Cisco Application Control Engine Module Administration Guide for the Cisco Catalyst 6500 Series Switch Software Version 3.0(0)A1(2) April 2006 Americas Headquarters Cisco Systems, Inc 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-9373-01 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system All rights reserved Copyright © 1981, Regents of the University of California NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc and/or its affiliates in the United States and certain other countries All other trademarks mentioned in this document or Website are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company (0711R) Cisco Application Control Engine Module Administration Guide Copyright © 2006 Cisco Systems, Inc All rights reserved C O N T E N T S Preface 15 Audience 15 How to Use This Guide 16 Related Documentation 17 Symbols and Conventions 20 Obtaining Documentation, Obtaining Support, and Security Guidelines 22 CHAPTER Setting Up the ACE 1-1 Establishing a Console Connection on the ACE 1-2 Sessioning and Logging into the ACE 1-4 Changing the Administrative Username and Password 1-6 Resetting the Administrator's CLI Account Password 1-7 Assigning a Name to the ACE 1-9 Configuring ACE Inactivity Timeout 1-9 Configuring a Message-of-the-Day Banner 1-10 Configuring Date and Time 1-12 Configuring the Time Zone 1-12 Adjusting for Daylight Saving Time 1-15 Viewing the System Clock Settings 1-17 Configuring Terminal Settings 1-17 Configuring Terminal Display Attributes 1-18 Configuring Terminal Line Settings 1-20 Configuring Console Line Settings 1-20 Cisco Application Control Engine Module Administration Guide OL-9373-01 Contents Configuring Virtual Terminal Line Settings 1-21 Modifying the Boot Configuration 1-23 Setting the Boot Method from the Configuration Register 1-23 Booting the ACE from the rommon Prompt 1-24 Setting the BOOT Environment Variable 1-26 Displaying the ACE Boot Configuration 1-27 Restarting the ACE 1-28 Restarting the ACE from the CLI 1-28 Restarting the ACE from the Catalyst CLI 1-29 Shutting Down the ACE 1-29 CHAPTER Enabling Remote Access to the ACE 2-1 Remote Access Configuration Quick Start 2-2 Configuring Remote Network Management Traffic Services 2-5 Creating and Configuring a Remote Management Class Map 2-6 Defining a Class Map Description 2-8 Defining Remote Network Management Protocol Match Criteria 2-8 Creating a Layer and Layer Remote Access Policy Map 2-10 Defining Management Traffic Policy Actions 2-13 Applying a Service Policy 2-14 Configuring Telnet Management Sessions 2-17 Configuring SSH Management Sessions 2-18 Configuring Maximum Number of SSH Sessions 2-18 Generating SSH Host Key Pairs 2-19 Terminating an Active User Session 2-21 Enabling ICMP Messages To the ACE 2-21 Directly Accessing a User Context Through SSH 2-23 Viewing Session Information 2-25 Showing Telnet Session Information 2-25 Cisco Application Control Engine Module Administration Guide OL-9373-01 Contents Showing SSH Session Information 2-26 Showing SSH Session Information 2-26 Showing SSH Key Details 2-27 CHAPTER Managing ACE Software Licenses 3-1 Available ACE Licenses 3-2 Ordering an Upgrade License and Generating a Key 3-3 Copying a License to the ACE 3-3 Installing a New or Upgrade License 3-4 Replacing a Demo License with a Permanent License 3-6 Removing a License 3-7 Removing a Module Bandwidth License 3-7 Removing an SSL TPS License 3-8 Removing a User Context License 3-8 Backing Up a License File 3-11 Displaying License Configurations and Statistics 3-12 CHAPTER Configuring Class Maps and Policy Maps 4-1 Class Map and Policy Map Overview 4-2 Class Maps 4-5 Policy Maps 4-6 Service Policies 4-9 Class Map and Policy Map Configuration Quick Start 4-10 Configuring Layer and Layer Class Maps 4-23 Defining Layer and Layer Classifications for Network Traffic Passing Through the ACE 4-23 Creating a Layer and Layer Network Traffic Class Map 4-24 Defining a Class Map Description 4-26 Defining Access-List Match Criteria 4-27 Cisco Application Control Engine Module Administration Guide OL-9373-01 Contents Defining Match Any Criteria 4-28 