Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference Software Release 2.1(1) May, 2005 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
C ON T E N T S Preface xi Audience xi Organization xi Conventions xii Related Documentation xiii Obtaining Documentation xiii Cisco.
Contents manager (DFP submode) exit 2-12 2-13 ft group 2-14 failover (fault tolerant submode) 2-16 heartbeat-time (fault tolerant submode) preempt (fault tolerant submode) 2-18 priority (fault tolerant submode) 2-19 track (fault tolerant submode) 2-20 hw-module csm standby config-sync ip slb mode 2-22 map cookie 2-24 2-17 2-21 match protocol http cookie (cookie map submode) map dns 2-25 2-26 match protocol dns domain (DNS map submode) map header 2-27 2-28 insert protocol http heade
Contents sticky-group (policy submode) url-map (policy submode) probe 2-52 2-53 2-54 address (probe submode) 2-56 credentials (probe submode) 2-57 description (serverfarm submode) expect status (probe submode) failed (probe submode) 2-62 interval (probe submode) 2-63 name (probe submode) 2-64 open (probe submode) 2-65 2-66 receive (probe submode) 2-67 recover (probe submode) 2-68 request (probe submode) 2-69 retries (probe submode) script (probe submode) real 2-59 2-61 header (prob
Contents webhost backup (redirect virtual server submode) webhost relocation (redirect virtual server submode) reverse-sticky script file 2-90 2-91 2-92 2-93 script task 2-95 serverfarm 2-96 bindid (serverfarm submode) 2-97 description (serverfarm submode) 2-98 failaction (serverfarm submode) health (serverfarm submode) 2-99 2-100 nat client (serverfarm submode) 2-101 nat server (serverfarm submode) 2-102 predictor (serverfarm submode) probe (serverfarm submode) 2-103 2-106 retcode-ma
Contents show module csm static server show module csm stats 2-135 2-137 show module csm status 2-139 show module csm sticky 2-140 show module csm tech-script 2-142 show module csm tech-support 2-143 show module csm variable 2-146 show module csm vlan 2-148 show module csm vserver redirect show module csm xml stats snmp enable traps slb ft static 2-152 2-153 2-154 real (static NAT submode) sticky 2-155 2-156 cookie offset (sticky submode) 2-158 cookie secondary (sticky submode) head
Contents sticky (virtual server submode) 2-180 unidirectional (virtual server submode) url-hash (virtual server submode) virtual (virtual server submode) vlan (virtual server submode) vlan 2-184 2-187 2-189 description (VLAN submode) gateway (VLAN submode) 2-191 2-192 ip address (VLAN submode) route (VLAN submode) xml-config 2-193 2-194 2-195 client-group (XML submode) 2-196 credentials (XML submode) inservice (XML submode) 3 2-183 2-188 alias (VLAN submode) CHAPTER 2-182 2-197 2-198 p
Contents show ssl-proxy natpool 3-35 show ssl-proxy policy 3-36 show ssl-proxy service 3-38 show ssl-proxy stats 3-40 show ssl-proxy status 3-43 show ssl-proxy version show ssl-proxy vlan 3-45 3-46 show ssl-proxy vts 3-47 snmp-server enable 3-48 ssl-proxy crypto selftest ssl-proxy mac address ssl-proxy natpool ssl-proxy pki 3-49 3-50 3-51 3-52 ssl-proxy policy http-header ssl-proxy policy ssl 3-56 ssl-proxy policy tcp 3-60 ssl-proxy policy url-rewrite ssl-proxy pool ca 3-65 ssl-p
Contents APPENDIX A Acronyms A-1 INDEX Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference x OL-7029-01
Preface This preface describes the audience, organization, and conventions of this publication, and provides information on how to obtain related documentation. This guide contains the commands available for use with the Cisco Content Switching Module with SSL (CSM-S). Use this guide with the Catalyst 6500 Series Switch Content Switching Module with SSL Installation Note and the Catalyst 6500 Series Switch Content Switching Module with SSL Installation and Configuration Note.
