sensitive unquoted text string 6 to 64 characters in length.
1-6Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedLogging into the CSS
• encrypted-password - Specify that the password is encrypted. Use this option only when you are creating a file for use as a script or a startup configuration file.
• password - Specify that the password is not encrypted. Use this option when you use the CLI to create new users dynamically.
• password - The password. Enter an unquoted text string with no spaces and a length of 6 to 16 characters.
• superuser - Specify SuperUser privileges to allow a user to access SuperUser mode. If you do not enter this option, the user can only access User mode.
To remove an existing username, enter:
(config)# no username picard
To display a list of existing usernames, enter:
(config)# no username ?
To change a user password, re-enter the username command and specify the new password. Remember to include SuperUser privileges if required. For example:
(config)# username picard password “flute” superuser
Caution The no username command removes a user permanently. Make sure you want to do this because you cannot undo this command.
1-7Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedConfiguring an IP Address and Subnet Mask for the Ethernet Management Port
IP ns.
Configuring an IP Address and Subnet Mask for the Ethernet Management Port
To communicate with the CSS and issue Command Line Interface (CLI) commands using out-of-band management, you must assign an IP address to the Ethernet management port. You may also want to configure a subnet mask that the CSS uses upon boot.
The Ethernet Management port is located on the:
• CSS 11050 and CSS 11150 rear panels
• CSS 11800 SCM front panel
The CSS enables you to configure an IP address and a subnet mask:
• At the prompts during the boot process
• Using the Offline Diagnostic Monitor (Offline DM) menu
• Using CLI commands
For information on configuring an IP address and subnet mask during the boot routine or using the Offline DM Main menu, refer to “Using the Offline Diagnostic Monitor Menu” in this chapter. For information on configuring an address and subnet mask using CLI commands, refer to the following sectio
Note You must reboot the CSS for the IP address to take effect.
Configuring an IP AddressTo configure an IP address for the CSS Ethernet Management port, use theip address option in boot mode. This command does not have a no version. To change the IP address, re-issue the ip address command and enter the new IP address. The CSS does not accept an all zero IP address.
For example:
(config)# boot(config-boot)# ip address 172.3.6.58
Note You must reboot the CSS for the new IP address to take effect.
1-8Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedConfiguring a Default IP Route
Caution The Ethernet Management port IP address must be a different subnet than any other CSS VLAN circuit IP subnet. If you do not make the Ethernet Management port IP address unique, you will not be able to access the port.
Configuring a Subnet MaskTo configure the CSS subnet mask, use the subnet mask option in boot mode. For example:
(config)# boot(config-boot)# subnet mask 255.255.255.0
To remove the configured subnet mask, enter:
(config-boot)# no subnet mask
Configuring a Default IP RouteWhen you configure a default IP route, the CSS polls the router periodically to ensure that the router is functioning. If the router fails, the CSS removes any entries from the routing table that point to the failed router and stops sending traffic to the failed router. When the router recovers, the CSS:
• Becomes aware of the router
• Re-enters applicable routes into the routing table
To configure a default IP route, use the ip route command and specify either an:
• IP address and a subnet mask prefix - For example, 192.168.1.0/24
or
• IP address and a subnet mask - For example, 192.168.1.0 255.255.255.0
The syntax for the ip route command to configure a default IP route is:
ip route IP address subnet mask IP address2
For example:
(config)# ip route 0.0.0.0/0 192.168.3.123
1-9Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedConfiguring Date and Time
The variables are:
• ip_address - The destination network address. Enter the IP address in dotted-decimal notation (for example, 192.168.11.1).
• subnet_mask - The IP subnet mask. Enter the mask as either:
– A prefix length in CIDR bitcount notation (for example, /24). Do not enter a space to separate the IP address from the prefix length.
– An IP address in dotted-decimal notation (for example, 255.255.255.0).
• ip_address2 - The next hop address for the route. Enter the IP address in dotted-decimal notation (for example, 192.168.11.1).
For complete information on configuring IP routes, refer to Chapter 3, Configuring CSS Network Protocols.
Configuring Date and TimeTo set the date, enter the clock command. When you enter this command, the CSS displays the current date. The clock command does not allow backspacing. If you enter the wrong date or time, re-enter the command with the new information.
Enter the new information in the format mm-dd-yy as shown:
# clock dateEnter date: [10-03-00] 10-04-00
To set the time, enter the clock time command. The current time is displayed. Enter the new time in the format hh:mm:ss as shown:
# clock timeEnter time: [15:12:38] 16:12:38
To display the current date and time, enter the show clock command:
Date: 10-4-2000Time: 17:56:17
1-10Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedConfiguring an FTP Record
Configuring European DateUse the date european-date command to enable the clock date command to accept date input in the format of day, month, and year. The syntax for this global configuration mode command is:
# date european-date 10/4/00
To reset the format for the clock date command to its default of month, day and year, enter:
# no date european-date
Configuring an FTP RecordUse the ftp-record command to create a File Transfer Protocol (FTP) record file to use when accessing an FTP server from the CSS. The syntax for this global configuration mode command is:
ftp-record ftp_record ipaddress_or_hostname username [“ password”| des-password des_password | encrypted-password encrypted_password] { base_directory}
The variables are:
• ftp_record - The name for the FTP record file. Enter an unquoted text string with no spaces and a maximum length of 16 characters.
• ip_address or hostname - The IP address or host name of the FTP server you want to access. Enter an IP address in dotted-decimal notation (for example, 192.168.11.1) or a mnemonic host name (for example, myhost.mydomain.com).
• username - A valid login username on the FTP server. Enter a case-sensitive unquoted text string with no spaces and a maximum length 16 characters.
• password - The password for the valid login username on the FTP server. Enter a case-sensitive quoted text string with no spaces and a maximum length of 16 characters.
• des_password - The Data Encryption Standard (DES) encrypted password for the valid login username on the FTP server. Enter a case-sensitive unquoted text string with no spaces and a maximum length of 64 characters.
1-11Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedConfiguring an FTP Record
• encrypted_password - The encrypted password for the valid login username on the FTP server. Enter a case-sensitive unquoted text string with no spaces and a maximum length of 16 characters.
• base_directory - An optional base directory when using this record. Enter the base directory name as a case-sensitive unquoted text string with no spaces and a maximum length of 64 characters.
The config-path and base directory path in the ftp-record associated with a network boot must not contain a pathname that collides with a non-network driver name (for example, c: or host:).
For example (using an encrypted password):
# ftp-record arrowrecord 192.168.19.21 bobo password “secret” /outgoing
To delete the FTP record arrowrecord from the CSS, enter:
# no ftp-record arrowrecord
Copying Files from an FTP ServerUse the copy ftp command to copy files from an FTP server to the CSS. Before using this command, you must use the (config) ftp-record command to create an FTP record file containing the FTP server IP address, username, and password.
The options for this command are:
• copy ftp ftp_record filename boot-image - Copy a file from an FTP server to the CSS for use as the ArrowPoint Distribution Image (ADI). The file you copy to the CSS must be an ADI. Otherwise, the CSS rejects it.
• copy ftp ftp_record filename script script_filename - Copy a file from an FTP server to the script directory.
• copy ftp ftp_record filename startup-config - Copy a file from an FTP server to the startup configuration.
1-12Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedRebooting the CSS
Rebooting the CSSUse the reboot command to reboot the CSS. The syntax and option for this boot mode command are:
• reboot - Reboots the CSS
• reboot diags - Reboots the CSS and runs diagnostics
For example, to reboot the CSS and run diagnostics, enter:
(config-boot)# reboot diags
Shutting Down the CSSUse the shutdown command in boot mode to shut down the CSS. This command shuts down all CSS processes so that you can power cycle the unit safely. For example:
(config)# boot(config-boot)# shutdown
Using the Offline Diagnostic Monitor Menu During the boot process, the CSS enables you to access the Offline Diagnostic Monitor (Offline DM) menu. The Offline DM Main menu allows you to:
• Set the boot configuration:
– Configure a primary and secondary location from which the CSS accesses the boot image
– Configure an IP address for the CSS
– Configure a subnet mask
• Show the boot configuration
1-13Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Offline Diagnostic Monitor Menu
• Select Advanced Options to:
– Delete a software version from the disk
– Set a password for the Offline DM Main menu
– Set an administrative username and password
– Reformat the disk and perform a check disk
• Reboot the system
Accessing the Offline Diagnostic Monitor Main MenuThe CSS pauses the boot process for 5 seconds to enable you to press any character after the prompt and display the Offline Diagnostic Monitor Main menu.
To access the Offline Diagnostic Monitor Main menu:
1. Connect and configure a console to the CSS 11800 SCM console port, or the CSS 11050 or CSS 11150 front panel. Configure the console to the following default values: 9600 baud, no parity, 8 data bits, 1 stop bit, and flow control set to None.
2. Power on the CSS. After the CSS begins to boot (approximately 15 seconds), it displays the following message:
Press any key to access the Offline Diagnostic Monitor menu
At this point in the boot sequence, you may either:
• Take no action and let the CSS continue booting automatically with the default boot configuration
• Press any key to halt the boot process and display the Offline DM Main menu
3. If you choose to access the Offline DM Main menu, press any key before the 5-second window elapses.
1-14Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Offline Diagnostic Monitor Menu
The Offline DM Main menu is displayed as shown below. If 5 seconds elapse before you press a key, power down the CSS and then power it up again.
CS-x00 Offline Diagnostic Monitor, Version x.x
MAIN MENU
Enter the number of a menu selection:
1* Set Boot Configuration2. Show Boot Configuration3* Advanced Options4. Reboot System
An asterisk (*) next to a menu option indicates that the option contains a submenu.
Table 1-2 describes each menu item.
Table 1-2 Offline Diagnostic Monitor Menu Options
Menu Option Enables you to....
1* Set Boot Configuration 1. Set Primary Boot Configuration2. Set Secondary Boot Configuration3. Set IP Address, and Subnet Maskr. Return to previous menu
2. Show Boot Configuration Display boot configurations (including primary and secondary boot configurations, records, and IP information).
1-15Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Offline Diagnostic Monitor Menu
3* Advanced Options 1. Delete a software version2. Security Options3. Disk Optionsr. Return to previous menu
4. Reboot System Reboot the CSS. The CSS displays the following message before rebooting:
Are you sure you want to reboot? (Y/N)
Enter:
• Y to reboot the CSS
• N to continue using the Offline DM Main menu
Table 1-2 Offline Diagnostic Monitor Menu Options (continued)
Menu Option Enables you to....
1-16Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Offline Diagnostic Monitor Menu
Using the Boot Configuration MenuThe flowchart in Figure 1-1 illustrates how the CSS uses the Boot Configuration information to complete the boot process.
Figure 1-1 Boot Configuration Flowchart
No
No
No
No
CSS Begins Boot Process
Is Primary BootRecord Configured?
Is Secondary BootRecord Configured?
Primary BootSucceed?
Secondary BootSucceed?
BootFailed
Attempt PrimaryBoot Record
Attempt SecondaryBoot Record
Yes
Yes
Yes
No configuration
Done
Done
4938
2
1-17Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Offline Diagnostic Monitor Menu
The Boot Configuration menu enables you to perform the following tasks as described in Table 1-3.
The Boot Configuration menu is displayed as shown below.
BOOT CONFIGURATION MENU
Enter the number of a menu selection:
1. Set Primary Boot Configuration2. Set Secondary Boot Configuration3. Set IP Address and Subnet Maskr Return to previous menu
Table 1-3 Boot Configuration Options
Menu Option Enables you to....
1. Set Primary Boot Configuration
Specify the primary location (Network, FTP, Disk, or Clear) from which the CSS accesses the boot image. The default location is Disk.
2. Set Secondary Boot Configuration
Specify the secondary location (Network, FTP, Disk, or Clear) from which the CSS accesses the boot image. The default location is Clear.
3. Set IP Address and subnet mask
Configure an IP address for the Ethernet Management port, and configure a subnet mask.
r. Return to previous menu
Display the Offline DM main menu.
1-18Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Offline Diagnostic Monitor Menu
Setting Primary Boot Configuration
The information you provide for the Primary Boot Configuration specifies the location from which the CSS accesses the primary boot image upon system reboot or when you download new software. When you select Set Primary Boot Configuration from the Boot Configuration menu, the CSS displays the following information. If you have previously entered information, the CSS displays the existing information and default values in [square brackets].
Configuring PRIMARY Boot RecordBoot via [N]etwork, [F]TP, [D]isk, or [C]lear: [D]
• Boot via Network allows you to boot the CSS via FTP from CSS software on a network drive on a remote system (such as a PC or UNIX workstation)
• Boot via FTP allows you to download an ADI file containing CSS software that you want to install on the CSS drive
• Boot via Disk allows you to boot the CSS from software currently on the CSS drive
• Boot via Clear instructs the CSS to boot the CSS from the secondary boot record
Refer to the following sections for a description of each Primary Boot Record option:
• Specifying a Network-Mounted File System as the Primary Boot Record
• Specifying FTP as the Primary Boot Record
• Specifying Disk as the Primary Boot Record
• Specifying Clear as the Primary Boot Record
1-19Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Offline Diagnostic Monitor Menu
Specifying a Network-Mounted File System as the Primary Boot Record
Set the Primary Boot Record to Network when you want to boot the system from a network-mounted file system on a remote system (such as a PC or UNIX workstation) via FTP. Instead of the CSS disk, the network filesystem contains the CSS software. Perform a network boot when:
• You want multiple CSSs to use the same boot image while keeping their own configuration information. You provide an alternate path for the location of the configuration information. However this information must exist on the same network filesystem with the boot image.
Note When using an alternate configuration path, make sure that the path leads to a directory containing the script, log, and info subdirectories. These subdirectories must contain the files in the corresponding subdirectories in the boot image. Create these subdirectories. Then copy the files from the boot image.
• The CSS has a disk failure. A network boot allows the CSS to boot independent from its disk and to load the configuration into memory.
Before the CSS can boot from the network:
• Locate the remote system on the network where you will copy the CSS software.
– Make sure that the CSS can access the system via FTP.
– Copy the CSS software zip file from the CSS CD onto the system disk.
– Create a directory and unzip the file into it. This directory will contain all of the boot files and directories.
• On the CSS, create an FTP record to the directory containing the CSS software on the network drive.
• Make sure that you cable the following port on the CSS to the network:
– CSS 11800 SCM 10/100 Mbps-Ethernet Management port
– CSS 11050 or CSS 11150 rear panel 10/100-Mbps Ethernet Management port
1-20Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Offline Diagnostic Monitor Menu
When you select Network, the CSS prompts you for the FTP kernel information.
1. Enter the FTP kernel path information. This path is the FTP daemon addressable location where the boot image has been unpacked. You must also include its IP address, and the username and password to access it. For example:
Enter the FTP Kernel path:[] k:/ap0400003Enter FTP Server IP address:[] 10.3.6.58Enter FTP Server authentication username:[] mandyEnter FTP Server authentication password:[] fred
2. If the configuration information is not in the same directory as the boot image, enter an alternate path to the configuration files, including the startup-config and script files.
Note The CSS must be able to access the configuration path through the previously configured FTP server IP address, login username, and password.
For example:
Enter the FTP Config Path? [] k:/atlanta-config/Press <Enter> to continue...
3. Press Enter to display the Boot Configuration menu.
4. Enter r to display the Offline DM Main menu.
5. Select Reboot the System to reboot the CSS.
When the CSS completes the current boot process, it:
• Accesses the network file system containing the boot image
• Boots the CSS using the boot image you specified
1-21Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Offline Diagnostic Monitor Menu
Specifying FTP as the Primary Boot Record
Set the Primary Boot Record to FTP when you want to upgrade the CSS software on the CSS disk. The CSS accesses the ADI or GZIP file containing the CSS software from an FTP server, copies it to the IDM, and unpacks it.
Make sure that you cable the following port on the CSS to the network:
• CSS 11800 SCM 10/100 Mbps-Ethernet Management port
• CSS 11050 or 11150 rear panel 10/100-Mbps Ethernet Management port
When you select FTP, the CSS prompts you for the boot image filename and FTP information.
1. If required, enter a valid FTP pathname. For example:
Enter the boot image filename: /ftpimages/ap0400003Enter FTP Server IP address: 10.3.6.58Enter FTP Server authentication user name: mandyEnter FTP Server authentication password: fred
The CSS queries if you want to access the boot image directly from the disk at the next reboot (that is, the next time you reboot the CSS after completing this current boot process).
Boot from Disk at next reboot? y/n Press <Enter> to continue...
2. Enter either:
• y to copy the boot image from the FTP server to the disk. The CSS accesses the boot image directly from the disk at next reboot. The CSS also changes the information in the Primary Boot Record to Disk.
• n to FTP the boot image from the FTP server at next reboot.
3. Press Enter to display the Boot Configuration menu.
4. Enter r to display the Offline DM Main menu.
5. Select Reboot the System to reboot the CSS.
When the CSS completes the current boot process, it:
• Accesses the ADI file from the FTP server and unpacks (uncompresses) it
• Boots the CSS using the boot image you specified
1-22Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Offline Diagnostic Monitor Menu
Specifying Disk as the Primary Boot Record
When you select Disk as the Primary Boot Record, the CSS displays all boot image versions that reside on the disk. For example:
ap0310046ap0400003
1. At the prompt, enter the boot image filename you wish to use.
Enter the boot image filename: ap0400003
2. Press Enter to display the Boot Configuration menu.
Press <Enter> to continue...
3. Press r to display the Offline DM Main menu.
4. Select Reboot the System to reboot the CSS. Upon reboot, the CSS boots up using the boot image you specified.
Specifying Clear as the Primary Boot Record
To use the Secondary Boot Record information instead of the Primary Boot Record to boot the CSS:
1. Select Clear as the Primary Boot Record.
2. Press Enter to display the Boot Configuration menu.
3. Press r to display the Offline DM Main menu.
4. Select Reboot the System to reboot the CSS. Upon reboot, the CSS uses the Secondary Boot Record.
Setting Secondary Boot Configuration
The information you provide for the Secondary Boot Configuration specifies the location from which the CSS accesses the boot image if you specified Clear as a Primary Boot Record or the Primary Boot Record fails.
1-23Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Offline Diagnostic Monitor Menu
Once you select Set Secondary Boot Configuration from the Boot Configuration menu, the CSS displays the following information. If you have previously entered information, the CSS displays the existing information and default values in[square brackets].
Configuring SECONDARY Boot Record Boot via [N]etwork, [F]TP, [D]isk, or [C]lear: [D]
• Boot via Network allows you to boot the CSS via FTP from CSS software on a network drive on a remote system (such as a PC or UNIX workstation)
• Boot via FTP allows you to download an ADI file containing CSS software that you want to install on the CSS disk
• Boot via Disk allows you to boot the CSS from software currently on the CSS disk
• Boot via Clear instructs the CSS to boot the CSS from the primary boot record
Refer to the following sections for a description of each Primary Boot Record option:
• Specifying a Network-Mounted File System as the Secondary Boot Record
• Specifying FTP as the Secondary Boot Record
• Specifying Disk as the Secondary Boot Record
• Specifying Clear as the Secondary Boot Record
1-24Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Offline Diagnostic Monitor Menu
Specifying a Network-Mounted File System as the Secondary Boot Record
Set the Secondary Boot Record to Network when you want to boot the system from a network-mounted file system on a remote system via FTP. Instead of the CSS disk, the network filesystem contains the CSS software. Perform a network boot when:
• You want multiple CSSs to use the same boot image while keeping their own configuration information. You provide an alternate path for the location of the configuration information. However this information must exist on the same network filesystem with the boot image.
Note When using an alternate configuration path, make sure that the path leads to a directory containing the script, log, and info subdirectories. These subdirectories must contain the files in the corresponding subdirectories in the boot image. Create these subdirectories. Then copy the files from the boot image.
• The CSS has a disk failure. A network boot allows the CSS to boot independently from its disk and to load the configuration into memory.
Before the CSS can boot from the network:
• Locate the remote system (such as a PC or UNIX workstation) on the network where you will copy the CSS software.
– Make sure that the CSS can access the system via FTP.
– Copy the CSS software zip file from the CSS CD onto the system disk.
– Create a directory and unzip the file into it. This directory will contain all of the boot files and directories.
• On the CSS, create an FTP record to the directory containing the CSS software on the network drive.
• Make sure that you cable the following port on the CSS to the network:
– CSS 11800 SCM 10/100 Mbps-Ethernet Management port
– CSS 11050 or CSS 11150 rear panel 10/100-Mbps Ethernet Management port
1-25Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Offline Diagnostic Monitor Menu
When you select Network, the CSS prompts you for the FTP kernel information.
1. Enter the FTP kernel path information. This path is the FTP daemon addressable location where the boot image has been unpacked. You must also include its IP address, and the username and password to access it. For example:
Enter the FTP Kernel path:[] k:/ap0400003Enter FTP Server IP address:[] 10.3.6.58Enter FTP Server authentication username:[] mandyEnter FTP Server authentication password:[] fred
2. If the configuration information is not in the same directory as the boot image, enter an alternate path to the configuration files, including the startup-config and script files.
Note The CSS must be able to access the configuration path through the previously configured FTP server IP address, login username, and password.
For example:
Enter the FTP Config Path? [] k:/atlanta-config/Press <Enter> to continue...
3. Press Enter to display the Boot Configuration menu.
4. Enter r to display the Offline DM Main menu.
5. Select Reboot the System to reboot the CSS.
When the CSS completes the current boot process, it:
• Accesses the network file system containing the boot image
• Boots the CSS using the boot image you specified
1-26Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Offline Diagnostic Monitor Menu
Specifying FTP as the Secondary Boot Record
Set the Secondary Boot Record value to FTP when you want to upgrade the CSS software on the CSS disk. The CSS accesses the ADI or GZIP file containing the CSS software from an FTP server, copies it to the IDM, and unpacks it.
Make sure that you cable the following port on the CSS to the network:
• CSS 11800 SCM 10/100 Mbps-Ethernet Management port
• CSS 11050 or CSS 11150 rear panel 10/100-Mbps Ethernet Management port
When you select FTP, the CSS prompts you for the boot image filename and FTP information.
1. If required, enter a valid FTP pathname. For example:
Enter the boot image filename: /ftpimages/ap0400003Enter FTP Server IP address: 10.3.6.58Enter FTP Server authentication user name: mandyEnter FTP Server authentication password: fred
The CSS queries if you want to access the boot image directly from the disk at the next reboot (that is, the next time you reboot the CSS after completing this current boot process).
Boot from Disk at next reboot? y/n
2. Enter either:
• y to copy the boot image from the FTP server to the disk. The CSS accesses the boot image directly from the disk at next reboot. The CSS also changes the information in the Secondary Boot Record to Disk.
• n to FTP the boot image from the FTP server at next reboot.
3. Press Enter to display the Boot Configuration menu.
Press <Enter> to continue...
4. Enter r to display the Offline DM Main menu.
5. Select Reboot the System to reboot the CSS.
When the CSS uses the Secondary Boot Record on reboot, it:
• Accesses the ADI file from the FTP server and unpacks (uncompresses) it
• Boots the CSS using the boot image you specified
1-27Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Offline Diagnostic Monitor Menu
Specifying Disk as the Secondary Boot Record
When you select Disk as the Secondary Boot Record, the CSS displays all boot image versions that reside on the disk and prompts you to enter a boot image.
1. Enter a boot image filename.
Boot via [N]etwork, [F]TP, [D]isk, or [C]lear: [D]ap0310046ap0400003Enter the boot image filename: ap0400003
2. Press Enter to display the Boot Configuration menu.
Press <Enter> to continue...
3. Enter r to display the Offline DM Main menu.
4. Select Reboot the System to reboot the CSS. Upon reboot, the CSS boots up using the boot image you specified.
Specifying Clear as the Secondary Boot Record
If you do not wish to specify a Secondary Boot Record:
1. Select Clear as the Secondary Boot Record.
2. Press Enter to display the Boot Configuration menu.
3. Enter r to display the Offline DM Main menu.
4. Select Reboot the System to reboot the CSS. Upon reboot, the CSS uses the Primary Boot Record.
Setting IP Address, and Subnet Mask
When you select Set IP Address and Subnet Mask from the Boot Configuration menu, the CSS prompts you to:
1. Enter an IP address for the Ethernet Management port. The CSS does not accept an all zero IP address. If you enter an all zero IP address, the CSS repeats the prompt until you enter an IP address.
1-28Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Offline Diagnostic Monitor Menu
Caution The Ethernet Management port IP address must be a different subnet than any other CSS VLAN circuit IP subnet. If you do not make the Ethernet Management port IP address unique, you will not be able to access the port.
Enter IP Address: [0.0.0.0] 10.3.6.58
2. Enter a subnet mask.
Enter Subnet Mask: [0.0.0.0] 255.0.0.0
3. Press Enter to display the Boot Configuration menu.
Press <Enter> to continue...
4. Enter r to display the Offline DM Main menu.
5. Select Reboot the System to reboot the CSS.
Showing the Boot ConfigurationWhen you select Show Boot Configuration from the Offline DM Main menu, the CSS displays the following boot information. Note that the Miscellaneous information only displays if you set password-protection on the Offline DM Main menu.
***************** Miscellaneous ********************Offline Diagnostic Monitor menu is password-protected***************** IP/MAC Information ***************IP Address: 10.3.6.58Subnet Mask: 255.0.0.0MAC Address 00-10-58-00-12-ca***************** PRIMARY **************************Boot Type: DISKBoot File: ap0400003***************** SECONDARY ************************Boot Type: DISKBoot File: ap0400003
1. Press Enter to display the Offline DM Main menu.
Press <Enter> to continue...
1-29Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Offline Diagnostic Monitor Menu
2. Enter option 3 to reboot the system. The following reboot confirmation is displayed:
Are you sure you want to reboot? (y/n)
3. Enter either:
• y to reboot
• n to continue using the Offline DM Main menu
Using the Advanced OptionsThe CSS hard disk enables you to store four versions of software (including the version you are currently running) and the flash disk allows you to store two versions of software. If you are storing the maximum number of software versions and wish to download a new version to the disk, you must delete a version before the CSS allows the download to begin.
When you select Advanced Options from the Offline DM Main menu, the CSS displays the Advanced Options menu:
A D V A N C E D O P T I O N S
Enter the number of a menu selection:
1. Delete a Software Version2* Security Options3* Disk Optionsr. Return to previous menu
Deleting a Software Version
To delete a software version from the disk:
1. Enter option 1 to display the software versions currently stored on the disk. The CSS prompts you to enter the software version to delete. For example,:
ap0310046ap0400003
Enter the software version to delete: ap040003
1-30Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Offline Diagnostic Monitor Menu
2. Press Enter to redisplay the Advanced Options menu.
Press <Enter> to continue...
3. Enter r to display the Offline DM main menu.
4. Select Reboot the System to reboot the CSS.
Using the Security Options
The Security Options menu enables you to:
• Set Password Protection on the Offline Diagnostic Monitor menu
• Set Administrative Username and Password
The Security Options menu is shown below:
S E C U R I T Y O P T I O N S
Enter the number of a menu selection:
1. Set Password Protection for Offline Diagnostic Monitor menu2. Set Administrative Username and Passwordr. Return to previous menu
Setting Password Protection
The CSS enables you to password-protect the Offline DM Main menu to protect it against unauthorized access. The default is disabled; no password is required to access the Offline DM Main menu. To access the Offline DM Main menu password protection option:
Caution Use care when password-protecting the Offline DM Main menu and ensure that you write down the new password. If you lose the new password, it cannot be recovered and you will be unable to access the Offline DM Main menu. The only solution, at that point, would be to contact the Cisco Technical Assistance Center (TAC) at 1-800-553-2447 or 1-408-526-7209. You can also email TAC at [email protected].
1-31Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Offline Diagnostic Monitor Menu
1. Enter option 1 from the Security Options menu.
Password protect Offline Diagnostic Monitor menu (yes,no):The administrative username and password are required to access the Offline Diagnostic Monitor menu.
• When you enter yes, the CSS prompts you to enter a username and password when you access the Offline DM Main menu.
• When you enter no, the CSS does not prompt for a username and password when you access the Offline DM Main menu.
2. Press Enter to redisplay the Security Options menu.
Press <Enter> to continue...
3. Enter r to return to the Advanced Options menu.
4. Enter r to return to the Offline DM Main menu.
5. Enter either:
• Option 4 to reboot the CSS
• Another option to continue using the Offline DM Main menu
Setting an Administrative Username and Password
For security reasons, you can change the administrative username and password through either the Offline DM Main menu or the username-offdm command. Unlike other usernames and passwords, the CSS saves the administrative username and password in nonvolatile RAM (NVRAM). Anytime you reboot the CSS, it reads them from NVRAM and re-inserts them into the user database.
Note You cannot permanently delete an administrative username and password. If you delete them by using the no username command, they are removed from use until you reboot the CSS. When you reboot the CSS, it restores the username and password from NVRAM.
1-32Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Offline Diagnostic Monitor Menu
To configure an administrative username and password through the Offline DM Main menu:
1. Enter option 2 from the Security Options menu.
2. Enter a username. The CSS prompts for this username when you log in. The CSS also prompts for this username and password if you set password-protection on the Offline DM Main menu.
Enter [administrator] username (minimum 4 characters):
3. Enter a password. Note that the CSS does not display passwords.
Enter [administrator] password:
4. Re-enter the password for confirmation.
Confirm [administrator] password:
The CSS redisplays the Security Options menu.
5. Enter r to return to the Advanced Options menu.
6. Enter r to return to the Offline DM Main menu.
7. Enter either:
• Option 4 to reboot the CSS
• Another option to continue using the Offline DM Main menu
Using the Disk Options
The Disk Options menu enables you to:
• Format disk - Enables you to reformat the disk. This option permanently erases all data on the disk. If you wish to retain the startup-config, ensure that you move it off the CSS before reformatting the disk. Also make sure that you have a copy of the CSS software ADI file to reinstall on the CSS.
• Check disk - Enables you to run a quick check disk or a complete check disk.
• Check disk disable - Allows you to disable running check disk at boot time or enable it again. By default, check disk is enabled.
1-33Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Offline Diagnostic Monitor Menu
The Disk Options menu is shown below:
D I S K O P T I O N S
Enter the number of a menu selection:
1. Format Disk2. Check Disk3. Check Disk Disabler. Return to previous menu
Reformatting the Disk
If the CSS detects unrecoverable errors when performing a check disk, you must reformat the disk. Reformatting the disk erases all data from the disk permanently.
To reformat the disk:
1. Enter option 1 from the Disk Options menu.
Formatting the disk results in all disk data being permanently erased.Are you sure you want to continue? (yes,no):
Enter:
• yes to reformat the disk.
• no to abort the reformat function. If the disk has unrecoverable errors and you do not reformat it, be aware that the file system may be corrupt and functionality is compromised.
2. The CSS queries whether you want to perform a quick format or a complete format.
Enter either:
• yes to reformat the disk using the quick format (does not perform cluster verification). Only use the quick format when you are certain of the disk integrity.
• no to reformat the disk including cluster verification.
Quick format? (yes,no):
After the CSS reformats the disk, it displays:
Operation completed successfully.
3. Enter r to return to the Advanced Options menu.
1-34Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Offline Diagnostic Monitor Menu
the
e
4. Enter r to return to the Offline DM Main menu.
Because the disk is empty, you must configure a primary boot record to instruct the CSS where to locate the new ADI file containing the CSS software.
5. Enter option 1 to set the primary boot configuration. Refer to “Setting Primary Boot Configuration” in this chapter.
If you do not set the primary boot configuration before booting the CSS, boot process halts at the prompt:
Press any key to access the Offline Diagnostic Monitor menu...
You must enter the Offline DM Main menu to set the primary boot configuration.
Performing a Check Disk
When the CSS boots up, it checks the results of the previous shutdown. If thCSS:
• Does not detect errors, it reports a status of OK and continues the boot process
Reading configuration records...OKChecking previous shutdown...OKInitializing the disk...OK
• Detects errors, it returns a status of DIRTY
Reading configuration records...OKChecking previous shutdown...DIRTYInitializing the disk...OK
If the CSS reports that the disk is dirty, it has discovered errors on the disk. In this case, the CSS automatically perform a check disk to recover from the errors and maintain the integrity of the disk.
During a check disk, the CSS:
• Detects and recovers from the following error conditions:
– File Allocation Tables (FATs) are out of synchronization
– Sector write truncation revitalization (may occur from a power loss at the time the CSS is writing to the disk)
1-35Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Offline Diagnostic Monitor Menu
– Bad cluster identification and mapping in the FAT when reformatting the disk
– Crosslinked FAT entries
– Disk entry validation, name, size, cluster assignment, cluster chaining
– Recovery of lost clusters
• Cannot recover from sector failures within the first 754 sectors (for example, boot, primary/secondary FAT, root directory entries).
The amount of time the CSS requires to perform a check disk is proportional to the number of installed software releases and directories on the disk. The greater the number of installed software releases and directories, the longer it takes to complete the check disk.
To perform a check disk:
1. Enter option 2 from the Disk Options menu.
Choose whether or not you want the CSS to correct errors it detects. Enter either:
• yes to enable the CSS to correct recoverable errors it detects. When the CSS completes check disk, it displays a summary of what was fixed.
• no to prevent the CSS from correcting recoverable errors it detects. The CSS displays a summary of what would have fixed if you had run check disk.
Correct errors if discovered (yes,no):
2. Choose whether you want the CSS to perform a quick check disk or a complete check disk. Enter either:
• yes to instruct the CSS to perform a quick check disk (does not include cluster verification
• no to instruct the CSS to perform a complete check disk (includes cluster verification)
The CSS performs check disk. When completed, it displays:
Operation completed successfully.Press <Enter> to continue...
3. Enter r to return to the Advanced Options menu.
4. Enter r to return to the Offline DM Main menu.
1-36Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Offline Diagnostic Monitor Menu
5. Enter option 4 to reboot the CSS.
Disabling or Enabling Check Disk
By default, the CSS performs a check disk when it boots. The Disk Options menu provides an option that allows you to disable the running of check disk or re-enable it. When you select this option, it toggles to disable check disk if it is currently enabled, or to enable check disk if it is currently disabled.
For example, if check disk is currently enabled, to disable it:
1. Enter option 3 from the Disk Options menu.
2. Enter r to return to the Advanced Options menu.
3. Enter r to return to the Offline DM Main menu.
4. Enter option 2 to display the boot configuration.
When check disk is disabled, it displays the following:
****************** Miscellaneous **********************Check Disk is disabled***************** IP/MAC Information ***************IP Address: 10.3.6.58Subnet Mask: 255.0.0.0MAC Address: 00-10-58-00-12-ca***************** PRIMARY **************************Boot Type: DISKBoot File: ap0400003***************** SECONDARY ************************Boot Type: DISKBoot File: ap0400003Press <Enter> to continue...
If check disk is currently disabled, to re-enable it:
1. Enter option 3 from the Disk Options menu.
2. Enter r to return to the Advanced Options menu.
3. Enter r to return to the Offline DM Main menu.
4. Enter option 2 to display the boot configuration.
1-37Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedEnabling and Disabling Core Dumps
SS the
When check disk is enabled, no state information appears in the Miscellaneous field of the boot configuration:
***************** IP/MAC Information ***************IP Address: 10.3.6.58Subnet Mask: 255.0.0.0MAC Address: 00-10-58-00-12-ca***************** PRIMARY **************************Boot Type: DISKBoot File: ap0400003***************** SECONDARY ************************Boot Type: DISKBoot File: ap0400003Press <Enter> to continue...
Enabling and Disabling Core DumpsA core dump occurs when the CSS experiences a fatal error. The CSS allows you to enable or disable core dumps. Core dumps are enabled by default.
When the CSS experiences a fatal error and core dumps are enabled, the CSS:
• Writes information about the fatal error to the Core directory of the volume root (for example, c:\core) on either the:
– Hard disk, which can store up to 30 sequentially numbered dump files
– Flash disk, which stores one compressed dump file of 70 MB
• Reboots automatically
Note For a flash disk-based system, if the core dump file is older than 15 minutes, it may be overwritten. If you want to save the core dump file for later examination, archive it to another directory or disk before it is overwritten. For details on using the archive log command, refer to “Archiving a Log File” later in this chapter.
When the CSS experiences a fatal error and core dumps are disabled, the Creboots automatically. The CSS does not write information to the hard disk orflash disk.
Note Core dump information is for Customer Support use only.
1-38Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedCSS Software Overview
To disable core dumps, enter:
(config)# dump disable
To re-enable core dumps (the default setting), enter:
(config)# dump enable
To show the CSS dump state, enter:
(config)# show dump-statusDump mode is enabled
Showing Core DumpsUse the show core command to display the core dump files stored in the Core directory of the volume root (for example, c:\core) on the hard disk or flash disk.
For example:
(config)# show core
css150_3.50_6.1 JUN 30 10:45:24 130024448css150_3.50_6.0 JUN 30 17:14:00 130024448
Note Core dump information is for internal Customer Support use only.
CSS Software OverviewThe CSS software contains the files to run the CSS including boot files, directories for archiving and logging files, and MIB information. This software is pre-installed on the CSS conventional hard disk drive or an optional flash disk, a flash memory-based storage device (CSS 11150 and CSS 11800, only).
You can also install the CSS software on a network drive which the CSS can access through FTP. The Content Services Switch Documentation and System Software CD contains the CSS software for the network drive. This software is in ZIP format and must be copied and uncompressed on a network drive. For more information on booting the CSS from a network boot drive, refer to Chapter 2, Configuring User Profiles and CSS Parameters.
1-39Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedCSS Software Overview
The CSS software is approximately 20 MB in size. If you have a hard disk-based system, you can install a maximum of four software versions on your CSS. If you have a flash disk-based system (CSS 11150 or CSS 11800), you can install a maximum of two software versions on your CSS.
To display the maximum number of versions allowed on your CSS, use the show installed-software version-limit command. To view all versions installed on the CSS, use the show installed-software command.
The software version format is defined as follows:
From an FTP server, you can view the following directories on the hard disk or flash disk:
• The log directory contains the following log files:
– boot.log - ASCII log of boot process
– boot.bak - Backup of the previous boot log
– sys.log - ASCII log of system events (logging to disk is enabled by default to subsystem all and level info)
– sys.log.prev - Backup of the previous system log file (if any)
• The scripts directory contains default, profile, and sample scripts
• The core directory contains any core dumps created by the CSS. For information on copying core dumps to an FTP or TFTP server, refer to “Copying Core Dumps to an FTP or TFTP Server” later in this chapter.
• The MIB directory contains MIB files that you can load into SNMP-compliant network management software applications
Note When you view the CSS software directories installed on a network drive, more directories are listed than those you can view on the hard disk or flash disk. These additional directories are reserved for internal use. Do not manipulate the files in these directories.
ap 00 00 000
Buildnumber
Minorversion
ArrowPoint Majorversion
1-40Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedCSS Software Overview
g
The software directory also contains the startup-config file. This is an ASCII file containing commands the CSS executes at startup. This file is created when you:
• Finish using the configuration script.
• Issue the copy running-config startup-config or write memory command. These commands also save configuration changes to the startup-config during a CSS session.
• Use File Transfer Protocol (FTP) to copy a startup-config file to the CSS.
The archive directory contains the files that you archive from the current software by using the archive command. These files include running-config, startup-config, log files, profile scripts, and scripts you create. You can view a list of archived files by using the show archive ? command.
To restore any archived files to the CSS, use the restore command. For more information on the archive and restore commands, refer to the “Archiving Filesto the Archive Directory” and “Restoring Files from the Archive Directory” in this chapter.
To view general information about the CSS disk, use the show disk command. Information similar to the following appearsInformation similar to the followinappears:
Disk Size: 1,842 MB
Disk Free: 730 MB
Bad Cluster Count: 0
File Count: 8,686
Directory Count: 1,061
Total size of the disk in megabytes
Available disk space in megabytes
Number of bad clusters on the disk
Number of files on the disk
Number of directories on the disk
1-41Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Running-Config and Startup-Config
Using the Running-Config and Startup-ConfigWhen you make configuration changes to the CSS, the changes are placed in a virtual running-configuration file (running-config). Before you log out or reboot the CSS, you must copy the running-config to the startup-config to save configuration changes and have the CSS use this configuration on subsequent reboots.
To save the running-config to the CSS disk, use one of the following commands:
• copy running-config startup-config - Copies the running-config to the startup-config. The CSS uses the startup-config upon reboot. If you do not copy the running-config to the startup-config before you reboot, changes to the running-config are lost.
• write memory - Functions identically to the copy running-config startup-config command.
• copy startup-config running-config - Copies the startup-config to the running-config and merges with the running-config.
The copy running-config command can also copy the running configuration to an FTP or TFTP server. The options for this command are:
• copy running-config ftp ftp_record filename - Copy the running configuration to an FTP server.
• copy running-config tftp IP address - Copy the running configuration to a TFTP server using the TFTP server IP address.
• copy running-config tftp hostname - Copy the running configuration to a TFTP server using the TFTP server hostname.
The copy startup-config command can copy the startup configuration to an FTP or TFTP server. The options for this command are:
• copy startup-config ftp ftp_record filename - Copy the startup configuration to an FTP server.
• copy startup-config tftp IP address - Copy the startup configuration to a TFTP server using the TFTP server IP address.
• copy startup-config tftp hostname - Copy the startup configuration to a TFTP server using the TFTP server hostname.
1-42Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Running-Config and Startup-Config
Clearing the Running-Config and the Startup-ConfigTo reset the running-config to the default configuration, use the clear running-config command in SuperUser mode. This command takes effect immediately. Note that the clear running-config command resets all configurations to their defaults. For example:
# clear running-config
To reset the startup-config to the default configuration, use the clear startup-config command in SuperUser mode. This command takes effect upon the next reboot. For example:
# clear startup-config
Showing the Running-ConfigTo display the CSS running configuration, use the show running-config command. The CSS does not display default configurations in the running-config. The syntax and options for this command are:
• show running-config - Display all components of the running-config.