Defining Destination IP Address and Subnet Mask Match Criteria 4-28 Defining TCP/UDP Port Number or Port Range Match Criteria 4-29 Defining Source IP Address and Subnet Mask Match Criteria 4-31 Defining VIP Address Match Criteria 4-32 Defining Layer and Layer Classifications for Network Management Traffic Received by the ACE 4-35 Creating a Layer and Layer Network Management Traffic Class Map 4-35 Defining Network Management Access Match Criteria 4-37 Configuring Layer Class Maps 4-39 Defining Layer Classifications for HTTP Server Load-Balancing 4-39 Defining Layer Classifications for HTTP Deep Packet Inspection 4-41 Defining Layer Classifications for FTP Command Inspection 4-42 Configuring a Layer and Layer Policy Map 4-44 Creating a Layer and Layer Policy Map for Network Management Traffic Received by the ACE 4-45 Creating a Layer and Layer Policy Map for Network Traffic Passing Through the ACE 4-45 Defining a Layer and Layer Policy Map Description 4-46 Specifying a Layer and Layer Traffic Class With the Traffic Policy 4-47 Specifying Layer and Layer Policy Actions 4-49 Using Parameter Maps in a Layer and Layer Policy Map 4-51 Configuring a Layer Policy Map 4-53 Creating a Layer Policy Map 4-54 Adding a Layer Policy Map Description 4-55 Including Inline Match Statements in a Layer Policy Map 4-55 Specifying a Layer Traffic Class with the Traffic Policy 4-56 Specifying Layer Policy Actions 4-58 Associating the Layer Policy Map with a Layer and Layer Policy Map 4-59 Cisco Application Control Engine Module Administration Guide OL-9373-01 Contents Applying a Service Policy 4-60 Class Maps and Policy Map Examples 4-62 Firewall Example 4-62 Layer Load Balancing Example 4-65 Layer and Layer Load Balancing Example 4-67 VIP With Connection Parameters Example 4-68 Viewing Class Maps, Policy Maps, and Service Policies 4-70 Displaying Class Map Configuration Information 4-70 Displaying Policy Map Configuration Information 4-70 Displaying Service Policy Configuration Information 4-71 CHAPTER Managing the ACE Software 5-1 Saving Configuration Files 5-2 Saving the Configuration File in Flash Memory 5-3 Saving Configuration Files to a Remote Server 5-4 Copying the Configuration File to the disk0: File System 5-5 Merging the Startup-Configuration File with the Running-Configuration File 5-6 Viewing Configuration Files 5-7 Clearing the Startup-Configuration File 5-10 Loading Configuration Files from a Remote Server 5-11 Using the File System on the ACE 5-13 Listing the Files in a Directory 5-14 Copying Files 5-15 Copying Files to Another Directory on the ACE 5-15 Copying Licenses 5-16 Copying a Packet Capture Buffer 5-17 Copying Files to a Remote Server 5-17 Copying Files from a Remote Server 5-20 Copying an ACE Software System Image to a Remote Server 5-21 Cisco Application Control Engine Module Administration Guide OL-9373-01 Contents Uncompressing Files in the disk0: File System 5-22 Untarring Files in the disk0: File System 5-22 Creating a New Directory 5-23 Deleting an Existing Directory 5-24 Moving Files 5-24 Deleting Files 5-25 Displaying File Contents 5-26 Saving Show Command Output to a File 5-27 Viewing and Copying Core Dumps 5-29 Copying Core Dumps 5-29 Clearing the Core Directory 5-31 Deleting a Core Dump File 5-31 Capturing and Copying Packet Information 5-32 Capturing Packet Information 5-32 Copying Capture Buffer Information 5-34 Viewing Packet Capture Information 5-36 Using the Configuration Checkpoint and Rollback Service 5-40 Overview 5-40 Creating a Configuration Checkpoint 5-41 Deleting a Configuration Checkpoint 5-41 Rolling Back a Running Configuration 5-42 Displaying Checkpoint Information 5-42 Reformatting Flash Memory 5-43 CHAPTER Viewing ACE Hardware and Software Configuration Information 6-1 Displaying Software Version Information 6-2 Displaying Software Copyright Information 6-3 Displaying Hardware Information 6-3 Displaying Hardware Inventory 6-4 Cisco Application Control Engine Module Administration Guide OL-9373-01 Contents Displaying System Processes 6-5 Displaying Process Status Information and Memory Resource Limits 6-10 Displaying System Information 6-13 Displaying ICMP Statistics 6-15 Displaying Technical Support Information 6-16 CHAPTER Configuring Redundant ACE Modules 7-1 Overview of Redundancy 7-1 Why Configure Redundancy? 