Preface Conventions Conventions This document uses the following conventions: Convention Description boldface font Commands, command options, and keywords are in boldface. italic font Arguments for which you supply values are in italics. [ ] Elements in square brackets are optional. Default responses to system prompts are in square brackets. {x|y|z} Alternative keywords are grouped in braces and separated by vertical bars.
Preface Related Documentation Related Documentation For more detailed installation and configuration information for the Content Switching Module with SSL, refer to the following publications: • Release Notes for the Catalyst 6500 Series Switch Content Switching Module with SSL • Catalyst 6500 Series Switch Content Switching Module with SSL Installation Note • Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference • Regulatory Compliance and Safety Information for the Cataly
Preface Documentation Feedback Registered Cisco.com users (Cisco direct customers) can order a Cisco Documentation DVD (product number DOC-DOCDVD=) from the Ordering tool or Cisco Marketplace. Cisco Ordering tool: http://www.cisco.com/en/US/partner/ordering/ Cisco Marketplace: http://www.cisco.com/go/marketplace/ Ordering Documentation You can find instructions for ordering documentation at this URL: http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.
Preface Obtaining Technical Assistance If you prefer to see advisories and notices as they are updated in real time, you can access a Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL: http://www.cisco.com/en/US/products/products_psirt_rss_feed.html Reporting Security Problems in Cisco Products Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly.
Preface Obtaining Technical Assistance Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support Website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs.
Preface Obtaining Additional Publications and Information Obtaining Additional Publications and Information Information about Cisco products, technologies, and network solutions is available from various online and printed sources. • Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL: http://www.cisco.
Preface Obtaining Additional Publications and Information Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference xviii OL-7029-01
C H A P T E R 1 Using Content Switching Module Commands This chapter describes how to use the CSM and CSM-S commands and contains the following sections: Note • Using the CSM and CSM-S Commands, page 1-1 • Command Modes, page 1-2 Except where specifically differentiated, the term “Content Switching Module” and its acronym “CSM” includes both the Content Switching Module and the Content Switching Module with SSL.
Chapter 1 Using Content Switching Module Commands Command Modes With the command-line interface (CLI), you can do the following tasks: • Check the syntax before entering a command. Enter a command and press the ? key to view a quick summary, or precede a command with the help command (help aaa, for example). • Abbreviate commands. You can use the config t command to start configuration mode, the write t command statement to list the configuration, and the write m commmand to write to Flash memory.
Chapter 1 Using Content Switching Module Commands Regular Expressions Use the exit or end commands to exit privileged mode and return to unprivileged mode as follows: Router# exit Logoff Type help or '?' for a list of available commands. Router> Use the disable command to exit privileged mode and return to unprivileged mode as follows: Router# disable Router> • Configuration mode The configuration mode allows you to change the configuration.
Chapter 1 Using Content Switching Module Commands Regular Expressions Expression Meaning “.\a” Alert (ASCII 7) “.\b” Backspace (ASCII 80 “.\f” Form-feed (ASCII 12) “.\n” Newline (ASCII 10) “.\r” Carriage return (ASCII 13) “.\t” Tab (ASCII 9) “.\v” Vertical tab (ASCII 11) “.\0” Null (ASCII 0) “.\\” Backslash “.
C H A P T E R 2 Content Switching Module with SSL Commands This chapter contains an alphabetical listing of the commands necessary to configure the CSM-S. These commands are unique to server load-balancing (SLB) and Layer 3 switching.
Chapter 2 Content Switching Module with SSL Commands arp arp To configure a static ARP entry, use the arp command. To remove the static ARP entry from the configuration, use the no form of this command. arp ip_address mac-address vlan id no arp ip_address Syntax Description ip_address IP address that you want associate with the ARP entry. mac-address MAC address of the host. vlan id Identifies the VLAN. Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands capp udp capp udp To enter the Content Application Peering Protocol (CAPP) User Datagram Protocol (UDP) configuration submode, and then enable the CAPP, use the capp udp command. To remove the CAPP UDP configuration, use the no form of this command. capp udp no capp udp Syntax Description This command has no arguments or keywords. Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands capp udp Related Commands port (CAPP UDP submode) Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference 2-4 OL-7029-01
Chapter 2 Content Switching Module with SSL Commands options (CAPP UDP submode) options (CAPP UDP submode) To assign session options to an IP address, use the options command in the CAPP UDP submode. To remove the options for the specified address from the configuration, use the no form of this command. options ip_address encryption MD5 secret no options ip_address Syntax Description ip_address IP address that you want associate with this group of options. encryption MD5 Specifies MD5 authentication.