• show running-config acl {index number} - Display Arrowpoint Control List (ACL) information of the running-config. For information about a specific ACL, include its index number.
• show running-config circuit {circuit name} - Display the circuit components of one or all circuits in the running-config.
• show running-config global - Display the global components of the running-config.
• show running-config group {group name} - Display the valid existing group components of the running-config. For information about a specific group, enter the group name as a case-sensitive unquoted text string.
• show running-config header-field-group {name} - Display the valid existing header-field group components of the running-config. For information about a specific group, enter name as a case-sensitive unquoted text string with a maximum length of 16 characters. To see a list of header-field groups, enter: show running-config header-field-group ?.
1-43Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Running-Config and Startup-Config
• show running-config interface interface name - Display a specific interface component of the running-config.
– For a CSS 11050 or CSS 11150, enter the interface name in interface-port format (for example, ethernet-2) interface format as interface_type-port:channel-group.subinterface (for example, serial-1, serial-2:10, serial-1:10.200).
– For a CSS 11800, enter the interface name in slot/port format(for example, 3/1).
• show running-config interfaces - Display all the interface components of the running-config.
• show running-config keepalive keepalive name - Display the existing keepalive components of the running configuration. For information about a specific keepalive, enter keepalive_name as a case-sensitive unquoted text string and a maximum length of 32 characters. To see a list of keepalives, enter: show keepalive-summary.
• show running-config owner {owner name} - Display the valid existing owner components of the running-config. For information about a specific owner, enter the owner name as a case-sensitive unquoted text string.
• show running-config service {service name} - Display the components of the running-config for a valid existing service. For information about a specific service, enter the service name as a case-sensitive unquoted text string.
• show running-config urql {urql name} - Display the components of the running-config for existing Uniform Resource Locator Qualifier Lists (URQL). For information about a specific URQL, enter the URQL name as a case-sensitive unquoted text string.
• show running-config dql {dql name} - Display Domain Qualifier List (DQL) information of the running-config. For information about a specific DQL, enter the DQL name as a case-sensitive unquoted text string.
• show running-config eql {eql name} - Display Extension Qualifier List (EQL) information of the running-config. For information about a specific EQL, enter the EQL name as a case-sensitive unquoted text string.
• show running-config nql {name} - Display Network Qualifier List (NQL) information of the running configuration. For information about a specific NQL, enter the NQL name as a case-sensitive unquoted text string.
1-44Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Running-Config and Startup-Config
• show running-config rmon-alarm - Display RMON alarm information of the running configuration.
• show running-config rmon-event - Display RMON event information of the running configuration.
• show running-config rmon-history - Display RMON history information of the running configuration.
An example of a running-config is shown below. Comments are preceded by an exclamation point (!). Note that the CSS does not display default values in the running- or startup-config even if you enter the values manually.
# show running-config
!************************ GLOBAL **********************ip route 0.0.0.0/0 158.3.7.2!********************** INTERFACE *********************interface ethernet-1
bridge vlan 2interface ethernet-2
bridge vlan 2!*********************** CIRCUIT **********************circuit VLAN1
ip address 10.3.6.58 255.255.255.0circuit VLAN2
ip address 158.3.7.58 255.255.255.0!*********************** SERVICE **********************service serv1
ip address 10.3.6.1active
service serv2ip address 10.3.6.2active
!************************ OWNER ***********************owner arrowpoint.com
content rule1ip address 158.3.7.43protocol tcpport 80add service Serv1add service Serv2active
1-45Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Running-Config and Startup-Config
Showing the Startup-ConfigOnce you copy the running-config to the startup-config, use the show startup-config command to display the star
tup-config. The CSS does not display default configurations in the startup-config.
The show startup-config has two options:
• show startup-config - Display the startup-config
• show startup-config line-numbers - Display the startup-config with line numbers
An example of a startup-config is shown below. Comments are preceded by an exclamation point (!).
# show startup-config line-numbers
1. !Generated MAR 6 18:56:112. configure3. !********************** CIRCUIT **********************4. circuit VLAN15. ip address 192.168.2.170 255.255.255.06. ip address 192.168.1.108 255.255.255.07. !********************** SERVICE **********************8. service s19. ip address 192.168.2.410. keepalive type none11. active12. !*********************** OWNER ***********************13. owner rose14. content rule-L315. vip address 192.168.128.10816. add service s117. active18. content rule-L519. add service s120. vip address 192.168.128.10821. url "/*"22. active
1-46Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedUsing the Running-Config and Startup-Config
Creating a Running-Config or Startup-Config Using a Text EditorIf you create a running- or startup-config using a text editor, you must arrange the configuration information in the same order as an automatically created running- or startup-config. The CSS arranges configuration information in the following categories within the running-config and startup-config files:
• Global - Contains configuration information relating to the CSS (for example, default route IP address)
• Interface - Contains physical port and VLAN associations
• Circuit - Contains circuit VLAN IP addresses and subnet masks
• Keepalive - Contains the global keepalive configuration
• Service - Contains service names, IP addresses, and all service configuration information
• EQL - Contains Extension Qualifier List (EQL) configuration
• Owner - Contains owner name, content rule name, and content rules
• Group - Contains source group configurations
• RMON Event - Contains RMON event configurations
• RMON Alarm - Contains RMON alarm configurations
• RMON History - Contains RMON history configurations
• ACL - Contains ArrowPoint Control List (ACL) configurations
• URQL - Uniform Resource Locator Qualifier List configurations (URQL)
Though the CSS organizes configuration information automatically, the order in which you configure the CSS is important because of interdependencies within CSS functionality. Enter configuration commands for features in the same sequence as they appear in the startup-config.
1-47Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedArchiving Files to the Archive Directory
Archiving Files to the Archive DirectoryUse the archive command and options to archive files. Archiving is useful when you update software and want to save a script, log, or startup-config file from a previous release of software. The archive directory on the CSS disk stores the archive files. This command is available in SuperUser mode.
To display the contents of the archive directory, enter show archive ?.
Note You must archive your startup-config and scripts before you upgrade the CSS software or these files will be overwritten during the upgrade. Once the upgrade is complete and the CSS has rebooted, use the restore command to copy these files from the archive directory to be used as current startup-config and scripts.
The options for this command are:
• archive log - Archive a log file
• archive running-config - Archive a running configuration
• archive script - Archive a script file
• archive startup-config - Archive the startup configuration file
Archiving a Log FileUse the archive log command to archive a log file. The syntax for this command is:
archive log log_filename {archive_filename}
The variables are:
• log_filename - The filename of the log to archive. To see a list of log files, enter archive log ?.
• archive_filename - An optional name you want to assign to the archive file. Enter an unquoted text string with a maximum length of 32 characters.
1-48Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedArchiving Files to the Archive Directory
Archiving the Running-ConfigUse the archive running-config command to archive the running-config. Enter the archive_filename as the name you want to assign to the archive file. The archive_filename is an unquoted text string with a maximum length of 32 characters. The syntax for this command is:
archive running-config archive_filename
Archiving ScriptsUse the archive script command to archive a script file. The syntax for this command is:
archive script script_filename {archive_filename}
The variables are:
• script_filename - The filename of the script to archive. To see a list of scripts, enter archive script ?.
• archive_filename - An optional name you want to assign to the archive file. Enter an unquoted text string with a maximum length of 32 characters.
Archiving the Startup-ConfigUse the archive startup-config command to archive the startup configuration file. Enter the archive_filename as an optional name you want to assign to the archive file. Enter an unquoted text string with a maximum length of 32 characters. The syntax for this command is:
archive startup-config {archive_filename}
Clearing the Archive DirectoryUse the clear archive command to clear a file in the archive directory. Enter the archive_filename as the name of the archive file to clear. To list the archive files, enter clear archive ?. The syntax for this command is:
clear archive archive_filename
1-49Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedRestoring Files from the Archive Directory
Restoring Files from the Archive DirectoryUse the restore command to restore files previously archived in the CSS archive directory. The archive directory on the CSS disk stores log, script, and startup-config files. This command is available in SuperUser mode. The options for this command are:
• restore archive_filename log - Restore an archived log file to the log subdirectory
• restore archive_filename script - Restore an archived script file to the script subdirectory
• restore archive_filename startup-config - Restore an archived startup-config file to the startup configuration
Note The archive directory resides on the CSS hard drive. If you booted your CSS from a network-mounted system and your hard drive is not working, archive- and restore-related functions are suspended.
For more information on these options and associated variables, refer to the following sections.
Restoring an Archived Log FileUse the restore log command to restore an archived log file to the log subdirectory. The syntax for this command is:
restore archive_filename log {log_filename}
The variables are:
• archive_filename - The name of the archived log file. Enter an unquoted text string. To see a list of archived files, enter restore ?.
• log_filename - An optional name you want to assign to the restored log file. Enter an unquoted text string with a maximum length of 32 characters.
The following example restores the log file arrowlog to the log subdirectory and renames it to arrowpointlog.
# restore arrowlog log arrowpointlog
1-50Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedRestoring Files from the Archive Directory
Restoring an Archived Script FileUse the restore archive_filename script command to restore an archived script file to the script subdirectory. The syntax is:
restore archive_filename script {script_filename}
The variables are:
• archive_filename - The name of the archived file. Enter an unquoted text string. To see a list of archived files, enter restore ?.
• script_filename - An optional name you want to assign to the script file. Enter an unquoted text string with a maximum length of 32 characters.
The following example restores the script arrowscript to the script subdirectory.
# restore arrowscript script
Restoring an Archived Startup-ConfigUse the restore archive_filename startup-config command to restore an archived file to the startup configuration. Enter the archived startup-config filename as an unquoted text string. To see a list of archived files, enter restore ?.
Caution The restored file overwrites the startup configuration.
The syntax is:
restore archive_filename startup-config
The following example restores the archived startup-config arrowstart as the current startup-config.
# restore arrowstart startup-config
1-51Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedRestoring Files from the Archive Directory
d”
Copying Core Dumps to an FTP or TFTP ServerTo copy core dumps from the CSS to a File Transfer Protocol (FTP) or Trivial File Transfer Protocol (TFTP) server, use the copy core command. The copy core command is available at the SuperUser prompt.
The options for this command are:
• copy core coredump_filename ftp
• copy core coredump_filename tftp
To see a list of core dumps, enter the copy core ? command.
Copying Core Dumps to an FTP Server
To copy a core dump to an FTP server, use the copy core ftp command. Before you copy a core dump from the CSS to an FTP server, you must create an FTP record file containing the FTP server IP address, username, and password. For information on configuring an FTP record, refer to “Configuring an FTP Recorin this chapter.
The syntax is:
# copy core coredump_filename ftp ftp_record filename
For example:
# copy core dumpfile ftp ftpserv1 starlogthurs
The variables are:
• coredump_filename - The name of the core dump on the CSS. Enter an unquoted text string with no spaces and a maximum length of 32 characters.
• ftp_record - The name of the FTP record file that contains the FTP server IP address, username, and password. Enter an unquoted text string with no spaces and a maximum length of 32 characters.
• filename - The name you want to assign to the file on the FTP server. Include the full path to the file. Enter an unquoted text string with no spaces and a maximum length of 32 characters.
1-52Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedDisplaying CSS Configurations
Copying Core Dumps to a TFTP Server
To copy a core dump to an TFTP server, use the copy core tftp command.
The syntax is:
# copy core coredump_filename tftp ip_address or hostname filename
The variables are:
• coredump_filename - The name of the core dump on the CSS. Enter an unquoted text string with no spaces and a maximum length of 32 characters.
• IP_address or hostname - The IP address or host name of the TFTP server to receive the file. Enter an IP address in dotted-decimal notation (for example, 192.168.11.1) or in mnemonic host-name format (for example, myhost.mydomain.com). If you wish to use a hostname, you must first set up a host table using the (config) host command.
• filename - The name you want to assign to the file on the TFTP server. Include the full path to the file. Enter an unquoted text string with no spaces and a maximum length of 32 characters.
Displaying CSS ConfigurationsThe CSS Command Line Interface (CLI) provides a comprehensive set of show commands that display CSS configurations. The show commands are mode-independent; that is, they are available in each mode.
Note The CSS does not show configuration default values in the show displays. This applies even when you enter a command to configure a default value.
To display the list of show commands, enter:
(config)# show ?
1-53Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedDisplaying CSS Configurations
Displaying Software InformationUse the version command in SuperUser mode to display the version of software currently running on the CSS. This display also shows the version of flash, whether the software is set to primary or secondary, and your license number.
For example:
# version
Version: ap0400003 (4.0 Build 3)Flash (Locked): 3.10 Build 10Flash (Operational): 3.50 Build 86Type: PRIMARYLicensed Cmd Set(s): Standard Feature Set Enhanced Feature Set SSH Server
Displaying Hardware InformationUse the show chassis command to display a chassis configuration. The syntax and options for this command are:
• show chassis - Display a summary of the chassis configuration.
• show chassis flash - Display the operational and locked flash version for the CSS 11150 and the CSS 11800 System Control Module (SCM) and Switch Fabric Module (SFM). An asterisk (*) character before a flash version and build number indicates it is the active flash.
• show chassis inventory - Display the physical configuration of the CSS including their part and serial numbers.
• show chassis slot number - Display the operational parameters for a slot in a 11800 CSS. Enter an integer value. To see a list of slots, enter show chassis slot ?.
• show chassis verbose - Display detailed information about the chassis configuration.
1-54Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedDisplaying CSS Configurations
To view a summary of the chassis configuration, enter:
# show chassis
Configuration for CS150:
Name: CS150 SW Version: 4.0 Build 3HW Major Version: 18 HW Minor Version:0Serial Number: 21119901237Base Mac Address: 00-10-58-00-1f-79
Module Number Module Name Status1 FEM primary2 FEM primary5 SCFM primaryPort Number Port Name Status1 ethernet-1 online2 ethernet-2 online3 ethernet-3 online4 ethernet-4 online5 ethernet-5 online6 ethernet-6 online7 ethernet-7 online8 ethernet-8 online9 ethernet-9 online10 ethernet-10 online11 ethernet-11 online12 ethernet-12 online
Note In the CSS 11050 and the CSS 11150, the Switch Control Module (SCM) and Switch Fabric Module (SFM) are combined on one integrated circuit card called the Switch Control Fabric Module (SCFM).
To view the chassis flash, enter:
# show chassis flash
Configuration for CS150:
Name: CS150 SW Version: 4.0 Build 3HW Major Version: 18 HW Minor Version: 0Serial Number:21119901237Base Mac Address:00-10-58-00-1f-79
Operational Locked*4.00 Build 3 3.10 Build 1
1-55Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedDisplaying CSS Configurations
To display the physical configuration of the CSS, enter:
# show chassis inventory
Chassis Inventory:
Base Mac Address: 00-10-58-55-65-13
Chassis CS800:PN: CS-800-SYS-01 Rev: 13.0 SN: 14219901051
Slot 1 FEM: PN: CS800-LAN-01 Rev: 12.0SN: 10059800119Slot 2 FEM: PN: CS800-LAN-01 Rev: 12.0SN: 11319801009Slot 3 FEM: PN: CS800-LAN-01 Rev: 12.0SN: 11319801010Slot 4 FEM: PN: CS800-LAN-01 Rev: 12.0SN: 10059800113Slot 5 SFM2: PN: CS800-SFM-02 Rev: 1.0SN: 21279903388Slot 7 SCM: PN: CS800-SCM-01 Rev: 14.0SN: 11349801007Slot 10 SFM2: PN: 815-00075-00 Rev: 1.0SN: 21279903392Slot 11 FEM: PN: CS800-LAN-01 Rev: 12.0SN: 11319801000Slot 12 FEM: PN: CS800-LAN-01 Rev: 12.0SN: 11349801048Slot 13 FEM: PN: CS800-LAN-01 Rev: 12.0SN: 11349801040Slot 14 FEM: PN: CS800-LAN-01 Rev: 12.0SN: 11319801007
Showing System ResourcesUse the show system-resource command to display information about the size of the installed and free memory available on the:
• CSS 11150.
• CSS 11800 SCM and SFM modules. The CSS displays system resources for the primary SCM and SFM.
1-56Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedDisplaying CSS Configurations
For example:
(config)# show system-resources
System Resources:
Installed Memory: 134,217,728 (128 MB)Free Memory: 27,421,152 (26 MB)CPU: 27
Buffer Statistics:Buffer Pool: 0
Size: 256 Total: 1000 Available: 1000 Failures: 0Low Buffer Count:859
Buffer Pool: 1Size: 2080 Total: 9000 Available: 8344 Failures: 0Low Buffer Count: 8299
Showing User InformationTo display all users currently defined in the CSS, enter:
(config)# show user-database
Virtual Authentication: enableConsole Authentication: enable
Username Password Privilege Levelpicard ****** privilege(admin)admin ****** privilegebroccoli ****** non-privilege
To display information for a specific user, enter:
(config)# show user-database picard
Username: picardPassword ******Privilege Level privilege
1-57Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 1 Logging in and Getting StartedDisplaying CSS Configurations
Showing Current LoginsTo display currently connected lines or sessions, use the show lines command. A connected line is a console or Telnet session. This command is available in all modes.
For example, to display currently connected lines or sessions, enter:
(config)# show lines
Line User Login Idle Locationconsole admin 0 days 02:59:55 0 days 01:57:02 local* vty1 admin 0 days 00:30:28 0 days 00:00:00 10.0.3.71
The * next to an entry in the Line field indicates the line you are currently logged into.
Where to Go Next
Chapter 2, Configuring User Profiles and CSS Parameters provides information on how to configure user profiles and CSS parameters. This chapter also contains information on using the Content API and Command Scheduler features.
1-58Content Services Switch Basic Configuration Guide
78-11424-01
Content Services S78-11424-01
C H A P T E R 2
Configuring User Profiles and CSS ParametersThis chapter describes how to configure user profiles and CSS parameters. This chapter also contains information on using the Content API and Command Scheduler features. Information in this chapter applies to all models of the CSS except where noted.
This chapter contains the following sections:
• Configuring User Profiles
• Boot Configuration Mode Commands
• Configuring Host Name
• Configuring Idle Timeout
• Controlling Remote Access to the CSS
• Restricting Console, FTP, SNMP, Telnet, XML, and Web Management Access to the CSS
• Configuring Flow Parameters
• Finding an IP Address
• Configuring Content API
• Configuring the Command Scheduler
2-1witch Basic Configuration Guide
Chapter 2 Configuring User Profiles and CSS ParametersConfiguring User Profiles
nd ile.
ve
DI and n
to
Configuring User ProfilesThe CSS contains a default-profile that resides in the scripts directory on the Internal Disk Module (IDM). This file contains settings that are user-specific; that is, they apply uniquely to each user when the user logs in.
You can customize the following settings for each user:
• CLI prompt
• Expert mode
• History buffer
• Terminal parameters, including idle time, length, more, netmask format, and timeout
Though the settings are user-specific, each default setting applies to all users until the user saves the default-profile to a username-profile (where username is the current login username). You may choose to continue using the default-profile so that all users logging into a CSS use the same settings. Refer to “Copying aSaving User Profiles” in this chapter for information on saving the default-prof
If you change a user setting and want to save it in the scripts directory of thecurrent .ADI, use a copy profile command. If you do not, the CSS stores the setting temporarily in a running-profile. If you attempt to log out of the CSS without saving profile changes, the CSS prompts you that profile changes habeen made and allows you to save or discard the changes.
When you upgrade the .ADI, user profiles, which are saved in the current .Adirectory, are deleted. If you wish to save user profiles permanently, use thesave_profile command. This command saves the profiles in both the scripts archive directories in the current .ADI. The archive directory is not overwritteduring a software upgrade.
To access the CSS IDM, FTP into the CSS. Use the appropriate commands access the scripts directory and list the contents of the default-profile. Whenlogged into the CSS, use the show profile command to display either the default-profile or your username-profile.
2-2Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersConfiguring User Profiles
This section contains information on:
• Configuring User Terminal Parameters
• Using Expert Mode
• Changing the CLI Prompt
• Modifying the History Buffer
• Copying and Saving User Profiles
Configuring User Terminal ParametersTo configure terminal parameters, use the terminal command. These parameters control output to the system terminal screen. Terminal parameters are user-specific; that is, they apply uniquely to each CSS user.
Use the copy profile user-profile command to add terminal command parameters to your user profile so that the parameters are used each time you log in. Otherwise you must re-enter the commands for the parameters to take effect each time you log in.
The options for this command are:
• terminal idle - Set the session idle timer.
• terminal length - Set the terminal screen output length.
• terminal more - Enable terminal more support. The default is enabled.
• terminal netmask-format - Control subnet mask display.
• terminal timeout - Set the session maximum login time.
Configuring Terminal Idle
To set the time a session can be idle before the CSS terminates a console or Telnet session, use the terminal idle command. The default value is 0 (disabled). This command is available at the User and SuperUser prompts. Enter an idle time between 0 and 65535 minutes.
To set a terminal idle time, enter:
# terminal idle 15
2-3Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersConfiguring User Profiles
To revert the terminal idle time to its default of disabled, enter:
# no terminal idle
Configuring Terminal Length
To set the number of output lines the CLI displays on the terminal screen, use the terminal length command. This command is available at the User and SuperUser prompts. Enter the number of lines you want the CLI to display from 2 to 65535. The default is 25 lines.
For example, to set the line number to 35, enter:
# terminal length 35
To set the number of lines to the default of 25 lines, enter:
# no terminal length
Configuring Terminal More
To enable support for more terminal functions, use the terminal more command. This command is available at the User and SuperUser prompts. You can also toggle the more function on and off within a session by using the ESC-M key sequence.
To enable more terminal functions, enter:
# terminal more
To disable support for more terminal functions, enter:
# no terminal more
Configuring Terminal Netmask-Format
To determine how the CSS displays subnet masks in show screens, use the terminal netmask-format command. This command is available at the User and SuperUser prompts. The options for this command are:
• terminal netmask-format bitcount - Displays masks in bitcount (for example, /24).
• terminal netmask-format decimal - Displays masks in dotted-decimal format (for example, 255.255.255.0). This is the default format.
2-4Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersConfiguring User Profiles
• terminal netmask-format hexadecimal - Displays masks in hexadecimal format (for example, OXFFFFFFOO).
For example, to display subnet masks in bitcount format, enter:
# terminal netmask-format bitcount
To revert to the default display format (decimal), enter:
# no terminal netmask format
Configuring Terminal Timeout
To set the total amount of time a session can be logged in before the CSS terminates a console or Telnet session, use the terminal timeout command. The default value is 0 (disabled). This command is available at the User and SuperUser prompts. Enter a timeout value between 0 and 65535 minutes.
To set a terminal timeout value, enter:
# terminal timeout 30
To revert the terminal timeout value to its default (disabled), enter:
# no terminal timeout
Using Expert ModeExpert mode allows you to turn the CSS confirmation capability on or off. Expert mode is available at the SuperUser prompt and is off by default. When expert mode is off, the CSS prompts you for confirmation when you:
• Execute commands that could delete or change operating parameters
• Exit a terminal session (console or Telnet) without copying the running-config to startup-config
• Create services, owners, and content rules
Turning expert mode on prevents the CSS from prompting you for confirmation when you make configuration changes. To prevent the CSS from prompting you for confirmation when you make configuration changes, enter:
# expert
2-5Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersConfiguring User Profiles
To allow the CSS to prompt you for confirmation when you make configuration changes, enter:
# no expert
For example, when you issue the command to create an owner and expert mode is off, the CSS prompts you to verify the command:
(config)# owner arrowpoint.comCreate owner <arrowpoint.com>, [y/n]:y(config-owner[arrowpoint.com])#
Changing the CLI PromptThe CLI default prompt displays as the product model number followed by the # symbol. The CSS adds a # sign to the prompt automatically to indicate SuperUser mode. To change the default prompt, enter the prompt command as shown in the following example:
CSS800# prompt CSS1-labCSS1-lab#
To save the new prompt, add it to user or default profiles. To restore the prompt to its default, use the no prompt command.
Modifying the History BufferUse the history command to modify the history buffer length. The command line history buffer stores the most recent CLI commands that you enter. Enter the number of lines you want in the history buffer as an integer from 0 to 256. The default is 20. This command is available in SuperUser mode.
For example, to set the history buffer to 80 lines, enter:
# history length 80
To disable the history function, enter 0.
# history length 0
To restore the history buffer to the default of 20 lines, enter:
# no history length
2-6Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersConfiguring User Profiles
Displaying the History Buffer
Use the show history command to display the history buffer. The history buffer is cleared automatically upon reboot.
For example:
# show history
historyshow historyshow ip routesshow ip summaryshow ip statclockclock dateclock timeshow history
2-7Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersConfiguring User Profiles
Copying and Saving User ProfilesUse the copy profile command to copy the running profile from the CSS to the default-profile, an FTP server, a TFTP server, or your user-profile. The options are:
• copy profile default-profile - Copy the running profile to the default profile
• copy profile user-profile - Copy the running profile to your user profile
• copy profile ftp - Copy the running profile to an FTP server
• copy profile tftp - Copy the running profile to a TFTP server
Note If you exit the CSS without copying changes in the running profile to your username-profile or default-profile, the CSS prompts you that the profile has changed and queries whether or not you want to save your changes. If you respond with y, the CSS copies the running profile to your username-profile or the default-profile.
Refer to the following sections for information on these options.
Copying the Running Profile to the Default-Profile
Use the copy profile default-profile command to copy the running profile to the default profile. This command is available at the SuperUser prompt.
For example:
# copy profile default-profile
Copying the Running Profile to a User Profile
Use the copy profile user-profile command to proactively copy the changes made to the running profile to the user profile. This command creates a file username-profile if one does not exist (where username is the current username).
For example:
# copy profile user-profile
2-8Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersConfiguring User Profiles
Copying the Running Profile to an FTP Server
Use the copy profile ftp command to copy the running profile to an FTP server. The syntax is:
copy profile ftp ftp_record filename
The variables are:
• ftp_record - The name of the FTP record file that contains the server IP address, username, and password. Enter an unquoted text string with no spaces and a maximum length of 32 characters.
• filename - The name you want to assign to the file on the server. Include the full path to the file. Enter an unquoted text string with no spaces and a maximum length of 32 characters.
For example:
# copy profile ftp arrowrecord \records\arrowftprecord
Copying the Running Profile to a TFTP Server
Use the copy profile tftp command to copy the running profile to a TFTP server. The syntax is:
copy profile tftp ip_or_host filename
The variables are:
• ip_address or host - The IP address or host name of the server to receive the file. Enter an IP address in dotted-decimal notation (for example, 192.168.11.1) or in mnemonic host-name format (for example, myhost.mydomain.com).
• filename - The name you want to assign to the file on the server. Include the full path to the file. Enter an unquoted text string with no spaces and a maximum length of 32 characters.
For example:
# copy profile tftp 192.168.3.6 \home\bobo\bobo-profile
2-9Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersBoot Configuration Mode Commands
Boot Configuration Mode CommandsBoot configuration mode contains all of the commands necessary to manage booting the CSS and to maintain the software revision. To access this mode, use the boot command from global configuration mode. The prompt changes to (config-boot).
To access boot mode, enter:
(config)# boot
The CSS enters into boot mode.
(config-boot)#
For information about commands available in boot mode, refer to the following sections:
• Unpacking an ArrowPoint Distribution Image (ADI)
• Removing an ArrowPoint Distribution Image (ADI)
• Specifying the Primary BOOT Configuration
• Specifying the Secondary Boot Configuration
• Configuring a Boot Configuration Record for the Passive SCM
• Showing the BOOT Configuration
• Booting the CSS from a Network Drive
Unpacking an ArrowPoint Distribution Image (ADI)Use the unpack command to unpack the ArrowPoint Distribution Image (ADI) on the CSS disk. Enter the ADI filename as an unquoted text string with a maximum length of 32 characters. For example:
(config-boot)# unpack ap0401001.adi
Note Before unpacking the .ADI, you must first copy the .ADI to the CSS disk. Use the copy ftp ftp_record filename boot-image command to copy the .ADI to the CSS disk.
2-10Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersBoot Configuration Mode Commands
Removing an ArrowPoint Distribution Image (ADI)Use the remove command to remove an ArrowPoint Distribution Image (ADI) that is not currently running on the CSS. To display a list of ADIs installed on your CSS, enter remove ?. To display the ADI you are currently running, use the version command.
Enter the ADI filename as an unquoted text string with a maximum length of 32 characters.
For example, to remove an ADI, enter:
(config-boot)# remove ap0206001
Specifying the Primary BOOT ConfigurationUse the primary command to specify the primary boot configuration. The options for this boot mode command are:
• primary boot-file - Specify the primary boot file
• primary boot-type - Specify the primary boot method, local disk, using FTP, or a network-mounted file system using FTP
• primary config-path - Specify the path to a network CSS configuration
Refer to the following sections for more information on these options and associated variables.
Configuring the Primary Boot-File
Use the primary boot-file command to specify the primary boot file. Enter the primary boot file as an unquoted text string with no spaces and a maximum length of 64 characters.
For example:
(config-boot)# primary boot-file ap0400003
To display a list of boot filenames, enter:
(config-boot)# primary boot-file ?
2-11Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersBoot Configuration Mode Commands
To remove the primary boot file, enter:
(config-boot)# no primary boot-file
Configuring the Primary Boot-Type
Use the primary boot-type command to specify the primary boot method, either from the local disk or using FTP. The syntax and options for this boot mode command are:
• primary boot-type boot-via-disk - Allows you to boot the CSS from software currently on the IDM.
• primary boot-type boot-via-ftp ftp_record - Allows you to download an ADI file containing CSS software that you want to install on the IDM.
• primary boot-type boot-via-network ftp_record - Allows you to use FTP to boot the CSS from software located on a network drive. The CSS boots independently from the IDM and loads the configuration into memory. The FTP server must be running on an NT operating system.
Enter the ftp_record as the name of the FTP record file that contains the FTP server IP address, username, and password. Enter an unquoted text string with no spaces and a maximum length of 32 characters.
For example, to configure the primary boot-type to boot-via-disk, enter:
(config-boot)# primary boot-type boot-via-disk
To remove the primary boot type, enter:
(config-boot)# no primary boot-type
Configuring the Primary Config-Path
Use the primary config-path command to specify the alternate path to a network configuration for the network boot method. An alternate configuration path allows multiple CSSs to use the same boot image while keeping their configuration information in separate directories. The CSS must be able to access the configuration path through an NT FTP server as defined in the FTP record for the network boot method.
Note The FTP server must be running on an NT operating system.
2-12Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersBoot Configuration Mode Commands
When using an alternate configuration path, make sure that the path leads to a directory containing the script, log, and info subdirectories and the startup-config file. These subdirectories must contain the files in the corresponding subdirectories of the unzipped boot image. First, create these subdirectories, then copy the files from the boot image to the subdirectories.
Enter the configuration pathname as an unquoted text string with no spaces and a maximum length of 64 characters.
For example, to configure the primary config path, enter:
(config-boot)# primary config-path f:/bootdir/
To remove the primary network configuration path, enter:
(config-boot)# no primary config-path
Specifying the Secondary Boot ConfigurationUse the secondary command to specify the secondary boot configuration. The secondary boot configuration is used when the primary configuration fails. The options for this boot mode command are:
• secondary boot-file - Specify the secondary boot file
• secondary boot-type - Specify the boot method, local disk or FTP
• secondary config-path - Specify the path to a network configuration using FTP
For more information on these options and associated variables, refer to the following sections.
Specifying the Secondary Boot-File
Use the secondary boot-file command to specify the secondary boot file that the CSS uses when the primary boot configuration fails. Enter the boot file as an unquoted text string with no spaces and a maximum length of 64 characters.
For example:
(config-boot)# secondary boot-file ap0310046
2-13Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersBoot Configuration Mode Commands
To display a list of secondary boot filenames, enter:
(config-boot)# secondary boot-file ?
To remove the secondary boot file, enter:
(config-boot)# no secondary boot-file
Specifying the Secondary Boot-Type
Use the secondary boot-type command to boot the system using the local disk, FTP, or a network-mounted file system. The FTP record contains the IP address, username, and password for the FTP server. Enter the ftp_record as an unquoted text string with no spaces and a maximum length of 32 characters.
The syntax and options for this boot mode command are:
• secondary boot-type boot-via-disk - Boot the system from local disk.
• secondary boot-type boot-via-ftp ftp_record - Boot the system via FTP.
• secondary boot-type boot-via-network ftp_record - Boot the system from a network-mounted file system using FTP. The CSS boots independently from its hard drive and loads the configuration into memory. The FTP server must be running on an NT operating system.
For example, to specify the secondary boot type as boot-via-disk, enter:
(config-boot)# secondary boot-type boot-via-disk
To remove the secondary boot type, enter:
(config-boot)# no secondary boot-type
Specifying the Secondary Config-Path
Use the secondary config-path command to specify the alternate path to a network configuration for the network boot method. An alternate configuration path allows multiple CSSs to use the same boot image while keeping their configuration information in separate directories. The CSS must be able to access the configuration path through an NT FTP server as defined through the FTP record for the network boot method.
Note The FTP server must be running on an NT operating system.
2-14Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersBoot Configuration Mode Commands
When using an alternate configuration path, make sure that the path leads to a directory containing the script, log, and info subdirectories and the startup-config file. These subdirectories must contain the files in the corresponding subdirectories of the unzipped boot image. First, create these subdirectories, then copy the files from the boot image to the subdirectories.
Enter the configuration pathname as an unquoted text string with no spaces and a maximum length of 64 characters.
For example, to configure the secondary config path, enter:
(config-boot)# secondary config-path f:/bootdir/
To remove the secondary network configuration path, enter:
(config-boot)# no secondary config-path
Configuring a Boot Configuration Record for the Passive SCMUse the passive command to configure the boot configuration record for the current passive SCM installed in a CSS 11800. The boot configuration record consists of the IP address, subnet mask, boot method, and boot file.
With the sync option for this command, you can copy the boot configuration record from the active SCM to the passive SCM. In most CSS configurations, the active and passive SCMs will have the same boot record.
This command also allows you to configure the individual components of the boot configuration record on the passive SCM. For example, you can configure a boot record on the passive SCM that has a software version that differs from the active SCM. This allows you run a new software version on the active SCM with the security of having an older software version on the passive SCM.
You can also configure a different IP address on the passive SCM to track an active-to-passive state transition between the SCMs. You can accomplish this through a management station where you can receive SNMP host traps.
2-15Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersBoot Configuration Mode Commands
Note The passive command and its options only effect the current passive SCM. When you configure the passive SCM, the set values are loaded into its nonvolatile RAM. If the passive SCM transitions to the active state, it continues to retain these values but is no longer affected by these commands; boot commands are not saved in the running-config.
The options for this boot mode command are:
• passive ip address - Configure the system boot IP address for the passive SCM.
• passive primary boot-file - Specify the primary boot file for the passive SCM.
• passive primary boot-type - Specify the primary boot method, local disk, FTP, or network-mounted file system using FTP, for the passive SCM.
• passive primary config-path - Specify the primary alternate path to a network CSS configuration for the passive SCM.
• passive secondary boot-file - Specify the secondary boot file for the passive SCM.
• passive secondary boot-type - Specify the secondary boot method, local disk, FTP, or network-mounted file system via FTP, for the passive SCM.
• passive secondary config-path - Specify the secondary alternate path to a network CSS configuration for the passive SCM.
• passive subnet mask - Configure the system boot subnet mask for the passive SCM.
• passive sync - Copy the boot configuration record from the active SCM to the passive SCM.
For more information on these options and associated variables, refer to the following sections.
2-16Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersBoot Configuration Mode Commands
Configuring the Passive SCM IP Address
Use the passive ip address command to configure the system boot IP address for the passive SCM. Enter the IP address for the passive SCM that will be used on boot up. Do not enter an all zero IP address.
For example:
(config-boot)# passive ip address 172.16.3.6
To change the passive SCM boot IP address, reissue the passive ip address command.
Configuring the Passive SCM Primary Boot File
Use the passive primary boot-file command to specify the primary boot image for the passive SCM. Enter the filename of the primary boot image for the passive SCM as an unquoted text string with no spaces and a maximum length of 64 characters. To display a list of filenames, enter: passive primary boot-file ?.
For example:
(config-boot)# passive primary boot-file ap0400003
To remove the primary boot file from the passive SCM, enter:
(config-boot)# no passive primary boot-file
Configuring the Passive SCM Primary Boot Type
Use the passive primary boot-type command to specify the primary boot method: the local disk, FTP, or a network-mounted file system for the passive SCM. The syntax and options for this boot mode command are:
• passive primary boot-type boot-via-disk - Boot the system from local disk.
• passive primary boot-type boot-via-ftp ftp_record - Boot the system via FTP.
• passive primary boot-type boot-via-network ftp_record - Boot the system from a network-mounted file system via FTP. The CSS boots independently from its hard drive and loads the configuration into memory. The FTP server must be running on an NT operating system.
2-17Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersBoot Configuration Mode Commands
Enter the ftp_record as the name of the FTP record file that contains the FTP server IP address, username, and password. Enter an unquoted text string with no spaces and a maximum length of 32 characters.
For example:
(config-boot)# passive primary boot-type boot-via-ftp arecord
To remove the primary boot type from the passive SCM, enter:
(config-boot)# no passive primary boot-type
Configuring the Passive SCM Primary Configuration Path
Use the passive primary config-path command to specify the alternate path to a network configuration for the network boot method for the passive SCM. An alternate configuration path allows multiple CSSs to use the same boot image while keeping their configuration information in separate directories. The CSS must be able to access the configuration path through an NT FTP server as defined through the FTP record for the network boot method.
Note The FTP server must be running on an NT operating system.
When using an alternate configuration path, make sure that the path leads to a directory containing the script, log and info subdirectories, and the startup-config file. These subdirectories must contain the files in the corresponding subdirectories in the unZipped boot image. First, create these subdirectories. Then copy the files from the boot image to the subdirectories.
Enter the configuration path for network configuration. Enter an unquoted text string with no spaces and a maximum length of 64 characters. For example:
(config-boot)# passive primary config-path c:/bootdir/
To remove the primary network configuration path, enter:
(config-boot)# no passive primary config-path
2-18Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersBoot Configuration Mode Commands
Configuring the Passive SCM Secondary Boot File
Use the passive secondary boot-file command to specify the secondary boot image for the passive SCM. Enter the boot file name for the primary boot image as an unquoted text string with no spaces and a maximum length of 64 characters. To display a list of boot filenames, enter: passive secondary boot-file ?. For example:
(config-boot)# passive secondary boot-file ap0400003
To remove the secondary boot file from the passive SCM, enter:
(config-boot)# no passive secondary boot-file
Configuring the Passive SCM Secondary Boot Type
Use the passive secondary boot-type command to boot the system using the local disk, FTP, or a network-mounted filesystem for the passive SCM. The syntax and options for this boot mode command are:
• passive secondary boot-type boot-via-disk - Boot the system from local disk.
• passive secondary boot-type boot-via-ftp ftp_record - Boot the system via FTP.
• passive secondary boot-type boot-via-network ftp_record - Boot the system from a network-mounted file system via FTP. The CSS boots independently from its hard drive and loads the configuration into memory. The FTP server must be running on an NT operating system.
Enter the ftp_record as the name of the FTP record file that contains the FTP server IP address, username, and password. Enter an unquoted text string with no spaces and a maximum length of 32 characters.
For example:
(config-boot)# passive secondary boot-type boot-via-disk
To remove the secondary boot type from the passive SCM, enter:
(config-boot)# no passive secondary boot-type
2-19Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersBoot Configuration Mode Commands
Configuring the Passive SCM Secondary Configuration Path
Use the passive secondary config-path command to specify the secondary alternate path to a network configuration for the network boot method for the passive SCM. An alternate configuration path allows multiple CSSs to use the same boot image while keeping their configuration information in separate directories. The CSS must be able to access the configuration path through an NT FTP server as defined through the FTP record for the network boot method.
Note The FTP server must be running on an NT operating system.
When using an alternate configuration path, make sure that the path leads to a directory containing the script, log and info subdirectories and the startup-config file. These subdirectories must contain the files in the corresponding subdirectories of the unzipped boot image. First, create these subdirectories. Then copy the files from the boot image to the subdirectories.
Enter the configuration path as an unquoted text string with no spaces and a maximum length of 64 characters.
For example:
(config-boot)# passive secondary config-path c:/bootdir/
To remove the primary network configuration path, enter:
(config-boot)# no passive secondary config-path
Configuring the Passive SCM Subnet Mask
Use the passive subnet mask command to configure the system boot subnet mask for the passive SCM.
For example:
(config-boot)# passive subnet mask 255.255.0.0
2-20Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersBoot Configuration Mode Commands
Copying the Boot Configuration Record from the Active SCM to the Passive SCM
Use the passive sync command to copy the primary and secondary boot configuration record from the nonvolatile RAM (NVRAM) of the active SCM to its passive SCM backup. This command is available in boot mode.
For example:
(config-boot)# passive sync
Showing the BOOT ConfigurationUse the show boot command to display your boot configuration. For example:
(config-boot)# show boot
!*********************** BOOT CONFIG ***********************primary boot-file ap0400003primary boot-type boot-via-disksubnet mask 255.0.0.0ip address 172.16.36.58
Booting the CSS from a Network DriveThe network booting feature enables you to boot the CSS from an NT network drive using the .zip file included on your Documentation and System Software compact disc. When you configure the CSS for network boot, the Internal Disk Module (IDM) is not required. To avoid affecting network bandwidth consumption, do not configure logging to disk when booting the CSS from a network drive.
Note The FTP server must be running on an NT operating system.
Note Network boot does not support core dumps.