7-2 Redundancy Protocol 7-2 Stateful Failover 7-5 FT VLAN 7-6 Configuration Synchronization 7-7 Configuration Requirements and Restrictions 7-7 Redundancy Configuration Quick Start 7-8 Configuring Redundancy 7-11 Configuring an FT VLAN 7-11 Creating an FT VLAN 7-11 Configuring an FT VLAN IP Address 7-12 Configuring the Peer IP Address 7-12 Enabling the FT VLAN 7-13 Configuring an Alias IP Address 7-13 Configuring an FT Peer 7-14 Associating the FT VLAN with the Local Peer 7-14 Configuring the Heartbeat Interval and Count 7-15 Configuring a Query Interface 7-16 Configuring an FT Group 7-17 Associating a Context with an FT Group 7-17 Associating a Peer with an FT Group 7-18 Cisco Application Control Engine Module Administration Guide OL-9373-01 Contents Assigning a Priority to the Active FT Group Member 7-18 Assigning a Priority to the Standby FT Group Member 7-19 Configuring Preemption 7-20 Placing an FT Group in Service 7-21 Modifying an FT Group 7-21 Forcing a Failover 7-22 Synchronizing Redundant Configurations 7-23 Configuring Tracking and Failure Detection 7-25 Overview of Tracking and Failure Detection 7-26 Configuring Tracking and Failure Detection for a Host or Gateway 7-28 Creating a Tracking and Failure Detection Process for a Host or Gateway 7-28 Configuring the Gateway or Host IP Address Tracked by the Active Member 7-29 Configuring a Probe on the Active Member for Host Tracking 7-29 Configuring a Priority on the Active Member for Multiple Probes 7-30 Configuring the Gateway or Host IP Address Tracked by the Standby Member 7-31 Configuring a Probe on the Standby Member for Host Tracking 7-31 Configuring a Priority on the Standby Member for Multiple Probes 7-32 Example of a Tracking Configuration for a Gateway 7-33 Configuring Tracking and Failure Detection for an Interface 7-33 Creating a Tracking and Failure Detection Process for an Interface 7-34 Configuring the Interface Tracked by the Active Member 7-34 Configuring a Priority for a Tracked Interface on the Active Member 7-35 Configuring the Interface Tracked by the Standby Member 7-35 Configuring a Priority for a Tracked Interface on the Standby Member 7-36 Example of a Tracking Configuration for a Interface 7-36 Configuring Tracking and Failure Detection for an HSRP Group 7-37 Before You Begin 7-37 Cisco Application Control Engine Module Administration Guide 10 OL-9373-01 Appendix A Upgrading Your ACE Software Displaying Software Image Information Cisco Application Control Engine Module Administration Guide A-12 OL-9373-01 I N D EX redundant configuration 7-1 A remote access 2-1 ACE restarting 1-28 boot configuration 1-23 setting up 1-1 capturing packet information 5-32 shutting down 1-29 class maps, configuring 4-1 SNMP 8-1 configuration checkpoint and rollback service 5-40 terminal settings 1-17 configuration files, loading from remote server 5-11 username, changing 1-6 upgrading A-1 using file system 5-13 configuration files, saving 5-2 XML, configuring 9-1 console connection 1-2 admin user 1-4, 9-2 date and time, configuring 1-12 alias IP address 7-13 Flash memory, reformatting 5-43 inactivity timeout 1-9 information, displaying 6-1 B licenses, managing 3-1 boot configuration logging in 1-4 message-of-the-day banner 1-10 BOOT environment variable 1-26, 5-20 MIBs 8-7 booting from rommon prompt 1-24, A-7 naming 1-9 boot method 1-23, A-5 password, changing administrative 1-6 configuration register, setting boot method 1-23, A-5 password, changing CLI account 1-7 displaying 1-27 policy maps, configuring 4-1 modifying 1-23 recovery from the ROMMON utility A-7 Cisco Application Control Engine Module Administration Guide OL-9373-01 IN-1 Index upgrading A-5 BOOT environment variable, setting 1-26, 5-20 boot method, setting 1-23, A-5 Layer and 4, destination IP and subnet mask criteria 4-28 Layer and 4, for SNMP 8-36 Layer and 4, match any criteria 4-28 Layer and 4, port number criteria 4-29 C Layer