2-21Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersBoot Configuration Mode Commands
Perform a network boot if:
• You want multiple CSSs to use the same boot image while keeping their own configuration information. Provide an alternate path for the location of the configuration information. This information must exist on the same network file system as the boot image.
Note When using an alternate configuration path, make sure that the path leads to a directory containing the script, log and info subdirectories. These subdirectories must contain the files in the corresponding subdirectories in the boot image. Create these subdirectories, then copy the files from the boot image.
• The CSS has a hard drive failure. A network boot allows the CSS to boot independently from its hard drive and to load the configuration into memory.
You can configure network boot for CSS 11800:
• Primary SCMs
• Passive SCMs
Configuring Network Boot for a Primary SCM
To configure network boot for a primary SCM:
1. Ensure the SCM management port has access to the network drive from which you are booting the CSS. The SCM will mount the drive, and read and write to it.
2. FTP the software .zip file to the network drive base directory specified in the FTP record. This must be the same directory from which you are booting the CSS.
3. Unzip the file. You must use the .zip distribution format for network loading.
2-22Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersBoot Configuration Mode Commands
P ath
or
to path
in
rive e .
e a
4. Configure the FTP record (refer to the section entitled “Configuring an FTRecord” in Chapter 1). Note that the config-path and the base directory pin the ftp-record associated with the network boot must not contain a pathname that collides with a non-network driver name (for example, c: host:). For example:
# ftp-record bootrecord 192.168.19.21 bobo encrypted-password "secret" e:/adi_directory/
This directory must contain the unzipped files.
5. Configure the CSS to boot from a network drive. For example:
(config-boot)# primary boot-type boot-via-network bootrecord
6. Optionally, configure a primary configuration path to allow multiple CSSsuse the same boot image while keeping their configuration information inseparate directories. The CSS must be able to access the configuration through the FTP server as defined in the FTP record. For example:
(config-boot)# primary config-path e:/adi_directory/
Configuring Network Boot for a Passive SCM
To configure network boot for a CSS 11800 passive SCM:
1. Configure an FTP record for the passive SCM, if not already configured.Refer to “Configuring a Boot Configuration Record for the Passive SCM”this chapter.
2. Ensure the passive SCM management port has access to the network dfrom which you are booting the CSS. If the primary SCM fails, the passivSCM will connect to the remote disk and load the software configuration
3. Configure the CSS to boot from a network drive. For example:
(config-boot)# passive primary boot-type boot-via-network bootrecord
To display a list of configured ftp records, re-enter the command and us“?”. For example:
(config-boot)# passive primary boot-type boot-via-network bootrecord ?
2-23Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersBoot Configuration Mode Commands
4. Optionally, configure a primary configuration path to allow multiple CSSs to use the same boot image while keeping their configuration information in separate directories. Your FTP daemon must support the drive mapping. Also, the CSS must be able to access the configuration path through the FTP server as defined in the FTP record. For example:
(config-boot)# primary config-path e:/adi_directory/
Showing Network Boot ConfigurationsTo display the network boot configuration, use the version command. For example:
(config)# version
Version: ap0400003 (4.00 Build 03)Network Path: e:/adi_directory/Config Path: e:/adi_directory/Flash (Locked): 3.10 Build 10Flash (Operational):4.00 Build 2Type: PRIMARYLicense Cmd Set: Standard Feature Set Enhanced Feature Set SSH Server
You can also use the show boot-config command to display network boot configuration information. For example:
(config)# show boot-config
!*********************** BOOT CONFIG ***********************secondary config-path e:/adi_directory/secondary boot-type boot-via-network Secondary-Bootprimary boot-file ap0400003primary boot-type boot-via-networksubnet mask 255.0.0.0ip address 192.168.4.226
2-24Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersConfiguring Host Name
Configuring Host NameUse the host command to manage entries in the Host table. The Host table is the static mapping of mnemonic host names to IP address, analogous to the ARP table. The syntax for this global configuration mode command is:
host host_name ip_address
• host_name - The name of the host. Enter an unquoted text string with no spaces and a length of 1 to 16 characters.
• ip_address - The address associated with the host name. Enter the IP address in dotted-decimal notation (for example, 192.168.11.1).
For example:
(config)# host CS150-LML 192.168.3.6
Note To add a host to the Host table, the host name must not already exist. To change a current host address, remove it and then add it again.
To remove an existing host from the Host table, enter:
(config)# no host CS150-LML
To display a list of host names, enter:
(config)# show running-config global
Configuring Idle TimeoutTo globally set the total amount of time all sessions can be active before the CSS terminates a console or Telnet session, use the idle timeout command. Enter a timeout value between 0 and 65535 minutes. The default value is enabled for 5 minutes.
Note To override the idle timeout value for a specific session, configure the terminal timeout command. Terminal commands are user-specific; that is, they apply uniquely for each CSS user.
2-25Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersControlling Remote Access to the CSS
It is recommended that you configure the idle timeout to at least 30 minutes. Setting this value to 30 minutes:
• Cleans up idle Telnet sessions
• Helps prevent busy conditions due to a high number of active Telnet sessions
To set an idle timeout value, enter:
(config)# idle timeout 15
To revert the terminal timeout value to its default of enabled for 5 minutes, enter:
(config)# no idle timeout
Controlling Remote Access to the CSSTo control remote access (called virtual authentication) to the CSS, use the virtual command. By using virtual commands, you allow users to log into the CSS remotely with or without requiring a username and password, or you can deny all remote access to users. Telnet is an example of remote access.
This command provides the following options:
• virtual authentication - Requires users to enter a login name and password to log into the CSS (default).
• no virtual authentication - Does not require users to enter a login name and password to log into the CSS.
• virtual authentication disallowed - Does not allow any additional users to log into the CSS. This command does not terminate existing connections. To terminate all existing connections, use the admin-shutdown command.
• console authentication - Requires users to enter a login name and password to log into the CSS console port (default).
• no console authentication - Does not require users to enter a login name and password to log into the CSS console port.
For example, if an unauthorized user gained access to the CSS:
1. Terminate all connections using the admin-shutdown command.
(config)# admin-shutdown
2-26Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersRestricting Console, FTP, SNMP, Telnet, XML, and Web Management Access to the CSS
2. Prevent users from establishing new connections to the CSS by using the virtual authentication disallowed command.
(config)# virtual authentication disallowed
To display virtual authentication settings, use the show user-database command.
Restricting Console, FTP, SNMP, Telnet, XML, and Web Management Access to the CSS
Use the restrict command to enable or disable console, FTP, SNMP, Telnet, XML, and Web management access to the CSS. Access through a console, FTP, SNMP, and Telnet is enabled by default.
Note Disable Telnet access when you want to use the Secure Shell Host (SSH) server. For information on configuring SSHD, refer to “Configuring Secure Shell Daemon” in Chapter 3.
The syntax and options for this global configuration mode command are:
• restrict console - Disable console access to the CSS
• restrict ftp - Disable FTP access to the CSS
• restrict snmp - Disable SNMP access to the CSS
• restrict telnet - Disable Telnet access to the CSS
• restrict XML - Disable XML access to the CSS
• restrict web-mgmt - Disable Web management access to the CSS
2-27Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersFinding an IP Address
To enable access to the CSS, enter:
• no restrict console - Enable console access to the CSS
• no restrict ftp - Enable FTP access to the CSS
• no restrict snmp - Enable SNMP access to the CSS
• no restrict telnet - Enable Telnet access to the CSS
• no restrict xml - Enable XML access to the CSS
• no restrict web-mgmt - Enable Web management access to the CSS
For example:
(config)# restrict telnet
Finding an IP AddressUse the find ip address command to search the CSS configuration for the specified IP address. You can include a netmask for subnet (wildcard) searches. This search can help you avoid IP address conflicts when you configure the CSS.
When you use this command, it checks services, source groups, content rules, ACLs, the management port, syslog, APP sessions, and local interfaces for the specified IP address. If the address is found, the locations of its use are displayed. If no addresses are found, the CSS returns you to the command prompt.
This command is available in all modes. The syntax is:
find ip address ip_or_host {subnet_mask|range number}
Enter the:
• IP address in dotted-decimal notation (for example, 192.168.11.1) or enter the host name in mnemonic host-name format (for example, host.domain.com).
• Optional subnet mask as either:
– A prefix length in CIDR bitcount notation (for example, /24). Do not enter a space to separate the IP address from the prefix length.
– An IP address in dotted-decimal notation (for example, 255.255.255.0).
If you enter a mask of 0.0.0.0, the CSS finds all addresses.
2-28Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersConfiguring Flow Parameters
• range number to define how many IP addresses you want to find, starting with the ip_or_host address. Enter a number from 1 to 65535. The default range is 1.
For example, if you enter an IP address of 203.1.1.1 with a range of 10, the CSS tries to find the addresses from 203.1.1.1 through 203.1.1.10.
For example:
(config)# find ip address 192.168.0.0
Users of IP address 192.168.0.0Content Rule - 192.168.12.1, layer 3, owner: lml, state:ActiveContent Rule - 192.168.12.1, layer 5, owner: lml, state:ActiveService - 192.168.3.6, serv1, state:ActiveService - 192.168.3.7, serv3, state:ActiveInterface - 192.168.1.117. VLAN1Interface - 192.168.2.117. VLAN1
Configuring Flow ParametersThe CSS enables you to configure the following flow parameters using the flow command:
• flow permanent - Permanent TCP ports that are not reclaimed
• flow port-reset - Resets Fast Ethernet and Gigabit Ethernet ports automatically when the CSS detects that they are not responding
• flow reserve-clean - Interval flows with port numbers less than or equal to 23 are reclaimed
Configuring Permanent Connections for TCP PortsThe CSS allows you to configure a maximum of four TCP ports that will have permanent connections and will not be reclaimed by the CSS when the ports are inactive. To configure a TCP port as a permanent connection, use the flow permanent command. Enter a port number from 0 to 65535. The default is 0.
2-29Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersConfiguring Flow Parameters
The options for this command are:
• flow permanent port1 portnumber
• flow permanent port2 portnumber
• flow permanent port3 portnumber
• flow permanent port4 portnumber
For example, to configure port 1520 as a permanent connection, enter:
(config) flow permanent port1 1520
To reset a permanent connection to its default port number of 0, use the no flow permanent command. For example, to reset the port number for port1 to 0, enter:
(config) no flow permanent port1
Resetting Fast Ethernet and Gigabit Ethernet PortsYou can program the CSS to automatically reset its associated Fast Ethernet and Gigabit Ethernet ports when it detects that they are not responding during operation. Use the flow port-reset command to enable this function. By default, port resetting is enabled on the CSS.
Caution Do not disable port-resets without guidance from Cisco support personnel.
For example, enter:
(config)# flow port-reset
To disable port resets on the CSS, enter:
(config)# no flow port-reset
Reclaiming Reserved Telnet and FTP Control PortsUse the flow reserve-clean command in global configuration mode to define how often the CSS scans flows from reserved Telnet and FTP control ports to reclaim them. Control ports have port numbers less than or equal to 23. When the CSS determines that one of these ports has a flow with asymmetrical routing, it reclaims the port.
2-30Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersConfiguring Flow Parameters
Enter the flow reserve-clean time in seconds as the interval the CSS uses to scan flows. Enter an integer from 0 to 100. The default is 10. To disable the flow reclaiming process, enter a flow reserve-clean value of 0.
For example:
(config)# flow reserve-clean 36
To disable flow cleanup on Telnet and FTP control ports, enter:
(config)# no flow reserve-clean
2-31Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersConfiguring Content API
Showing Flow StatisticsUse the flow statistics command to display statistics on currently allocated flows.
For example:
(config)# flow statistics
Flow Manager Statistics:
Current High AvgUDP Flows per second 0 0 0TCP Flows per second 0 4 0Total Flows per second 0 4 0Hits per second 0 0 0
-------------------------------------------------------------Port Active Total TCP UDP-------------------------------------------------------------1 13 43339169 13 02 16 43337519 16 05 18 3167362 18 06 9 33483528 9 0
Configuring Content APIThe CSS Content Application Program Interface (API) feature allows you to make Web-based configuration changes to the CSS using XML documents. Once you create an XML document, a network management workstation sends it to the HTTP server embedded in the CSS using the HTTP PUT method.
The external XML file can be composed of elements that specify server weight and load, configure load balancing across a group of servers, or configure content rules to restrict access to a group of directories or files on the servers.
Note The CSS listens for XML connections on port 80.
To use Content API to issue CLI commands, enclose the CLI commands within the <action></action> tag set. For example:
<action>add service MyServiceName</action>
<action>vip address 10.2.3.4</action>
2-32Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersConfiguring the Command Scheduler
Controlling Access to the CSS HTTP ServerUse the restrict and no restrict xml commands to control access to the HTTP server running on the CSS. Clients can send XML documents to this server to configure the CSS. The options for this global configuration mode command are:
• no restrict xml - Enable XML access to the CSS
• restrict xml - Disable XML access to the CSS
Configuring the Command SchedulerUse the cmd-sched command to configure the scheduled execution of any CLI commands, including the playing of scripts. The commands that will be executed are referred to as the command string. To schedule commands, you must create a configuration record, which includes a provision as to when to execute the commands, and the command string.
For example, you can use this command to schedule periodic content replication, the gathering of statistics, and scheduled configuration changes. At the specified time, the command scheduler executes a command string by creating a pseudo-login shell where each string is executed. A cmd-sched record is only scheduled for execution upon completion of its shell. Use the show lines command to display information about active pseudo shells.
Note To terminate the execution of a command string, use the disconnect command.
The syntax and options for this global configuration mode command are:
• cmd-sched - Enables command scheduling
• cmd-sched record name minute hour day month weekday “commands...” { logfile_name} - Creates a configuration record
2-33Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersConfiguring the Command Scheduler
The variables are listed below. When entering minute, hour, day, month, and weekday variables, you may enter a single integer, a wildcard (*), a list separated by commas, or a range separated by a dash (-).
• name - The name of the configuration record. Enter an unquoted text string up to 16 characters.
• minutes - The minute of the hour to execute this command. Valid numbers are from 0 to 59.
• hour - The hour of the day. Valid numbers are from 0 to 23.
• day - The day of the month. Valid numbers are from 0 to 31.
• month - The month of the year. Valid numbers are from 1 to 12.
• weekday - The day of the week. Valid numbers are from 1 to 7. Sunday is 1.
• command - The commands you want to execute. Enter a quoted text string up to 255 characters. Separate multiple commands with a semicolon (;) character. If the command string includes quoted characters, use a single quote character; any single quoted characters not preceded by a backslash (\) character is converted to double quotes when the command string is executed.
• logfile_name, as an optional variable that defines the name of the log file. Enter a text string up to 32 characters.
Any of the time variables can contain one or some combination of the following values:
• A single number to define a single or exact value for the specified time variable
• A wildcard (*) character matching any valid number for the specified time variable
• A list of numbers separated by commas, up to 40 characters, to define multiple values for a time variable
• Two numbers separated by a dash (-) character indicating a range of values for a time variable
For example:
(config)# cmd-sched record periodic_shows 30 21 3 6 1 "show history;show service;show rule;show system-resources"
To enable command scheduler, enter:
(config)# cmd-sched
2-34Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersConfiguring the Command Scheduler
To disable command scheduling, enter:
(config)# no cmd-sched
To delete a configuration record, enter:
(config)# no cmd-sched periodic_shows
Showing Configured Command Scheduler RecordsUse the show cmd-sched command to display the state of the command scheduler and information about the records for the scheduled CLI commands. The syntax and options are:
• show cmd-sched - Lists the state of the command scheduler and all scheduled CLI command records
• show cmd-sched name record_name - Lists information about the specified scheduled CLI command record
For example, to view the command scheduler state and all scheduled CLI command records, enter:
(config)# show cmd-sched
Cmd Scheduler: Enabled1 record currently configured.
Sched Rec: suspendRule id: 8265b980 Next exec: APR 14 10:46:00 executions:1145
minList: 0hourList: 12dayList: *monthList: *weekdayList: 2,3,4,5,6cmd: config;owner owner1;content content1;suspend
Where to Go Next
Chapter 3, Configuring CSS Network Protocols describes how to configure the CSS DNS, ARP, RIP, IP, routing, bridging, SSH, and opportunistic Layer 3 forwarding.
2-35Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 2 Configuring User Profiles and CSS ParametersConfiguring the Command Scheduler
2-36Content Services Switch Basic Configuration Guide
78-11424-01
Content Services S78-11424-01
C H A P T E R 3
Configuring CSS Network ProtocolsThis chapter describes how to configure the CSS DNS, ARP, RIP, IP, routing, bridging, SSH, and opportunistic Layer 3 forwarding function. Information in this chapter applies to all CSS models except where noted.
This chapter includes the following sections:
• Configuring Domain Name Service
• Configuring Address Resolution Protocol
• Configuring Routing Information Protocol
• Configuring Internet Protocol
• Configuring an IP Route
• Configuring IP Source-Route
• Disabling an Implicit Service for Static Route Next Hop
• Configuring IP Subnet-Broadcast
• Showing IP Information
• Configuring Bridging for the CSS
• Configuring Secure Shell Daemon
• Configuring Opportunistic Layer 3 Forwarding
3-1witch Basic Configuration Guide
Chapter 3 Configuring CSS Network ProtocolsConfiguring Domain Name Service
Configuring Domain Name ServiceUse the dns command to enter commands that control Domain Name Service (DNS), the facility that translates host names such as myhost.mydomain.com to IP(Internet Protocol) addresses such as 192.168.11.1. The options for this global configuration mode command are:
• dns primary - Specifies the primary DNS server
• dns resolve - Queries DNS to resolve a hostname
• dns secondary - Specifies the secondary DNS server
• dns suffix - Specifies the default suffix to use when querying DNS
Use the show running-config global command to display DNS configurations.
Specifying a Primary DNS ServerTo specify the primary DNS server, use the dns primary command followed by the IP address of the DNS server you wish to specify as the primary DNS server. Enter the IP address in dotted-decimal notation (for example, 192.168.11.1).
For example:
(config)# dns primary 192.168.11.1
To remove the primary DNS server, enter:
(config)# no dns primary
Using DNS ResolveTo resolve a hostname by querying the DNS server, use the dns resolve command followed by the host name you want to resolve. Enter the host name in mnemonic host-name format (for example, myhost.mydomain.com).
For example:
(config)# dns resolve fred.arrowpoint.com
3-2Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsConfiguring Domain Name Service
Specifying a Secondary DNS ServerWhen a primary DNS server fails, the CSS uses the secondary DNS server to resolve host names to IP addresses. To specify a secondary DNS server, use the dns secondary command followed by the IP address of the secondary DNS server. Enter the IP address in dotted-decimal notation (for example, 192.168.11.1).
(config)# dns secondary 192.158.3.6
Note You can specify a maximum of two secondary servers. To specify each additional server, repeat the dns secondary command. The order in which you enter the IP addresses is the order in which they are used.
To remove a secondary DNS server, enter the no version of the command followed by the IP address of the DNS server you wish to remove. For example:
(config)# no dns secondary 192.158.3.6
Specifying a DNS SuffixTo specify the default suffix to use when querying the DNS facility, use the dns suffix command followed by the suffix you wish to use. Enter the default suffix as an unquoted text string with no spaces and a maximum length of 64 characters.
For example:
(config)# dns suffix arrowpoint.com
To remove the default DNS suffix, enter:
(config)# no dns suffix
3-3Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsConfiguring Address Resolution Protocol
Configuring Address Resolution ProtocolUse the arp command and its options to statically configure the IP to Media Access Control (MAC) translations necessary for the CSS to send data to network nodes. The following sections discuss configuring Address Resolution Protocol (ARP) for the CSS.
• Configuring ARP
• Configuring ARP Timeout
• Configuring ARP Wait
• Updating ARP Parameters
• Clearing ARP Parameters
• Showing ARP Information
Configuring ARPTo define a static ARP mapping, use the arp command. The syntax for this global configuration mode command is:
• arp ip_address mac_address interface
• arp hostname mac_address interface
The variables are:
• ip_address - The address of the system for static mapping. Enter an IP address in dotted-decimal notation (for example, 192.168.11.1) or in mnemonic host-name format (for example, myhost.mydomain.com).
• hostname - The address of the system for static mapping. Enter a hostname in mnemonic host-name format (for example, myhost.mydomain.com). You must configure DNS and the hostname must be resolved to an IP address for hostname to work.
• mac_address - The MAC address of the system for static mapping. Enter the MAC address in hyphenated-hexadecimal notation (for example, 00-60-97-d5-26-ab).
3-4Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsConfiguring Address Resolution Protocol
• interface - The CSS interface that you want to configure. For a CSS 11050 or CSS 11150, enter the interface name in interface-port format (for example, ethernet-2). For a CSS 11800, the interface format is slot/port (for example, 3/1).
Note To show static ARP mapping when you use the show arp command, the IP route must exist in the routing table.
For example:
(config)# arp 192.168.11.1 00-60-97-d5-26-ab ethernet-2
To remove a static mapping address, use the no form of the arp command. For example:
(config)# no arp 192.168.11.1
Configuring ARP TimeoutTo set the time in seconds to hold an ARP resolution result, use the arp timeout command. When you change the timeout value, it only affects new ARP entries. All previous ARP entries retain the old timeout value. To remove all entries with the old timeout value, enter the clear arp cache command.
The timeout value is the number of seconds the CSS holds an ARP resolution result. To set a timeout period, enter an integer from 60 to 86400 (24 hours) seconds. The default is 14400 seconds (4 hours). If you do not want the ARP entries to timeout, enter none or 86401.
For example:
(config)# arp timeout 120
To restore the default timeout value of 14400 seconds, enter:
(config)# no arp timeout
3-5Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsConfiguring Address Resolution Protocol
Configuring ARP WaitTo set the time in seconds to wait for an ARP resolution, use the arp wait command with a wait time. The wait time is the number of seconds the CSS waits for an ARP resolution in response to an ARP request to the network. Enter an integer from 5 to 30 seconds. The default is 5.
For example:
(config)# arp wait 15
To restore the default wait time of 5 seconds, enter:
(config)# no arp wait
Updating ARP ParametersTo update the file containing hosts reachable through ARP, use the update arp command. This command is available in SuperUser mode. For example:
# update arp file
Clearing ARP ParametersThe CSS enables you to clear ARP parameters for the ARP file or ARP cache. To clear the file that contains known hosts reachable through ARP, use the clear arp file command. For example:
clear arp file
To delete dynamic entries from the ARP cache, use the clear arp cache command with an IP address or hostname. The syntax for this command is:
• clear arp cache - Clear the entire ARP cache
• clear arp cache ip_address - Clear a single ARP IP address entry
• clear arp cache hostname - Clear a single ARP hostname entry
For example:
# clear arp cache
3-6Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsConfiguring Address Resolution Protocol
Showing ARP InformationTo display ARP information, use the show arp command. The syntax and options for the command are:
• show arp - Display the complete ARP resolution table with IP addresses, MAC addresses, and resolution type.
• show arp config - Display ARP global configuration parameters. The screen displays the response timeout and the flush timeout in seconds.
• show arp file - Display the hosts reachable using ARP. The screen displays the IP addresses of the host systems.
• show arp ip_address - Display the resolution for the IP address.
• show arp hostname - Display the resolution for the hostname.
For example:
(config)# show arp
ARP Resolution Table:
IP Address MAC Address Type Port192.168.10.1 00-10-58-FF-FB-6E dynamic ethernet-11192.168.10.10 00-10-58-00-13-42 dynamic ethernet-11192.168.10.21 00-60-08-8F-96-8C dynamic ethernet-10192.168.10.29 00-10-4B-2C-FF-6B dynamic ethernet-12192.168.10.31 00-10-4B-2C-FF-16 dynamic ethernet-11192.168.10.52 08-00-1B-3E-02-68 dynamic ethernet-9192.168.10.75 00-A0-C9-C8-75-CC dynamic ethernet-11192.168.10.251 00-10-58-00-11-56 dynamic ethernet-11
3-7Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsConfiguring Routing Information Protocol
Configuring Routing Information ProtocolThe CSS enables you to configure the following global Routing Information Protocol (RIP) attributes:
• rip advertise - Advertise a route through RIP on the CSS
• rip redistribute - Advertise routes from other protocols through RIP
• rip equal-cost - Specify how many equal-cost routes RIP can insert into the routing table
By default, RIP advertises RIP routes and local routes for interfaces running RIP. The rip command advertises other routes.
Configuring RIP AdvertiseTo advertise a route through RIP on the CSS, use the rip advertise command. The syntax for this command is:
rip advertise ip_address subnet_mask metric
• ip_address - The IP address for the route prefix. Enter an IP address in dotted-decimal notation (for example, 192.168.1.0).
• subnet_mask - The IP prefix length in CIDR bitcount notation (for example, /24) or in dot-decimal notation (for example, 255.255.255.0).
• metric - The optional metric to use when advertising this route. Enter a number from 1 to 15. The default is 1.
For example:
(config)# rip advertise 192.168.1.0/24 9
Note The network does not have to be present in the routing table to be advertised. The rip advertise command is intended for advertising Virtual IP addresses (VIPs).
To stop advertising a route through RIP on the CSS, enter:
(config)# no rip advertise 192.168.1.0/24
3-8Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsConfiguring Routing Information Protocol
Configuring RIP RedistributeTo advertise routes from other protocols through RIP, use the rip redistribute command. By default, RIP advertises RIP routes and local routes for interfaces running RIP. This command instructs RIP to advertise other routes.
You can configure the following options for rip redistribute:
• rip redistribute firewall metric - Advertise firewall routes through RIP
• rip redistribute local metric - Advertise local routes (interfaces not running rip)
• rip redistribute static metric - Advertise static routes
• rip redistribute ospf metric - Advertise OSPF routes
You can also enter an optional metric, which is the metric the CSS uses when advertising this route. Enter a number from 1 to 15. The default is 1.
For example:
(config)# rip redistribute static 3
To stop advertising routes from other protocols through RIP, use either the local, static, or firewall option.
The following command stops advertising static routes:
(config)# no rip redistribute firewall(config)# no rip redistribute local(config)# no rip redistribute static(config)# no rip redistribute ospf
Configuring RIP Equal-CostTo set the maximum number of routes RIP can insert into the routing table, use the rip equal-cost command. Enter a number from 1 to 15. The default is 1. For example:
(config)# rip equal-cost 4
To reset the number of routes to the default value of 1, enter:
(config)# no rip equal-cost
3-9Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsConfiguring Routing Information Protocol
Showing RIP ConfigurationsTo show a RIP configuration for one IP address or all IP addresses configured in the CSS, use the show rip command. This command provides the following options:
• show rip - Displays RIP configurations for all interfaces
• show rip ip_address - Displays a single RIP interface entry
• show rip globals - Displays RIP global statistics
• show rip statistics - Displays RIP interface statistics for all interfaces
• show rip statistics ip_address - Displays RIP interface statistics for a specific interface
The show rip command displays the following type of information:
(config)# show rip
RIP IP Configuration:
IP Address State RIP Send RIP Recv Default Metric171.0.3.204 active Ripv1 Both 10172.0.3.204 active Ripv1 Both 10192.32.1.201 active Ripv2 Both 0
The show rip globals command displays the following type of information:
(config)# show rip globals
RIP Global Statistics:RIP Route Changes: 3 RIP Query Responses: 0
The show rip statistics command displays the following type of information:
(config)# show rip statistics
RIP Interface Statistics:
System Route Changes: 3 System Global Query Rspns:0IP Address: 192.0.3.20 Triggered Updates Sent: 3Bad Packets Received: 0 Bad Routes Received: 0IP Address: 192.0.3.24 Triggered Updates Sent: 3Bad Packets Received: 0 Bad Routes Received: 0IP Address: 192.3.1.21 Triggered Updates Sent: 3Bad Packets Received: 0 Bad Routes Received: 0
3-10Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsConfiguring Internet Protocol
Configuring Internet ProtocolTo enter Internet Protocol (IP) configuration commands for the CSS, use the ip command. This command is available in configuration mode. The options for this command are:
• ip record-route - Enable processing of frames with a record-route option
• ip redundancy - Enable CSS-to-CSS redundancy
• ip ecmp - Set the equal-cost multipath selection algorithm
Configuring IP Record-RouteTo enable the CSS to process frames with a record-route option, use theip record-route command. The syntax is:
(config)# ip record-route
Caution Enabling ip record-route could pose security risks to your network. Record-route inserts the IP address of each router along a path into the IP header.
To disable processing frames with a record-route option (the default behavior), enter:
(config)# no ip record-route
Configuring IP RedundancyTo enable CSS-to-CSS redundancy, use the ip redundancy command. The syntax is:
(config)# ip redundancy
To disable CSS-to-CSS redundancy, enter:
(config)# no ip redundancy
For information on configuring redundancy, refer to the Content Services Switch Advanced Configuration Guide.
3-11Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsConfiguring Internet Protocol
Configuring IP ECMPUse the ip ecmp command to set the equal-cost multipath selection algorithm and the preferred reverse egress path. The syntax and options for this global configuration mode command are:
• ip ecmp address - Choose among alternate paths based on IP addresses. For example:
(config)# ip ecmp address
• ip ecmp no-prefer-ingress - Do not prefer the ingress path of a flow for its reverse egress path. By default, the ingress path for a flow is its preferred egress path. For example:
(config)# ip ecmp no-prefer-ingress
To reset the ingress path of a flow for its preferred reverse egress path, enter:
(config)# no ip ecmp no-prefer-ingress
• ip ecmp roundrobin - Alternate between equal paths in roundrobin fashion. For example:
(config)# ip ecmp roundrobin
Note The equal-cost multipath selection algorithm for non-TCP/UDP packets (for example, ICMP) is applied on a packet-by-packet basis. Multipath selection for TCP and UDP is performed on a per-flow basis and all packets for a particular flow take the same path.
ECMP cannot recover a failed router unless you configure a content rule for a router service.
3-12Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsConfiguring an IP Route
Configuring an IP RouteWhen you configure an IP route, the CSS polls the router periodically to ensure that the router is functioning. If the router fails, the CSS removes any entries from the routing table that point to the failed router and stops sending traffic to the failed router. When the router recovers, the CSS:
• Becomes aware of the router
• Re-enters applicable routes into routing table
To configure an IP route, use the ip route command. Each ip route command requires either an:
• IP address and a subnet mask prefix - For example, 192.168.1.0/24
or
• IP address and a subnet mask - For example, 192.168.1.0 255.255.255.0
The ip route options are defined below. Note that the examples use the /subnet mask prefix option.
• ip route IP address subnet mask blackhole - Instructs the CSS to drop any packets addressed to the route. For example:
(config)# ip route 192.168.1.0/24 blackhole
• ip route IP address subnet mask IP address2 - Specify the next hop address for the route. For example:
(config)# ip route 0.0.0.0/0 10.0.1.1
• ip route IP address subnet mask IP address2 distance - Specify the administrative distance. Enter an integer from 1 to 254. Note that the larger the administrative distance value (more hops), the less the route is preferred.For example:
(config)# ip route 0.0.0.0/0 10.0.1.1 40
• ip route IP address subnet mask firewall index distance - Configure a firewall route. The firewall option instructs the CSS to use firewall load balancing for this route. You can optionally set the administrative distance. For example:
(config)# ip route 192.168.1.0/24 firewall 3 2
3-13Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsConfiguring an IP Route
• ip route IP address subnet mask IP address originated-packets - Specifies that the route is used only by packets that are created using flows or sessions going to and from the CSS (for example, a Telnet session to the CSS). The route is not used by flows or sessions that go through the CSS (for example, between an attached server and a remote client).
The optional originated-packets keyword instructs the CSS to use this route for flow and session packets going to and from the CSS (for example, a Telnet session to the CSS). Flows or session packets that go through the CSS (for example, between an attached server and a remote client) do not use this route.
For example:
(config)# ip route 0.0.0.0/0 10.0.1.1 originated-packets
Note Ping responses and SNMP responses do not use the originated-response route. Ping requests sent from the CSS use the originated-response route. Ping responses sent from the CSS do not use the originated-response route.
The variables are:
• ip_address - The destination network address. Enter the IP address in dotted-decimal notation (for example, 192.168.11.1).
• subnet_mask - The IP subnet mask. Enter the mask in either:
– CIDR bitcount notation (for example, /24). Do not enter a space to separate the IP address from the prefix length.
– Dotted-decimal notation (for example, 255.255.255.0).
• ip_address2 - The next hop address for the route. Enter the IP address in dotted-decimal notation (for example, 192.168.11.1).
• distance - The optional administrative distance. Enter an integer from 1 to 254. A smaller number is preferable. The default value is 1.
• index - An existing index number for the firewall route. For information on configuring a firewall index, refer to the ip firewall command.
To remove a static route, enter:
(config)# no ip route 0.0.0.0/24 10.0.1.1
3-14Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsConfiguring IP Source-Route
To disable the dropping of packets to a black-hole route, enter:
(config)# no ip route 192.168.1.0/24 blackhole
To remove a firewall route, enter:
(config)# no ip route 192.168.1.0/24 firewall 3
Configuring IP Source-RouteTo enable processing of source-routed frames, use the ip source-route command. For example:
(config)# ip source-route
Caution Enabling ip source-route could pose a major security risk to your network. Source-route specifies information that overrides the default routing a packet would normally take. The packet could then bypass a firewall.
To disable processing of source-routed frames (the default behavior), enter:
(config)# no ip source-route
Disabling an Implicit Service for Static Route Next Hop
Use the ip no-implicit-service command when you do not want the CSS to start an implicit service for the next hop of static routes. By default, this option is disabled.
The syntax for this global configuration mode command is:
# ip no-implicit-service
To reset the default setting, enter:
# no ip no-implicit-service
3-15Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsConfiguring IP Subnet-Broadcast
Configuring IP Subnet-BroadcastTo enable the CSS to forward subnet broadcast addressed frames, use the ip subnet-broadcast command.
For example:
(config)# ip subnet-broadcast
To disable forwarding of subnet broadcast addressed frames (the default behavior), enter:
(config)# no ip subnet-broadcast
Caution Enabling the forwarding of the subnet broadcast can make the subnet susceptible to “smurf” attacks; an attacker sends an ICMP echo request frame using a subnet broadcast address as a destination and a forged address as the source.
Caution If the attack is successful, all the destination subnet hosts reply to the echo and flood the path back to the source. By disabling the subnet broadcast forwarding, the original echo never reaches the hosts.
3-16Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsShowing IP Information
Showing IP InformationUse the show ip command to display Internet Protocol (IP) information for the CSS. Refer to the following sections to display CSS IP information.
• Showing IP Config - Display IP global configuration parameters
• Showing IP Interfaces - Display configured IP interfaces
• Showing IP Routes - Display IP routing information
• Showing IP Statistics - Display aggregate UDP and TCP statistics for the unit
• Showing IP Summary - Display a summary of IP global statistics
Showing IP ConfigUse the show ip config command to display IP global configuration parameters. The parameters shows the state (enabled or disabled) of the source route option, forward IP broadcasts, record route option, and IP route change logging. It also shows the value for the orphaned route timer.
For example:
(config)# show ip config
IP Global Configuration:
Source Route Option: disableForward IP Broadcasts: disableOrphaned Route Timer (in seconds): 180Record Route Option: disableMultiple Equal Cost Path Algorithm: addressIP Route Change Logging: disable
Showing IP InterfacesUse the show ip interfaces command to display configured IP interfaces on the CSS. The display includes the circuit state, IP address, broadcast address, Internet Control Message Protocol (ICMP) settings, and Router Discovery Program (RDP) settings.
3-17Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsShowing IP Information
For example:
(config)# show ip interfaces
IP Interface Summary:
Circuit Name: VLAN2 State: activeIP Address: 172.16.1.200 Network Mask: 255.255.0.0Broadcast Address: 172.16.255.255 Redundancy: disabledICMP Redirect: enabled ICMP Unreachable: enabledRIP: enabled
Showing IP RoutesUse the show ip routes command to display IP routing information. The syntax and options for this command are:
• show ip routes - Display the entire routing table, including host IP address, next hop, interface, route type, protocol, age (in seconds), and metric
• show ip routes firewall - Display all firewall routes
• show ip routes local - Display all local routes
• show ip routes ospf - Display all OSPF routes
• show ip routes rip - Display all RIP routes
• show ip routes static - Display all static routes
• show ip routes ip_address or host {to ip_address or host|mask or prefix} - Display information about a route to a destination, a specific route, or routes in a range
The variables are:
• ip_address or host - The IP address of the host or network prefix. Enter an IP address in dotted-decimal notation (for example, 192.168.11.1). The IP address after the keyword is the last IP address in a range.
• mask or prefix - Subnet address of the specific network. Enter the subnet address in mask or prefix notation (for example, /24).
3-18Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsShowing IP Information
For example, to show all IP routes in the CSS, enter:
# show ip routes
Prefix/Length Next Hop if Type Proto Age Metric172.16.0.0/16 172.16.59.12/16 14 mgmt local0.0.0.0/0 192.168.1.206 15 remote rip 5 25.0.0.0/8 192.168.1.205 15 remote rip 3 36.0.0.0/8 192.168.1.205 15 remote rip 3 310.0.0.0/8 192.168.1.205 15 remote rip 3 211.0.0.0/8 11.0.3.204 16 local local 840 020.0.0.0/8 192.168.1.205 15 remote rip 3 2
3-19Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsShowing IP Information
Showing IP StatisticsUse the show ip statistics command to display aggregate TCP statistics for the unit. For example:
(config)# show ip statistics
UDP Statistics:
Input Datagrams: 11,077,859 Output Datagrams: 11,077,859No Port Errors: 0 Input Errors: 0
TCP Statistics:
Retransmit Algorithm: other Min Retransmit Time: 500Max Retransmit Time: 15,000 Max TCP Connections: 65,536Active Opens: 29,166,294 Passive Opens: 29,228,773Failed Attempts: 19,005,678 Resets: 7,917Established Conns: 58 Input Segments: 340,097,331Output Segments: 291,780,784 Retransmit Segments: 0Input Errors: 0 Output Resets: 6,521
ICMP Statistics:
Echo Requests In: 0 Echo Replies In: 19,502VIP Echo Requests: 0 VIP Echo Replies: 0Unreachable: 0 Source Quench: 0Redirect: 0 Router Adv: 0Router Solicit: 0 Time Exceeded: 0Param Problem: 0 Timestamp: 0Timestamp Reply: 0 Information Request: 0Information Reply: 0 Mask Request:Mask Reply: 0 Invalid: 0
ARP Statistics:
Requests In: 43 Replies In: 17Requests Out: 2 Replies Out: 641Duplicate Addr: 0 In Off Subnet: 0Invalid: 0 Unresolved: 0
3-20Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsConfiguring Bridging for the CSS
Showing IP SummaryUse the show ip summary command to display a summary of IP global statistics. The statistics include data on reachable and total routes, reachable and total hosts, memory in use for each, and total IP routing memory in use.
To show a summary of global CSS IP statistics, enter:
# show ip summary
IP Route Summary:
Reachable Routes: 10 Memory in use (reachable routes): 1040Total Routes: 10 Memory in use (total routes): 1040Reachable Hosts: 23 Memory in use (reachable hosts): 2392Total Hosts: 23 Memory in use (total hosts): 2392
Total Memory in use - IP Routing Memory Pool: 19968
Configuring Bridging for the CSSYou can configure the following bridge command options for the CSS:
• bridge aging-time - Set the bridge filtering database aging time
• bridge forward-time - Set the bridge forward delay time
• bridge hello-time - Set the bridge hello time interval
• bridge max-age - Set the bridge spanning-tree maximum age
• bridge priority - Set the bridge spanning-tree priority
• bridge spanning-tree - Enable or disable the bridge spanning-tree
Configuring Bridge Aging-TimeTo set the bridge filtering database aging time for the CSS, use the bridge aging-time command. The aging time is the timeout period in seconds for aging out dynamically learned forwarding information. Enter an integer from 10 to 1000000. The default is 300.
3-21Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsConfiguring Bridging for the CSS
For example, to set the bridge aging time to 600, enter:
(config)# bridge aging-time 600
To restore the default aging time of 300, enter:
(config)# no bridge aging-time
Configuring Bridge Forward-TimeTo set the bridge forward delay time, use the bridge forward-time command. The forward time is the delay time in seconds that all bridges use for forward delay when this bridge is acting as the root. Enter an integer from 4 to 30. The default is 4.
Note Make sure that bridge maximum age is less than or equal to 2 x (bridge forward-time - 1 second) and greater than or equal to 2 x (bridge hello-time + 1 second).
For example, to set the bridge forward time to 9, enter:
(config)# bridge forward-time 9
To restore the default delay time of 4, enter:
(config)# no bridge forward-time
Configuring Bridge Hello-TimeTo set the bridge hello time interval, use the bridge hello-time command. The hello time is the time in seconds that all bridges use when this bridge is acting as the root. Enter an integer from 1 to 10. The default is 1.
For example, to set the bridge hello time to 9, enter:
(config)# bridge hello-time 9
To restore the default hello time interval of 1, enter:
(config)# no bridge hello-time
3-22Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsConfiguring Bridging for the CSS
Configuring Bridge Max-AgeTo set the bridge spanning-tree maximum age, use the bridge max-age command. The maximum age is the time in seconds that all bridges use when this bridge is acting as the root. Enter an integer from 6 to 40. The default is 6.
Note Make sure that bridge maximum age is greater than or equal to 2 x (bridge hello-time + 1 second) and less than or equal to 2 x (bridge forward-time - 1 second).
For example, to set the bridge maximum age to 21, enter:
(config)# bridge max-age 21
To restore the default maximum age of 6, enter:
(config)# no bridge max-age
Configuring Bridge Priority for the CSSTo set the priority that spanning tree uses to choose the root bridge in the network, use the global bridge priority command. In spanning tree, the 2-octet field is prepended to the 6-octet MAC address to form an 8-octet bridge identifier. The device with the lowest bridge identifier is considered the highest priority bridge and becomes the root bridge. The range for bridge priority is 0 to 65535. The default is 32768. For example:
(config)# bridge priority 1700
To restore the bridge priority to its default of 32768, enter:
(config)# no bridge priority
3-23Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsConfiguring Bridging for the CSS
Enabling and Disabling Bridge Spanning-TreeBridge spanning-tree is enabled by default. To disable spanning-tree, enter:
(config)# bridge spanning-tree disable
Caution Disabling spanning-tree may make your network susceptible to packet storms.
To re-enable bridge spanning-tree, enter:
(config)# bridge spanning-tree enable
Showing Bridge ConfigurationsThe CSS enables you to show the bridge forwarding and bridge status information.
To display bridge forwarding information, use the show bridge forwarding command.
For example:
(config)# show bridge forwarding
VLAN MAC Address Port NumberVLAN1 00-e0-1e-3e-9c-98 ethernet-1 00-e0-b0-5a-59-d1 ethernet-2VLAN4 00-a0-c9-b0-d6-d8 ethernet-8 02-60-8c-a3-82-ed ethernet-6VLAN5 00-60-08-8f-96-8c ethernet-4
3-24Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsConfiguring Secure Shell Daemon
To display bridge status information, use the show bridge status command. For example:
(config)# show bridge status
STP State: Enabled Designated Root: 80-00-00-00-81-0b-d2-efBridge ID: 80-00-00-10-58-00-04-e0Root Max Age: 20Root Hello Time: 2Root Fwd Delay: 15
Root Port Designated Bridge/ DesgPort State VLAN Cost Cost Designated Root Port
10 Forwarding 1 20 10 80-00-00-10-58-00-04-e0 800a 80-00-00-00-81-0b-d2-ef 11 Forwarding 1 10 10 80-00-00-10-58-ff-fb-6e 8008 80-00-00-00-81-0b-d2-ef 12 Forwarding 1 20 10 80-00-00-10-58-00-04-e 0800c 80-00-00-00-81-0b-d2-ef
Configuring Secure Shell DaemonSecure Shell Daemon (SSHD) is a server program designed to log into another computer over a network, execute commands in a remote machine, and move files from one machine to another machine. It provides strong authentication and secure communications over non-secure channels. SSHD is intended as a replacement for rlogin, rsh, and rcp.
Note This feature requires an SSHD Server License, which enables SSHD functionality on both the Standard and Enhanced versions of CSS software.
3-25Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsConfiguring Secure Shell Daemon
SSHD protects against:
• Attacks from machines pretending to be another server, router, or a domain name server
• IP spoofing, where a remote host sends out packets that pretend to come from another trusted host
• IP source routing, where a host can pretend that an IP packet comes from another trusted host
• DNS spoofing, where an attacker forges name server records
• Interception of clear text passwords or data on the network
• Manipulation of data by people in control of intermediate hosts
Note To enhance security when using SSHD, disable Telnet access. To disable Telnet access, use the telnet-access disable command as described later in this chapter. Telnet access is enabled by default.
The CSS provides the following SSHD commands:
• sshd keepalive - Enable SSHD keepalive
• sshd port - Set the SSHD port
• sshd server-keybits - Set the number of bits in the server key
For more information on these options and associated variables, refer to the following sections:
• Configuring SSHD Keepalive
• Configuring SSHD Port
• Configuring SSHD Server-Keybits
• Disabling and Enabling Telnet Access when using SSHD
3-26Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsConfiguring Secure Shell Daemon
Configuring SSHD KeepaliveTo enable SSHD keepalive, use the sshd keepalive command. SSHD keepalive is disabled by default.
The syntax for this global configuration mode command is:
(config)# sshd keepalive
To reset the SSHD keepalive to its default setting of disable, enter:
(config)# no sshd keepalive
Configuring SSHD PortTo set the port number to which the server listens for connections from clients, use the sshd port command. Enter a port number from 22 to 65535. The default is 22.
The syntax for this global configuration mode command is:
(config)# sshd port 57
To reset the port number to the default of 22, enter:
(config)# no sshd port
Configuring SSHD Server-KeybitsTo set the number of bits in the server key, use the sshd server keybits command. Enter the number of bits from 512 to 65535. The default is 768.
The syntax for this global configuration mode command is:
(config)# sshd server-keybits 919
To reset the number of bits to the default of 768, enter:
(config)# no sshd server-keybits
3-27Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsConfiguring Opportunistic Layer 3 Forwarding
ke ess
ch th et to
Disabling and Enabling Telnet Access when using SSHDWhen you use SSHD, you may wish to disable non-secure Telnet access to the CSS. Use the global restrict telnet command to disable Telnet access to the CSS. Telnet access is enabled by default.
For example, to disable Telnet access, enter:
(config)# restrict telnet
To re-enable Telnet access to the CSS, enter:
(config)# no restrict telnet
Showing SSHD ConfigurationsTo display SSHD configurations, use the show sshd config command.
For example:
(config)# show sshd config
SSHD Configuration:
Keepalive Setting: enableNo. of Server Key Bits: 768Listen Port No.: 22Telnet Disallowed: disabled
Configuring Opportunistic Layer 3 ForwardingThe CSS opportunistic Layer 3 forwarding feature allows the CSS to reduce the number of network device hops for certain packets or flows. The CSS forwards packets at Layer 3 if the destination MAC address in the Ethernet header is the CSS’s MAC address. Opportunistic Layer 3 forwarding allows the CSS to maLayer 3 forwarding decisions even if the layer 2 packet destination MAC addrdoes not belong to the CSS.
For example, Figure 3-1 shows a CSS connected to VLAN1 and VLAN2. EaVLAN has an end station and an uplink to Router1. End stations A and B bopoint to Router1 as their default router. When end station A transmits a pack
3-28Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsConfiguring Opportunistic Layer 3 Forwarding
r1’s ket
er to ter1, y urces
end station B, it uses its default route to Router1. The packet contains Routedestination MAC address. A traditional layer 2 device would forward the pacto Router1 and it would forward the packet to end station B on VLAN2.
Using opportunistic Layer 3 forwarding, the CSS inspects the IP packet headdetermine the destination IP address. Instead of forwarding the packet to Routhe CSS forwards the packet directly to end station B. Because the CSS onlhandles the packet once, the router and uplink are not used and network resoare conserved.
Figure 3-1 Opportunistic Layer 3 Forwarding Example
Opportunistic Layer 3 forwarding provides three modes of operation:
• local (default) - Apply opportunistic Layer 3 forwarding if the destination IP address belongs to a node that resides on one of the subnets directly attached to the CSS and the CSS knows an ARP resolution for that node. Because the local option is the default, use the no ip opportunistic command to reconfigure ip opportunistic to local.
• all - Apply opportunistic Layer 3 forwarding if the destination IP address matches any routing entry on the CSS. This mode is not recommended if the topology includes multiple routers and the CSS does not know all of the routes that the routers know.
End Station A
Subnet
VLAN2VLAN1
Router1(default)
End Station B
CSS
Internet
4938
3
3-29Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 3 Configuring CSS Network ProtocolsConfiguring Opportunistic Layer 3 Forwarding
ch s
use
• disabled - The CSS does not perform opportunistic Layer 3 forwarding. Regular Layer 3 forwarding is performed only for packets that contain the CSS’s destination MAC address.
For example, to configure ip opportunistic Layer 3 forwarding to all, enter:
(config)# ip opportunistic all
To reconfigure ip opportunistic Layer 3 forwarding to the default of local enter:
(config)# no ip opportunistic
When you configure ip opportunistic all, you can use the ip route originated-packets command to configure routes that the CSS will use to readevices, but will not use as opportunistic routes for forwarding traffic. Routecreated using the ip route originated-packets command apply only to packets that originate on the CSS. Packets and flows forwarded by the CSS will not these routes.
For example,
(config)# ip route 0.0.0.0/0 192.168.1.7 originated-packets
Where to Go Next
For information on configuring circuits and interfaces, refer to Chapter 4, Configuring Interfaces and Circuits.
3-30Content Services Switch Basic Configuration Guide
78-11424-01
Content Services S78-11424-01
C H A P T E R 4
Configuring Interfaces and CircuitsThis chapter describes how to configure the CSS interfaces and circuits, and bridge interfaces to VLANs. Information in this chapter applies to all CSS models except where noted.
This chapter contains the following sections:
• Interface and Circuit Overview
• Configuring Interfaces
• Configuring Circuits
• Configuring a Circuit IP Interface
• Configuring RIP for an IP Interface
Interface and Circuit OverviewThe CSS provides interfaces (ports) that enable you to connect servers, PCs, routers, and other devices to the CSS. Using the bridge command, you bridge (assign) the interfaces to Virtual LANs (VLANs). The CSS allows a maximum of 1024 VLANs. Each VLAN circuit requires an IP address. Assigning an IP address to each VLAN circuit allows the CSS to route Ethernet interfaces from VLAN to VLAN.
4-1witch Basic Configuration Guide
Chapter 4 Configuring Interfaces and CircuitsInterface and Circuit Overview
The CSS forwards VLAN circuit traffic to the IP interface. The IP interface passes the traffic to the IP Forwarding function where the CSS compares each packet destination address to the information contained in the routing table. Once the CSS resolves the packet addresses, it forwards the packet to the appropriate VLAN and destination port. Figure 4-1 illustrates the CSS interfaces, circuits, and VLANs.
Figure 4-1 Content Services Switch Interfaces and Circuits
BridgingDomainvlan 1
Interface Ethernet-1Interface Ethernet-2
Interface Ethernet-3Interface Ethernet-4
10.3.6.58
CircuitIP Interfacefor VLAN 1
IP Forwarding(Layer 3)
VLAN1
BridgingDomainvlan 2
Interface Ethernet-5Interface Ethernet-7
Interface Ethernet-9Interface Ethernet-11
158.3.7.58
CircuitIP Interfacefor VLAN 2
VLAN2
BridgingDomainvlan 3
Interface Ethernet-6Interface Ethernet-8
Interface Ethernet-10Interface Ethernet-12
10.3.6.60
CircuitIP Interfacefor VLAN 3
VLAN3
4938
4
4-2Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 4 Configuring Interfaces and CircuitsInterface and Circuit Overview
Interface and Circuit Configuration Quick StartTable 4-1 provides a quick overview of the steps required to configure interfaces and circuits. Each step includes the CLI command required to complete the task. For a complete description of each feature and all the options associated with the CLI command, refer to the sections following Table 4-1.
Table 4-1 Interface and Circuit Configuration Quick Start
Task and Command Example
1. Log into the CSS.
2. Enter into config mode by typing config.
(config)#
3. Enter into the interface mode for the interface you wish to configure.
This set of interface commands applies to the CSS 11050 and CSS 11150.
CS150(config)# interface ethernet-1CS150(config-if[ethernet-1])#
This set of interface commands applies to the CSS 11800.
CS800(config)# interface 2/1CS800(config-if[2/1])#
4. Configure the interface duplex and speed if required (default is auto-negotiate).
(config-if[ethernet-1])# phy 100Mbits-HD
5. Bridge the interface to a VLAN. All interfaces are assigned to vlan 1 by default.
This set of interface commands applies to the CSS 11050 and CSS 11150.
CS150(config-if[ethernet-1])# bridge vlan 2
This set of interface commands applies to the CSS 11800.
CS800(config-if[2/1])# bridge vlan 3
6. Display the interfaces and vlans to which they are configured (optional).
(config-if[2/1])# show circuit all
4-3Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 4 Configuring Interfaces and CircuitsConfiguring Interfaces
Configuring Interfaces
Interfaces are ports that enable you to connect devices to the CSS and connect the CSS to the Internet. The commands to configure interfaces on the CSS 11050 and CSS 11150 differ slightly from the commands to configure interfaces on the CSS 11800 because the CSS 11800 requires a slot/port designation. The CSS 11050 and CSS 11150 do not use the slot/port designation.
Configuring an interface requires you to:
• Configure an interface and enter into the interface mode
• Add a description of the interface (optional)
• Configure an interface duplex and speed
• Set the maximum idle time for the interface
• Bridge the interface to a VLAN
• Optionally, you may configure the low water mark of flow control blocks
7. Display the interface configuration (optional).
(config-if[ethernet-1])# show interface(config-if[ethernet-1])# exit
8. Configure circuits as required. Assign an IP address and subnet mask to each circuit.
(config)# circuit VLAN1(config-circuit[VLAN1])# ip address 10.3.6.58/24(config)# circuit VLAN3(config-circuit[VLAN3])# ip address 158.3.7.58/24(config-circuit-ip[VLAN3-158.3.7.58])# exit
9. Display the circuit configuration (optional).
(config-circuit[VLAN1])# show circuit all
10. Save your configuration changes (recommended). If you do not save the running-config, all configuration changes are lost upon reboot.
(config)# copy running-config startup-config
Table 4-1 Interface and Circuit Configuration Quick Start (continued)
Task and Command Example
4-4Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 4 Configuring Interfaces and CircuitsConfiguring Interfaces
Configuring an InterfaceTo configure an interface, enter the interface command and a valid interface name. To use the interface command for a:
• CSS 11050 or CSS 11150, enter the interface name in interface-port format(for example, ethernet-2)
• CSS 11800, enter the interface format in slot/port format (for example, 3/1)
For example, to configure interface ethernet-1 on a CSS 11050 or CSS 11150, access interface mode for ethernet-1 by entering:
(config)# interface ethernet-1
The CSS changes from config mode to the specific interface mode.
(config-if[ethernet-1])#
Entering a Description for the InterfaceTo help you to identify the interface, use the description command to describe the interface. Enter a quoted text string from 1 to 255 characters in length including spaces.
For example:
(config-if[ethernet-1])# description "Connects to server17"
To display an interface description, use the show running-config interface command. For example:
(config-if[ethernet-1])# show running-config interface ethernet-11
!************************ INTERFACE ************************interface ethernet-11
description "Connects to server17"bridge vlan 2
To remove an interface description, enter:
(config-if[ethernet-1])# no description
4-5Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 4 Configuring Interfaces and CircuitsConfiguring Interfaces
Configuring Interface Duplex and SpeedUse the phy command to configure the speed or flow control (pause) method and duplex for a CSS Fast Ethernet or Gigabit Ethernet interface (port), respectively. By default, the port is configured to auto-negotiate. Auto-negotiate enables the port to detect the speed or pause method, and duplex of incoming signals and synchronize with them automatically.
For Fast Ethernet modules (FEM), when older equipment cannot transmit the duplex and speed with its signals, you can configure the speed and duplex on the port to match the transmitting equipment.
For Gigabit Ethernet modules (GEM), if the link does not come up and you need to force the module and its link partner into a specific mode, you can set the duplex and flow control (pause) method. The pause methods of communications between modules determines how the module sends pause frames. The module sends pause frames when it becomes overwhelmed with data. The CSS module and its link partner must be configured with the same pause method.
Use the phy command to manually configure the interface (port) duplex and speed to one of the following settings:
• phy 10Mbits-FD - Set the FEM port to 10 Mbits per second and full-duplex.
• phy 10Mbits-HD - Set the FEM port to 10 Mbits per second and half-duplex.
• phy 100Mbits-FD - Set the FEM port to 100 Mbits per second and full-duplex.
• phy 100Mbits-HD - Set the FEM port to 100 Mbits per second and half-duplex.
• phy auto-negotiate - Resets the FEM or GEM port to automatically negotiate speed or pause method, respectively, and duplex (default).
• phy 1Gbits-FD-asym - Set the GEM port to full duplex mode with asymmetric pause toward the link partner.
• phy 1Gbits-FD-no pause - Set the GEM port to full duplex mode with no pause.
• phy 1Gbits-FD-sym - Set the GEM port to full duplex mode with symmetric pause.
• phy 1Gbits-FD-sym-asym - Set the GEM port to full duplex mode with asymmetric and symmetric pause toward the local device.
4-6Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 4 Configuring Interfaces and CircuitsConfiguring Interfaces
s not ds, less the
the to
For example, to set interface ethernet-1 to 100 Mbps and half-duplex, enter:
(config-if[ethernet-1])# phy 100Mbits-HD
Setting the Interface Maximum Idle TimeUse the max-idle command as a troubleshooting tool to verify an interface’s ability to receive traffic. If the interface does not receive traffic within the configured idle time, the CSS reinitializes it automatically.
Set the idle time to a value greater than the interval over which the interface ireceiving traffic. For example, if the interface receives traffic every 90 seconset the idle time to a value greater than 90 seconds. If you set the idle time tothan 90 seconds, the CSS would continuously re-initialize the interface beforeinterface was able to receive traffic.
Enter the idle time from 15 to 65535 seconds. The default is 0, which disablesidle timer. For example, to set the maximum idle time for interface ethernet-7180 seconds, enter:
(config-if[ethernet-7])# max-idle 180
To reset the idle time for an interface to its default value of 0, enter:
(config-if[ethernet-7])# no max-idle
4-7Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 4 Configuring Interfaces and CircuitsConfiguring Interfaces
Showing Interface Duplex and Speed
To show duplex and speed values for all interfaces, enter the show phy command. For example:
(config)# show phy
Configured ActualName Speed Duplex Speed Duplex Linkethernet-1 auto auto 10 Mb/s half Downethernet-2 auto auto 10 Mb/s half Downethernet-3 auto auto 10 Mb/s half Downethernet-4 auto auto 10 Mb/s half Downethernet-5 auto auto 10 Mb/s half Downethernet-6 auto auto 10 Mb/s half Downethernet-7 auto auto 10 Mb/s half Downethernet-8 auto auto 10 Mb/s half Downethernet-9 auto auto 10 Mb/s half Downethernet-10 auto auto 10 Mb/s half Downethernet-11 auto auto 10 Mb/s half Downethernet-12 auto auto 10 Mb/s half DownEthernet-Mgmt 100 Mb/s half 100 Mb/s half Up
To show duplex and speed value for a specific interface, enter the show phy command and the interface name. For example:
(config)# show phy ethernet-3
Configured ActualName Speed Duplex Speed Duplex Linkethernet-3 auto auto 10 Mb/s half Down
Bridging the Interface to a VLANTo bridge an interface to a VLAN, use the bridge vlan command. Enter a VLAN number from 1 to 4095. For example, to configure ethernet-1 to vlan 2, enter:
(config-if[ethernet-1])# bridge vlan 2
Note When you enter the bridge vlan command, enter the word vlan in lowercase letters and include a space before the vlan number(for example, vlan 2).
4-8Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 4 Configuring Interfaces and CircuitsConfiguring Interfaces
To restore the default vlan 1, enter:
(config-if[ethernet-7])# no bridge vlan
To display all interfaces and the vlans to which they are configured, enter the show circuit command.
Note In the show circuit display, vlans appear as VLAN (uppercase, with no space before the VLAN number).
(config)# show circuit
Circuit OperationalName Circuit State IP Address Interface StatusVLAN2 active-ipEnabled 192.0.3.204 ethernet-1 Up ethernet-3 Up
Configuring Bridge PathcostTo set the path cost for an interface, use the bridge pathcost command. The cost is the contribution of the interface to the path cost of paths towards spanning-tree root. Enter an integer from 1 to 65535. The default is 10.
For example, to set a path cost of 9 for ethernet-7, enter:
(config-if[ethernet-7])# bridge pathcost 9
To restore the default path cost, enter:
(config-if[ethernet-7])# no bridge pathcost
Configuring Bridge PriorityTo set the bridge priority for a port, use the bridge priority command. Enter an integer from 0 to 255. The default is 128.
For example, to set a bridge priority of 100 for ethernet-7, enter:
(config-if[ethernet-7])# bridge priority 100
To restore the default priority of 128, enter:
(config-if[ethernet-7])# no bridge priority
4-9Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 4 Configuring Interfaces and CircuitsConfiguring Interfaces
Configuring Bridge StateTo set the bridge state to enable or disable for an interface, use the bridge state command. An interface is set to bridge state enable by default.
For example, to enable the bridge state for ethernet-7, enter:
(config-if[ethernet-7])# bridge state enable
To disable the bridge state for ethernet-7, enter:
(config-if[ethernet-7])# bridge state disable
Configuring the Low Water Mark of Flow Control Blocks on an Interface
Use the fcb-lowwater command to configure the low water mark of flow control blocks (FCBs) on the interface. The low-water mark is the percentage of the total number of FCBs available. If the number of FCBs available on a port goes below the low-water mark, then aggressive flow recovery occurs.
The syntax for this interface mode command is:
fcb-lowwater percentage
Enter the percentage as the total number of available FCBs. Enter a number from 1 to 100. The default is 25%.
To reset the percentage of available FCBs to its default of 25, enter:
(config-if[ethernet-7])# no fcb-lowwater
Showing Bridge ConfigurationsThe CSS enables you to show bridge forwarding and bridge status information.
To display bridge forwarding information, use the show bridge forwarding command.
4-10Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 4 Configuring Interfaces and CircuitsConfiguring Interfaces
For example:
(config)# show bridge forwarding
VLAN MAC Address Port NumberVLAN1 00-e0-1e-3e-9c-98 ethernet-1 00-e0-b0-5a-59-d1 ethernet-2VLAN4 00-a0-c9-b0-d6-d8 ethernet-8 02-60-8c-a3-82-ed ethernet-6VLAN5 00-60-08-8f-96-8c ethernet-4
To display bridge status information, use the show bridge status command.
Showing InterfacesTo display a list of valid interfaces for the CSS, use the show interface command as shown in the following example:
(config)# show interface
Name ifIndex Type Oper Admin Last Changeethernet-1 1 fe Down Up 7/20/1998 13:48:10ethernet-2 2 fe Up Down 7/20/1998 13:48:10ethernet-3 3 fe Up Down 7/20/1998 13:48:10ethernet-4 4 fe Up Down 7/20/1998 13:48:10ethernet-5 5 fe Up Down 7/20/1998 13:48:10ethernet-6 6 fe Up Down 7/20/1998 13:48:10ethernet-7 7 fe Up Down 7/20/1998 13:48:10ethernet-8 8 fe Up Down 7/20/1998 13:48:10ethernet-9 9 fe Up Down 7/20/1998 13:48:10ethernet-10 10 fe Up Down 7/20/1998 13:48:10ethernet-11 11 fe Up Down 7/20/1998 13:48:10ethernet-12 12 fe Up Down 7/20/1998 13:48:10Serial-Mgmt. 13 console Up Up 7/20/1998 13:48:10Ethernet-Mgmt. 14 fe Up Up 7/20/1998 13:48:1
To only display information for a specific interface, enter the show interface command and the interface name as shown:
(config)# show interface ethernet-7
Name ifIndex Type Oper Admin Last Changeethernet-7 7 fe Up Down 7/20/1998 13:48:10
4-11Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 4 Configuring Interfaces and CircuitsConfiguring Interfaces
Showing Interface StatisticsUse the show mibii command to display the extended 64-bit MIB-II statistics for a specific interface or all interfaces in the CSS. The Enterprise ap64Stats MIB defines these statistics. To display the RFC1213 32-bit statistics, include the -32 suffix.
To display extended MIB-II statistics for a specific interface in the CSS, enter the show mibii command with the interface name. For example:
(config)# show mibii ethernet-1
MIB II Statistics for <ethernet-1>:
MAC: 00-10-58-00-04-E1 Last Change: 04/28/2001Administrative: Enable Operational: DownMTU: 1,518 Speed: 10 Mb/sIn Octets: 0 Queue Len: 0In Unicast: 0 Out Octets: 0In Multicast: 0 Out Unicast: 0In Errors: 0 Out Multicast: 0In Discards: 0 Out Errors: 0In Unknown: 0 Out Discards: 0
To see a list of interfaces in the CSS, enter: show mibii ?.
To clear interface statistics, use the clear statistics command in SuperUser mode. For example:
# clear statistics
4-12Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 4 Configuring Interfaces and CircuitsConfiguring Interfaces
Showing Ethernet Interface ErrorsTo list the errors on an Ethernet interface, use the show ether-errors command and options. When required, enter the interface name as a case-sensitive unquoted text string. To see a list of interfaces, enter: show ether-errors ?.
The command provides the following options:
• show ether-errors - Display the extended 64-bit statistics for errors on all Ethernet interfaces in the CSS. The Enterprise ap64Stats MIB defines these statistics.
• show ether-errors interface name -Display the extended 64-bit statistics for errors on a specific Ethernet interface in the CSS. The Enterprise ap64Stats MIB defines these statistics. Enter the interface name as a case-sensitive unquoted text string.
• show ether-errors zero - Display the Ethernet errors for all Ethernet interfaces in the CSS and reset the statistics to zero upon retrieval.
• show ether-errors zero interface name - Display the Ethernet errors for the specified Ethernet interface in the CSS and reset the statistics to zero upon retrieval. Enter the interface name as a case-sensitive unquoted text string.
• show ether-errors-32 - Display the RFC1398 32-bit statistics, include the -32 suffix.
• show ether-errors-32 interface name - Display the RFC1398 32-bit statistics, include the -32 suffix. Enter the interface name as a case-sensitive unquoted text string.
For example:
(config)# show ether-errors ethernet-1
Ethernet Errors for <ethernet-1>:
Alignment: 0 Internal Rx Errors: 0FCS: 0 Frame too Long: 0Single Collision: 0 Carrier Sense Errors: 0Multiple Collisions: 0 Internal Tx Errors: 0SQE Test: 0 Excessive Collisions: 0Deferred Tx: 0 Late Collisions: 0
4-13Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 4 Configuring Interfaces and CircuitsConfiguring Interfaces
Shutting Down an InterfaceTo shutdown an interface, use the admin-shutdown command in interface mode.
Caution Shutting down an interface terminates all connections to the interface.
For example, to shut down interface ethernet-3, enter:
(config-if[ethernet-3]) admin-shutdown physical
Restarting the InterfaceTo restart the interface, enter the no admin-shutdown command. For example, to restart interface ethernet-3, enter:
(config-if[ethernet-3])# no admin-shutdown physical
Shutting Down All InterfacesTo shut down all interfaces simultaneously, use the admin-shutdown command at the SuperUser prompt. This command provides a quick way to shut down all physical devices in the CSS except the Console and Management ports.
Caution Shutting down an interface terminates all connections to the interface.
To shut down all interfaces, enter:
# admin-shutdown
Note To shutdown one interface, use the admin-shutdown command in interface mode. Refer to the “Shutting Down an Interface” section described previously in this chapter.
4-14Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 4 Configuring Interfaces and CircuitsConfiguring Circuits
Restarting All InterfacesTo restart all interfaces, enter:
# no admin-shutdown
Configuring CircuitsA circuit on the CSS is a logical entity that maps IP interfaces to a logical port or group of logical ports (for example, a VLAN). Each VLAN circuit requires an IP address. Assigning an IP address to each VLAN circuit allows the CSS to route Ethernet interfaces from VLAN to VLAN.
To enter a specific circuit configuration mode, enter the circuit command and VLAN as shown in the following example:
(config)# circuit VLAN7(config-circuit[VLAN7])#
Note When you use the circuit command, enter the word ‘VLAN’ in uppercase letters and do not include a space between VLAN and the VLAN number (for example, VLAN7).
You can configure the following settings for a circuit:
• router-discovery lifetime - Configure router discovery lifetime
• router-discovery limited-broadcast - Transmit router discovery packets using 224.0.0.1
• router-discovery max-advertisement-interval - Configure router discovery maximum advertisement interval timer
• router-discovery min-advertisement-interval - Configure router discovery minimum advertisement interval timer
Note The CSS allows you to enable router discovery and define a router discovery preference for each interface. To enable router discovery and define a preference per interface, refer to the sections “Enabling Router-Discovery” and “Configuring Router-Discovery Preference”, respectively, later in this chapter.
4-15Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 4 Configuring Interfaces and CircuitsConfiguring Circuits
Configuring Router-Discovery LifetimeTo configure the maximum age in seconds that hosts remember router advertisements, use the router-discovery lifetime command with an integer between 0 and 9000 seconds. The default is 3 x the max-advertisement-interval.
For example:
(config-circuit[VLAN7])# router-discovery lifetime 600
To reset the time to the default of 3 x the max-advertisement-interval, enter:
(config-circuit[VLAN7)# no router-discovery lifetime
Configuring Router-Discovery Limited-BroadcastTo transmit router discovery packets using the broadcast address 255.255.255.255, use the router-discovery limited-broadcast command. The default is 224.0.0.1. For example:
(config-circuit[VLAN7])# router-discovery limited-broadcast
To revert to the default of 224.0.0.1, enter:
(config-circuit[VLAN7)# no router-discovery limited-broadcast
Configuring Router-Discovery Max-Advertisement-IntervalTo configure router discovery maximum advertisement interval, use the router-discovery max-advertisement-interval command. The maximum value defines the interval between advertisements in seconds. Enter an integer from 4 to 1800. The default is 600 (10 minutes). For example:
(config-circuit[VLAN7])# router-discovery max-advertisement-interval 300
To restore router discovery maximum advertisement interval to the default of 600, enter:
(config-circuit[VLAN7])# no router-discovery max-advertisement-interval
4-16Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 4 Configuring Interfaces and CircuitsConfiguring Circuits
Configuring Router-Discovery Min-Advertisement-IntervalTo configure router discovery minimum advertisement interval timers, use the router-discovery min-advertisement-interval command. The minimum value defines the minimum interval between advertisements in seconds. Enter an integer from 0 to 1800.
The default is 0.75 x the max-advertisement-interval. If this value is greater than 0, it must be less than the maximum value.
For example:
(config-circuit[VLAN7])# router-discovery min-advertisement-interval 100
To reset the minimum router advertisement interval to the default of 0.75 x the maximum advertisement value, enter:
(config-circuit[VLAN7])# no router-discovery min-advertisement-interval
Showing CircuitsTo show circuit information, use the show circuits command. A circuit on the CSS is a logical entity that maps IP interfaces to a logical port or group of logical ports.
This command provides the following options:
• show circuits - Displays all circuit information for circuits that are currently up
• show circuits all - Displays all circuit information regardless of circuit state
• show circuit name circuit name - Display circuit information for a specific circuit regardless of state
For example:
(config) show circuits all
Circuit OperationalName Circuit State IP Address Interface StatusVLAN1 active-ipEnabled 172.0.3.20 ethernet-2 Up ethernet-4 UpVLAN3 active-ipEnabled 172.0.3.24 ethernet-5 Up
4-17Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 4 Configuring Interfaces and CircuitsConfiguring a Circuit IP Interface
Configuring a Circuit IP InterfaceA circuit on the CSS is a logical entity that maps IP interfaces to a logical port or group of logical ports (for example, a VLAN). Each VLAN circuit requires anIP address. Assigning an IP address to each VLAN circuit allows the CSS to route Ethernet interfaces from VLAN to VLAN.
To enter a specific circuit configuration mode, enter the circuit command and VLAN as shown in the following example:
(config)# circuit VLAN7(config-circuit[VLAN7])#
Note When you use the circuit command, enter the word ‘VLAN’ in uppercase letters and do not include a space between VLAN and the VLAN number (for example, VLAN7).
The following sections describe how to define a a circuit IP address.
• Configuring a Circuit IP Address
• Configuring a Circuit-IP Broadcast Address
• Configuring Circuit-IP Redirects
• Configuring Circuit-IP Unreachables
• Enabling Router-Discovery
• Configuring Router-Discovery Preference
• Enabling a Circuit IP
• Disabling a Circuit IP
• Showing IP Interfaces
Configuring a Circuit IP AddressTo assign an IP address to a circuit, use the ip address command from the specific circuit mode. Enter the IP address and a subnet mask in CIDR bitcount notation or a mask in dot-decimal notation. The subnet mask range is 8 to 31.
For example, to configure an IP address and subnet mask for VLAN7, enter:
(config-circuit[VLAN7])# ip address 173.3.6.58/8
4-18Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 4 Configuring Interfaces and CircuitsConfiguring a Circuit IP Interface
When you specify an IP address, the mode changes to the specific circuit-ip-VLAN-IP address as shown:
(config-circuit-ip[VLAN7-173.3.6.58])#
To remove a local IP address from a circuit, enter the following command from the circuit mode:
(config-circuit[VLAN7])# no ip address
Configuring a Circuit-IP Broadcast AddressTo change the broadcast address associated with a circuit, use the broadcast command. If you leave the broadcast address at zero, the all-ones host is used for numbered interfaces.
The default broadcast address is an all-ones host address (for example, an IP address 173.3.6.58/24 has a broadcast address of 173.3.6.58/255). This command is available in IP configuration mode.
For example, to change the broadcast address on circuit VLAN7, enter:
(config-circuit-ip[VLAN7-173.3.6.58])# broadcast 0.0.0.0
To reset the broadcast IP address to the default all-ones host address, enter:
(config-circuit[VLAN7-173.3.6.58])# no broadcast
Configuring Circuit-IP RedirectsTo enable the transmission of Internet Control Message Protocol (ICMP) redirect messages, use the redirects command. The default state is enabled.
For example:
(config-circuit-ip[VLAN7-173.3.6.58])# redirects
To disable the transmission of ICMP redirect messages, enter:
(config-circuit-ip[VLAN7-173.3.6.58])# no redirects
4-19Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 4 Configuring Interfaces and CircuitsConfiguring a Circuit IP Interface
e the
nter:
of s of
in
fault
Configuring Circuit-IP UnreachablesTo enable the transmission of ICMP “destination unreachable” messages, usunreachables command. The default state is enabled.
For example:
(config-circuit-ip[VLAN7-173.3.6.58])# unreachables
To disable the transmission of ICMP “destination unreachable” messages, e
(config-circuit-ip[VLAN7-173.3.6.58])# no unreachables
Enabling Router-DiscoveryTo enable router discovery for an interface, use the router-discovery command. When enabled, router discovery transmits packets with a multicast address 244.0.0.1. To enable an interface to transmit packets with a multicast addres255.255.255.255, use the router-discovery limited-broadcast command in circuit mode (see “Configuring Router-Discovery Limited-Broadcast”, earlier this chapter). Router discovery is disabled by default.
For example:
(config-circuit-ip[VLAN7-192.168.1.58])# router-discovery
To disable router discovery, enter:
(config-circuit-ip[VLAN7-192.168.1.58])# no router-discovery
Configuring Router-Discovery PreferenceTo configure the router discovery preference value, use the router-discovery preference command and a value to define the router preference value to advertise. The value is an integer from 0 (default) to 65535. If you use the devalue, you do not need to use this command.
For example:
(config-circuit-ip[VLAN7-192.168.1.58])# router-discovery preference 100
4-20Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 4 Configuring Interfaces and CircuitsConfiguring a Circuit IP Interface
To restore the router discovery preference value to the default of 0, enter:
(config-circuit-ip[VLAN7-192.168.1.58])# no router-discovery preference
Enabling a Circuit IPTo enable the IP interface on a circuit, use the enable command. The default is enable.
For example:
(config-circuit-ip[VLAN7-173.3.6.58])# enable
Disabling a Circuit IPTo disable the interfaces on a circuit, enter:
(config-circuit-ip[VLAN7-173.3.6.58])# no enable
Showing IP InterfacesTo display information on configured IP interfaces, enter the show ip interface command.
For example:
(config)# show ip interface
IP Interface Summary:
CircuitName: VLAN2 State: active IP Address: 172.0.1.100 Network Mask: 255.0.0.0Broadcast Address: 11.255.255.255 Redundancy: disabledICMP Redirect: enabled ICMP Unreachable: enabled RIP: disabled
4-21Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 4 Configuring Interfaces and CircuitsConfiguring RIP for an IP Interface
When you enable router discovery for a circuit interface, the show ip interface command display also provides the following fields and values in addition to the information shown above.
Router Discovery: enabled RDP Preference: 0RDP Max Interval: 600 RDP Min Interval: 0RDP Lifetime: 0 RDP Multicast: disabledRIP: disabled
Configuring RIP for an IP InterfaceThe CSS enables you to configure Routing Information Protocol (RIP) attributes on each IP interface. To configure Routing Information Protocol (RIP) parameters and run RIP on an IP interface, use the following routing commands within the specific circuit IP mode. The default mode is to send RIP version 2 (v2) and receive either RIP or RIP2.
You can configure the following routing options for each IP interface:
• rip - Start RIP on the IP interface
• rip default-route - Advertise a default route on this interface
• rip receive - Specify the RIP version that the IP interface receives
• rip send - Specify the RIP version that the IP interface sends
To start running RIP on an IP interface, enter:
(config-circuit-ip[VLAN7-192.168.1.58)# rip
To stop running the RIP on the interface, enter:
(config-circuit-ip[VLAN7-192.168.1.58])# no rip
Configuring RIP Default-RouteTo advertise a default route on an IP interface with a specific metric, use therip default-route command.
You can also specify an optional metric in the command line. The CSS uses this metric when advertising a route. Enter a number from 1 to 15. The default is 1.
4-22Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 4 Configuring Interfaces and CircuitsConfiguring RIP for an IP Interface
For example:
(config-circuit-ip[VLAN7-192.168.1.58])# ripdefault-route 9
Configuring RIP ReceiveTo specify the RIP version that the interface receives, use the rip receive command. The rip receive options are:
• rip receive both - Receive both RIP version 1 and RIP version 2 (default)
• rip receive none - Receive no RIP packets
• rip receive v1 - Receive RIP version 1 packets only
• rip receive v2 - Receive RIP version 2 packets only
For example:
(config-circuit-ip[VLAN7-192.168.1.58])# rip receive both
Configuring RIP SendTo specify the RIP version that the interface sends, use the rip send command. The rip send options are:
• rip send none - Send no RIP packets
• rip send v1 - Send RIP version 1 packets only
• rip send v2 - Send RIP version 2 packets only (default)
For example:
(config-circuit-ip[VLAN7-192.168.1.58])# rip send v1
Showing RIP ConfigurationsTo show a RIP configuration for one IP address or all IP addresses configured in the CSS, use the show rip command. The command provides the following options:
• show rip - Displays RIP configurations for all interfaces
4-23Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 4 Configuring Interfaces and CircuitsConfiguring RIP for an IP Interface
• show rip ip_address - Displays a single RIP interface entry
• show rip globals - Displays RIP global statistics
• show rip statistics - Displays RIP interface statistics for all interfaces
• show rip statistics ip_address - Displays RIP interface statistics for a specific interface
The show rip command displays the following type of information:
(config)# show ripRIP IP Configuration:
Default RouteIP Address State RIP Send RIP Recv Advertised171.0.3.204 active ripVersion1 rip1OrRip2 10172.0.3.204 active ripVersion1 rip1OrRip2 10192.32.1.201 active ripVersion2 rip1OrRip 20
The show rip globals command displays the following type of information:
(config)# show rip globals
RIP Global Statistics:RIP Route Changes: 3 RIP Query Responses: 0
The show rip statistics command displays the following global statistics:
(config)# show rip statistics
RIP Interface Statistics:
System Route Changes: 3 System Global Query Rspns: 0IP Address: 192.0.3.20 Triggered Updates Sent: 3Bad Packets Received: 0 Bad Routes Received: 0IP Address: 192.0.3.24 Triggered Updates Sent: 3Bad Packets Received: 0 Bad Routes Received: 0IP Address: 192.3.1.21 Triggered Updates Sent: 3Bad Packets Received: 0 Bad Routes Received: 0
Where to Go Next
For information on creating and configuring services, refer to Chapter 5, Configuring Services.
4-24Content Services Switch Basic Configuration Guide
78-11424-01
Content Services S78-11424-01
C H A P T E R 5
Configuring ServicesThis chapter describes how to configure services. This chapter also contains an overview on the association between services, owners, and content rules. Information in this chapter applies to all CSS models except where noted.
This chapter contains the following sections:
• Service, Owner, and Content Rule Overview
• Service Load Overview
• Configuring Load for Services
• Global Keepalive Mode
• Script Keepalives
• Creating Services
• Configuring Services
• Showing Service Configurations
Service, Owner, and Content Rule OverviewThe CSS enables you to configure services, owners, and content rules to direct requests for content to a specific destination service (for example, a server or a port on a server). By configuring services, owners, and content rules, you optimize and control how the CSS handles each request for specific content.
5-1witch Basic Configuration Guide
Chapter 5 Configuring ServicesService, Owner, and Content Rule Overview
• A service is a destination location where a piece of content resides physically(a local or remote server and port). You add services to content rules. Adding a service to a content rule includes it in the resource pool that the CSS uses for load-balancing requests for content. A service may belong to multiple content rules.
• An owner is generally the person or company who contracts the Web hosting service to host their Web content and allocate bandwidth as required. Owners can have multiple content rules.
• A content rule is a hierarchical rule set containing individual rules that describe which content (for example, .html files) is accessible by visitors to the Web site, how the content is mirrored, on which server the content resides, and how the CSS should process requests for the content. Each rule set must have an owner.
The CSS uses content rules to determine:
– Where the content physically resides, whether local or remote
– Where to direct the request for content (which service or services)
– Which load balancing method to use
When a request for content is made, the CSS:
1. Uses the owner content rule to translate the owner Virtual IP address (VIP) or domain name using Network Address Translation (NAT) to the corresponding service IP address and port.
2. Checks for available services that match the content request.
3. Uses content rules to choose which service can best process the request for content.
4. Applies all content rules to service the request for content (for example, load balancing method, redirects, failover, stickiness).
Figure 5-1 illustrates the CSS service, owner, and content rule concepts
5-2Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesService, Owner, and Content Rule Overview
Figure 5-1 Services, Owners, and Content Rules Concepts.
49
38
5
5-3Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesService, Owner, and Content Rule Overview
Service Configuration Quick StartTable 5-1 provides a quick overview of the steps required to configure services. Each step includes the CLI command required to complete the task. For a complete description of each feature and all the options associated with the CLI commands, refer to the sections following Table 5-1.
Table 5-1 Service Configuration Quick Start
Task and Command Example
1. Enter config mode by typing config.
(config)#
2. Create services. When you create a service, the CLI enters that service mode, as shown in the command response below. To create additional services, re-enter the service command.