and 4, source IP and subnet mask criteria 4-31 capturing packets 5-32 copying buffer 5-34 displaying buffer 5-36 checkpoint, configuration Layer and 4, VIP address criteria 4-32 Layer and quick start for management traffic 4-12 creating 5-41 Layer and quick start for network traffic 4-10 deleting 5-41 Layer 7, configuring 4-39 displaying 5-42 Layer 7, for FTP command inspection 4-42 rolling back to 5-42 Layer 7, for HTTP deep packet inspection 4-41 class map Layer 7, for HTTP load balancing 4-39 configuration, displaying 4-70 example, firewall 4-62 example, Layer and load balancing 4-67 example, Layer load balancing 4-65 example, VIP 4-68 Layer quick start 4-14 overview 4-2, 4-5 remote management 2-6 remote management description 2-8 Layer and 4, access list match criteria 4-27 remote management protocol match criteria 2-8 Layer and 4, class map description 4-26 SNMP management traffic 8-36 Layer and 4, configuring 4-23 XML 9-14 Layer and 4, creating for management traffic 4-35, 9-14 Layer and 4, creating for network traffic 4-24 Layer and 4, criteria for management traffic 4-37 CLI account password, changing 1-7 restarting ACE from 1-28 saving session 1-3 user management of SNMP 8-6 clock Cisco Application Control Engine Module Administration Guide IN-2 OL-9373-01 Index daylight saving time, setting 1-15 console line settings 1-20 timezone, setting 1-12 contact, SNMP 8-28 viewing system clock settings 1-17 context communities, SNMP 8-26 associating with FT group 7-17 configuration checkpoint and rollback service directly accessing with SSH 2-23 creating configuration checkpoint 5-41 copying deleting configuration checkpoint 5-41 configuration files 5-4, 5-5 displaying checkpoint information 5-42 core dumps 5-29 overview 5-40 files 5-15 rolling back configuration 5-42 files from remote server 5-20 using 5-40 files to remote server 5-17 configuration files licenses 5-16 clearing startup file 5-10 packet capture buffer 5-17 copying to disk0 file system 5-5 software image 5-21 displaying 5-7 upgrade image A-4 loading from remote server 5-11 copyright, displaying 6-3 merging startup with running 5-6 core dumps 5-29 saving 5-2 clearing core directory 5-31 saving in Flash memory 5-3 copying 5-29 saving to remote server 5-4 deleting 5-31 configuration register rommon prompt 1-24 setting boot method 1-23, A-5 values 1-24 configuration synchronization D date and time configuring 1-12 overview 7-7 daylight saving time setting 1-15 SSL certs and keys 7-24 time zone setting 1-12 console connection to ACE 1-2 viewing system clock 1-17 daylight saving time setting 1-15 Cisco Application Control Engine Module Administration Guide OL-9373-01 IN-3 Index default user process status 6-10 admin 1-4, 9-2 redundancy configuration 7-42 www 1-4, 9-2 redundancy history 7-47 demo license, replacing with permanent license 3-6 software version 6-2 system information 6-13 directory system processes 6-5 copying files 5-15 creating in disk0 5-23 technical support information 6-16 DTD deleting from disk0 5-24 accessing 9-26 listing files 5-14 overview 9-7 disk0 creating new directory in 5-23 deleting directory in 5-24 moving files in 5-24 E environment overview 5-13 boot environment variable, setting 1-26 uncompressing files in 5-22 untarring files in 5-22 display attributes, terminal 1-18 displaying copyright 6-3 file contents 5-26 FT group information 7-43 FT peer information 7-48 FT statistics 7-51 FT tracking information 7-54 hardware information 6-3 hardware inventory 6-4 ICMP statistics 6-15 information on ACE 6-1 memory statistics 7-47 F failover forcing 7-22 stateful 7-5 failure detection 7-25 host or gateway 7-28 host or gateway, example configuration 7-33 host or gateway, IP address 7-29, 7-31 host or gateway, probe 7-29, 7-31 host or gateway, probe priority 7-30, 7-32 host or gateway, process 7-28 HSRP group 7-37 Cisco Application Control Engine Module Administration Guide IN-4 OL-9373-01 Index HSRP group, example 7-41 using ACE 5-13 HSRP group, group priority 7-40, 7-41 Flash memory HSRP group, group to track 7-39, 7-40 file system overview 5-13 HSRP group, process 7-38 