(config)# service serv1(config-service[serv1])#(config-service[serv1])# service serv2(config-service[serv2])#
3. Assign an IP address to each service. The IP address is the actual IP address of the server.
(config-service[serv2])#(config-service[serv2])# ip address 10.3.6.2(config-service[serv2])# service serv1(config-service[serv1])# ip address 10.3.6.1
4. Activate each service.
(config-service[serv1])# active(config-service[serv1])# service serv2(config-service[serv2])# active(config-service[serv2])# exit
5. Display all service configurations (optional).
(config-service[serv2])# show service summary
5-4Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesService Load Overview
ber.
he bal
. An oad
the to
ervers r by same
ms, 0 ms.
Service Load OverviewServer load is a mechanism to express the current load experienced by a server. The CSS calculates load by using the variances in normalized response times from client to server to determine a server’s load number. A server with a heavier processing load would be biased toward a more significant, larger, load num
To configure global load parameters for the eligibility and ineligibility of CSSservices, use the load report, load teardown timer, and load ageout timer commands (discussed later in this section).
You can adjust load calculations by changing the load step size, which is the difference in milliseconds between load numbers. The CSS can determine tload step dynamically, or you can configure the initial load step using the gloload step command.
The load on a service has a range of 2 to 255, with an eligible load of 2 to 254eligible service is an active service that can receive flows. A service with a lof 255 is offline.
A service becomes ineligible to receive flows when its load number exceedsconfigured load threshold. The CSS uses the configured ageout timer valuereturn the service to the eligible state.
For the CSS to consider the server loads as different, response times of the smust differ by the configured load step or greater. If the response times diffeless than the configured load step, the CSS considers the servers to have theload.
Note Redirect services have load numbers associated with them, but the load numbers are either 2 (available) or 255 (unavailable).
Figure 5-2 shows servers A, B, and C with response times of 100 ms, 1100 and 120 ms, respectively. One group of servers has load step configured to 1The second group of servers has load step configured to 100 ms.
5-5Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesService Load Overview
Figure 5-2 Load Calculation Example with Three Servers
For the servers set to the 10 ms load step, the difference in response time between:
• ServerA and serverB is 1000 ms. Because this value is greater than the configured load step of 10 ms, the CSS considers the server loads different.
• ServerA and serverC is 20 ms. Because this value is greater than the configured load step of 10 ms, the CSS considers the server loads different.
For the servers set to 100 ms load step, the difference in response time between:
• ServerA and serverB is 1000 ms. Because this value is greater than the configured load step of 100 ms, the CSS considers the server loads different.
• ServerA and serverC is 20 ms. Because this value is less than the configured load step of 100 ms, the CSS considers servers A and C to have the same load.
Server Name
Calculatedload number
Calculatedload number
255
254
130
12
2
serverB
serverA & serverC
Servers with100 ms load step
Servers with10 ms load step
Normalized Response Time
serverAserverBserverC
100 ms1100 ms
120 ms
255
254
130
4
2
serverC
serverA
102
serverB
4938
6
5-6Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesService Load Overview
) to
ffic
Increasing the load step causes the load for servers to be closer to each other. Decreasing the load step causes the load for servers to be further from each other.
To enable you to configure an accurate load threshold for a server, you can calculate a load number for a server. To calculate a server load number:
1. Take the difference between the server with the lowest response time and the server for which you want to determine a load number.
2. Divide the difference by the configured load step.
3. Add this number to the calculated load step of the server with the lowest response time, which is always 2.
For example, to calculate the load number for serverC with the 10 ms load step:
1. Take the difference in server response time between serverA and serverC(20 ms).
2. Divide it by the configured load step (10 ms). The result equals 2.
3. Add 2 to serverA’s (server with lowest response time) calculated load (2determine serverC’s calculated load of 4.
Using ArrowPoint Content Awareness Based on Server Load and Weight
ArrowPoint Content Awareness (ACA) load-balancing algorithm balances trabetween a group of servers. You can configure the CSS to make ACA load-balancing decisions based on:
• Server load
• Server weight and load
Using ACA Based on Server LoadACA determines the best service for each content request based on server load and size of the content being requested. ACA estimates the file size based on previous requests for the same content. A service with a lower load receives more flows than a service with a higher load.
5-7Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesService Load Overview
erver nd the
ong ght nts the
Using ACA Based on Server Weight and LoadServer weight is a mechanism to express the processing capabilities of a server. Weights allow you to configure the CSS to prefer one group of servers over another. When you configure weights, the number of hits per server is relative to the weight configured on that server. A higher weight will bias flows toward the specified server. For example, in Figure 5-2, ServerA with a weight of two is hit twice as much as ServerB that has a weight of one. ServerC has a weight of 10 and is hit 10 times as much as ServerB. All servers with the same weight are hit equally in a roundrobin manner.
The CSS can use a server’s weight in tandem with server load to determine savailability. When you configure ACA on a content rule to use both weight aload, the CSS calculates the number of requests per weight level based on number of servers with that weight. The CSS then balances the requests amthe servers based on their individual loads. The number of requests per weilevel is equal to weight level * number of servers *10. The CSS then incremethe weight level, and uses the same mechanism to balance requests amongservers in the next weight level.
For information on configuring weight for a service, refer to the section “Configuring Weight” described later in this chapter. Also see the section “Specifying a Service Weight” in Chapter 7, Configuring Content Rules, .
5-8Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesConfiguring Load for Services
Configuring Load for ServicesThe options for the global load command are:
• load step msec dynamic | static - Define the load step.
• load threshold number - Set the load threshold for a service, determining its eligibility to receive flows.
• load reporting - Enable or disable the CSS from generating teardown reports and deriving load numbers.
• load teardown-timer - Set the maximum amount of time between teardown reports.
• load ageout-timer - Set the time interval in seconds in which the CSS ages out stale load information for a service.
For more information on these options and associated variables, refer to the following sections.
Configuring Global Load StepUse the load step command to set the global load step, which is the difference in milliseconds between load numbers. Load numbers have a range from 2 to 254. By default, the CSS starts at a load step of 10 ms and then dynamically calculates the load step as it accumulates minimum and maximum response times for the services.
When you configure the load step to reduce the flows to a slower service, consider the differences in response times between services. For example:
• Increasing the load step causes the load for services to be closer to each other, thus increasing the number of flows to a slower service.
• Decreasing the load step causes the load for services to be further from each other, thus decreasing the flows to a slower service.
5-9Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesConfiguring Load for Services
The options and syntax for this global configuration mode command are:
• load step msec dynamic (default) - Set the initial load step. The CSS uses the default of 10 ms as the initial load step, modifying it after the CSS collects sufficient response time information.
• load step msec static - Set a constant load step. The CSS uses this load step value instead of making dynamic calculations. The default is 10 ms.
Enter the load step in milliseconds from 10 to 1000000000. The default is 10 ms. For example, to set the load step to 100 ms, enter:
(config)# load step 100
To set the load step to the default of 10 ms, enter:
(config)# no load step
Configuring Global Load ThresholdUse the load threshold command to define the global load number which the CSS uses to determine if a service is eligible to receive flows. If the service load exceeds the threshold, the service becomes ineligible to receive flows until the CSS ages the service into the eligible state.
Enter the threshold as a number from 2 to 254. The default is 254, which is the maximum threshold services can reach before becoming unavailable. To view the global load on services, enter show load.
For example, to set the load threshold to 25, enter:
(config)# load threshold 25
Note If you do not configure a load threshold for the content rule with the (config-owner-content) load-threshold command, the rule inherits this global load threshold.
To set the load threshold to the default of 254, enter:
(config)# no load threshold
5-10Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesConfiguring Load for Services
Configuring Global Load ReportingUse the load reporting command to enable the CSS to generate teardown reports and derive load numbers. A teardown report is a summary of response times for services when flows are being torn down. The CSS uses the teardown report to derive the load number for a service. The default is load reporting enable.
If you are not concerned about load reporting, disable it and it may increase performance (depending on flows and load reporting already occurring). To disable load reporting, enter:
(config)# no load reporting
To re-enable load reporting, enter:
(config)# load reporting
Configuring Load Tear Down TimerUse the load teardown-timer command to set the maximum time between teardown reports. A teardown report is a summary of response times for services when flows are being torn down. The CSS uses the teardown report to derive the load number for a service.
When the SFM has sufficient teardown activity for a service, it generates a teardown report and the teardown timer is reset. If a teardown report is not triggered at the end of the teardown timer interval due to insufficient activity, the CSS triggers the SFM to generate a teardown report based on its current activity. If there is no activity on the SFM, no report is generated and the timer resets.
Note The teardown timer is overridden when a service is reset. After 10 teardown reports are recorded, the timer is reset to its configured value.
Enter the teardown timer as the number of seconds between teardown reports. enter an integer from 0 to 1000000000. The default is 20. The value of 0 disables the timer. For example, to set the teardown timer to 120 seconds, enter:
(config)# load teardown-timer 120
5-11Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesConfiguring Load for Services
To reset the teardown time interval to its default of 20 seconds, enter:
(config)# no load teardown-timer
Configuring Load Ageout TimerUse the load ageout-timer command to set the time interval in seconds in which the CSS ages out stale load information for a service. When the ageout timer interval expires, the CSS erases the information and resets the service load to 2. Load information is stale when the teardown report number recorded on a service has not incremented during the ageout time interval because no flows (long or short) are being torn down on the service.
At the beginning of the time interval, the ageout timer saves the number of the current teardown report. When the SFM generates a a new teardown report, the report number in the SFM increments and any services in the report saves this number. At the end of the ageout time interval, the CSS compares the initial teardown number, saved at the beginning of the time interval, with the current teardown number saved by each service. If the number of a service is less than or equal to the timer number, the load information is stale. The CSS erases it and the service load is reset to 2.
Enter the ageout timer as the number of seconds to age out load information for a service. Enter an integer from 0 to 1000000000. The default is 60. The value of0 disables the timer.
For example:
(config)# load ageout-timer 180
To set the ageout time to the default of 60, enter:
(config)# no load ageout-timer
5-12Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesGlobal Keepalive Mode
Showing Global Service LoadsUse the show load command to display the global load configuration and service load information. For example:
(config)# show load
Global load information: Enabled
Step Size: Dynamic Configured: 100 Actual: 100Threshold: 254 Ageout Timer: 60
Service Load Information
Service Name Average Load Numbers1 52s2 2s3 2
Global Keepalive ModeGlobal keepalive configuration mode allows you to create a global keepalive and configure its properties. Once you create and configure a keepalive, you can apply it to any service. Applying a keepalive to multiple services reduces the amount of configuration required for each service.
Global keepalives are independent of service mode. In service mode, you can also configure individual keepalive properties for a service. Global keepalives supersede the individual keepalive parameters configured in service mode.
The CSS supports a maximum of 255 keepalives. These keepalives include:
• Global keepalives configured in keepalive configuration mode. The CSS counts a global keepalive as one keepalive regardless of the number of services you assign to it through the (config-service) keepalive type named command.
• ICMP, HTTP, TCP, and FTP keepalives configured and assigned to a service through the (config-service) keepalive command. Each time you assign one of these keepalives to a service through the (config-service) keepalive type command, the CSS counts it as another keepalive.
5-13Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesGlobal Keepalive Mode
Caution If you configure more than 255 keepalives, any services assigned to the keepalives over 255 will not work.
To access keepalive configuration mode, use the keepalive command from circuit, global, interface, and IP configuration modes. The prompt changes to (config-keepalive [name]). You can also use this command from keepalive mode to access another keepalive.
The following sections describe how to configure global keepalives:
• Creating a Global Keepalive
• Activating a Global Keepalive Active
• Configuring a Global Keepalive Description
• Configuring a Global Keepalive Frequency
• Configuring a Global Keepalive IP Address
• Configuring a Global Keepalive Max Failure
• Configuring a Global Keepalive Method
• Configuring a Global Keepalive Port
• Configuring a Global Keepalive Retryperiod
• Deactivating a Global Keepalive
• Configuring a Global Keepalive Type
• Configuring a Global Keepalive URI
• Associating a Service with a Global Keepalive
• Configuring Global Keepalive Hash
Creating a Global KeepaliveUse the keepalive command to access keepalive configuration mode and configure global keepalive properties which you can apply to any service. Enter the name of the new keepalive you want to create or the name of an existing keepalive. Enter an unquoted text string with no spaces and a length of 1 to 31 characters. To see a list of existing keepalive names, enter keepalive ?.
5-14Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesGlobal Keepalive Mode
The following example creates global keepalive keepimages.
(config)# keepalive keepimages
When you access this mode, the prompt changes to (config-keepalive [keepimages]).
(config-keepalive[keepimages])#
To remove an existing keepalive, enter:
(config)# no keepalive keepimages
Activating a Global Keepalive ActiveUse the active command to activate the global keepalive. Activating a keepalive enables the CSS to start sending keepalive messages to the IP address.
For example, to activate the global keepalive keepimages, enter:
(config-keepalive[keepimages])# active
Configuring a Global Keepalive DescriptionUse the description command to specify the description for a keepalive. Enter the description as a quoted text string with a maximum of 64 characters, including spaces.
For example, to enter a description for the global keepalive keepimages, enter:
(config-keepalive[keepimages])# description "This keepalive is for the image servers"
To delete a description, enter:
(config-keepalive[keepimages])# no description
Configuring a Global Keepalive FrequencyUse the frequency command to specify the time between sending keepalive messages to the IP address. Enter the frequency time in seconds as an integer from2 to 255. The default is 5.
5-15Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesGlobal Keepalive Mode
For example, to set the frequency time to 10 seconds, enter:
(config-keepalive[keepimages])# frequency 10
To reset the frequency to its default value of 5, enter:
(config-keepalive[keepimages])# no frequency
Configuring a Global Keepalive IP AddressUse the ip address command to specify the IP address where the keepalive messages are sent. Enter the IP address in dotted-decimal notation.
For example, to enter an IP address for keepalive keepimages, enter:
(config-keepalive[keepimages])# ip address 192.168.7.6
Configuring a Global Keepalive Max FailureUse the maxfailure command to specify how many times the IP address can fail to respond to a keepalive message before the CSS considers it offline. Enter the maximum failure as an integer from 1 to 10. The default is 3.
For example, to set the global keepalive maxfailure number to 7, enter:
(config-keepalive[keepimages])# maxfailure 7
To reset the maximum failure number to its default value of 3, enter:
(config-keepalive[keepimages])# no maxfailure
Configuring a Global Keepalive MethodUse the method command to specify the HTTP keepalive method assigned to the global keepalive. The syntax and options for the keepalive mode command are:
• method get - The get method.
• method head (default ) - The head method.
For example, to specify the HTTP get keepalive method, enter:
(config-keepalive[keepimages])# method get
5-16Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesGlobal Keepalive Mode
Configuring a Global Keepalive PortUse the port command to specify the port number used for global HTTP keepalives. Enter the port number associated with the global keepalive as an integer from 0 to 65535.
If configured, the CSS uses the TCP keepalive port. Otherwise, the CSS bases the default on the keepalive type. If the keepalive type is:
• Not configured, the default port number is 0
• HTTP or TCP, the default port number is 80
• FTP, the default port number is 21
For example, to set the global keepalive port to 8080, enter
(config-keepalive[keepimages])# port 8080
To reset the port to the default of 0, enter:
(config-keepalive[keepimages])# no port
Configuring a Global Keepalive RetryperiodUse the retryperiod command to specify the retry period to send messages to the keepalive IP address. Enter the retry period as an integer from 2 to 255 seconds. The default is 5 seconds.
For example, to configure a retry period of 60 seconds, enter:
(config-keepalive[keepimages])# retryperiod 60
To reset the retry period to its default value of 5, enter:
(config-keepalive[keepimages])# no retryperiod
Deactivating a Global KeepaliveUse the suspend command to deactivate the keepalive. The syntax for this keepalive mode command is:
(config-keepalive[keepimages])# suspend
5-17Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesGlobal Keepalive Mode
Configuring a Global Keepalive TypeUse the type command to specify the type of keepalive message assigned to this keepalive. The syntax and options for this keepalive mode command are:
• type ftp ftp_record - Keepalive type that accesses an FTP server by logging into the server as defined in an FTP record file.
• type http - An HTTP index page request using persistent connections.
• type http non-persistent - An HTTP index page request using non-persistent connections.
• type icmp (default) - An ICMP echo message.
• type script script_name {“ arguments” } - Script keepalive to be used by the service. The script is played every time the keepalive is issued. For details on script keepalives, refer to “Script Keepalives”, later in this chapter.
• type tcp - A TCP session that determines service viability (3-way handshakeand reset (RST)).
For example, to set the global keepalive keepimages to type tcp, enter:
(config-keepalive[keepimages])# type tcp
Configuring a Global Keepalive URIUse the uri command to specify the HTTP Uniform Resource Identifier (URI) assigned to the global keepalive. Enter the HTTP keepalive URI as a quoted text string with a maximum length of 64 characters.
When you specify a URI for an HTTP keepalive, the CSS calculates a checksum for the Web page specified in the URI. If the Web page changes, the checksum no longer matches the original checksum and the CSS assumes that the service is down. To prevent the CSS from assuming that a service is down due to a checksum mismatch, specify the keepalive method as head. If you specify a URI to a dynamic Web page and do not specify the keepalive method as head, you must suspend and reactivate the service each time the Web page changes.
For example, to specify a URI for the global keepalive, enter:
(config-keepalive[keepimages])# uri "/index.html"
5-18Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesGlobal Keepalive Mode
To clear the URI assigned to this keepalive, enter:
(config-keepalive[keepimages])# no uri
Associating a Service with a Global KeepaliveUse the keepalive type named command to associate a service with a global keepalive. The service maintains the global keepalive attributes when you add the service to content rules.
The syntax for this command is keepalive type named name. Specify a global keepalive name to associate the server with a global keepalive.
For example, to associate imageserver1 with global keepalive keepimages, enter:
(config-service[imageserver1])# keepalive type named keepimages
Configuring Global Keepalive HashUse the hash command to specify the MD5 hash for a keepalive. The CSS compares the hash value against the computed hash value of all HTTP GET responses. A successful comparison results in the keepalive maintaining an ALIVE state.
To configure the hash value:
1. Configure the global keepalive. For example:
(config-keepalive[keepimages])# keepalive method get(config-keepalive[keepimages])# keepalive uri "/testpage.html"
2. Configure the service. For example:
(config)# service imageserver1(config-service[imageserver1])# ip address 10.0.3.21(config-service[imageserver1])# keepalive type named keepimages(config-service[imageserver1])# active
5-19Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesGlobal Keepalive Mode
3. Display the hash value using the show keepalive command.
(config-keepalive[keepimages])# show keepalive
Keepalives:
Name: imageserver1Index: 0 State: ALIVEDescription: Auto generated for service serv1Address: 10.0.3.21 Port:80Type: HTTP GET:/testpage.htmlHash: 1024b91e516637aaf9ffca21b4b05b8cFrequency: 5Max Failures: 3Retry Frequency: 5Dependent Services:
4. Use the hash value from the keepalive display to configure the keepalive hash. Enter the MD5 hash as a quoted hexadecimal string up to 32 characters. For example:
(config-keepalive[keepimages])# hash "1024b91e516637aaf9ffca21b4b05b8c"
An excerpt of the service configuration from the running-config is shown below.
service imageserver1ip address 10.0.3.21keepalive type httpkeepalive method getkeepalive uri "/testpage.html"keepalive hash "1024b91e516637aaf9ffca21b4b05b8c"active
To clear a hash value, enter:
(config-keepalive[keepimages])# no hash
5-20Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesGlobal Keepalive Mode
Showing Global Keepalive ConfigurationsTo display global keepalive configurations, use the show keepalive command. To display a list of existing keepalives, enter show keepalive ?.
This command provides the following options:
• show keepalive - Displays information for all keepalives
• show keepalive keepalive_name - Displays information for a specific keepalive
• show keepalive-summary - Display summary information for all keepalives
For example:
(config)# show keepalive
Keepalives:
Name: keepimages Index: 1 State: ALIVE ( ICP Check )Description: This keepalive is for image serversAddress: 172.16.1.7 Port: 80Type: HTTP:HEAD:/index.htmlFrequency: 5Max Failures: 3Retry Frequency: 5Dependent Services: imageserver1
Name: rualive Index: 2 State: ALIVEDescription: Auto generated for service serv2Address: 172.16.1.8 Port: 80Type: HTTP:HEAD:/index.htmlFrequency: 5Max Failures: 3Retry Frequency: 5Dependent Services: serv2
(config)# show keepalive-summary
Keepalives:keepimagesALIVE172.16.1.7rualiveALIVE172.16.1.8
5-21Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesScript Keepalives
e nect
the
s . For
pace .
Script KeepalivesScript keepalives are scripts that you can create to provide custom keepalives for your specific service requirements. To create the scripts, use the rich CSS Scripting Language that is included in your CSS software. For details on using the CSS Scripting Language, including using socket commands and examples of keepalive scripts, refer to Content Services Switch Advanced Configuration Guide.
Currently, a CSS provides keepalives for FTP, HTTP, ICMP, and TCP. For information on global keepalives, refer to “Global Keepalive Mode”, earlier inthis chapter. For information on configuring keepalive messages, refer to “Configuring Keepalives”, earlier in this chapter.
Using scripts allows you to extend the CSS keepalive functionality beyond thdefault keepalives. For example, you can develop a script specifically to cona CSS to a Post Office Protocol 3 (POP3) mail server.
Once you create a script offline, you can upload it to the CSS and configurescript keepalive option on a service.
Note You can also configure a script keepalive without having the corresponding script present on the CSS. In this case, a constant Down state remains on the service until you upload the appropriate script to the CSS. This allows you to develop and implement a configuration before uploading all the scripts to the CSS.
Script Keepalive ConsiderationsWhen you configure a script keepalive, follow the same general guidelines athose for global keepalive types, with the exceptions noted in these sectionsdetails on global keepalives, refer to “Global Keepalive Mode”, earlier in thischapter.
The CSS Scripting Language allows you to pass 128 characters in a quotedargument. Assuming an average of seven characters per argument (plus a sdelimiter), you can potentially use a maximum of 16 arguments in one script
5-22Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesScript Keepalives
an um
t
path umes
pt or
de in here
n
Use the script naming convention of ap-kal-type, so that, when you press tab or “?”, you can easily see the keepalive scripts available for use. For example,SMTP script would be named ap-kal-smtp. The script name can have a maximof 32 characters and the arguments must be in a quoted text string with a maximum of 128 characters.
For the configured script keepalive to find the corresponding script, the scripmust reside in the /<current running version>/script directory. When you configure a script keepalive, use only script names. (A CSS does not acceptnames.) If the script is present elsewhere on the CSS, the script keepalive assit does not exist.
Note Because many scripts have a multistep process such as connecting, sending a request, and waiting for a specific type of response, configure a higher frequency time value for script keepalives than for standard keepalives. A time interval of 10 seconds or higher ensures that the script keepalive has enough time to finish. Otherwise, state transitions may occur more often than is usual.
Because a CSS reads an entire script into memory, there is a maximum scrikeepalive size of 200 KB (approximately 6,000 lines). If a script exceeds thislimit, it will not load. This should be more than adequate for all applications. Fexample, the script keepalives included with your CSS software are approximately 1 KB. To further conserve CSS memory, services can share acommon script keepalive so that only one instance of the script needs to resimemory. However, you must configure the script keepalive for each service wyou want the script to run.
To see a complete list of all scripts available in the /<current running version>/script directory, press the Tab key or “?”. Optionally, you can type ascript name not found in the list, then you can upload the script later. You camanipulate scripts using the archive, clear, and copy commands. You can also upload a script from a local hard drive to the /script directory on the CSS, ordownload a script from the /script directory on the CSS to a local hard drive.
5-23Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesScript Keepalives
cript
elow t
Configuring Script Keepalives
Note For a large number of services that use script keepalives, use a smaller subset of global keepalives to handle the work for them. For information on global keepalives, refer to “Global Keepalive Mode”, earlier in this chapter.
Use the keepalive type script command to configure script keepalives. The syntax for this service configuration mode command is:
(config-service[serv1)# keepalive type script script_name “ arguments”
For example, to configure an httplist keepalive, enter:
(config-service[serv1)# keepalive type script ap-kal-httplist “10.10.102.105 /default.htm”
In the example above, the keepalive command configures the serv1 service keepalive to be of type script with the script name ap-kal-httplist and the arguments “10.10.102.105 /default.htm”.
To disable a script keepalive on a service, enter:
(config-service[serv1])# keepalive type none
Note You can configure a maximum of 16 script keepalives on a CSS.
Viewing a Script Keepalive in a ServiceWhen you add a script keepalive to a service, the CSS recognizes that the sis the keepalive for the service in the show service screen. The script name appears in the Keepalive field, and any potential arguments appear directly bin the Script Arguments field. If there are no script arguments, then the ScripArguments field does not appear.
5-24Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesScript Keepalives
For example:
(config-service[serv1])# show service
Name: serv1 Index: 1Type: Local State: AliveRule (10.10.102.105 ANY ANY)Redirect Domain:Keepalive: (SCRIPT ap-kal-httplist 10 3 5)Script Arguments: “10.10.102.105 /default.htm”Script Error: NoneScript Run Time: 1 secondMtu: 1500 State Transitions: 14Connections: 0 Max Connections: 0Total Connections: 0 Total Reused Conns: 0Weight: 1 Load: 2
Note If a script keepalive terminates with an error, you can use the Script Error and Script Run Time fields to help troubleshoot the problem.
You can also use the show running-config command to display the script keepalive and its arguments.
For example:
(config-service[serv1])# show running-config
service serv1ip address 10.10.102.105keepalive frequency 10keepalive type script ap-kal-httplist “10.10.102.105/default.htm”active
The example above shows the script keepalive and arguments that have been configured on a service. If no arguments are specified in the script, then the quoted text following the script name will not appear.
5-25Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesCreating Services
Script Keepalive Status CodesA script can return a status code of zero or non-zero. On a return of non-zero, the CSS flags the service state as Dying or Down; on a return of zero, the CSS flags the service state as Alive. For example:
! Connect to the remote hostsocket connect host einstein port 25 tcp! Purposely failexit script 1
Because the above script fails when it executes the exit command, the script returns a non-zero value. By default, the script will fail with a syntax error if the connect command fails. Be sure to check the logic of your scripts to ensure that the CSS returns the correct value.
Creating ServicesA service can be a destination location or entity that contains and provides Internet content (for example, a server, an application on a server such as FTP, or streaming audio). A service has a name that is associated with an IP address, and optionally, a protocol and a port number.
By creating a service, you identify the service and enable the CSS to recognize it. You can then apply content rules to services that allow the CSS to:
• Direct requests for content to the service
• Deny requests for content from the service
Enter the service name from 1 to 31 characters. For example, to create service serv1, enter:
(config)# service serv1
The CSS transitions into the newly created service mode.
(config-service[serv1])#
5-26Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesConfiguring Services
Configuring ServicesThe following sections describe how to configure content services.
• Assigning an IP Address to the Service
• Specifying a Port
• Specifying a Protocol
• Specifying a Domain Name
• Configuring an Advanced Load Balancing String
• Configuring a Service HTTP Cookie
• Configuring Weight
• Specifying a Service Type
• Configuring Service Access
• Configuring Service Cache Bypass
• Configuring Keepalives
• Showing Keepalive Configurations
• Configuring Maximum TCP Connections
• Activating a Service
• Suspending a Service
• Removing a Service
Assigning an IP Address to the ServiceTo enable the CSS to direct requests for content to the appropriate service, you must assign an IP address or range of IP addresses to a service. Assigning an IP address to a service identifies the service to the CSS. When the CSS receives a request for content, it translates the VIP (and potentially, the port) to the service IP address (or addresses) and port.
For example, to assign an IP address to serv1, enter:
(config-service[serv1])# ip address 172.16.1.1
5-27Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesConfiguring Services
The ip address range command allows you to specify a range of IP addresses starting with the IP address you specified using the ip address command. Enter a number from 1 to 65535. The default range is 1. For example, if you enter an IP address of 172.16.1.1 with a range of 10, the IP addresses range from 172.16.1.1 through 172.16.1.10.
When using the ip address range command, use IP addresses that are within the subnet you are using. The CSS does not arp for IP addresses that are not on the circuit subnet. For example, if you configure the circuit for 10.10.10.1/24 and configure the VIP range as 10.10.10.2 range 400, the CSS will not arp for any IP addresses beyond 10.10.10.254. Using the same example only with a VIP range of 200, the CSS will arp for all IP addresses in the range.
For example:
(config-service[serv1])# ip address 172.16.1.1 range 10
To restore a service IP address to the default of 0.0.0.0, enter:
(config-service[serv1])# no ip address
Specifying a PortUse the port command to specify a service TCP/UDP port number or range of port numbers. The TCP or UDP destination port number is associated with a service. Enter the port number as an integer from 0 to 65535. The default is any.
For example:
(config-service[serv1])# port 80
To specify a port to be used for keepalives, refer to the service mode keepalive port command.
Use the range option to specify a range of port numbers starting with the port number you specified using the port command. Enter a range number from 1 to 65535. The default range is 1. For example, if you enter a port number of 80 with a range of 10, the port numbers will range from 80 through 89. You can use the port range command only on local (default) services.
For example:
(config-service[serv1])# port 80 10
5-28Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesConfiguring Services
CSS n for s the
nd a
To set the port to the default of any, enter:
(config-service[serv1])# no port
Specifying a ProtocolTo specify a service IP protocol, use the protocol command. The default setting for this command is any, for any IP protocol. The options for this command are:
• protocol tcp - The service uses the TCP protocol suite.
• protocol udp - The service uses the UDP protocol suite.
For example:
(config-service[serv1])# protocol tcp
To set the protocol to the default of any, enter:
(config-service[serv1])# no protocol
Specifying a Domain NameUse the domain command to specify the domain name to be used when an HTTP redirect service generates an “object moved” message for this service. The uses the configured domain string in the redirect message as the new locatiothe requested content. If no redirect domain is configured, then the CSS useservice IP address to generate the redirect.
Note You can only use a service redirect domain on a service of type redirect.
Note You cannot simultaneously configure the domain and (config-service) redirect-string commands on the same service.
Enter the service domain name as an unquoted text string with no spaces amaximum of 64 characters.
5-29Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesConfiguring Services
For example:
(config-service[serv1])# domain www.arrowpoint.com
To clear the redirect domain for this service, enter:
(config-service[serv1])# no domain www.arrowpoint.com
Configuring an Advanced Load Balancing StringTo specify an advanced load-balancing string for a service, use the string command. Use this command in conjunction with the advanced load-balancing methods url, cookie, or cookieurl. For information on advanced load-balancing methods, refer to the Content Services Switch Advanced Configuration Guide.
Enter a string from 1 to 15 characters. For example:
(config-service[serv1])# string 172.16.3.6
To remove a string from a service, enter:
(config-service[serv1])# no string
Configuring a Service HTTP CookieUse the string command to specify the HTTP cookie for the service. The syntax for this service mode command is:
string cookie_name
Enter the cookie_name as an unquoted text string with no spaces and a maximum of 15 characters.
For example:
(config-service[serv1])# string userid3217
To remove the cookie for a service, enter:
(config-service[serv1])# no string
5-30Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesConfiguring Services
pe s
Configuring WeightTo specify the relative weight of the service, use the weight command in service mode. The CSS uses this weight when you configure ACA or weighted roundrobin load balancing on a content rule. By default, all services have a weight of 1. A higher weight will bias flows towards the specified service. To set the weight for a service, enter a number from 1 to 10. The default is 1.
For example:
(config-service[serv1])# weight 2
To restore the weight to the default of 1, enter:
(config-service[serv1])# no weight
Note When you add a service to content rules, the service weight as configured in service mode is applied to each rule as a server-specific attribute. To define a content rule-specific server weight, use the add service weight command. This command overrides the server-specific weight and applies only to the content rule to which you add the service. For information on the add service weight command, refer to Chapter 7, “Configuring Content Rules”.
Specifying a Service TypeUse the type command to specify the type for a service. If you do not define a tyfor a service, the default service type is local. The syntax and options for thiservice mode command are:
• type nci-direct-return - Specify the service is NAT Channel indication for direct return.
• type nci-info-only - Specify the service is NAT Channel indication for information only.
• type proxy-cache - Define the service as a proxy cache. This is a cache-specific option. This option bypasses content rules for requests coming from the cache server. Bypassing content rules in this case prevents a loop between the cache and the CSS. For a description of a proxy cache, refer to the Content Services Switch Advanced Configuration Guide.
5-31Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesConfiguring Services
If m.
• type redirect - Define the service as a remote service to enable the CSS to redirect content requests to the remote service when a local service is not available (for example, the local service has exceeded its configured load threshold). To configure a load threshold for a content rule, use the load-threshold command in owner-content mode (refer to Chapter 7, “Configuring Content Rules”, the section “Specifying a Load Threshold”).you have multiple remote services defined as type redirect, the CSS uses theroundrobin load-balancing method to load balance requests between the
When you add a type redirect service to a content rule, you must also configure an URL to match on the content. For example, “/*” or “/vacations.html”.
• type redundancy-up - Specify the router service in a redundant uplink.
• type rep-cache-redir - Specify the service is a replication cache with redirect.
• type rep-store - Specify the service is a replication store.
• type rep-store-redir - Specify the service is a replication store with redirect. No content rules are applied to requests from this service type.
• type transparent-cache - Specify the service as a transparent cache. This is a cache-specific option. No content rules are applied to requests from this service type. Bypassing content rules in this case prevents a loop between the cache and the CSS. For a description of a transparent cache, refer to the Content Services Switch Advanced Configuration Guide.
For example, to enable the CSS to redirect content requests for serv1, specify redirect in the serv1 content rule:
(config-service[serv1])# type redirect
To restore the service type to the default setting of local, enter:
(config-service[serv1])# no type
5-32Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesConfiguring Services
the
r use s the
To e the
seen
How the CSS Accesses Server Types
When you configure a Layer 3 or 4 content rule, the rule hits the local services. If:
• The local services are not active or configured, the rule hits the primary sorry server.
• The primary sorry server fails, the rule hits the secondary sorry server.
Redirect services and redirect content strings cannot be used with Layer 3 or 4 rules because they use the HTTP protocol.
When you configure a Layer 5 content rule, the CSS directs content requests to local services. If:
• The local services are not active or configured, the rule sends the HTTP redirects with the location of the redirect services to the clients.
• The local and redirect services are not active or configured, the rule forwards the HTTP requests to the primary sorry server.
• All services are down except the secondary sorry server, the rule forwards the HTTP requests to the secondary sorry server.
For information on adding a service to a content rule or adding primary and secondary sorry servers, refer to Chapter 7, “Configuring Content Rules”, insection, “Adding Services to a Content Rule”.
Configuring Service AccessUse the access command to associate an access mechanism with a service foduring publishing, subscribing, and demand-based replication activities. Youmust use this command for each service that offers publishing services. Thicommand is optional for subscriber services; the subscriber service inheritsaccess mechanism from the publisher.
When you use this command to associate an FTP access mechanism with aservice, the base directory of an existing FTP record becomes the tree root.maintain coherent mapping between WWW daemons and FTP daemons, makFTP access base directory equivalent to the WWW daemon root directory asby clients. For information on creating an FTP record, refer to the (config) ftp-record command in Chapter 1, “Logging in and Getting Started”, section “Configuring an FTP Record”.
5-33Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesConfiguring Services
Enter the access ftp record as the name of the existing FTP record. Enter an unquoted text string with no spaces and a maximum length of 16 characters.
For example:
(config-service[serv1])# access ftp arrowrecord
To remove a service access mechanism, enter:
(config-service[serv1])# no access ftp
Configuring Service Cache BypassUse the cache-bypass command to prevent the CSS from applying content rules to requests originating from a proxy or transparent-cache type service when it processes the requests. By default, no content rules are applied to requests from a proxy or transparent-cache type service.
The syntax for this service mode command is:
(config-service[serv1])# cache-bypass
To allow the CSS to apply content rules to requests from a proxy or transparent-cache type service, enter:
(config-service[serv1])# no cache-bypass
Configuring KeepalivesUse the keepalive command to configure keepalive message parameters for a service. With keepalive messages you can determine whether a service is still functioning. When you configure keepalive for a service, the CSS periodically sends a message to the service requesting a return message as to the server state. If the CSS determines that a service is no longer functioning, it removes the service from the load-balancing algorithm.
5-34Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesConfiguring Services
Keepalive is a valuable and recommended attribute to set for a service. This information enables the CSS to take action immediately when a service fails. The CSS supports a maximum of 255 keepalives. These keepalives include:
• Global keepalives configured in keepalive configuration mode. The CSS counts a global keepalive as one keepalive regardless of the number of services you assign to it through the (config-service) keepalive type named command.
• ICMP, HTTP, TCP, and FTP keepalives configured and assigned to a service through the (config-service) keepalive command. Each time you assign one of these keepalives to a service through the (config-service) keepalive type command, the CSS counts it as another keepalive.
Caution If you configure more than 255 keepalives, any services assigned to the keepalives over 255 will not work.
Caution A CSS supports a maximum of 16 script keepalives. For details, refer to “Script Keepalives”, earlier in this chapter.
The options for this service mode command are:
• keepalive frequency - Specify the keepalive message frequency
• keepalive maxfailure - Specify how many times the service can fail to respond to a keepalive message before it is considered offline
• keepalive method - Specify the HTTP method for the service
• keepalive port - Specify the port to be used for keepalives
• keepalive retryperiod - Specify the keepalive retry period for the service
• keepalive type - Specify the type of keepalive message for the service
• keepalive uri - Specify the HTTP keepalive URI for the service
• keepalive hash - Specify the MD5 hash that is compared for HTTP keepalives that use the GET method
For more information on these options and associated variables, refer to the following sections.
5-35Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesConfiguring Services
Configuring Keepalive Frequency
Use the keepalive frequency command to specify the time in seconds between sending keepalives messages to a service. Specify a frequency from 2 to 255 seconds. The default is 5 seconds.
For example:
(config-service[serv1])# keepalive frequency 15
To reset the frequency to its default value of 5, enter:
(config-service[serv1])# no keepalive frequency
Configuring Keepalive Maxfailure
Use the keepalive maxfailure command to specify how many times a service can fail to respond to a keepalive message before being considered offline. Specify a maximum failure number from 1 to 10. The default is 3.
For example:
(config-service[serv1])# keepalive maxfailure 5
To reset the maximum failure number to its default value of 3, enter:
(config-service[serv1])# no keepalive maxfailure
Configuring Keepalive Method
Use the keepalive method command to specify the HTTP keepalive method for a service. The syntax and options for this service mode command are:
• keepalive method get - The CSS issues a Get to the service, computes a checksum on the page, and stores the checksum as a reference point. Subsequent Gets require a 200 OK status (HTTP command completed OK response) and the checksum to equal the reference checksum. If the 200 OK status is not returned, or if the 200 OK status is returned but the checksum is different from the reference checksum, the CSS considers the service down.
5-36Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesConfiguring Services
• keepalive method head (default) - The CSS issues a Head and a 200 OK status is required. The CSS does not compute a reference checksum for this type of keepalive. When you specify a URI for an HTTP keepalive, the CSS calculates a checksum for the Web page specified in the URI. If the Web page changes, the checksum no longer matches the original checksum and the CSS assumes that the service is down. To prevent the CSS from assuming that a service is down due to a checksum mismatch, specify the keepalive method as head.
For example:
(config-service[serv1])# keepalive method get
Configuring Keepalive Port
Use the keepalive port command to specify the port number used for keepalives. Enter the number as an integer from 0 to 65535. The default setting is based on the configured service port number. Otherwise, the default setting is based on the keepalive type. If the keepalive type is:
• Not configured, the default port number is 0
• HTTP or TCP, the default port number is 80
• FTP, the default port number is 21
Note If you do not configure a keepalive port, the TCP keepalive uses the service port configured with the (config-service) port command. If you do not configure either port, the TCP keepalive uses port 80.
For example, to specify port 8080 as the keepalive port for service serv1, enter:
(config-service[serv1])# keepalive port 8080
To reset the TCP keepalive port to its default of 0, enter:
(config-service[serv1])# no keepalive port
5-37Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesConfiguring Services
Configuring Keepalive Retryperiod
Use the keepalive retryperiod command to specify the keepalive retry period for a service. When a service has failed to respond to a given keepalive message (the service has transitioned to the dying state), the retry period specifies how frequently the CSS tests the service to see if it is functional. Enter the retry period as an integer from 2 to 255 seconds. The default is 5 seconds.
For example, to configure a retry period of 60 seconds, enter:
(config-service[serv1])# keepalive retryperiod 60
To reset the retry period to its default value of 5, enter:
(config-service[serv1])# no keepalive retryperiod
Configuring Keepalive Type
Use the keepalive type command to specify the type of keepalive message, if any, appropriate for a service or to associate a service with a global keepalive.
The syntax and options for this service mode command are:
• keepalive type ftp ftp_record - Keepalive method that accesses an FTP server by logging into the server as defined in an FTP record file.
• keepalive type http {non-persistent} - An HTTP index page request. By default, HTTP keepalives use persistent connections. To disable this behavior, include the non-persistent option.
• keepalive type icmp - An ICMP echo message (ping). This is the default keepalive type.
• keepalive type named name - Specify a global keepalive name to associate the server with a global keepalive. Before using this command, ensure that the global keepalive is activated through the (config-keepalive) active command. Assigning a service to a global keepalive overrides any keepalive properties you assigned in service mode.
• keepalive type none - Do not send keepalive messages to a service.
• keepalive type script script_name {“arguments”} - Script keepalive to be used by the service. The script is played every time the keepalive is issued. For details, refer to “Script Keepalives”, earlier in this chapter.
• keepalive type tcp - A TCP session that determines service viability (3-way handshake and reset (RST)).
5-38Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesConfiguring Services
For example, to set serv1 keepalive type to ftp, enter:
(config-service[serv1])# keepalive type ftp
Configuring Keepalive URI
Use the keepalive uri command to specify the HTTP keepalive URI for a service. Enter the URI as a quoted text string with a maximum of 64 characters. For example:
(config-service[serv1])# keepalive uri "/index.html"
To delete an existing URI, enter:
(config-service[serv1])# no keepalive uri
When you specify a URI for an HTTP keepalive, the CSS calculates a checksum for the Web page specified in the URI. If the Web page changes, the checksum no longer matches the original checksum and the CSS assumes that the service is offline. To prevent the CSS from assuming that a service is offline due to a checksum mismatch, define keepalive method as head. The CSS does not compute a checksum for this type of keepalive.
If you specify the URI of a dynamic Web page and do not specify the head keepalive method, you must suspend and reactivate the service each time the Web page changes.
Configuring Keepalive Hash
Use the hash command to specify the MD5 hash for a keepalive. The CSS compares the hash value against the computed hash value of all HTTP GET responses. A successful comparison results in the keepalive maintaining an ALIVE state.
To configure the hash value:
1. Configure the keepalive. The example below creates a keepalive GET to a test page.
(config)# service serv1(config-service[serv1])# ip address 10.0.3.21(config-service[serv1])# keepalive type http(config-service[serv1])# keepalive method get(config-service[serv1])# keepalive uri "/testpage.html"(config-service[serv1])# active
5-39Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesConfiguring Services
2. Display the hash value using the show keepalive command. For example:
(config-service[serv1])# show keepalive
Keepalives:
Name: serv1Index: 0 State: ALIVEDescription: Auto generated for service serv1Address: 10.0.3.21 Port: 80Type: HTTP:GET:/testpage.htmlHash: 1024b91e516637aaf9ffca21b4b05b8cFrequency: 5Max Failures: 3Retry Frequency: 5Dependent Services:
3. Use the hash value from the keepalive display to configure the keepalive hash. Enter the MD5 hash as a quoted hexadecimal string up to 32 characters. For example:
(config-service[serv1])# keepalive hash "1024b91e516637aaf9ffca21b4b05b8c"
An excerpt of the service configuration from the running-config is shown below.
service serv1ip address 10.0.3.21keepalive type httpkeepalive method getkeepalive uri "/testpage.html"keepalive hash "1024b91e516637aaf9ffca21b4b05b8c"active
To clear a hash value, enter:
(config-service[serv1])# no keepalive hash
5-40Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesConfiguring Services
Showing Keepalive ConfigurationsTo display global keepalive configurations, use the show keepalive command. To display a list of existing keepalives, enter show keepalive ?. This command provides the following options:
• show keepalive - Displays information for all keepalives
• show keepalive-summary - Display summary information for all keepalives.
For example:
(config)# show keepalive
Keepalives:Name: keepimages Index: 1 State: ALIVE ( ICP Check )Description: Auto generated for service imageserver1Address: 172.16.1.7 Port: 80Type: HTTP:HEAD:/index.htmlFrequency: 5Max Failures: 3Retry Frequency: 5Dependent Services: imageserver1Name: rualive Index: 2 State: ALIVEDescription: Auto generated for service serv2Address: 172.16.1.8 Port: 80Type: HTTP:HEAD:/index.htmlFrequency: 5Max Failures: 3Retry Frequency: 5Dependent Services: serv2
(config)# show keepalive-summary
Keepalives:keepimagesALIVE172.16.1.7rualiveALIVE172.16.1.8
5-41Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesConfiguring Services
Configuring Maximum TCP ConnectionsTo define the maximum number of TCP connections on a service, use the max connections command. Enter the maximum number of connections from 0 to 65535. The default is 0, which indicates that there is no limit on the number of connections.
(config-service[serv1])# max connections 7
To set the maximum TCP connections to the default of 0, enter:
(config-service[serv1])# no max connections
Activating a ServiceOnce you configure a service, you must activate it to enable the CSS to access it for content requests. Activating a service puts it into the resource pool for load-balancing content requests and starts the keepalive function.
The following command activates service serv1:
(config-service[serv1])# active
Suspending a ServiceSuspending a service removes it from the pool for future load-balancing content requests. Suspending a service does not affect existing content flows, but it prevents additional connections from accessing the service for its content. You may want to suspend a service prior to performing maintenance on the service. The following command suspends service serv1:
(config-service[serv1])# suspend
Note When you suspend a service, the CSS rebalances the remaining services using the failover setting.
5-42Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesConfiguring Services
Removing a ServiceWhen you remove a service, the CSS:
• Removes the service from all content rules to which the service has been added.
• Rebalances the remaining services. The CSS does not apply the failover setting.
Note You cannot retrieve service information once you issue the remove service command.
Removing a Service From a Content Rule
To display a list of services added to a content rule, enter the remove service ? command from the specific owner-content mode. For example:
(config-owner-content[arrowpoint-rule1])# remove service ?server1server3
To remove service server1 from owner arrowpoint content rule rule1, enter:
(config-owner-content[arrowpoint-rule1])# remove service server1
Removing a Service From a Source Group
To remove a service from a source group, use the remove service command. To display a list of services added to a source group, enter the remove service ? command from the specific group mode. For example:
(config-group[ftpgroup])# remove service ?server7serviceftp
For example, to remove service serviceftp from source group ftpgroup, enter:
(config-group[ftpgroup])# remove service serviceftp
5-43Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesShowing Service Configurations
Showing Service ConfigurationsBefore activating a service, you may want to display the service configuration to ensure that all the parameters are correct. The show service command enables you to display information for a specific service or all services currently configured in the CSS, depending on the location from where you issue the command.
You can issue the following show service commands from any mode:
• show service - Display configurations for each service
• show service service_name - Display service information for a specific service
• show service summary - Display a summary of each service
From a specific service mode, the show service command displays configuration information only for that service. When you issue this command from any other mode, it displays configuration information for all services.
For example:
(config)# show service
Name: s1 Index:Type: Local State: AliveRule: 192.168.101.15 ANY ANY )Keepalive: (ICMP 5 3 5 )Mtu: 1500 State Transitions: 1Connections: 0 Max Connections: 0Total Connections: 0 Total Reused Conns: 0Weight: 1 Load: 2
The show service summary command displays a summary of all service currently configured. For example:
(config)# show service summary
Service Name State Conn Weight Avg Long State Load Load Transitionsserv17 DOWN 0 1 254 254 1serv18 ALIVE 0 0 254 0 5NS6 ALIVE 0 0 254 0 [email protected] ALIVE 0 1 212 254 1
5-44Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesShowing Service Configurations
The State field in the show service display reports the service as either Alive, Dying, or Down. The Dying state reports that a service is failing according to the parameters configured in the following service mode commands:
• retryperiod
• keepalive frequency
• max failure
Where to Go Next
For information on creating and configuring owners, refer to Chapter 6, Configuring Owners.
5-45Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 5 Configuring ServicesShowing Service Configurations
5-46Content Services Switch Basic Configuration Guide
78-11424-01
Content Services S78-11424-01
C H A P T E R 6
Configuring OwnersThis chapter describes how to create and configure owners. Services, which are associated with content rules, are discussed in Chapter 5, Configuring Services. Information in this chapter applies to all CSS models except where noted.
This chapter contains the following sections:
• Owner Configuration Quick Start
• Creating an Owner
• Configuring an Owner DNS Balance Type
• Specifying Owner Address
• Specifying Owner Billing Information
• Specifying Case
• Specifying Owner DNS Type
• Specifying Owner Email Address
• Removing an Owner
• Showing Owner Information
6-1witch Basic Configuration Guide
Chapter 6 Configuring OwnersOwner Configuration Quick Start
Owner Configuration Quick StartTable 6-1 provides a quick overview of the steps required to configure owners. Each step includes the CLI command required to complete the task. For a complete description of each feature and all the options associated with the CLI command, refer to the sections following Table 6-1.
Creating an OwnerAn owner is generally the person or company who contracts the web hosting service to host their web content and allocate bandwidth as required. Use the owner command to create an owner for a content rule. When you create an owner, you enable the CSS to identify the entity (for example, person, company name, or other meaningful title) that owns content rules. The CSS can contain many owners and maintain a configurable profile for each owner.
Table 6-1 Owner Configuration Quick Start
Task and Command Example
1. Enter config mode by typing config.
(config)#
2. Create an owner.
(config)# owner arrowpoint(config-owner[arrowpoint])#
3. Specify the owner email address.
(config-owner[arrowpoint])# email-address [email protected]
4. Specify the owner mailing address.
(config-owner[arrowpoint])# address "373 grand ave usa"
5. Specify the owner billing information.
(config-owner[arrowpoint])# billing-info "finance"
6. Display owner information (optional).
(config-owner[arrowpoint])# show owner
6-2Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 6 Configuring OwnersConfiguring an Owner DNS Balance Type
r the e
,
S hod
When creating an owner, you may want to use the owner’s DNS name. Enteowner name as an unquoted text string from 1 to 31 characters in length. Thfollowing example creates the owner arrowpoint:
(config)# owner arrowpoint
Once you create an owner, the CLI enters into owner mode.
(config-owner[arrowpoint])#
To remove an owner, use the no owner command. When you remove an owneryou also remove all content rules created for the owner. For example:
(config-owner[arrowpoint])# no owner arrowpoint
Configuring an Owner DNS Balance TypeUse the dnsbalance command to determine where to resolve a request for a domain name into an IP address. By default, the content rule will use the DNload balancing method assigned to the owner. The DNS load balancing metconfigured for the owner applies to all of the owner’s content rules. To set a different method to a specific content rule, use the (config-owner-content) dnsbalance command.
The syntax and options for this owner mode command are:
• dnsbalance leastloaded - Resolve the request to the least-loaded of all local or remote domain sites. The CSS first compares load numbers. If the load number between domain sites is within 50, then the CSS compares their response times. The site with the faster response time is considered the least-loaded site.
Note For the leastloaded option to work properly, all domain sites must be running a minimum of CSS software version 3.01.
• dnsbalance preferlocal - Resolve the request to a local VIP address. If all local systems exceed their load threshold, the CSS chooses the least-loaded remote system VIP address as the resolved address for the domain name.
6-3Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 6 Configuring OwnersSpecifying Owner Address
• dnsbalance roundrobin (default) - Resolve the request by evenly distributing the load to resolve domain names among content domain sites, local and remote. The CSS does not include sites that exceed their local load threshold.
For example:
(config-owner[arrowpoint])# dnsbalance preferlocal
To reset the DNS load balancing method to its default setting of roundrobin, enter:
(config-owner[arrowpoint])# no dnsbalance
Specifying Owner AddressTo enter an address for an owner, use the address command in owner mode. Enter a quoted text string with a maximum of 128 characters.
For example:
(config-owner[arrowpoint])# address "373 granite ave usa"
To delete an owner address, enter:
(config-owner[arrowpoint])# no address
Specifying Owner Billing InformationTo enter billing information for an owner, use the billing-info command in owner mode. Enter the billing information assigned to an owner as a quoted text string with a maximum length of 128 characters. For example:
(config-owner[arrowpoint])# billing-info "finance"
To delete an owner billing address, enter:
(config-owner[arrowpoint])# no billing-info
6-4Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 6 Configuring OwnersSpecifying Case
Specifying CaseTo define whether or not the CSS employs case-sensitivity when matching content requests to an owner’s content rule, use the case command. The default is case insensitive.
For example, a client requests content from arrowpoint/index.html. If owner arrowpoint is configured for:
• case sensitive, the request must match content index.html exactly
• case insensitive, the request can be any combination of uppercase and lowercase letters (for example, Index.html, INDEX.HTML)
To configure owner arrowpoint content rules to be case-sensitive, enter:
(config-owner[arrowpoint])# case sensitive
To return to the default, enter:
(config-owner[arrowpoint])# case insensitive
Specifying Owner DNS TypeTo set the peer name exchange policy for a specific owner, use the dns command. The default is none, which does not set a peer name exchange policy. For information on configuring DNS, refer to the Content Services Switch Advanced Configuration Guide.
The syntax and options for this owner mode command are:
• dns accept - Accept all content rules proposed by the CSS peer
• dns push - Push (send) all content rules onto the CSS peer
• dns both - Accept all content rules proposed by the CSS peer and push all rules onto the CSS peer
For example:
(config-owner[arrowpoint])# dns push
To remove an owner’s peer name exchange policy, enter:
(config-owner[arrowpoint])# no dns
6-5Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 6 Configuring OwnersSpecifying Owner Email Address
Specifying Owner Email AddressTo enter an email address for an owner, use the email-address command in owner mode. For example:
(config-owner[arrowpoint])# email-address [email protected]
To remove an owner email address, enter:
(config-owner[arrowpoint])# no email-address
Removing an OwnerTo remove an owner, issue the no owner command from config mode as shown in the following example. To remove an owner, you must first exit from the owner mode. You cannot be in the owner mode that you wish to remove.
(config)# no owner arrowpoint
Caution Removing an owner also deletes the content rules associated with it.
Showing Owner InformationThe show owner command enables you to display owner information for a specific owner.
For example:
(config)# show owner arrowpoint
Owner Configuration:
Name: arrowpointBilling Info: Accounts PayableAddress: Acton, MAEmail Address: www.arrowpoint.comDNS Policy: noneCase Matching: insensitive
6-6Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 6 Configuring OwnersShowing Owner Information
Showing Owner SummaryThe show summary command enables you to display a summary of the following owner information for all owners or a specific owner:
• Owners
• Content rules
• Services
• Service hits
You can issue the following show summary commands from any mode:
• show summary - Display a summary of all owner information
• show summary owner_name - Display a summary of owner information for a specific owner
For example:
(config)# show summary
Global Bypass Counters
No Rule Bypass Count: 1299737Acl Bypass Count: 0URL Params Bypass Count: 4373Cache Miss Bypass Count: 275034Garbage Bypass Count: 540
Owner Content Rules State Services Service Hitsarrowpoint layer5 Active serv1 18
fredmandy.com layer3 Active server86 0 server87 0 server88 0
layer5 Active server86 0 server87 0 cacherule Active cache 276440
6-7Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 6 Configuring OwnersShowing Owner Information
a
t
ia
that
r.
t ld t.
Table 6-2 describes the global bypass counters.
Where to Go Next
Once you create and configure an owner, refer to Chapter 7, Configuring Content Rules for information on configuring content rules. Content rules instruct the CSS on how to handle requests for the owner’s content. You create and configurecontent rule within a specific owner mode. This method ensures that the configured content rule applies only to a specific owner.
Table 6-2 Global Bypass Counter Descriptions
Counter Description
No Rule Bypass Counter Content requests or connections that were nodirected to the configured cache servers due tocontent rule matching.
ACL Bypass Counter Content requests or connections configured vACLs to bypass content rules and go directly tothe origin server.
URL Params Bypass Counter Content requests that match on content ruleshave param-bypass set to enable. The CSS forwards the content requests to the origin serve
Cache Miss Bypass Counter TCP connections from the cache servers thabypassed content rules so the cache server couaccess the origin server for the requested conten
Garbage Bypass Counter Content requests that the CSS examined anddeemed unrecognizable or corrupt. As a result,the CSS forwards the content request to the origin server rather than the cache server.
6-8Content Services Switch Basic Configuration Guide
78-11424-01
Content Services S78-11424-01
C H A P T E R 7
Configuring Content RulesThis chapter describes how to create and configure content rules. Services, which are associated with content rules, are discussed in Chapter 5, Configuring Services. Configuring owners is discussed in Chapter 6, Configuring Owners. Information in this chapter applies to all CSS models except where noted.
This chapter contains the following sections:
• Service, Owner, and Content Rule Overview
• Naming and Assigning a Content Rule to an Owner
• Configuring a Virtual IP Address
• Configuring a Domain Name Content Rule
• Adding Services to a Content Rule
• Activating a Content Rule
• Suspending a Content Rule
• Removing a Content Rule
• Removing a Service from a Content Rule
• Configuring a Protocol
• Configuring Port Information
• Configuring Load Balancing
• Configuring a DNS Balance Type
• Configuring Hotlists
• Specifying a Uniform Resource Locator
7-1witch Basic Configuration Guide
Chapter 7 Configuring Content RulesService, Owner, and Content Rule Overview
• Specifying a Load Threshold
• Redirecting Requests for Content
• Configuring Persistence, Remapping, and Redirection
• Defining Failover
• Specifying an Application Type
• Showing Content
• Showing Content Rules
Service, Owner, and Content Rule OverviewThe CSS enables you to configure services, owners, and content rules to direct requests for content to a specific destination service (for example, a server or a port on a server). By configuring services, owners, and content rules, you optimize and control how the CSS handles each request for specific content.
• A service is a destination location where a piece of content physically resides (a local or remote server and port). You add services to content rules. Adding a service to a content rule includes it in the resource pool that the CSS uses for load balancing requests for content. A service may belong to multiple content rules.
• An owner is generally the person or company who contracts the web hosting service to host their web content and allocate bandwidth as required.
• A content rule is a hierarchical rule set containing individual rules that describe which content (for example, .html files) is accessible by visitors to the web site, how the content is mirrored, on which server the content resides, and how the CSS should process requests for the content. Each rule set must have an owner.
When a request for content is made, the CSS:
1. Uses the owner content rule to translate the owner Virtual IP address (VIP) or domain name using Network Address Translation (NAT) to the corresponding service IP address and port.
2. Checks for available services that match the content request.
3. Uses content rules to choose which service can best process the request for content.
7-2Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesService, Owner, and Content Rule Overview
4. Applies all content rules to service the request for content (for example, load-balancing method, redirects, failover, stickiness).
The CSS uses content rules to determine:
• Where the content physically resides, whether local or remote.
• Where to direct the request for content (which service or services).
• Which load-balancing method to use.
The type of rule also implies the Layer at which the rule functions.
• A Layer 3 content rule implies a destination IP address of the host or network.
• A Layer 4 content rule implies a combination of destination IP address and port.
• A Layer 5 content rule implies a combination of destination IP address, port, and URL that may or not contain an HTTP cookie or a domain name.
Content rules are hierarchical. That is, if a request for content matches more than one rule, the characteristics of the most specific rule apply to the flow. The hierarchy for content rules is shown below. The CSS uses this order of precedence to process requests for the content, with 1 being the highest match and 8 being the lowest match.
1. Domain name, IP address, protocol, port, URL
2. IP address, protocol, port, URL
3. IP address, protocol, port
4. IP address, protocol
5. IP address
6. Domain name, protocol, port, URL
7. Protocol, port, URL
8. Protocol, port
Figure 7-1 illustrates the CSS service, owner, and content rule concepts
7-3Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesService, Owner, and Content Rule Overview
Figure 7-1 Services, Owners, and Content Rules Concepts.
49
38
5
7-4Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesService, Owner, and Content Rule Overview
Content Rule Configuration Quick StartTable 7-1 provides a quick overview of the steps required to create and configure a Layer 3 content rule. Each step includes the CLI command required to complete the task. For a complete description of each feature and all the content rule configuration options, refer to the sections following Table 7-1.
Ensure that you have already created and configured a service and owner for the content rules. The command examples in Table 7-1 create a Layer 3 content rule for owner arrowpoint.
Table 7-1 Content Rule Configuration Quick Start
Task and Command Example
1. Enter into config mode by typing config.
(config)#
2. Enter into the owner mode for which you wish to create content rules.
(config)# owner arrowpoint
3. Create the content rule for the owner.
(config-owner[arrowpoint])# content rule1
The CSS enters into the owner-content rule mode.
(config-owner-content[arrowpoint-rule1]#
4. Configure a Virtual IP address (VIP) or domain name for the owner content. This example configures a VIP.
(config-owner-content[arrowpoint-rule1]# vip address 192.168.3.6
This example configures a domain name.
(config-owner-content[arrowpoint-rule1]# url “//www.arrowpoint.com/*”
5. Specify a load balancing type.
(config-owner-content[arrowpoint-rule1]# balance aca
6. Add previously configured services to the content rule.
(config-owner-content[arrowpoint-rule1]# add service serv1(config-owner-content[arrowpoint-rule1]# add service serv2
7-5Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesNaming and Assigning a Content Rule to an Owner
Naming and Assigning a Content Rule to an OwnerTo name a content rule and assign it to an owner, use the content command. By assigning content rules to an owner, you can manage access to the content. Assign content rules to an owner by creating the content rule in the mode for that owner. The CSS identifies content rules by the names you assign. Enter a content rule name from 1 to 31 characters.
The example below assigns:
• The name rule1 to the content rule
• Content rule rule1 to owner arrowpoint
(config-owner[arrowpoint])# content rule1
Once you assign a content rule to an owner, the CLI prompt changes to reflect the specific owner and content rule mode.
(config-owner-content[arrowpoint-rule1])#
Within owner and content mode, you can configure how the CSS will handle requests for the content. To remove an existing content rule from an owner, issue the no content command from owner mode:
(config-owner[arrowpoint])# no content rule1
7. Activate the content rule.
(config-owner-content[arrowpoint-rule1]# active
8. Display the content rules (optional).
(config-owner-content[arrowpoint-rule1]# show rule
Table 7-1 Content Rule Configuration Quick Start (continued)
Task and Command Example
7-6Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesConfiguring a Virtual IP Address
ess of . By rity .
Configuring a Virtual IP AddressA Virtual IP address (VIP) is an address that an Internet Domain Network System (DNS) provides when asked to resolve a domain name. For example, www.arrowpoint.com may be translated to the VIP 192.217.4.15 by a DNS server. VIPs are generally assigned by Internet Service Providers (ISPs), who request them from the Internet Assigned Name Authority (IANA).
Assigning a VIP to owner content enables the CSS to translate (using Network Address Translation [NAT]) the VIP to the IP address of the service where the content resides.
Note The CSS allows you to configure a domain name instead of a VIP. See the next section for information on configuring a domain name. You may configure either a VIP, a domain name, or both in a content rule.
To enable the CSS to translate an owner’s Internet IP address to the IP addrthe service where the content resides, configure a VIP to the owner contenttranslating a VIP to the service IP address, the CSS enhances network secubecause it prevents users from accessing your private network IP addresses
Caution Ensure that all VIPs are unique IP addresses. Do not configure a VIP to the same address as an existing IP address on your network or a static ARP entry.
Note When you configure a rule without a VIP, the rule will match on any VIP that matches the other configured rule attributes (for example, port and protocol). If you have a configuration that requires this type of rule (called a wildcard VIP rule), be aware that the client request will match on this rule when the client request attempts to connect directly to a server IP address.
7-7Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesConfiguring a Virtual IP Address
he n the y IP f 200,
The variables and options for the vip address command include:
• ip_address or host - The IP address or name for the content rule. Enter the address in either dotted-decimal IP notation (for example, 192.168.11.1) or mnemonic host-name format (for example, myhost.mydomain.com).
• range number - The range option and variable allows you to specify a range of IP addresses starting with the VIP address. Enter a number from 1 to 65535. The default range is 1. The ip_or_host variable is the first address in the range. For example, if you enter a VIP of 172.16.3.6 with a range of 10, the VIP addresses will range from 172.16.1.1 to 172.16.1.10.
Note When you use an FTP content rule with a configured VIP address range, be sure to configure the corresponding source group with the same VIP address range (refer to the Content Services Switch Advanced Configuration Guide, Chapter 3, “Configuring Source Groups, ACLs, EQLs, URQLs, NQLs, and DQLs”).
To configure a Virtual IP address (VIP), issue the vip address command and specify either an IP address or a host name. For example:
(config-owner-content[arrowpoint-rule1])# vip address 192.168.3.6
To configure a Virtual IP address (VIP) with a range of 10, issue the vip address command with the range option. For example:
(config-owner-content[arrowpoint-rule1])# vip address 192.168.3.6 range 10
When using the vip address range command, use IP addresses that are within tsubnet you are using. The CSS does not arp for IP addresses that are not ocircuit subnet. For example, if you configure the circuit for 10.10.10.1/24 andconfigure the VIP range as 10.10.10.2 range 400, the CSS will not arp for anaddresses beyond 10.10.10.254. Using the same example with a VIP range othe CSS will arp for all IP addresses in the range.
To remove a VIP from a content rule, enter:
(config-owner-content[arrowpoint-rule1])# no vip address
7-8Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesConfiguring a Virtual IP Address
Note When you ping a VIP, the CSS only responds if there is at least one live service, live sorry server, or redirect string configured for the VIP. If the services or sorry servers are down and you have not defined a redirect string for the VIP, the CSS does not respond to the ping.
Figure 7-2 shows an example of configuring a VIP. In this example, a user requests content from arrowpoint. The content physically resides on the server with IP address 10.3.6.1. By configuring VIP 158.37.6.0 to the content, the CSS translates the VIP to the server IP address where the content actually resides without exposing internal IP addresses
Figure 7-2 Example of Configuring a Virtual IP Address.
VLAN2158.3.7.58
VLAN110.3.6.58
Router1158.3.7.2
Client PCrequesting
content fromarrowpoint
(VIP 158.37.6.0)Owner - arrowpointContent - rule1VIP 158.37.6.0
CSSEthernet-2
Ethernet-4
4938
7
Serv210.3.6.2
Serv110.3.6.1
Ethernet-3
7-9Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesConfiguring a Domain Name Content Rule
Configuring a Domain Name Content RuleThe CSS allows you to use a domain name in place of, or in conjunction with, a VIP in a content rule. Using a domain name in a content rule enables you to:
• Enable service provisioning to be independent of IP-to-domain name mappings
• Provision cache bandwidth as needed based on domain names
Note Domain names in content rules are case-insensitive, regardless of the case command setting.
To configure a domain name in a content rule, use the url command and place two slash characters (//) at the front of the quoted url_name or url_path.
For example:
(config-owner-content[arrowpoint-rule1])# url “//www.arrowpoint.com/*”
Use domain name rules rather than VIP rules when you have several transparent caches and you want certain domains to use the most powerful cache server. You want all other domains load balanced among the remaining cache servers. For this configuration, set up a domain name rule for the specific domains you want directed to the powerful cache server. Then configure a wildcard VIP rule (specify port 80 and no VIP) to balance all other HTTP traffic among the remaining caches.
You may use a single VIP in front of a server that is hosting many domain names. Over time, some of the domain names may receive more traffic and could benefit from having their content on a separate server. To segregate the traffic, configure the domain names you want directed to specific services. You do not need to configure additional VIPs for the domain names because the CSS will use the domain names as the matching criteria in the content rules.
7-10Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesConfiguring a Domain Name Content Rule
Disabling a Domain Name System in a Content RuleTo disable DNS in a content rule, use the dns-disable-local command. The CSS informs other CSSs through APP that the services related to the content rule are not available for DNS activities. However, the services remain active for other functions.
For example to disable DNS for a specific content rule, enter:
(config-owner-content[arrowpoint-rule1])# dns-disable-local
To enable DNS in the content rule, use the no dns-disable-local command. For example:
(config-owner-content[arrowpoint-rule1])# no dns-disable-local
Matching Content Rules on Multiple Domain NamesWhen you have a requirement for a content rule to match on multiple domain names, you can associate a Domain Qualifier List (DQL) to the rule. A DQL is a list of domain names that you configure. You can use a DQL on a rule to specify that content requests for each domain in the list will match on the rule.
You can determine the order that the domain names are listed in the DQL. You can arrange the names in a DQL by assigning an index number as you add the name to the list.
DQLs exist independently of any range mapping. You can use them as matching criteria to balance across servers that do not have IP addresses or port ranges. If you want to use range mapping when using a service range, you need to consider the index of any domain name in the DQL. If you are not using service ranges with DQLs, you do not need to configure any index and the default index is 1.
For example, you could configure a DQL named Woodworker.
(config)# dql Woodworker
The domain names you could add as part of the DQL include www.wood.com, www.woodworker.com, www.maple.com, www.oak.com. You could configure www.wood.com and www.woodworker.com to have the same mapping index. You can enter indexes from 1 to 1000 and provide an optional quoted description for each index.
7-11Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesConfiguring a Domain Name Content Rule
For example:
(config-dql[Woodworker]# domain www.wood.com index 1 “This is the same as the woodworker domain”
(config-dql[Woodworker]# domain www.woodworker.com index 1
(config-dql[Woodworker]# domain www.maple.com index 2
(config-dql[Woodworker]# domain www.oak.com index 3
If you specify a DQL as a matching criteria for content rule WoodSites, and there are two services, S1 and S2, associated with the rule, the CSS checks the services at mapping time for ranges. To add a DQL to a content rule, use the url command as shown:
(config-owner-content[WoodSites])# url “/*“ dql Woodworker
For example, if the CSS receives a request for www.oak.com along with other criteria, a match on the WoodSites rule occurs on DQL index 3. If the rule has the roundrobin load balancing method, the CSS examines a service (S2 for this example) to determine the backend connection mapping parameters. If you configured S2 with a VIP address of 10.0.0.1 with a range of 5, the addresses include 10.0.0.1 through 10.0.0.5. Because this service has a range of addresses and any as its port, the DQL index of 3 matches the service VIP range index of 3, which is address 10.0.0.3.
To delete a DQL, use the no dql command. For example:
(config)# no dql Woodworker
Note You cannot delete a DQL currently in use by a content rule.
For a complete description of DQLs, refer to the Content Services Switch Advanced Configuration Guide.
7-12Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesConfiguring a Domain Name Content Rule
Configuring a Content Rule using a Domain Name and a Virtual IP Address
Use a domain name and a virtual IP address (VIP) in a content rule when you want the CSS to match content requests going to a specific domain at a specific VIP. If the CSS is serving more than one VIP at the domain name, configure two domain name content rules and specify the different VIPs.
This configuration is shown in the sample running-config below. Note that because the IP addresses in the example below are contiguous, you could use the vip address range command to specify a VIP range of 2.
content domainRule1vip address 192.168.1.1protocol tcpport 80url “//www.domain.com/*”add service Serv1activate
content domainRule2vip address 192.168.1.2protocol tcpport 80url “//www.domain.com/*”add service Serv1activate
If your network topology does not require that the CSS ARP-reply for VIPs, you do not need to configure separate content rules for the domain name and VIP. In this situation, a domain name content rule without a VIP is sufficient because it will match on all content requests going to the domain regardless of the VIP.
An example of a topology where ARP-replying is not required is when an upstream router has the CSS statically configured as the next hop router for the VIPs. A domain name content rule is shown below.
content domainRule3protocol tcpport 80url “//www.domain.com/*”add service Serv1active
7-13Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesConfiguring a Domain Name Content Rule
Using Wildcards in Domain Name Content RulesYou can use wildcards in domain names as part of the matching criteria for a content rule. Domain name wildcards work within the content rule hierarchy. That is, if a request for content matches more than one rule (including a wildcard domain name), the characteristics of the most specific rule determine how the CSS sets up the flow.
Note You cannot use wildcards with either a Domain Qualifier List or a Uniform Resource Locator Qualifier List.
For example, the following content rule criteria have the highest precedence because, as a set, they provide the greatest specificity in matching content:
Domain name, IP address, protocol, port, URL
If you want to create a content rule using all these criteria, such as the configuration shown below, then the content rule matches only on the JPEG files that are found in the domain whose name starts with “arr”, as well as the other criteria, including VIP address, protocol, and port number.
(config-owner-content[arrowpoint-rule1])# vip address 192.168.3.6(config-owner-content[arrowpoint-rule1])# protocol tcp(config-owner-content[arrowpoint-rule1])# port 80(config-owner-content[arrowpoint-rule1])# url “//arr*.com/*.jpg”
When the CSS encounters a content rule with a wildcard domain name and matches according to the content rule hierarchy, it stops the search at that point. This behavior is consistent with the way that the CSS manages content rules in general.
For example, if the content request matches on the rule with VIP address 192.168.3.6 and URL /*, the CSS does not continue the search to match on a second rule with a wildcard VIP address (no address specified) and an URL of /*.jpg. The specific address match makes the first rule more specific than the second rule.
To further clarify, if the match occurs on a rule with //arrowpoint*.com/*, the search stops at that point and does not continue to match on a rule with //arr*.com/*.gif, because the first rule is a more specific match. Also note that a fully-specified domain name rule (arrowpoint.com) is more specific than a wildcard domain name rule (arr*.com).
7-14Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesConfiguring a Domain Name Content Rule
rs rd.
rd or
For example, to have the content rule match on all instances of the text string “ arr” in the domain name portion of the content rule, issue the following command:
(config-owner-content[arrowpoint-rule1])# url “//www.arr*.com/*”
General Guidelines for Domain Name Wildcards in Content Rules
A domain name is made up of text strings called “words” and word separatocalled “dots” (.). The CSS parses the domain name from right word to left woThe CSS allows wildcards to be used as part of the domain name in one womore than one word, but the wildcard cannot start the word.
For example, the CSS supports the following domain names:
• www.arr*.com
• arr*.com
• *.arr*.com
• arr*.home.com
Notice that the wildcard character either appears by itself as a domain word, or appears to the right of any characters that start a domain word. However, a wildcard character cannot start a domain name word.
For example, point.com
• *point.com
• *.*point.com
• *point.home.com
Note You cannot use wildcards on the rightmost portion (for example, .com, .org, .gov) of the domain name. For this reason, the wildcard domain name syntax f* is not supported. You can use wildcards in any other words that make up the domain name.
7-15Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesAdding Services to a Content Rule
Adding Services to a Content RuleTo add an existing service to a content rule, use the add command. Adding a service to a content rule includes it in the resource pool that the CSS uses for load balancing requests for content. Note that a service may belong to multiple content rules. To see a list of services you can add to a content rule, enter add service ?.
Note You can only add local services to a content rule that contains either a Domain Qualifier List (DQL) or a service port range.
The add service command enables you to add the following types of services to a content rule:
• Service
• Primary Sorry Server
• Secondary Sorry Server
When you configure a Layer 3 or 4 content rule, the rule hits the local services. If:
• The local services are not active or configured, the rule hits the primary sorry server.
• The primary sorry server fails, the rule hits the secondary sorry server.
Redirect services and redirect content strings cannot be used with Layer 3 or 4 rules because they use the HTTP protocol.
When you configure a Layer 5 content rule, the CSS directs content requests to local services. If:
• The local services are not active or configured, the rule sends the HTTP redirects with the location of the redirect services to the clients.
• The local and redirect services are not active or configured, the rule forwards the HTTP requests to the primary sorry server.
• All services are down except the secondary sorry server, the rule forwards the HTTP requests to the secondary sorry server.
For information on configuring service types, refer to “Specifying a Service Type” in Chapter 5, Configuring Services.
7-16Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesAdding Services to a Content Rule
Adding a Service to a Content RuleUse the add service command to add a service to a content rule.
For example:
(config-owner-content[arrowpoint-rule1])# add service serv2
Specifying a Service Weight
When you add a service to a content rule, you can assign a weight for the service using the add service weight option. The CSS uses this weight when you configure ACA or weighted roundrobin load balancing on the content rule. When you assign a higher weight to the service, the CSS redirects more requests to the service.
To set the weight for a service, enter a number from 1 to 10. The default is the weight configured for this service through the (config-service) weight command. By default, all services have a weight of 1.
For example:
(config-owner-content[arrowpoint-rule1])# add service serv2 weight 3
Note When you add a service to content rules, the service weight as configured in service mode is applied to each rule as a server-specific attribute. Use the add service weight command to define a content rule-specific server weight. This command overrides the server-specific weight and applies only to the content rule to which you add the service. For information on the (config-service)# weight command, refer to Chapter 5, Configuring Services.
Adding a Primary Sorry Server to a Content RuleUse the primarySorryServer command to configure the primary sorry service for a content rule. The CSS directs content requests to the primary sorry server when all other services are unavailable. You can configure this service to contain content, or to provide a drop or redirect message. This service is not used in load balancing.
7-17Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesAdding Services to a Content Rule
Enter the server name as a case-sensitive unquoted text string with no spaces.
For example:
(config-owner-content[arrowpoint-rule1])# primarySorryServer slowserver
To remove a primary sorry service, enter:
(config-owner-content[arrowpoint-rule1])# Adding a Secondary Sorry Server to a Content Rule
Use the secondarySorryServer command to configure the secondary sorry service for a content rule. A secondary sorry service is a backup service the CSS uses when the primary sorry service is unavailable. You can configure this service to contain content, or to provide a drop or redirect message. This service is not used in load balancing.
Enter the server name as a case-sensitive unquoted text string with no spaces.
For example:
(config-owner-content[arrowpoint-rule1])# secondarySorryServer slowestserver
To remove a secondary sorry service, enter:
(config-owner-content[arrowpoint-rule1])# no secondarySorryServer
Adding a Domain Name System to a Content RuleTo specify a DNS name that maps to a content rule, use the add dns command. The options for this command are:
• add dns dns_name - The DNS name mapped to the content rule. Enter the name as a case-sensitive unquoted text string with no spaces and a length of1 to 31 characters.
• add dns dns_name ttl_value - The DNS name mapped to the content rule with the optional Time to Live (TTL) value in seconds. This value sets how long the DNS client remembers the IP address response to the query. Enter a value from 0 to 255. The default is 0.
For example:
(config-owner-content[arrowpoint-rule1])# add dns arrowpoint 120
7-18Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesActivating a Content Rule
To remove a DNS name mapped to the content rule, enter:
(config-owner-content[arrowpoint-rule1])# remove dns arrowpoint
Note To configure DNS server functionality on the CSS, use the (config) dns-server command.
Activating a Content RuleActivating content enables the CSS to provide access to the content. To activate content, use the active command in the content mode to activate specific content.
For example:
(config-owner-content[arrowpoint-rule1])# active
Suspending a Content RuleSuspending a content rule deactivates it. Suspending a content rule:
• Prevents the CSS from providing access to the content
• Does not affect existing flows to the content
To suspend a content rule, use the suspend command in content mode. For example:
(config-owner-content[arrowpoint-rule1])# suspend
Removing a Content RuleTo remove an existing content rule, issue the no content command from owner mode:
(config-owner[arrowpoint])# no content rule1
7-19Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesRemoving a Service from a Content Rule
Removing a Service from a Content RuleTo remove an existing service from a content rule, use the remove command from owner-content mode. Removing a service removes it from the resource pool that the CSS uses for balancing the load of requests for content governed by a rule. When you remove a service, the remaining services are rebalanced.
For example:
(config-owner-content[arrowpoint-rule1])# remove service serv1
Configuring a ProtocolSpecifying a protocol in a content rule enables the CSS to direct requests for content associated with the content rule to use a specific protocol.
You may specify the following protocols for content:
• any (default, meaning the rule will match on a tcp or udp port)
• tcp
• udp
To configure the TCP protocol for content, enter:
(config-owner-content[arrowpoint-rule1])# protocol tcp
To reset the protocol to the default of any, enter:
(config-owner-content[arrowpoint-rule1])# no protocol
Configuring Port InformationSpecifying a port enables the CSS to associate a content rule with a specific TCP/UDP port number. Specify a port number ranging from 0 to 65535.
To configure a port for content, enter:
(config-owner-content[arrowpoint-rule1])# port 80
To reset the port number to the default of 0, enter:
(config-owner-content[arrowpoint-rule1])# no port
7-20Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesConfiguring Load Balancing
Configuring Load BalancingTo specify the load-balancing algorithm for a content rule, use the balance command available in content configuration mode. The options are:
• balance aca - ArrowPoint Content Awareness algorithm. The CSS uses the normalized response time from client to server to determine the load on each service. ACA balances the traffic over the services based on load.
• balance destip - Destination IP address division algorithm. The CSS directs all client requests with the same destination IP address to the same service. This option is typically used in a caching environment.
• balance domain - Domain name division algorithm. The CSS divides the alphabet evenly across the number of caches. It parses the host tag for the first four letters following the first dot and then uses these characters of the domain name to determine to which server it should forward the request. This option is typically used in a caching environment.
• balance domainhash - Internal CSS hash algorithm based on the domain string. The CSS parses the host tag and does an exclusive XOR hash across the entire host name. It then uses the XOR hash value to determine to which server to forward the request. This method guarantees that all requests with the same host tag will be sent to the same server in order to increase the probability of a cache hit. This option is typically used in a caching environment.
• balance leastconn - Least connection algorithm. This balance method chooses a running service that has the least number of connections.
• balance roundrobin - Roundrobin algorithm (default). The CSS resolves the request by evenly distributing the load to resolve domain names among local and remote content domain sites.
• balance srcip - Source IP address division algorithm. The CSS directs all client requests coming from the same source IP address to the same service. This option is generally used in a caching configuration.
• balance url - URL division algorithm. The CSS divides the alphabet evenly across the number of caches. It then parses the URL for the first four characters located after the portion of the URL matched on by the rule. For example, if the URL in a content rule is configured for "/news/*", the CSS will balance on the first four characters following "/news/". This option is typically used in a caching environment.
7-21Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesConfiguring a DNS Balance Type
set
• balance weightedrr - Weighted roundrobin algorithm. The CSS uses roundrobin but weighs some services more heavily than others depending on the server’s configured weight. All servers have a default weight of 1. Toa server weight, use the add service weight command in owner-content mode.
• balance urlhash - Internal CSS hash algorithm based on the URL string. The CSS parses the URL and performs an XOR hash across the URL. It then uses the XOR hash value to determine to which server to forward the request. This method guarantees that all requests for the same URL will be sent to the same server in order to increase the probability of a cache hit. This option is typically used in a caching environment.
For example, to specify weightedrr load balancing, enter:
(config-owner-content[arrowpoint-rule1])# balance weightedrr
To revert the balance type to the default of roundrobin, enter:
(config-owner-content[arrowpoint-rule1])# no balance
Configuring a DNS Balance TypeUse the dnsbalance command to determine where to resolve a request for a domain name into an IP address. The syntax and options for this content mode command are:
• dnsbalance preferlocal - Resolve the request to a local VIP address. If all local systems exceed their load threshold, the CSS chooses the least loaded remote system VIP address as the resolved address for the domain name.