reformatting 5-43 HSRP requirements 7-37 saving configuration files in 5-3 interface 7-33 FT group interface, example 7-36 assigning priority to group member 7-18 interface, interface priority 7-35, 7-36 assigning priority to standby group member 7-19 interface, interface to track 7-34, 7-35 associating context 7-17 interface, process 7-34 associating peer 7-18 overview 7-26 configuring 7-17 fault tolerance displaying information 7-43 See redundancy modifying 7-21 file system placing in service 7-21 copying files from remote server 5-20 preemption, configuring 7-20 copying files to directory 5-15 FTP command inspection class map 4-42 copying files to remote server 5-17 FT peer copying image to remote server 5-21 associating with FT group 7-18 copying licenses 5-16 associating with FT VLAN 7-14 copying packet capture buffer 5-17 configuring 7-14 creating new directory in disk0 5-23 displaying information 7-48 deleting directory in disk0 5-24 heartbeat configuration 7-15 deleting files 5-25 query interface, configuring 7-16 displaying file contents 5-26 FT tracking, displaying information 7-54 listing files 5-14 FT VLAN 7-6, 7-11 moving files in disk0 5-24 associating with FT peer 7-14 overview 5-13 saving show command output to file 5-27 uncompressing files in disk0 5-22 untarring files in disk0 5-22 creating 7-11 enabling 7-13 IP address 7-12 Cisco Application Control Engine Module Administration Guide OL-9373-01 IN-5 Index peer IP address 7-12 enabling messages to the ACE 2-21 image autobooting image A-5 G BOOT environment variable 1-26 copying and booting from the supervisor engine A-9 gateway failure detection See failure detection copying to remote server 5-21 copying upgrade image to ACE A-4 H software image information, displaying A-11 hardware information, displaying 6-3, 6-4 heartbeat configuration 7-15 host failure detection See failure detection HSRP group version A-11 inactivity timeout 1-9 interface failure detection See failure detection inventory, displaying hardware 6-4 IP address alias 7-13 failure detection 7-37 tracking requirements 7-37 HTTP K deep packet inspection class map 4-41 load balancing class map 4-39 key generating for license 3-3 return codes between server and client 9-5 pair for SSH host 2-19 HyperTerminal launching 1-2 saving session 1-3 L Layer and class map I access list match criteria 4-27 configuring 4-23 ICMP displaying statistics 6-15 criteria for management traffic 4-37 Cisco Application Control Engine Module Administration Guide IN-6 OL-9373-01 Index description 4-26 destination IP and subnet mask criteria 4-28 management traffic, creating for 4-35, 9-14 description 4-55 network traffic, creating for 4-24 for FTP command inspection 4-58 port number criteria 4-29 quick start for management traffic 4-12 for SSL security services 4-58 SNMP, creating for 8-36 source IP and subnet mask criteria 4-31 quick start 4-20 Layer and policy map specifying traffic class 4-56 configuring 4-44 licenses description 4-46 backing up 3-11 for management traffic 4-45, 9-17 copying 5-16 for network traffic 4-45 copying to ACE 3-3 policy actions 4-49 quick start for management traffic 4-18 using parameter maps 4-51 Layer class map configuring 4-39 for FTP command inspection 4-42 for HTTP deep packet inspection 4-41 for HTTP load balancing 4-39 inline match statements 4-55 policy actions 4-58 VIP address criteria 4-32 specifying traffic class 4-47 for HTTP deep packet inspection 4-58 for HTTP load balancing 4-58 quick start for network traffic 4-10 SNMP, creating 8-39 configuring 4-53 creating 4-54 match any criteria 4-28 quick start for network traffic 4-16 associating with Layer and policy map 4-59 displaying configuration and statistics 3-12 generating key 3-3 installing 3-4 list of available 3-2 managing 3-1 ordering upgrade license 3-3 removing 3-7 replacing demo with permanent 3-6 location, SNMP 8-28 logging into ACE 1-4 quick start 4-14 Layer policy map Cisco Application Control Engine Module Administration Guide OL-9373-01 IN-7 Index virtual context change 8-32 M management access Layer and traffic 9-17 Layer and traffic