• dnsbalance roundrobin - Resolve the request by evenly distributing the load to resolve domain names among local and remote content domain sites. The CSS does not include sites that exceed their local load threshold.
• dnsbalance leastloaded - Resolve the request to the least-loaded of all local or remote domain sites. The CSS first compares load numbers. If the load number between domain sites is within 50, then the CSS compares their response times. The site with the faster response time is considered the least-loaded site.
7-22Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesConfiguring Hotlists
S
ted
this d.
Note For the leastloaded option to work properly, all domain sites must be running a minimum of CSS software version 3.02.
• dnsbalance useownerdnsbalance - Resolve the request by using the DNS load balancing method assigned to the owner. This is the default method for the content rule. If you do not configure an owner method, the CSS uses the default owner DNS load-balancing method of roundrobin. To configure a DNS balancing method for an owner, refer to “Configuring an Owner DNBalance Type” in Chapter 6, Configuring Owners.
For example:
(config-owner-content[arrowpoint-rule1])# dnsbalance roundrobin
To restore the DNS balance type to the default setting of using the owner’s method, enter:
(config-owner-content[arrowpoint-rule1])# no dnsbalance
Configuring HotlistsUse the hotlist command to define a hotlist that lists the content most reques(hot content) during a user-defined period of time. The CSS enables you to configure hotlist attributes for content rules. Defining hotlist attributes for a content rule enables you to determine which content is heavily accessed. Withinformation, you can accurately determine which content should be replicate
Note You must configure and enable a hotlist for replication-store and replication-cache to work.
You can configure the following attributes for hotlists for specific content fromconfig-owner-content mode:
• hotlist - Enable the hotlist. To enable a hotlist for a specific content rule, enter the hotlist command from the corresponding owner-content mode. For example:
(config-owner-content[arrowpoint-rule1])# hotlist
7-23Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesConfiguring Hotlists
To disable a hotlist, enter:
(config-owner-content[arrowpoint-rule1])# no hotlist
• hotlist interval - Set the hotlist refresh interval. Enter the interval time in minutes from 1 to 60. The default is 1. For example:
(config-owner-content[arrowpoint-rule1])# hotlist interval 10
To restore the hotlist interval to the default of 1, enter:
(config-owner-content[arrowpoint-rule1])# no hotlist interval
• hotlist size - Set the size of the hotlist. Enter the total number of entries maintained for this rule from 1 to 100. The default is 10. For example:
(config-owner-content[arrowpoint-rule1])# hotlist size 10
To restore the hotlist size to the default of 10, enter:
(config-owner-content[arrowpoint-rule1])# no hotlist size
• hotlist threshold - Set the hotlist threshold. Enter an integer from 0 to 65535 to specify the threshold above which a piece of content is considered hot. The default is 0. For example:
(config-owner-content[arrowpoint-rule1])# hotlist threshold 9
To restore the hotlist threshold default of 0, enter:
(config-owner-content[arrowpoint-rule1])# no hotlist threshold
• hitCount - Set the hotlist type to hit count, how may times the content was accessed. For example:
(config-owner-content[arrowpoint-rule1])# hotlist type hitcount
To restore the hotlist type to the default setting hitCount, enter:
(config-owner-content[arrowpoint-rule1])# no hotlist type
7-24Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesConfiguring Hotlists
To display hotlist information, use the show domain hotlist command. For example:
(config)# show domain hotlist
Hotlist EnabledSize: 100, Interval: 1, Threshold: 03 Hot DomainsHits: Domain:3 www.flute.com1 www.violin.com17 www.piano.com
Configuring a Domain HotlistUse the domain command to enable the domain hotlist and configure domain hotlist parameters. A domain hotlist lists the most accessed domains on a CSS during a user-defined period of time. The syntax and options are:
• domain hotlist - Enable the domain hotlist. The domain hotlist is disabled by default.
• domain hotlist interval minutes - Configure the interval to refresh the domain hotlist and start a new list. Enter the interval from 1 to 60 minutes. The default is 1 minute.
• domain hotlist size max_entries - Configure the maximum number of domain entries contained in the hotlist. Enter the maximum number of entries from 1 to 100. The default is 10 entries.
• domain hotlist threshold number - Configure the threshold, which is the number of domain hits per interval that must be exceeded for a domain to be considered hot and added to the list. Enter the threshold from 0 to 65535. The default is 0, which disables the threshold.
To enable a domain hotlist, enter:
(config)# domain hotlist
To disable the domain hotlist, enter:
(config)# no domain hotlist
To display the domain hotlist and its configuration, use the show domain hotlist command.
7-25Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesSpecifying a Uniform Resource Locator
Rl. P ost
he
Specifying a Uniform Resource LocatorUse the url command to specify the Uniform Resource Locator (URL) for content and enable the CSS to access a remote service when a request for content matches the rule. Enter the URL as a quoted text string with a maximum length of 255 characters. Before you can change the URL for the content rule, you must remove the current URL first.
The syntax and options for this content mode command are:
• url “/ url_name” - Specify the URL for the content as a quoted text string with a maximum length of 255 characters.
• url “/ {url_path}/*” eql eql_name - Specify the URL for any content file that has its file extension defined in the specified Extension Qualifier List (EQL).
• url “/ {url_path}/*” dql dql_name {eql_name} - Specify the URL for any content file that has its file extension defined in the specified Domain Qualifier List (DQL). You cannot use a DQL in conjunction with a domain name in an URL. You may optionally include an EQL after the DQL name to specify specific file extensions as part of the DQL matching criteria.
• url urql urql_name - Specify a URQL consisting of a group of URLs to this content rule. Note that you cannot specify both url urql and application ssl for the same content rule.
The variables are:
• url_name - The URL for the content. Enter a quoted text string with a maximum length of 255 characters. You must place a slash character (/) at the beginning of the URL (for example, “/announcements/prize.html”).
To specify a domain name, place two slashes (//) at the beginning of the UFor example, “//www.arrowpoint.com/*” allows the rule to match on HTTtraffic that contains the www.arrowpoint.com domain name in the HTTP htag.
To use stickiness based on Secure Socket Layer (SSL) session ID, set tURL to /*. Also, set the port to 443 with the (config-owner-content) port command and enable stickiness with the (config-owner-content) advanced-balance ssl command. Then specify an SSL application type.
7-26Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesSpecifying a Uniform Resource Locator
total er
You can specify certain wildcard operations for wildcard matching. Use a “*”character to specify a wildcard match. You can specify a maximum of eight directories. Each directory name can be a maximum of 32 characters with a maximum of 255 characters in the URL. You can specify only one wildcard pURL.
Examples of supported wildcards are:
• /*.html - Matches all requests with the .html extension.
• /announcements/* - Matches all requests for files in the announcements directory.
• /announcements/*.html - Matches requests for files in the announcements directory having .html extensions.
• /announcements/new/*.jpg - Matches requests for all files in the announcements/new directory that contain the .jpg extension.
• url_path - An optional path to any content file that has its file extension defined in the EQL. Enter a quoted text string. You must place:
– A slash character (/) at the beginning of the quoted path
– /* characters at the end of the quoted path
For example, “/announcements/new/*”.
• eql_name - The name of the EQL. To see a list of EQLs, enter eql ?.
• urql_name - The name of the URQL. You can only assign one URQL per rule. To see a list of URQLs, enter urql ?.
Note For caching environments, you can configure a domain content rule by placing two slash characters (//) at the front of the url_name or url_path. The rule matches HTTP traffic that contains the domain name in the HTTP host tag.
For example, to specify a URL that matches all requests for content in the announcements directory with .html extensions, enter:
(config-owner-content[arrowpoint-products.html])# url "/announcements/*.html"
To remove an URL, enter:
(config-owner-content[arrowpoint-products.html])# no url
7-27Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesSpecifying a Uniform Resource Locator
To remove a URQL from an URL, enter:
(config-owner-content[arrowpoint-products.html])# no url urql
To display a URL for a content rule, enter the show rule command for the content rule.
Specifying an Extension Qualifier List in a Uniform Resource Locator
Server selections are based on the Uniform Resource Locator (URL) specified in the owner content rule. To enable the CSS to access a service when a request for content matches the extensions contained in a previously defined EQL, specify the URL and EQL name for the content. For information on creating an EQL, refer to the Content Services Switch Advanced Configuration Guide.
Specify a URL as a quoted text string with a maximum of 255 characters followed by eql and the EQL name.
Note Do not specify a file extension in the URL when you use an EQL in the URL or the CSS will return an error message. For example, the CSS will return an error message for the command url “/*.txt” eql Cacheable. The following command is valid; url “/*” eql Cacheable.
For example:
(config-owner-content[arrowpoint-products.html])# url "/*" eql graphics
The following example enables the CSS to direct all requests to the correct service for content that matches:
• Pathnames (/customers/products)
• Extensions listed in the EQL (graphics)
(config-owner-content[arrowpoint-products.html])# url "/customers/products/*" eql graphics
To display a content rule EQL, enter show rule.
7-28Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesSpecifying a Load Threshold
4,
d and
Specifying a Load ThresholdUse the load-threshold command to set the normalized load threshold for the availability of each local service on a content rule. When the service load metric exceeds this threshold, the local service becomes unavailable and is redirected to remote services. To define a remote service, use the service mode type redirect command (refer to “Specifying a Service Type” in Chapter 5, Configuring Services).
Enter the load threshold as an integer from 2 through 254. The default is 25which is the maximum threshold a service can reach before becoming unavailable. To view the load on services, enter show service. For example:
(config-owner-content[arrowpoint-rule1])# load-threshold 100
To reset the load threshold to its default value of 254, enter:
(config-owner-content[arrowpoint-rule1])# no load-threshold
Redirecting Requests for ContentUse the redirect command to set HTTP status code 302 for a content rule anspecify the alternate location of the content governed by a rule. Use this commto:
• Make the content unavailable to subsequent requests at its current address.
• Provide an URL to send back to the requestor. You must add an URL to the content rule for redirect to force the HTTP request. For example, url “/*”.Enter the URL as a quoted text string with a maximum of 64 characters.
Note If you also set status code 404 (drop message) for content, code 302 takes priority.
Do not configure a service for a redirect-only content rule.
For example:
(config-owner-content[arrowpoint-rule1])# redirect "//www.arrowpoint.com/newlocation.html"
7-29Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesConfiguring Persistence, Remapping, and Redirection
To delete the redirect URL, enter:
(config-owner-content[arrowpoint-rule1])# no redirect
Configuring Persistence, Remapping, and Redirection
During the life of a persistent connection, a CSS must determine if it needs to move a client connection to a new service based on content rules, load balancing, and service availability. In some situations, moving the client connection is not necessary; in other situations, it is mandatory. This section describes how to configure the CSS to make these decisions using:
• Content rule persistence
• Bypass persistence
• HTTP Redirection
• Service Remapping
Content Rule PersistenceWhen a CSS receives a request for content from a client, the software checks if the request matches on a content rule to determine the best service to handle the request. If the request matches on a content rule, the CSS establishes a client connection to the best service specified by the content rule. By default, the CSS keeps the client on the same connection for an entire flow session as long as a new content request:
• Matches on the same content rule that specified the current service.
• Matches on a new content rule that contains the current service, even if a different best service is specified by the content rule.
• Does not match on a content rule, but a previous content rule match connected the client to the current service.
This CSS behavior is known as content rule persistence. If you are using transparent caches (which prefetch content) or mirrored-content servers, this scheme works well because the same content is available on each service.
7-30Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesConfiguring Persistence, Remapping, and Redirection
tion n, the ache
he
Use the persistent command in content configuration mode to maintain a persistent connection with a server as long as the above criteria are met. By default, persistence is enabled. Disabling persistence will allow the CSS to move a connection to a better service on the same rule or to use cache bypass functionality (EQLs or failover bypass).
For example:
(config-owner-content[arrowpoint-rule1])# persistent
Use the no persistent command on a content rule with:
• A balance method of domain or domain hash when using proxy caches
• A balance method of url or urlhash when using transparent caches
• A failover method of bypass when using transparent caches
• An EQL bypass with a transparent cache
• Adding a sorry server to a content rule
To disable persistence:
(config-owner-content[arrowpoint-rule1])# no persistent
Note If a request for content on a persistent connection matches on a new content rule that does not contain the current service, or persistence is disabled and there is a better service configured in the content rule, the CSS redirects or remaps the current connection to a new best service based on the setting of the persistence reset command, if configured. If you do not configure persistence reset, the CSS performs an HTTP redirect by default. For details, refer to “Configuring HTTP Redirection and Service Remapping”, later in this chapter.
Configuring Bypass PersistenceIf a CSS bypasses a service (for example, a transparent cache is down and failover bypass is configured) and the next content request on the same TCP connecmatches on a content rule that contains the transparent cache that was dowCSS will continue to bypass the cache, by default, even after the bypassed cis back online. In this case, the CSS typically sends the content request to torigin server. This behavior is called bypass persistence.
7-31Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesConfiguring Persistence, Remapping, and Redirection
rrent ew igin r of
You can configure the CSS to redirect or remap a bypassed connection using the bypass persistence global config command in conjunction with the persistence reset command.
Use the bypass persistence command to determine if the CSS performs either a remapping or redirection operation to reset a bypassed service when a content request matches on a content rule, but a previous request caused the bypass. This global command affects all flows. By default, bypass persistence is enabled.
For example:
(config)# bypass persistence disable
The CSS uses remapping or redirection to reset the connection according to the setting of the persistence reset method.
(config)# bypass persistence enable
The CSS does not use remapping or redirection to reset the connection and continues to bypass a service.
Configuring HTTP Redirection and Service RemappingIf you need to place different content on different servers (for example, to conserve server disk space, for load balancing considerations, or when using proxy caches), content rule persistence is not useful. In this case, you can disable persistence by issuing the no persistent command described in “Content Rule Persistence”, earlier in this section.
When the CSS receives a request for content that is not available on the cuservice, it must reset the current connection to the service and establish a nconnection to another service (for example, a different proxy cache or the orserver) that contains the requested content. You can accomplish this in eithethe following ways:
• Redirection - An HTTP technique that resets both the client-to-CSS (front-end) connection and the CSS-to-service (back-end) connection, then establishes a new flow to the best service that contains the requested content.
7-32Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesConfiguring Persistence, Remapping, and Redirection
d e new CSS
• Service Remapping - A technique that resets only the back-end connection to the current service and then creates a new back-end connection to the best service that contains the requested content. This technique is faster and more efficient than redirection because the CSS does not need to reset and then reestablish the front-end connection. With Service Remapping, the CSS strictly manages port mapping to prevent the occurrence of duplicate port numbers.
Use the persistence reset command with the content rule no persistent command to cause an HTTP redirection or perform a back-end remapping operation when resetting a connection to a new back-end service. The global persistence reset command affects all flow setups that require redirection or remapping.
For example, to enable redirection:
(config)# persistence reset redirect
For example, to enable Service Remapping:
(config)# persistence reset remap
Note The CSS does not use remapping when selecting redirect type services. Refer to “Specifying a Service Type” in Chapter 5, Configuring Services.
Specifying an HTTP Redirect String
Use the redirect-string command to specify an HTTP redirect string to be usewhen an HTTP redirect service generates an “object moved” message for thservice. The CSS uses the configured string in the redirect message as the location for the requested content. If no redirect string is configured, then the uses the IP address of the service to generate the redirect.
7-33Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesConfiguring Persistence, Remapping, and Redirection
Note You can only use a redirect string on a service of type redirect.
The redirect-string and (config-service) domain commands are similar. However, the CSS returns the redirect-string command string as configured and does not append it with the queried URL.
You cannot configure the redirect-string and (config-service) domain commands on the same service.
The syntax for this service mode command is:
redirect-string string
Enter the HTTP redirect string as an unquoted text string with no spaces and a maximum of 64 characters.
For example:
(config-service[serv1])# redirect-string www.arrowpoint.com
To remove the redirect string from the service, enter:
(config-service[serv1])# no redirect-string www.arrowpoint.com
Using Show RemapUse the show remap command to display the configured persistence reset and bypass persistence settings. This command is available in all modes.
For example:
# show remap
Persistence Reset Method: Redirect
Bypass Persistence: Disabled
7-34Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesDefining Failover
Defining FailoverTo define how the CSS handles content requests when a service fails or is suspended, use the failover command. For the CSS to use this setting, ensure that you configure a keepalive for each service; that is, do not set the keepalive type to none (the keepalive default is ICMP). The CSS uses the keepalive settings to monitor the services to determine server health and availability.
The failover command applies to the following caching load balancing types:
• balance domain
• balance url
• balance srcip
• balance destip
• balance domainhash
• balance urlhash
Note If you remove a service (using the remove service command), the CSS rebalances the remaining services. The CSS does not use the failover setting.
This command supports the following options:
• failover bypass - Bypass all failed services and send the content request directly to the origin server. This option is used in a proxy or transparent cache environment when you want to bypass the failed cache and send the content request directly to the server that contains the content.
• failover linear (default) - Distribute the content request evenly between the remaining services.
• failover next - Send the content requests to the cache service next to the failed service. The CSS selects the service to redirect content requests to by referring to the order in which you configured the services.
For example:
(config-owner-content[arrowpoint-rule1])# failover bypass
7-35Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesDefining Failover
To restore the default setting of failover linear, enter:
(config-owner-content[arrowpoint-rule1])# no failover
Figure 7-3 shows three cache services configured for failover next. If ServerB fails, the CSS sends ServerB content requests to ServerC, which was configured after ServerB in the content rule.
Figure 7-3 ServerB Configured for Failover Next
As shown in Figure 7-4, if ServerC fails, the CSS sends ServerC content requests to ServerA because no other services were configured after ServerC.
Figure 7-4 ServerC Configured for Failover Next.
CSS 1180049
388
33%
ServerA
33%
ServerB
33%+
33%
ServerC
CSS 11800
4938
9
33%
ServerA
33%
ServerB
33%+
33%
ServerC
7-36Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesDefining Failover
Figure 7-5 shows three cache services configured for failover linear. If you suspend ServerB or if it fails, the CSS does not rebalance the services. It evenly distribute ServerB cache workload between servers A and C.
Note that Figure 7-5 and Figure 7-6 use the alphabet to illustrate division balance.
Figure 7-5 Suspended or Failed Service Configured for Failover Linear
Figure 7-6 also shows three cache services configured for failover linear, but in this example, you remove ServerB using the remove service command from owner-content mode. Because the CSS does not apply the failover setting when you remove a service, it rebalances the remaining services.
CSS 1180049
389
ServerA
I - Q
ServerBsuspended
A - H+
I - M
R - Z+
N - Q
ServerC
7-37Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesSpecifying an Application Type
Figure 7-6 Removing a Service Configured for Failover Linear.
Specifying an Application TypeTo specify the application type associated with a content rule, use the application command. The application type enables the CSS to correctly interpret the data stream to match and parse the content rule. Otherwise, the data stream packets are rejected. Define an application type for non-standard ports.
When configuring Layer 5 content rules for an application other than HTTP, enter the appropriate application type to enable the Layer 5 rule to function.
The application command enables you to specify the following application types:
• bypass - Bypass the matching of a content rule and sends the request directly to the origin server.
• ftp-control - Process FTP data streams.
• http (default) - Process HTTP data streams.
• realaudio-control - Process RealAudio Control data streams.
• ssl - Process Secure Socket Layer (SSL) protocol data streams. Note that you cannot specify both url urql and application ssl for the same content rule.
CSS 11800
4938
1
ServerAServerBremoved
A - M N - Z
ServerC
7-38Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesSpecifying an Application Type
For example, in a content rule that specifies port 21, you may want to configure the application type as ftp-control. Configuring the content rule to application type ftp-control instructs the CSS to process only FTP requests coming into port 21.
(config-owner-content[arrowpoint-rule1])# application type ftp-control
For example, the following owner portion of a startup-config shows a content rule configured for application ftp-control.
!************************** OWNER **************************owner arrowpointcontent ftprulevip address 192.3.6.58protocol tcpport 21application ftp-controladd serv1add serv3active
To remove an application type, enter:
(config-owner-content[arrowpoint-rule1])# no application
Enabling Content Requests to Bypass Transparent CachesUse the param-bypass command to enable content requests to bypass transparent caches when the CSS detects special terminators in the requests. These terminators include "#" and "?" which indicate that the content is dependent on the arguments that follow the terminators. Because the content returned by the server is dependent on the content request itself, the returned content is deemed as not cacheable, and the content request is directed to the origin server.
This command contains the following options:
• param-bypass disable (default) - Content requests with special terminators do not bypass transparent caches.
• param-bypass enable - Content requests with special terminators bypass transparent caches and are forwarded to the origin server.
For example, to enable the param-bypass command, enter:
(config-owner-content[arrowpoint-rule1])# param-bypass enable
7-39Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesShowing Content
Showing ContentThe show content command enables you to display all configured content in the CSS. You can issue the show content command from any mode.
To display content information, enter:
# show content
Content:There are 2 pieces of content:Index: 0 <173.168.128.11> TCP Port 80 Best EffortIndex: 1 <173.168.128.11> TCP Port 80 Best Effort/index.html
The CSS 11800 provides two additional options to the show content command:
• all
• sfp_number
These options display all content entries in the Switch Fabric Processors (SFP) on a specific SFP. Each SFM has two SFPs, for a maximum of four SFPs in a CSS 11800.
For example:
(config)# show content all
CS800(config)# show content all
Content Database:
Total pieces of content: 22Pieces of content for SFP 6/1: 3Pieces of content for SFP 9/1: 6Pieces of content for SFP 6/2: 5Pieces of content for SFP 9/2: 8
7-40Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesShowing Content Rules
Showing Content RulesThe show rule command displays content rule information for specific content rules or all content rules currently configured in the CSS. Issue the following show rule commands from any mode:
• show rule - Display all owners and content rules currently configured in the CSS
• show rule-summary - Display a summary of owner content information
• show rule owner_name - Display information identical to the show rule command, but only for the specified owner’s content
• show rule owner_name content_name - Display information identical to the show rule command, but only for a specific owner and content
To display all content rule information, enter:
(config-owner-content[arrowpoint-rule1])# show rule
Content Rules:
/////\\\//////\\\ The Duke of Url.
{ O--O }/ /\ \\ -- /[||]
Name: rule1 Owner: arrowpointAuthor: Local Index: 4State: Suspend Type: HTTPL3: 0.0.0.0L4: Any/AnyUrl:URQL:EQL:Total Bytes: 0 Total Frames: 0Total Redirects: 0 Total Rejects: 0Overload Rejects: 0Balance: Round Robin
7-41Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 7 Configuring Content RulesShowing Content Rules
Advanced Balance: cookiesSticky Mask: 255.255.255.255Sticky Group: 0Sticky Server Down Failover: BalanceString Match Criteria:String Range: 1 - 100String Prefix: "UID="String Eos-Char: ";" String Ascii-Conversion: EnabledString Skip-Len: 3 String Process-Len: 0String Operation: Match-Service-Cookie
Redirect:Param-Bypass: DisabledServices:
Local Load Threshold: 254PrimarySorryServer: NoneSecondSorryServer: None
Name: Hits: Wgt: State: Ld: KAlive: Conn: DNS:s1 0 R-1 Alive 2 ICMP 0 0s2 0 R-1 Alive 2 ICMP 0 0
DNS Names: DNS TTL:ns.bobo.arrowpoint 0DNS Balance: roundrobinHotlist: EnabledSize: 10, Type: HitCount, Threshold 0, Interval 1
To display the summary for all content rules, enter:
# show rule-summary
VIP Address Port Prot Url CntRuleName OwnerName State-------------- --- --- -------- ----------- -------- -----192.118.100.40 Any Any layer3 Market Active192.118.110.40 80 TCP /index.htm layer5 Market Suspend
Note The CntRuleName and OwnerName fields display the first 16 characters of the configured data. The Url field displays the first 10 characters of configured data.
7-42Content Services Switch Basic Configuration Guide
78-11424-01
Content Services S78-11424-01
C H A P T E R 8
Using the CSS Logging FeaturesThis chapter describes how to enable logging, set up the log buffer, and determine where to send the activity information. Information in this chapter applies to all CSS models, except where noted.
This chapter contains the following sections:
• Logging Overview
• Specifying Logging Buffer Size
• Specifying Log File Destination
• Enabling Logging on a Subsystem
• Logging CLI Commands
• Showing Log Files
• Copying Log Files to an FTP or TFTP Server
8-1witch Basic Configuration Guide
Chapter 8 Using the CSS Logging FeaturesLogging Overview
Logging OverviewThe CSS provides logging capabilities for debugging and system monitoring by generating the log files described in Table 8-1.
Table 8-1 CSS Log File Descriptions
Log File
Log File Destination
RecordsDefault Location
AlternateLocation
Boot.log Hard disk and console or flash disk and console
None Results of the boot process.
Boot.bak Hard disk and console or flash disk and console
None Backup of a boot log file. Each time you reboot the CSS, the software renames the current boot log file to boot.log.prev and starts a new boot log file. The CSS overwrites an existing backup boot log file when a boot log file is renamed.
Sys.log Hard disk or flash disk
ConsolesyslogdVTY1VTY2
Log information for user-defined subsystem or CLI commands. By default, logging is enabled and logs subsystem all with level warning. The CSS creates sys.log to record this log information.
8-2Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 8 Using the CSS Logging FeaturesLogging Overview
By default, the CSS has boot logging and system logging enabled and writes the logged information to the log files on the hard disk or flash disk, depending on the type of storage in your CSS. The maximum size of a log file is 50 MB for hard disk-based systems and 10 MB for flash disk-based systems. Log file information is recorded as ASCII text.
You can display or copy a log file using the show log or copy log command, respectively. For details on these commands, refer to the Content Services Switch Command Reference, included on your Content Services Switch Documentation and System Software CD.
Logging Quick Start TableIf you are familiar with the CSS logging functions, refer to Table 8-2 for the commands and command options required to configure and enable logging. For detailed information on the CSS logging functions, refer to the sections following Table 8-2.
Sys.log.prev Hard disk or flash disk
ConsolesyslogdVTY1VTY2
Backup of a system log file. When a system log file reaches its maximum size (50 MB, for a hard disk-based CSS; 10 MB, for a flash disk-based CSS), the software renames the system log file to sys.log.prev and starts a new system log file. The CSS overwrites an existing backup system log file when a system log file is renamed. When you reboot a CSS, the software continues to use the existing system log file until it reaches its maximum size.
Table 8-1 CSS Log File Descriptions (continued)
Log File
Log File Destination
RecordsDefault Location
AlternateLocation
8-3Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 8 Using the CSS Logging FeaturesLogging Overview
Note Configure all logging commands from config mode except for the clear log command. The clear log command is available in SuperUser mode at the root prompt (#).
Table 8-2 Configuring and Enabling Logging
Step Logging Option Example
1. Specify the disk buffer size.
size - Size of the disk buffer(0 to 64000)
logging buffer 1000
2. Specify the destination (disk, host, line) where you wish to log subsystem activity.
disk filename - New or existing filename in the log directory
host ip or host - IP address of the syslog daemon on the host or a host name
log line - CSS active session
logging disk stubs
logging host 192.168.11.3
logging host myhost.domain.com
logging line vty1
3. Enable logging on a CSS subsystem (default all) and level (default warning).
subsystem - Valid subsystems:
all, urql, keepalive, acl, publish, vpm, fac, security, circuit, portmapper, csdpeer, redundancy, vrrp, rip, app, netman, vlanmgr, chassis, ipv4, wcc, flowmgr, buffer, syssoft, nql
level - Valid levels:
fatal-0, alert-1, critical-2, error-3, warning-4, notice-5, info-6, debug-7
logging subsystem rip level alert-1
8-4Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 8 Using the CSS Logging FeaturesSpecifying Logging Buffer Size
Specifying Logging Buffer SizeThe logging buffer size is the amount of information the CSS buffers in memory before outputting the information to disk. The larger you configure the buffer size, the less frequently the CSS outputs the contents to disk. Specifying a buffer size is only required if you configure logging to disk.
To set the disk buffering size, use the logging buffer command. Specify the buffer size from 0 to 64,000 bytes. The default is 0, where the CSS sends the logging output directly to the log file.
For example, to set the buffer size to 1000 bytes, enter:
(config)# logging buffer 1000
To send the logging output directly to the log file, enter:
(config)# no logging buffer
4. Optionally, enable the CSS to send log messages to an email address and specify a level.
sendmail email address of mail recipient
IP address or hostname of SMTP host
level - Valid levels:
fatal-0, alert-1, critical-2, error-3, warning-4, notice-5, info-6, debug-7
logging sendmail [email protected] 172.3.6.58 critical
5. Show the log file. filename - Log file to display show log stubs
Table 8-2 Configuring and Enabling Logging (continued)
Step Logging Option Example
8-5Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 8 Using the CSS Logging FeaturesSpecifying Log File Destination
Specifying Log File DestinationTo specify a destination where the CSS logs subsystem activity, use the logging command. You can specify the following locations for log files:
• disk filename - New or existing filename in the disk log directory
• host ip or host - IP address of the syslog daemon on the host or a host name
• log line - CSS active session
For information on logging to these destinations, refer to the following sections.
Specifying Disk for a Log File DestinationTo send log information to disk, use the logging disk command and specify a log filename. The filename can be new or existing. Enter a text string from 0 to 32 characters.
For example:
(config)# logging disk stubs
When you issue this command, the CSS:
• Stops writing default log information to sys.log
• Creates the filename you specify in the disk log directory
• Sends subsystem and level information to the log filename
You can have only one active log file on the disk at a time. If you wish to send subsystem information to a different log file on the disk, re-enter the logging disk command with a different filename.
Disabling Logging to DiskTo disable logging to disk, enter:
(config)# no logging disk
When you disable logging to disk, the CSS stops logging to the specified file and re-enables logging to the sys.log file.
8-6Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 8 Using the CSS Logging FeaturesSpecifying Log File Destination
Specifying Host for a Log File DestinationTo send log information to a syslog daemon on the host system, use the logging host command and specify:
• An IP address or a host name - The address of the syslog daemon on the host. Enter the IP address in dotted-decimal notation (for example, 192.168.11.1) or the mnemonic host name (for example, myhost.mydomain.com).
• facility number - The syslog daemon facility level. Enter a number from 1 to 7. For more information on the syslog daemon and facility levels, refer to your syslog daemon documentation.
For example:
(config)# logging host 192.168.11.1 facility 3
To turn off logging to a host, enter:
(config)# no logging host
Specifying a Line for a Log File DestinationTo send log information to an active CSS session, use the logging line command and specify a valid log line on the CSS. Enter the line as a case-sensitive text string with a maximum length of 32 characters.
To display a list of active CSS lines, enter the logging line command as shown. The * denotes your current session.
(config)# logging line ?
console Login Name: Location:local*vty1 Login Name: admin Location:10.0.3.35
For example, to send subsystem information to your monitor, enter:
(config)# logging line vty1
To turn off logging, enter the no logging line command.
(config)# no logging line vty1
8-7Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 8 Using the CSS Logging FeaturesEnabling Logging on a Subsystem
Enabling Logging on a SubsystemUse the logging subsystem command to enable logging on a CSS subsystem and the level of information to log. The level you specify instructs the CSS to log subsystem activity that occurs at that level and the activity greater than that level. For example, if you wish to log info messages, the CSS also logs error, critical, alert, and fatal error levels.
The following example enables logging for the chassis subsystem with a critical-2 error level. The CSS will log all critical, alert, and fatal errors for the chassis.
(config)# logging subsystem chassis level critical-2
Table 8-3 defines the CSS subsystems for which you can enable logging.
Table 8-3 Logging Subsystems
Subsystem Definition
acl Access Control List (ACL)
all (default) All CSS subsystems
app Application Peering Protocol (APP)
buffer Buffer manager
chassis Chassis manager
circuit Circuit manager
csdpeer Content Server Database (CSD) peer
dql Domain Qualifier List (DQL)
fac Flow Admission Control (FAC)
flowmgr Flow manager subsystem
hfg Header Field Group (HFG)
ipv4 Internet Protocol version 4 (IPv4)
keepalive Keepalive
netman Network management
nql Network Qualifier List (NQL)
ospf Open Shortest Path First
8-8Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 8 Using the CSS Logging FeaturesEnabling Logging on a Subsystem
pcm Proximity CAPP Messaging (PCM)
portmapper Port Mapper
proximity Proximity
publish Publish
redundancy CSS redundancy
replicate Content replication
rip RIP
security Security manager
syssoft System software
urql Uniform Resource Locator Qualifier List
vlanmgr VLAN manager
vpm Virtual pipe manager
vrrp Virtual Router Redundancy Protocol
wcc Web conversation control
Table 8-3 Logging Subsystems (continued)
Subsystem Definition
8-9Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 8 Using the CSS Logging FeaturesEnabling Logging on a Subsystem
Table 8-4 defines the logging levels you can set for a CSS subsystem. The logging levels are listed in order of severity with a fatal error being the most severe and info being the least severe error.
Disabling Logging for a SubsystemTo reset logging for a subsystem to the default logging level (warning-4), enter the no version of the logging command. For example:
(config)# no logging subsystem redundancy
Table 8-4 Subsystem Logging Levels
Level Definition
fatal-0 Fatal errors only.
alert-1 Alert errors, including fatal errors.
critical-2 Critical errors, including alert and fatal errors. The following trap events log at the critical level: link down, cold start, warm start, service down, service suspended.
error-3 General errors, including critical, alert, and fatal errors.
warning-4(default)
Warning messages, including all lower levels (error, critical, alert, and fatal.
notice-5 Notice messages, including all trap events (except for events logged at critical) and all lower levels except for info and debug.
info-6 Informational messages, including all lower levels except for debug.
debug-7 Debug messages, including all other error levels.
8-10Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 8 Using the CSS Logging FeaturesEnabling Logging on a Subsystem
Configuring a Log Message for a Subsystem at a Logging LevelUse the cliLogMessage subsystem command to define a log message for a subsystem at a particular logging level. The syntax for this global configuration mode command is:
cliLogMessage subsystem name “ message” level level
The variables are:
• name - The name of a CSS subsystem. Enter one of the following subsystem names:
– acl - ArrowPoint Control Lists
– all - All subsystems
– app - Application Peering Protocol (APP)
– buffer - Buffer Manager
– chassis - Chassis Manager
– circuit - Circuit Manager
– csdpeer - Content Server Database (CSD) Peer
– dql - Domain Qualifier List (DQL)
– fac - Flow Admission Control (FAC)
– flowmgr - Flow Manager
– hfg - HFG
– ipv4 - IPv4
– keepalive - Keepalive
– netman - Network Management
– nql - Network Qualifier List (NQL)
– ospf - OSPF
– pcm - PCM
– portmapper - PortMapper
– proximity - Proximity
– publish - Publish
– replicate - Replication
8-11Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 8 Using the CSS Logging FeaturesEnabling Logging on a Subsystem
– redundancy - CSS redundancy
– rip - RIP
– security - Security Manager
– syssoft - System software
– urql - Uniform Resource Qualifier List
– vlanmgr - VLAN Manager
– vpm - Virtual Pipe Manager
– vrrp - Virtual Router Redundancy Protocol
– wcc - Web Conversation Control
To see a list of subsystems, enter:
cliLogMessage subsystem ?
• level - The log level for the message. Enter one of these levels:
– fatal-0 - Fatal errors only
– alert-1 - Alert errors, including errors at the fatal-0 level
– critical-2 - Critical errors, including errors at the alert-1 level
– error-3 - Error errors, including errors at the critical-2 level
– warning-4 - Warning errors (default), including errors at the error-3 level
– notice-5 - Notice messages, including errors at the warning-4 level
– info-6 - Informational messages, including errors at the notice-5 level
– debug-7 - All errors and messages
Logging ACL ActivityWhen you configure the CSS to log ACL activity, it logs the event of the packet matching the clause and ACL. The CSS sends log information to the location you specified in the logging command.
Note Before you configure logging for a specific ACL clause, ensure that global ACL logging is enabled. To globally enable ACL logging, use the logging subsystem acl level debug-7 command in config mode.
8-12Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 8 Using the CSS Logging FeaturesEnabling Logging on a Subsystem
To configure logging for an ACL clause:
1. Enter the ACL mode for which you want to enable logging.
(config)# acl 7(config-acl[7])#
2. Enable logging for:
• A new clause by entering the log option at the end of the clause. For example:
(config-acl[7])# clause 1 deny udp any eq 3 destination any eq 3 log
• An existing clause by using the clause log enable command:
(config-acl[7])# clause 1 log enable
To disable ACL logging for a specific clause, enter:
(config-acl[7])#) clause 1 log disable
To globally disable logging for all ACL clauses, enter:
(config)# no logging subsystem acl
Sending Log Messages to an Email AddressTo send the log activity of a subsystem to an email address, use the logging sendmail command. The syntax for this global configuration mode command is:
(config)# logging sendmail email_address ip_address level
The variables are:
• email_address - The email address for the recipient. Enter the email address as a case-sensitive unquoted text string with a length of 1 to 30 characters.
• IP_address - The IP address for the SMTP host. Enter the IP address in dotted-decimal notation (for example, 192.168.11.1).
• level - The type of information to log. The valid levels are defined in Table 8-4.
8-13Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 8 Using the CSS Logging FeaturesLogging CLI Commands
• domain - The domain name for the SMTP host. Enter an unquoted text string with a maximum length of 64 characters (for example, arrowpoint.com). Do not insert an @ sign before the domain name. The CSS automatically prepends it to the domain name.
To turn off logging to an email address, enter:
(config)# no logging sendmail email_address
Logging CLI CommandsWhen you want to keep track of all CLI commands issued from the CSS, use the logging commands enable command. This command logs each CLI command to the sys.log file. To log CLI commands to the sys.log file, enter:
(config)# logging commands enable
To disable logging CLI commands to the sys.log file, enter:
(config)# no logging commands
Showing Log FilesUse the show log command to display the contents in a log or trap log file. Enter a log filename as an unquoted text string with no spaces. The syntax and options are:
• show log - Send the log activity to your current session. Press any key to stop displaying log activity. This command performs the same function as (config) logging line. Note that you cannot run these commands at the same time.
• show log logfilename - Display the contents in a log file.
• show log-list - Display a list of all log files.
• show log traplog - Display all traps that have occurred. A trap log file is an ASCII file in the log directory containing generic and enterprise traps.
8-14Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 8 Using the CSS Logging FeaturesShowing Log Files
To display a list of valid log files, enter the show log ? command line. For example:
(config)# show log ?
<cr> Execute commandstub MAR 23 14:16:42 6timestamps.txt MAR 23 14:18:48 0seqnumbers.txt MAR 23 14:18:48 0traplog MAR 25 10:16:18 569
To display information in a specific log file, enter the show log command with a valid log filename.
For example:
(config)# show log stubs
SEP 22 09:59:18 5/1 918 NETMAN-7: SNMP:SET RSP (3803)SEP 22 09:59:53 5/1 919 NETMAN-7: SNMP:SET (3804)SEP 22 09:59:53 5/1 920 NETMAN-7: SNMP: 1)apLogHostIpAddress.[1.2.3.4] VT_IPADDRESS <1.2.3.4>SEP 22 09:59:53 5/1 921 NETMAN-7: SNMP: 2)apLogHostIpAddress.[1.2.3.4] VT_IPADDRESS <1.2.3.4>
8-15Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 8 Using the CSS Logging FeaturesCopying Log Files to an FTP or TFTP Server
To display which levels are set for subsystems, use the show log-state command. For example:
(config)# show log-state
Subsystem Levels:
debug info notice warning error critical alert fatalsyssoft | X | | | | | | | |buffer | X | | | | | | | |flowmgr | X | | | | | | | |wcc | X | | | | | | | |ipv4 | X | | | | | | | |chassis | X | | | | | | | |vlanmgr | X | | | | | | | |netman | X | | | | | | | |app | X | | | | | | | |rip | X | | | | | | | |vrrp | X | | | | | | | |redundancy | X | | | | | | | |csdpeer | X | | | | | | | |portmapper | X | | | | | | | |circuit | X | | | | | | | |security | X | | | | | | | |fac | X | | | | | | | |vpm | X | | | | | | | |publish | X | | | | | | | |acl | X | | | | | | | |keepalive | X | | | | | | | |urql | X | | | | | | | |nql | X | | | | | | | |
Copying Log Files to an FTP or TFTP ServerTo copy log files from the CSS to a File Transfer Protocol (FTP) or Trivial File Transfer Protocol (TFTP) server, use the copy log command. The copy log command is available at the SuperUser prompt.
The options for this command are:
• copy log log_filename ftp
• copy log log_filename tftp
To see a list of log files, enter the copy log ? command.
8-16Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 8 Using the CSS Logging FeaturesCopying Log Files to an FTP or TFTP Server
r 1,
Copying Log Files to an FTP ServerTo copy a log file to an FTP server, use the copy log ftp command. Before you copy a log file from the CSS to an FTP server, you must create an FTP record file containing the FTP server IP address, username, and password. For information on configuring an FTP record, refer to “Configuring an FTP Record” in ChapteLogging in and Getting Started.
The syntax is:
# copy log logfilename ftp ftp_record filename
For example:
# copy log starlog ftp ftpserv1 starlogthurs
The variables are:
• logfilename - The name of the log file on the CSS. Enter an unquoted text string with no spaces and a maximum length of 32 characters.
• ftp_record - The name of the FTP record file that contains the FTP serverIP address, username, and password. Enter an unquoted text string with no spaces and a maximum length of 32 characters.
• filename - The name you want to assign to the file on the FTP server. Include the full path to the file. Enter an unquoted text string with no spaces and a maximum length of 32 characters.
Copying Log Files to a TFTP ServerTo copy a log file to an TFTP server, use the copy log tftp command.
The syntax is:
# copy log logfilename tftp IP address or hostname filename
8-17Content Services Switch Basic Configuration Guide
78-11424-01
Chapter 8 Using the CSS Logging FeaturesCopying Log Files to an FTP or TFTP Server
The variables are:
• logfilename - The name of the log file on the CSS. Enter an unquoted text string with no spaces and a maximum length of 32 characters.
• IP address or hostname - The IP address or host name of the TFTP server to receive the file. Enter an IP address in dotted-decimal notation (for example, 192.168.11.1) or in mnemonic host-name format (for example, myhost.mydomain.com). If you wish to use a hostname, you must first set up a host table using the (config) host command.
• filename - The name you want to assign to the file on the TFTP server. Include the full path to the file. Enter an unquoted text string with no spaces and a maximum length of 32 characters.
8-18Content Services Switch Basic Configuration Guide
78-11424-01
Content Services S78-11424-01
A
P P E N D I X A Upgrading Your CSS SoftwareCisco Systems periodically releases new software versions for the CSS. To help you upgrade your CSS with a new software release, this appendix provides the following information:
• Before You Begin
• Upgrading your CSS
Before You BeginBefore you can upgrade your CSS, copy the new CSS software to your FTP server and configure an FTP server record for the FTP server on your CSS. To display the maximum number of installed versions allowed on your hard disk or flash disk, use the show installed-software version-limit command.
Copying the New CSS SoftwareArrowPoint Distribution Images (ADIs) of the CSS software versions are on Cisco Connection Online (CCO), available at the Cisco Systems Web site (www.cisco.com). Use your customer login and password to access this page. From this location, you can access the page listing the versions of GZIP-compressed software. Click an image to download. Once the image is downloaded, place it on an FTP server which the CSS can access.
A-1witch Basic Configuration Guide
Appendix A Upgrading Your CSS SoftwareBefore You Begin
Note You do not need to uncompress the GZIP-compressed software. When you copy it or the upgrade script copies it to the CSS, the CSS uncompresses it.
Configuring an FTP Server Record on the CSSBefore you can copy the ADI from the FTP server to the CSS, you must create an FTP record file on the CSS identifying it. The record contains the IP address, username, and password for the server. To configure an FTP server record:
1. Log into the CSS.
2. Access global configuration mode. For example:
# config (config)#
3. Configure the default FTP server by using the ftp-record command. The syntax is:
ftp-record ftp_record ip_or_host username [“ password”| encrypted-password encrypted_pwd] { base_directory}
The variables are:
• ftp_record - Name for this FTP record file. Enter an unquoted text string with no spaces and a maximum length of 32 characters.
• ip_or_host - IP address or host name of the FTP server you want to access. Enter an IP address in dotted-decimal notation (for example, 192.168.11.1) or a mnemonic host name (for example, myhost.mydomain.com).
• username - Valid login username on the FTP server. Enter a case-sensitive unquoted text string with no spaces and a maximum length 32 characters.
• password - Password for the valid login username on the FTP server. Enter a case-sensitive quoted text string with no spaces and a maximum length of 16 characters.
A-2Content Services Switch Basic Configuration Guide
78-11424-01
Appendix A Upgrading Your CSS SoftwareUpgrading your CSS
• encrypted_pwd - Encrypted password for the valid login username on the FTP server. Enter a case-sensitive unquoted text string with no spaces and a maximum length of 16 characters after the encrypted-password option.
• base_directory - Optional base directory when using this record.
For example:
(config)# ftp-record DEFAULT_FTP 192.168.2.01 eng1 encrypted-password serve
You can now upgrade your CSS.
Upgrading your CSSYou can upgrade your CSS software by either:
• Using the Upgrade Script
• Manually Upgrading the CSS
Using the Upgrade ScriptThe upgrade script allows you to upgrade your CSS without having to enter any CLI commands. There are two ways to run the script:
• Automatically Running the Upgrade Script
• Interactively Using the Upgrade Script
Automatically Running the Upgrade Script
You can run the upgrade script to perform the software upgrade without having to enter any information. The script automatically:
• Checks to see how many installed software versions are installed on the CSS. On a hard disk-based system, if there are four installed versions (the maximum), the script deletes an older version. On a flash disk-based system (CSS 11150 or CSS 11800), if there are two installed versions (the maximum), the script deletes the older version.
A-3Content Services Switch Basic Configuration Guide
78-11424-01
Appendix A Upgrading Your CSS SoftwareUpgrading your CSS
Note The script will not offer to delete a version that you have configured as the primary or secondary boot file. On a flash disk-based system, you may need to quit and then deselect the primary or secondary boot file before continuing with the upgrade.
• Archives the running-config to startup-config.
• Copies the new ADI to the CSS boot-image directory.
• Unpacks the new ADI.
• Sets the primary boot-file to the new ADI.
• Reboots the CSS.
To automatically upgrade your CSS software using the upgrade script:
1. Log into the CSS.
Caution If you created additional profiles on the CSS, archive them by using the archive script or save_profile command. After the upgrade is done, use the restore filename script command to restore the profile you archived.
2. Start the upgrade script and include the name of the ADI and its extension in quotes.
• If you are using a GZIP-compressed ADI from the FTP server, include the gz file extension. For example:
# upgrade “ap0400003. gz”
• If you are using an uncompressed version of the ADI from the FTP server, include the adi file extension. For example:
# upgrade “ap0400003. adi”
If you did not configure a default FTP record before starting the upgrade script, you are prompted to configure one. You can either:
• Allow the CSS to automatically configure a record to an ArrowPoint server containing the ADI.
• At the prompts, manually configure the FTP record by entering the FTP server information where you copied the upgrade ADI.
A-4Content Services Switch Basic Configuration Guide
78-11424-01
Appendix A Upgrading Your CSS SoftwareUpgrading your CSS
When a default FTP record is configured, information similar to the following appears during the upgrade:
Current Version:ap0400003 (Build 3)
*** You must remove an installed version to upgrade. ***
Attempting to delete ap0310046
archive running-config startup-config
Attempting ftp of ap04010001.adi:# copy ftp DEFAULT_FTP ${new_version_adi} boot-imageCopying (-) 57,241,012Completed successfully.#(config-boot)# unpack ${new_version_adi}Unpacking(/) 99%(config-boot)#setting primary boot-file ap0401001
rebooting
The CSS automatically performs a flash upgrade, if necessary, and then boots the new image.
Interactively Using the Upgrade Script
The upgrade script allows you to enter information and make selections by responding to prompts as it runs. Before the script performs the upgrade, it prompts you to:
• Remove ADIs from the CSS if the script detects four installed versions on a hard disk-based system or two versions on a flash disk-based system (CSS 11150 or CSS 11800)
• Enter the version of the new ADI
• Set the primary boot-file to the new ADI
• Reboot the CSS with the ADI you are installing after the upgrade is done
• Archive the running-config to startup-config
A-5Content Services Switch Basic Configuration Guide
78-11424-01
Appendix A Upgrading Your CSS SoftwareUpgrading your CSS
To use the interactive version of the script:
1. Log into the CSS.
Caution If you created additional profiles on the CSS, archive them by using the archive script or save_profile command. After the upgrade is done, use the restore filename script command to restore the profile you archived.
2. Start the upgrade script. For example:
# upgrade
If you did not configure a default FTP record before starting the upgrade script, you are prompted to configure one. You can either:
• Allow the CSS to automatically configure a record to an ArrowPoint server containing the ADI.
• At the prompts, manually configure the FTP record by entering the FTP server information where you copied the upgrade ADI.
When a default FTP record is configured, the script displays the current version of the ADI.
Current Version: ap04100003 (Official)
A hard disk-based CSS can contain a maximum of four ADIs. A flash disk-based CSS (CSS 11150 or CSS 11800) can contain a maximum of two ADIs. If the script detects the maximum number of ADIs, a message informs you that you need to remove an ADI. Then the script prompts you to remove an older ADI. For example:
*** You must remove an installed version to upgrade.***
remove ap0310046 [y n q]?
Note The script will not offer to delete a version that you have configured as the primary or secondary boot file. On a flash disk-based system, you may need to quit and then deselect the primary or secondary boot file before continuing with the upgrade.
A-6Content Services Switch Basic Configuration Guide
78-11424-01
Appendix A Upgrading Your CSS SoftwareUpgrading your CSS
3. If necessary, remove the ADI.
• Enter y to remove the displayed ADI version.
• Enter n for the script to display another version to remove.
• Enter q to exit from the script.
remove ap0310046 [y n q]?y
Attempting to delete ap0310006a
4. At the prompt, enter the file name and extension of the GZIP-compressed ADI version to install, and verify the information you entered. For example:
Please Enter Version to Install:ap0401001.gz
Note If you are using an uncompressed version of the ADI from the FTP server, include the adi file extension (for example, ap0401001.adi).
Upgrade to Version ap0401001? [y n q] y
5. Determine whether to set the ADI as the primary boot-file.
• Enter y to set the ADI as the primary boot-file and change the CSS configuration.
• Enter n to keep the same primary boot-file configuration.
Set primary boot-file to Version ap0401001? [y n q] y
6. Determine whether to have the CSS reboot with the ADI you are installing.
• Enter y to reboot the CSS with this ADI after the upgrade is done.
• Enter n to not reboot the CSS with the ADI after the upgrade is done.
Reboot with Version ap0401001? [y n q] n
7. Determine whether to have the CSS archive the running-config to the startup-config.
• Enter y to archive the running-config to the startup-config.
• Enter n to keep the same startup-config.
Archive running-config to startup-config? [y n q] y
archive running-config startup-config
A-7Content Services Switch Basic Configuration Guide
78-11424-01
Appendix A Upgrading Your CSS SoftwareUpgrading your CSS
d
The script copies the ADI from the FTP server, unpacks and installs it, and sets it as the primary boot-file.
Attempting ftp of ap0401001.gz:
# copy ftp DEFAULT_FTP ${new_version_adi} boot-image
Copying (-) 57,241,012
Completed successfully.#(config-boot)# unpack ${new_version_adi}
unpacking(/) 99%
(config-boot)#
setting primary boot-file ap0401001
If you decided to reboot the CSS with the installed ADI in Step 6, the CSS reboots automatically. If you made the ADI the primary boot-file and archived the running-config to the startup-config, the CSS automatically performs a flash upgrade, if necessary, and then boots the new image.
To manually reboot the system, enter the following commands:
(config)# boot(config-boot)# reboot
Manually Upgrading the CSSYou can manually enter CLI commands to upgrade the CSS.
Note Make sure that you configure a default FTP server, as described in the “Before You Begin” section earlier in this appendix.
To manually upgrade the software version on your CSS:
1. Log onto the CSS.
2. If necessary, remove an older version of the ADI from the CSS. A hard disk-based CSS can contain a maximum of four ADIs. A flash disk-baseCSS (CSS 11150 or CSS 11800) can contain a maximum of two ADIs.
A-8Content Services Switch Basic Configuration Guide
78-11424-01
Appendix A Upgrading Your CSS SoftwareUpgrading your CSS
Caution Do not remove the ADI currently running on the CSS. Use the version command to see the currently running software version.
To remove an ADI:
a. List the ADIs on the CSS. For example:
(config)# show installed-softwareap0301006ap0301046ap0400003
b. Access boot mode:
(config)# boot(config-boot)#
c. Use the remove command to remove the ADI. For example:
(config-boot)# remove ap0301006
3. Archive your running-config to startup-config. For example:
# config(config)# archive running-config startup-config
You can also use the save_config alias to archive your startup-config. To view all available aliases, use the show aliases command.
Caution If you created additional profiles on the CSS, archive them by using the archive script or save_profile command. After the upgrade is done, use the restore filename script command to restore the profile you archived.
4. Copy the new ADI onto the CSS as the boot-image.
(config-boot)# exit
(config)# copy ftp DEFAULT_FTP ap0400003.gz boot-image
DEFAULT_FTP is the FTP record file defined in “Configuring an FTP Server Record on the CSS”.
A-9Content Services Switch Basic Configuration Guide
78-11424-01
Appendix A Upgrading Your CSS SoftwareUpgrading your CSS
When you copy a GZIP-compressed ADI onto the CSS, the CSS automatically uncompresses it.
Note If you are copying an uncompressed version of the ADI from the FTP server, include the adi file extension (for example, ap0400003.adi).
5. Unpack the ADI.
(config)# boot(config-boot)# unpack ap0400003.adi
6. Set the new ADI as the primary boot-file and install it.
(config-boot)# primary boot-file ap0400003
7. Reboot the system.
(config)# boot(config-boot)# reboot
The CSS automatically performs a flash upgrade, if necessary, and then boots the new image.
A-10Content Services Switch Basic Configuration Guide
78-11424-01
Content Service78-11424-01
I N D E X
A
ACA
load balancing 7-21
using with server weight and load 5-7
ACLs
disabling logging globally 8-13
logging activity 8-12
activating
content rule 7-19
service 5-42
active SCM
copying boot configuration record to passive SCM 2-21
adding service
specifying a service weight 7-17
address
specifying for owner 6-4
ADI
removing 2-11
unpacking 2-10
administrative password
changing 1-5
administrative username setting using Offline Diagnostic Monitor menu 1-33
advanced balance string
configuring for service
5-30
advanced options for Offline Diagnostic Monitor menu 1-30
aging time
configuring for bridging 3-21
alternate configuration path 1-20, 2-22
application
specifying in a content rule 7-38
Application Program Interface
configuring 2-32
application type
required for Layer 5 content rules 7-38
archive directory
archiving files to 1-48
clearing 1-49
restoring files from 1-50
archived log file
restoring 1-50
archived script
restoring 1-51
archive startup-config
restoring 1-51
IN-1s Switch Basic Configuration Guide
Index
archiving
files to the archive directory 1-48
log files 1-48
running-config 1-49
scripts 1-49, A-4
startup-config 1-49
ARP
clearing parameters 3-6
configuring for CSS 3-4
configuring timeout 3-5
configuring wait time 3-6
displaying information 3-7
updating parameters 3-6
ArrowPoint Content Awareness. See ACA
ArrowPoint Distribution Image. See ADI
assigning
content rule to owner 7-6
IP address to a service 5-27
VIP to owner content 7-7
associating
service to global keepalive 5-19
audience xxii
B
balance type
for DNS 7-22
load balancing 7-21
billing information
specifying for owner 6-4
boot
specifying primary boot file 2-11
specifying primary boot type 2-12
boot.bak 8-2
boot.log 1-40, 8-2
boot configuration
displaying 1-29
flowchart 1-17
mode 2-10
specifying secondary 2-13
Boot Configuration menu 1-17
options 1-18
boot configuration mode 2-10
boot configuration path
specifying secondary 2-14
boot configuration record
copying from active SCM to passive SCM 2-21
boot file
specifying secondary 2-13
booting the CSS 1-13
boot mode
configuration commands 2-10
boot-type
specifying secondary 2-14
IN-2Content Services Switch Basic Configuration Guide
78-11424-01
Index
bridge
enabling and disabling spanning tree 3-24
bridge aging time
restoring default value 3-22
bridge forward time
restoring default value 3-22
bridge hello time
configuring 3-22
restoring default value 3-22
bridge max age
configuring 3-23
restoring default value 3-23
bridge pathcost
configuring 4-9
bridge priority
configuring for bridging 4-9
configuring for CSS 3-23
restoring default value 4-9
bridge state
configuring 4-10
disabling 4-10
bridging
configuring aging time 3-21
configuring for CSS 3-21
interface to VLAN 4-8
broadcast IP address
restoring default value 4-19
bypass
caches 7-35
for failover 7-35
parameter bypass 7-39
transparent caches 7-39
bypassing transparent caches 7-39
bypass persistence 7-30
configuring 7-31
C
cache
bypassing transparent cache 7-39
cache bypass
configuring for a service 5-34
case-sensitivity
specifying for content requests 6-5
caution
configuring Ethernet Management port IP address 1-29
smurf attacks 3-16
changing
CLI prompt 2-6
user password 1-7
check disk
disabling or enabling on the disk 1-37
performing on the disk 1-35
checksum
calculated for Web page 5-39
IN-3Content Services Switch Basic Configuration Guide
78-11424-01
Index
circuit
overview 4-1
showing 4-17
circuit IP
configuring an IP address 4-18
configuring broadcast address 4-19
configuring redirects 4-19
disabling 4-21
enabling 4-21
removing 4-19
clearing
archive directory 1-49
ARP parameters 3-6
running-config or startup-config 1-43
CLI
changing the prompt 2-6
expert mode 2-28
CLI commands
logging to sys.log 8-14
command scheduler
configuring 2-33
displaying records 2-35
configuration quick start
content rule 7-5
initial configuration 1-2
logging 8-3
service and owner 5-4
configuring
bridge aging time 3-21
bridge forward time 3-22
bridge hello time 3-22
bridge max age 3-23
bridge pathcost 4-9
bridge priority 4-9
bridge state 4-10
circuit 4-15
circuit IP address 4-18
circuit IP broadcast address 4-19
circuit IP redirects 4-19
circuit IP unreachables 4-20
content rule port information 7-20
domain name in a content rule 7-10
ECMP 3-12
FTP server record A-2
global keepalive active 5-15
global keepalive description 5-15
global keepalive frequency 5-15
global keepalive IP address 5-16
global keepalive maxfailure 5-16
global keepalive method 5-16
global keepalive port 5-17
global keepalive retry period 5-17, 5-38
global keepalive suspend 5-17
global keepalive type 5-18
global keepalive URI 5-18
hotlist attributes for content rules 7-23
IN-4Content Services Switch Basic Configuration Guide
78-11424-01
Index
interface 4-4
interface duplex and speed 4-6
IP ECMP 3-12
IP for CSS 3-11
IP record route 3-11
IP redundancy 3-11
IP route 3-13
IP source route 3-15
IP subnet broadcast 3-16
load balancing 7-21
permanent connections for TCP ports 2-29
protocol for a content rule 7-20
reset of Fast Ethernet and Gigabit Ethernet ports 2-30
RIP advertise 3-8
RIP default-route 4-22
RIP equal-cost 3-9
RIP for an interface 4-22
RIP for CSS 3-8
RIP receive 4-23
RIP redistribute 3-9
RIP send 4-23
router-discovery for an IP interface 4-20
router-discovery lifetime 4-16
router-discovery limited-broadcast 4-16
router-discovery max-advertisement-interval 4-16
router-discovery min-advertisement-interval 4-17
router-discovery preference 4-20
service 5-27
service keepalive port 5-37
time and date 1-10
user name and password 1-6
virtual IP address 7-7
console
enabling access 2-28
restricting access to the CSS 2-27
console authentication
configuring 2-26
content
case-sensitivity 6-5
removing from owner 7-6, 7-19
showing 7-40
specifying an EQL in a URL 7-28
specifying a URL 7-26
content API
configuring 2-32
content requests
enabling to bypass transparent caches 7-39
content rule
activating 7-19
adding a domain name service 7-11, 7-18
adding a primary sorry server 7-17
adding a secondary sorry server 7-18
adding a service 7-16
assigning to owner 7-6
configuration quick start 7-5
configuring a domain name 7-10
IN-5Content Services Switch Basic Configuration Guide
78-11424-01
Index
configuring hotlist 7-23
configuring port information 7-20
configuring protocol 7-20
defining failover 7-35
description 7-2
layer 3 7-3
layer 4 7-3
layer 5 7-3
persistence 7-30
purpose in life 5-2, 7-3
redirecting requests 7-29
removing 7-19, 7-20
removing service 5-43
showing 7-41
specifying domain name wildcards 7-15
specifying load threshold 7-29
suspending 7-19
wildcards in domain names 7-11, 7-14
content rule, service, owner
overview 5-2
content rule persistence 7-30
content rules
using a domain name and VIP 7-13
Content Services Switch
assigning a subnet mask 1-8, 1-9
booting from a network drive 2-21
configuring bridging 3-21
configuring host name 2-25
configuring idle timeout 2-25
configuring RIP 3-8
configuring user terminal parameters 2-3
controlling remote access to 2-28
displaying configurations 1-53
logging functions 8-4
logging in 1-5
opportunistic layer 3 forwarding 3-28
rebooting 1-13
restricting access to 2-27
shutting down 1-13
Content Services Switch HTTP server
controlling access to 2-33
control ports
reclaiming 2-30
copying
core dumps to FTP or TFTP server 1-52
core dumps to TFTP server 1-53
log files to FTP or TFTP server 8-16
log files to FTP server 1-52, 8-17
log files to TFTP server 8-17
copying new software to CSS A-1
core directory 1-40
core dumps
copying to an FTP or TFTP server 1-52
copying to TFTP server 1-53
creating
global keepalive 5-14
service 5-26
IN-6Content Services Switch Basic Configuration Guide
78-11424-01
Index
CSS
configuring flow parameters 2-29
CSS. See Content Services Switch
CSS 11050 port designation 4-5
CSS 11150 port designation 4-5
CSS 11800 slot/port designation 4-5
D
date
configuring 1-10
configuring for european 1-11
default VLAN
restoring 4-9
deleting software from the disk 1-30
describing
global keepalive 5-15
disabling
circuit IP unreachables 4-20
hotlist 7-24
logging 8-10
logging to disk 8-6
router discovery 4-20
Telnet access for SSHD 3-28
Telnet for use with SSHD 3-26
disk
deleting a software version 1-30
disabling logging to 8-6
disabling or enabling check disk 1-37
performing a check disk 1-35
specifying for log file destination 8-6
disk boot
primary boot record 1-23
secondary boot record 1-28
disk buffer size
specifying for logging 8-5
disk drive failure
network boot for 1-20
disk module
restoring files from archive directory 1-50
disk options
Offline Diagnostic Monitor menu 1-33
reformatting the disk 1-33
running check disk on the disk 1-33
displaying
content 7-40
CSS configurations 1-53
log files 8-14
username 1-7
DNS
configuring for CSS 3-1, 3-2
configuring primary server for CSS 3-2
configuring resolve for CSS 3-2
configuring secondary server for CSS 3-3
specifying suffix 3-3
IN-7Content Services Switch Basic Configuration Guide
78-11424-01
Index
dnsbalance
leastloaded 7-22
preferlocal 7-22
roundrobin 7-22
DNS type
specifying for owner 6-5
documentation
chapter contents xxii
map xxv
set xxiii
symbols and conventions xxvi
domain hotlist
configuring 7-25
domain name
specifying 5-29
domain names
configuring in a content rule 7-10
using in a content rule 7-13
using wildcards in content rules 7-15
using with wildcards in a content rule 7-14
domain name service
adding to content rule 7-11, 7-18
DQL
adding to a content rule 7-26
Duke of URL 7-41
dumps
copying core dumps to FTP or TFTP servers 1-52
duplex
configuring for interface 4-6
E
ECMP
configuring 3-12
configuring IP address 3-12
configuring no-prefer-ingress 3-12
configuring round-robin 3-12
recovering from a failed router 3-12
email address
sending log messages to 8-13
specifying for owner 6-6
enabling
hotlist 7-23
EQL
specifying in a URL 7-28
Ethernet management port
configuring an IP address 1-8
european date
configuring 1-11
expert mode 2-5
Extension Qualifier List. See EQL
F
failover
bypass 7-35
defining for a content rule 7-35
linear 7-35
next 7-35
IN-8Content Services Switch Basic Configuration Guide
78-11424-01
Index
file destination
specifying for logging 8-6
flash disk
installed software versions A-3
logging to 8-2
flow parameters
configuring 2-29
flow statistics
showing 2-32
forward time
configuring for bridging 3-22
FTP
copying log files to server 1-52, 8-17
enabling access 2-28
reclaiming reserved control ports 2-30
restricting access to the CSS 2-27
FTP boot
primary boot record 1-22
secondary boot record 1-27
ftp-control
specifying as application type in a content rule 7-38
FTP record
configuring 1-11
FTP server
copying core dumps to 1-52
copying files from 1-12
copying log files to 8-16
FTP server record
configuring A-2
G
global bypass counters
descriptions 6-8
in show summary command 6-7
global keepalive mode. See keepalive
H
hard disk
directory structure 1-39
installed software versions A-3
logging to 8-2
hard disk failure
using network boot 2-22
hardware
displaying chassis information 1-54
hash
configuring for global keepalive 5-19
configuring for keepalive 5-39
hello time
configuring for bridging 3-22
history buffer
displaying 2-7
modifying 2-6
host
specifying as log file destination 8-7
host name
configuring 2-25
IN-9Content Services Switch Basic Configuration Guide
78-11424-01
Index
hotlist
configuring for content rules 7-23
configuring for domains 7-25
disabling 7-24
enabling 7-23
HTTP
specifying as application type in a content rule 7-38
status code 302 7-29
HTTP cookie
configuring for a service 5-30
HTTP keepalive
specifying a URI 5-37
HTTP redirection 7-30
HTTP redirection and service remapping
configuring 7-32
HTTP server
configuring on CSS 2-33
I
ICMP redirect message transmission
disabling 4-19
idle timeout
configuring for all sessions 1-53
install new software 1-22, 1-27
interface
bridging to VLAN 4-8
configuring 4-4, 4-5
configuring maximum idle time 4-7
configuring RIP 4-22
describing 4-5
displaying statistics 4-12
overview 4-1
reset of Fast Ethernet and Gigabit Ethernet ports 2-30
restarting 4-14, 4-15
showing 4-11
showing duplex and speed 4-8
showing Ethernet errors 4-13
shutting down 4-14
shutting down all 4-14
interface and circuit
quick start 4-3
interface duplex and speed
configuring 4-6
interface layer
restarting 4-14
internal disk module
directory structure 1-39
Internet Assigned Name Authority 7-7
Internet service providers 7-7
IP address
configuring for the CSS ethernet management port 1-8
configuring using Offline Diagnostic Monitor menu 1-28
finding 2-28
management port 1-8
removing from circuit 4-19
IN-10Content Services Switch Basic Configuration Guide
78-11424-01
Index
IP configuration
showing 3-17
IP ECMP
configuring 3-12
configuring address 3-12
configuring no-prefer-ingress 3-12
configuring round-robin 3-12
IP interfaces
displaying configurations 3-17
showing 4-21
stopping RIP 4-22
IP record route
configuring 3-11
IP redundancy
configuring 3-11
IP route
configuring 3-13
displaying configurations 3-18
removing 3-14
IP source route
configuring 3-15
IP statistics
displaying configurations 3-20
IP subnet broadcast
configuring 3-16
IP summary
showing 3-21
K
keepalive
activating global 5-15
associating service to global keepalive 5-19
checksums for URI 5-39
configuring for service 5-34
configuring frequency 5-36
configuring global description 5-15
configuring global frequency 5-15
configuring global IP address 5-16
configuring global maxfailure 5-16
configuring global method 5-16
configuring global port 5-17
configuring global retry period 5-17
configuring global suspend 5-17
configuring global type 5-18
configuring global URI 5-18
configuring hash for global keepalive 5-19
configuring maxfailure 5-36
configuring method 5-36
configuring retry period 5-38
configuring type 5-38
configuring URI 5-39
creating global keepalive 5-14
global mode 5-13
script 5-22, 5-24, 5-26
showing configurations 5-21, 5-41
specifying hash 5-39
IN-11Content Services Switch Basic Configuration Guide
78-11424-01
Index
keepalive maxfailure
configuring 5-36
keepalive port
configuring for service 5-37
keepalive type
configuring 5-38
keepalive URI
configuring 5-39
L
Layer 3 content rule
description 7-3
Layer 4 content rule
description 7-3
Layer 5 content rule
description 7-3
specifying an application type 7-38
load
configuring for services 5-9
showing for services 5-13
load age out timer
configuring 5-12
load balancing
ACA 7-21
configuring 7-21
destip 7-21, 7-35
domain 7-21, 7-35
domainhash 7-21, 7-35
least connection 7-21
roundrobin 7-21
srcip 7-21, 7-35
url 7-21, 7-35
urlhash 7-22, 7-35
weighted roundrobin 7-22
load reporting
configuring 5-11
load step
configuring for services 5-9
load tear down timer
configuring 5-11
load threshold
configuring for services 5-10
specifying for content rule 7-29
locating an IP address 2-28
log file destination
specifying disk 8-6
specifying host 8-7
specifying line 8-7
log files
archiving 1-48
boot 1-40
copying to an FTP or TFTP server 8-16
copying to FTP server 1-52, 8-17
copying to TFTP server 8-17
restoring archived files 1-50
showing 8-14
sys.log 1-40
IN-12Content Services Switch Basic Configuration Guide
78-11424-01
Index
logging
ACL activity 8-12
CLI commands 8-14
commands 8-2
configuring from config mode 8-4
disabling 8-7, 8-10
enabling for a subsystem 8-8
file destination 8-6
for a subsystem 8-6
levels 8-10
overview 8-2
quick start table 8-3, 8-4
showing log files 8-14, 8-15
specifying disk buffer size 8-5
subsystems 8-8
turning off from disk 8-6
turning off from host 8-7
logging into the CSS 1-5
logging to disk
disabling 8-6
logging to host
disabling 8-7
log messages
sending to an email address 8-13
M
management port
assigning an IP address 1-8
max age
configuring for bridging 3-23
max connections
configuring for service 5-42
MIB directory 1-40
N
netmask format
configuring for user 2-4
network boot
primary boot record 1-20
secondary boot record 1-25
specifying primary config path 2-12
network boot configuration
showing 2-24
network drive
booting the CSS from 2-21
IN-13Content Services Switch Basic Configuration Guide
78-11424-01
Index
O
Offline Diagnostic Monitor menu 1-13
advanced options 1-30
disabling or enabling check disk 1-37
disk options 1-33
performing a check disk 1-35
reformatting the disk 1-33
setting password protection 1-31
using to configure IP address 1-28
using to configure subnet mask 1-28
opportunistic layer 3 forwarding
configuration example 3-29
configuring 3-28
origin servers 7-35
overview
circuit 4-1
interface 4-1
service, owner, content rules 7-2
service load 5-5
system software 1-39
owner
assigning content rule 7-6
configuration quick start 6-2
creating 6-3
removing 6-6
removing content 7-6, 7-19
showing global bypass counters 6-7
showing information 6-6
specifying address 6-4
specifying DNS type 6-5
specifying email address 6-6
specifying owner billing information 6-4
owner, service, content rule
overview 5-2
P
packet storms
preventing 3-24
param-bypass 7-39
passive SCM
configuring boot record 2-15
configuring IP address 2-17
configuring primary boot file 2-17
configuring primary configuration path 2-18
configuring SCM secondary boot file 2-19
configuring secondary boot type 2-19
configuring secondary configuration path 2-20
configuring subnet mask 2-20
copying boot-config from active SCM 2-21
primary boot file 2-17
primary configuration path 2-17
passive sync command 2-21
password protection
setting on Offline Diagnostic Monitor menu 1-31, 1-34
IN-14Content Services Switch Basic Configuration Guide
78-11424-01
Index
passwords
changing 1-5, 1-7
configuring 1-6
pathcost
configuring for bridging 4-9
permanent connections
configuring for TCP ports 2-29, 2-30
persistence
configuring in a content rule 7-30
port
configuring as permanent connections 2-30
configuring for service keepalive 5-37
reset of Fast Ethernet and Gigabit Ethernet ports 2-30
resetting 2-30
specifying for a service 5-28
Port. See also interface
prefix notation
configuring for subnet mask display 2-4
primary boot configuration 2-11
primary boot configuration setting 1-19
primary boot file
specifying 2-11
primary boot record
disk boot 1-23
FTP boot 1-22
network boot 1-20
secondary boot 1-23
primary boot type
configuring 2-12
primary config path
specifying for network boot 2-12
primary sorry server
adding to content rule 7-17
priority
configuring for bridging 4-9
protocol
for content rule 7-20
tcp 5-29
udp 5-29
Q
quick start
configuring logging 8-4
configuring the CSS 1-2
content rule 7-5
interface and circuit 4-3
logging 8-3
owner 6-2
service and owner 5-4
R
realaudio-control
specifying as application type in a content rule 7-38
rebooting
CSS 1-13
IN-15Content Services Switch Basic Configuration Guide
78-11424-01
Index
rebooting the CSS 1-13
redirecting requests for content 7-29
redirection
configuring in a content rule 7-30
redundancy
disabling 3-11
reformatting the disk 1-34
remap configuration
showing 7-34
remapping
configuring in a content rule 7-30
remote access
setting for CSS 2-26
remote service 5-31
removing
content rule 7-19, 7-20
content rule from owner 7-6
IP address from a circuit 4-19
owner 6-6
service 5-43
service from content rule 5-43
user name 1-7
restarting
interface 4-14
interfaces 4-15
restoring
archived log file 1-50
archived script file 1-51
archived startup-config 1-51
bridge priority default value 4-9
default aging-time 3-22
default bridge forward time 3-22
default bridge hello-time 3-22
default bridge max-age 3-23
default bridge priority 4-9
default broadcast IP address 4-19
default path cost 4-9
default VLAN 4-9
files from archive directory 1-50
router-discovery advertisement interval timers 4-17
router-discovery max-advertisement-interval default value 4-16
router discovery preference 4-21
restricting access to the CSS
telnet, snmp, console, ftp 2-27
RIP
displaying configurations 3-10, 4-23
equal cost 3-9
stopping on an IP interface 4-22
RIP advertise
stopping 3-8
RIP default-route
configuring 4-22
RIP receive
configuring 4-23
RIP redistribute
stopping 3-9
IN-16Content Services Switch Basic Configuration Guide
78-11424-01
Index
RIP send
configuring 4-23
roundrobin
least connection 7-21
load balancing 7-21
router
recovering from a failed router 3-12
router discovery
configuring for an IP interface 4-20
configuring min-advertisement-interval 4-17
configuring preference 4-20
disabling 4-20
enabling 4-20
router discovery advertisement interval timers
restoring default value 4-17
router-discovery advertisement interval timers
restoring default value 4-17
router discovery lifetime
configuring 4-16
router discovery limited-broadcast
configuring 4-16
router discovery max-advertisement-interval
configuring 4-16
router-discovery max-advertisement-interval
restoring default value 4-16
router discovery preference
configuring 4-20
restoring default value 4-21
running check disk on the disk
disk options 1-33
running-config
archiving 1-49
clearing 1-43
creating using text editor 1-47
displaying 1-43
example 1-45
ordering information within 1-47
using 1-42
running-profile
copying to an FTP server 2-9
copying to an TFTP server 2-9
copying to a user profile 2-8
copying to the default profile 2-8
S
SCM
configuring boot record for passive SCM 2-15
configuring IP address for passive SCM 2-17
configuring network boot for passive 2-23
configuring network boot for primary 2-22
script keepalives
configuring 5-24
displaying 5-24
overview 5-22
status codes 5-26
IN-17Content Services Switch Basic Configuration Guide
78-11424-01
Index
scripts
archiving 1-49
disk directory 1-40
restoring archived file 1-51
secondary boot configuration path
specifying 2-14
secondary boot configuration setting 1-23
secondary boot file
specifying 2-13
secondary boot record
disk boot 1-28
FTP boot 1-27
network boot 1-25
secondary boot type
specifying 2-14
secondary config path
specifying 2-14
secondary sorry server
adding to a content rule 7-18
Secure Shell Daemon. See SSHD
security options
Offline Diagnostic Monitor menu 1-31
setting password protection on Offline Diagnostic Monitor menu 1-31
sending log messages
to an email address 8-13
server
primary sorry 7-17
secondary sorry 7-18
servers
order in which types are hit 5-33, 7-16
server types
how CSS handles 5-33
server weight and load
using with ACA 5-7
service
activating 5-42
adding to a content rule 7-17
adding to content rule 7-16
assigning an IP address 5-27
configuring 5-27
configuring an advanced balanced string 5-30
configuring an HTTP cookie 5-30
configuring cache bypass 5-34
configuring global load reporting 5-11
configuring global load threshold 5-10
configuring keepalive 5-34
configuring keepalive port 5-37
configuring load ageout timer 5-12
configuring load step 5-9
configuring load tear down timer 5-11
configuring max connections 5-42
configuring service load 5-9
configuring weight 5-31
creating 5-26
load overview 5-5
order in which types are hit 5-33, 7-16
primary sorry 7-17
removing 5-43
IN-18Content Services Switch Basic Configuration Guide
78-11424-01
Index
removing from content rule 5-43
removing from source group 5-43
secondary sorry 7-18
showing configuration 5-44
showing load 5-13
specifying a port 5-28
specifying a protocol 5-29
specifying type 5-31
suspending 5-42
service, owner, content rule
overview 5-1, 7-2
service access
configuring 5-33
service and owner
configuration quick start 5-4
service remapping 7-30
service remapping and HTTP redirection
configuring 7-32
service type
nci-direct-type 5-31
nci-info-type 5-31
proxy-cache 5-31
redirect 5-32
redundancy-up 5-32
replication cache redirect 5-32
replication-store 5-32
replication-store redirect 5-32
transparent-cache 5-32
session
specifying as log file destination 8-7
show boot configuration 1-29
showing
bridge forwarding 3-24, 4-10
circuits 4-17
content 7-40
content rules 7-41
Ethernet interface errors 4-13
global bypass counters 6-7
interfaces 4-11
IP configuration 3-17
IP interfaces 4-21
IP summary 3-21
log files 8-14
owner information 6-6
service configuration 5-44
user information 1-57
shutting down
all interfaces 4-14
interface stack layer 4-14
the CSS 1-13
smurf attacks caution 3-16
SNMP
enabling access 2-28
restricting access to the CSS 2-27
software
deleting a version from the disk 1-30
directory 2-33
IN-19Content Services Switch Basic Configuration Guide
78-11424-01
Index
displaying information 1-54
overview 1-39
version format 1-40
software upgrade A-3
caution A-4
copying new software to CSS A-1
manual process A-8
script A-3
sorry server
adding a primary to a content rule 7-17
adding a secondary to a content rule 7-18
source group
removing service 5-43
spanning tree
caution when disabling 3-24
enabling and disabling 3-23
specifying
owner address 6-4
owner billing information 6-4
owner email address 6-6
speed
configuring for interface 4-6
SSHD
configuring 3-25
configuring keepalive 3-27
configuring port 3-27
configuring server-keybits 3-27
disabling Telnet for use with 3-26
displaying configurations 3-28
SSL
specifying as application type in a content rule 7-38
starting
interface 4-14
startup-config 1-41
archiving 1-49
clearing 1-43
creating using text editor 1-47
displaying 1-46
ordering information within 1-47
restoring archived file 1-51
saving offline 1-42
using 1-42
statistics
showing flows 2-32
subnet mask
assigning to CSS 1-9
configuring using Offline Diagnostic Monitor menu 1-28
subnet mask prefix notation
configuring for user 2-4
subsystem
disabling logging 8-10
enabling for logging 8-8
suspending
content rule 7-19
service 5-42
sys.log 1-40, 8-2
logging CLI commands 8-14
IN-20Content Services Switch Basic Configuration Guide
78-11424-01
Index
sys.log.prev 8-3
syslogd
logging to 8-2, 8-3
system resources
showing 1-56
T
TCP ports
configuring permanent connections 5-29
specifying destination number 5-28
Telnet
disabling for use with SSHD 3-26, 3-28
enabling access 2-28
enabling and disabling for SSHD 3-28
reclaiming reserved control ports 2-30
restricting access to the CSS 2-27
terminal idle
configuring for user 2-3
terminal length
configuring for user 2-4
terminal more
configuring for user 2-4
terminal parameters
configuring for users 2-3
configuring terminal idle 2-3
configuring terminal length 2-4
configuring terminal more 2-4
configuring terminal netmask format 2-4
configuring terminal timeout 2-5
terminal timeout
configuring for user 2-5
text editor
using to create running-config 1-47
using to create startup-config 1-47
TFTP
copying log files to server 8-17
TFTP server
copying core dumps to 1-53
copying log files to 8-16
time
configuring for CSS 1-10
transparent cache
bypassing 7-39
transparent caches
bypassing 7-39
type
specifying for service 5-31
U
UDP
destination port number 5-28
Universal Resource Locator. See URL
upgrading CSS manually A-8
IN-21Content Services Switch Basic Configuration Guide
78-11424-01
Index
upgrading software
configuring FTP record A-2
copying new software to CSS A-1
URI
specifying for HTTP keepalive 5-37
URL
specifying for content 7-26
user information
showing 1-57
username
configuring 1-6
displaying 1-7
removing 1-7
user parameter
configuring terminal netmask format 2-4
user password
changing 1-7
configuring 1-6
user profiles
configuring 2-2
copying and saving 2-8
user terminal parameters
configuring 2-32
configuring terminal domain lookup 2-3
configuring terminal idle 2-3
configuring terminal length 2-4
configuring terminal more 2-4
configuring terminal timeout 2-5
V
virtual authentication
configuring 2-26
virtual IP address
configuring 7-7
VLAN
bridge to interface 4-8
restoring default 4-9
VTY log files 8-2, 8-3
W
web management
enabling access 2-28
restricting access to the CSS 2-27
web page
verifying checksum 5-37
weight
configuring for a service 5-31
weighted roundrobin
load balancing 7-22
wildcards
domain names in content rules 7-14
using in content rule domain names 7-15
IN-22Content Services Switch Basic Configuration Guide
78-11424-01
Index
X
XML
enabling access 2-28
enabling access to the CSS 2-33
restricting access to the CSS 2-27, 2-33
using on the CSS 2-32
XOR hash
used in domainhash balance algorithm 7-21
used in urlhash balance algorithm 7-22
Y
you
audience xxii
Z
zero
resetting Ethernet statistics to 4-13
zero IP addresses
invalid 1-8
zip file
included on documentation CD 2-21
using for network boot 2-21
IN-23Content Services Switch Basic Configuration Guide
78-11424-01
Index
IN-24Content Services Switch Basic Configuration Guide
78-11424-01