classification 4-35 P packet buffer Layer and traffic policy 4-45 buffer size, specifying 5-32 quick start 4-10 capturing packets 5-32 service policy, applying 4-60 copying capture buffer 5-17, 5-34 SSH, configuring 2-18 displaying capture buffer 5-36 Telnet 2-17 message-of-the-day banner 1-10 MIBs 8-7 parameter map associating with Layer and policy map 4-51 password monitoring changing administrative 1-6 See SNMP moving files in disk0 5-24 changing CLI account 1-7 peer See FT peer N ping naming the ACE 1-9 enabling 2-21 policy map notifications error messages 8-32 actions for remote access 2-13 IETF standard, enabling 8-33 actions for SNMP 8-41 options 8-32 configuration, displaying 4-70 SLB 8-31 connection redundancy 4-50 SNMP 8-17, 8-29, 8-32 example, firewall 4-62 SNMP, enabling 8-31 example, Layer and load balancing 4-67 SNMP host, configuring 8-29 example, Layer load balancing 4-65 SNMP license manager 8-31 example, VIP 4-68 types 8-31 IP, TCP, and UDP connection behavior 4-50 Layer and 4, configuring 4-44 Cisco Application Control Engine Module Administration Guide IN-8 OL-9373-01 Index Layer and 4, for management traffic 4-45, 9-17 probe for failure detection 7-29, 7-31 Layer and 4, for network traffic 4-45 Layer and 4, for SNMP 8-39 processes displaying 6-5 Layer and 4, specifying traffic class 4-47 Layer and 4, using parameter maps 4-51 Layer and application protocol inspection 4-50 displaying status of 6-10 protocol match criteria, for remote class map 2-8 Layer and policy actions 4-49 Layer and policy map description 4-46 Q Layer and quick start for management traffic 4-18 query interface for FT peer 7-16 quick start Layer and quick start for network traffic 4-16 Layer and class map for management traffic 4-12 Layer and SLB 4-50 Layer 7, associating with Layer and policy map 4-59 Layer 7, configuring 4-53 Layer 7, creating 4-54 Layer and class map for network traffic 4-10 Layer and policy map for management traffic 4-18 Layer 7, inline match statements 4-55 Layer and policy map for network traffic 4-16 Layer 7, policy actions 4-58 Layer class map 4-14 Layer 7, specifying traffic class 4-56 Layer policy map 4-20 Layer description 4-55 redundancy 7-8 Layer quick start 4-20 remote access 2-2 NATs 4-50 SNMP 8-22 overview 4-2, 4-6 upgrading A-2 remote access 2-10 XML 9-11 service policy, applying 4-60 SNMP management traffic 8-39 SSL security services 4-50 XML 9-17 Cisco Application Control Engine Module Administration Guide OL-9373-01 IN-9 Index class map, creating 2-6 R class map description 2-8 recoverying the ACE from the ROMMON utility A-7 redundancy 7-1 class map protocol match criteria 2-8 enabling 2-1 configuration, displaying 7-42 network management traffic services, configuring 2-5 configuration requirements 7-7 policy actions 2-13 configuration synchronization overview 7-7 policy map 2-10 configuring 7-11 quick start 2-2 failure detection and tracking 7-25 service policy 2-14 forcing failover 7-22 SSH, configuring 2-18 FT group, configuring 7-17 Telnet 2-17 FT group information, displaying 7-43 terminating user session 2-21 FT peer, configuring 7-14 remote server FT peer information, displaying 7-48 copying files from 5-20 FT statistics, displaying 7-51 copying files to 5-17 FT tracking information, displaying 7-54 copying image to 5-21 FT VLAN 7-6 loading configuration files from 5-11 FT VLAN, configuring 7-11 saving configuration files to 5-4 history, displaying 7-47 restarting ACE 1-28 memory statistics, displaying 7-47 from ACE CLI 1-28 overview 7-1 from Catalyst CLI 1-29 protocol 7-2 quick start 7-8 stateful failover 7-5 statistics, clearing 7-58 rollback service See configuration checkpoint and rollback service rommon synchronizing 7-23 configuration register, setting 1-24 synchronizing SSL certs and keys 7-24 mode 1-24 reformatting Flash memory 5-43 prompt 1-24 remote access prompt, booting the ACE from 1-24 Cisco Application Control Engine Module Administration Guide IN-10 OL-9373-01 Index recovering the ACE from A-7 shutting down ACE 1-29 running configuration Simple Network Management Protocol copying to disk0 file system 5-5 See SNMP merging with startup 5-6 SNMP saving to startup configuration file 5-3 AAA integration 8-6 viewing 5-7 agents, communication 8-4 agents, overview 8-3 class map, creating 8-36 S CLI user management 8-6 communities 8-26 service policy configuration, displaying 4-71 contact 8-28 HTTP management policy map, applying 9-19 IETF standard 8-33 HTTPS management policy map, applying 9-19 linkDown trap 8-33 Layer and policy map, applying globally to all context VLAN interfaces 4-60 location 8-28 limitations 8-20 linkUp trap 8-33 Layer and policy map, applying to VLAN interface 4-60 management traffic, configuring 8-35 overview 4-9 managers, overview 8-3 remote access policy map, applying 2-14 MIBs 8-7 SNMP management policy map, applying 8-42 notifications 8-29 session maximum number for SSH 2-18 SSH information, showing 2-26 SSH key details, showing 2-27 Telnet information, showing 2-25 terminating SSH or Telnet 2-21 to ACE 1-4 managers, communication 8-4 overview 8-2 policy actions 8-41 policy map, creating 8-39 quick start 8-22 service policy 8-42 statistics 8-45 traps 8-17 traps and informs 8-5 setting up ACE 1-1 Cisco Application Control Engine Module Administration Guide OL-9373-01 IN-11 Index users, configuring 8-24 redundancy history, clearing 7-58 VLAN interface, assigning 8-34 SNMP 8-45 software licenses See licenses stopping ACE 1-29 synchronization of configuration 7-7 software version, displaying 6-2 synchronizing redundant configurations 7-23 SSH 2-18 system information, displaying 6-13 directly accessing a user context 2-23 system processes host key pairs 2-19 displaying 6-5 management access 2-18 displaying status of 6-10 maximum sessions 2-18 RSA key 2-19 showing key details 2-27 T showing session information 2-26 technical support information, displaying 6-16 terminating session 2-21 Telnet version 2-9 SSL management access, configuring 2-17 showing information 2-25 certs and keys, synchronizing 7-24 startup configuration terminating session 2-21 terminal settings copying to disk0 file system 5-5 configuring 1-17 merging with running 5-6 console line settings 1-20 saving to remote server 5-4 display attributes 1-18 updating with running configuration 5-3 virtual terminal line settings 1-21 viewing 5-7 stateful failover 7-5 statistics time zone setting 1-12 tracking See failure detection FT 7-51 traps, SNMP 8-5, 8-17 FT, clearing 7-58 license 3-12 memory 7-47 Cisco Application Control Engine Module Administration Guide IN-12 OL-9373-01 Index U W uncompressing files in disk0 5-22 www user 1-4, 9-2 untarring files in disk0 5-22 upgrade license 3-3 X upgrading booting image A-5 XML copying image to ACE A-4 class map, creating 9-14 image information A-11 DTD, accessing 9-26 overview A-1 DTD, overview 9-7 quick start A-2 enabling the exchange of output in XML 9-23 recovery from the ROMMON utility A-7 HTTP and HTTPS support 9-4 reloading ACE A-6 HTTP return codes 9-5 user context, directly accessing with SSH 2-23 management traffic, configuring 9-13 username, changing 1-6 overview 9-2 users, configuring for SNMP 8-24 policy map, creating 9-17 quick start 9-11 sample configuration 9-9 V service policy 9-19 version, software 6-2, A-11 virtual terminal line settings 1-21 VLANs for SNMP traps 8-34 FT VLAN for redundancy 7-6, 7-11 service policy, applying policy map 4-60 volatile file system 5-13 Cisco Application Control Engine Module Administration Guide OL-9373-01 IN-13 Index Cisco Application Control Engine Module Administration Guide IN-14 OL-9373-01 ... Configuring the XML Interface 9-1 XML Overview 9-2 XML Usage with the Cisco Application Control Engine (ACE) module 9-2 HTTP and HTTPS Support with the Cisco Application Control Engine (ACE) module 9-4... Information A-11 INDEX Cisco Application Control Engine Module Administration Guide OL-9373-01 13 Contents Cisco Application Control Engine Module Administration Guide 14 OL-9373-01 Preface This guide... for the Cisco Provides information about operating Application Control considerations, caveats, and command-line Engine Module interface (CLI) commands for the ACE Cisco Application Control Provides