Chapter 2 Content Switching Module with SSL Commands port (CAPP UDP submode) port (CAPP UDP submode) To set the port number for CAPP UDP connections, use the port command in the CAPP UDP submode. To remove the port from the configuration, use the no form of this command. port port_num no port Syntax Description port_num Defaults The no form of this command sets the port to 5002. Command Modes CSM CAPP UDP submode Command History Release Examples Specifies the UDP port number.
Chapter 2 Content Switching Module with SSL Commands secure (CAPP UDP submode) secure (CAPP UDP submode) To enable or disable the encryption requirement for inbound CAPP datagrams, use the secure command in the CAPP UDP submode. This command prevents unauthorized messages from entering the CSM. To remove the encryption requirement from the configuration, use the no form of this command. secure no secure Syntax Description This command has no arguments or keywords.
Chapter 2 Content Switching Module with SSL Commands clear module csm clear module csm To force the active CSM to become the standby module, use the clear module csm command. clear module csm [slot | all] arp-cache ip-address connections [real | vserver] counters ft active linecard-configuration sticky [1-255 | all] Syntax Description slot (Optional) Specifies the CSM location in the switch. Range is from 1 to 9. all (Optional) Applies to all online CSM modules.
Chapter 2 Content Switching Module with SSL Commands dfp dfp To enter the Dynamic Feedback Protocol (DFP) submode, and then configure DFP, use the dfp command. To remove the DFP configuration, use the no form of this command. dfp [password password [timeout]] no dfp [password password] Syntax Description password (Optional) Specifies a password for MD5 authentication. password (Optional) Password value for MD5 authentication. This password must be the same on all DFP manager devices.
Chapter 2 Content Switching Module with SSL Commands dfp Related Commands show module csm dfp Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference 2-10 OL-7029-01
Chapter 2 Content Switching Module with SSL Commands agent (DFP submode) agent (DFP submode) To configure the DFP agent to which the CSM is going to communicate, use the agent command in the SLB DFP submode. To remove the agent configuration, use the no form of this command. agent ip-address port [keepalive-timeout [retry-count [retry-interval]]] no agent ip-address port Syntax Description Defaults ip-address IP address of the DFP agent. port Port number of the DFP agent.
Chapter 2 Content Switching Module with SSL Commands manager (DFP submode) manager (DFP submode) To set the port where an external DFP can connect to the CSM, use the manager command in SLB DFP submode. To remove the manager configuration, use the no form of this command. manager port no manager Syntax Description port Defaults This command has no default settings. Command Modes SLB DFP configuration submode Command History Release Port number. Modification CSM release 1.
Chapter 2 Content Switching Module with SSL Commands exit exit To log out of the system or to leave a subcommand mode, use the exit command. exit Syntax Description This command has no arguments or keywords. Defaults This command has no default settings. Command Modes Command mode Usage Guidelines To leave a subcommand mode, use the exit command. The exit command saves any changes before leaving the submode.
Chapter 2 Content Switching Module with SSL Commands ft group ft group To enter the fault tolerant submode, and then configure fault tolerance on the CSM, use the ft group command. To remove the fault-tolerant configuration, use the no form of this command. ft group group-id vlan vlan number no ft group Syntax Description group-id ID of the fault-tolerant group. Both CSMs must have the same group ID. Range is from 1 to 254.
Chapter 2 Content Switching Module with SSL Commands ft group Examples This example shows how to configure a fault-tolerant group named 123 on VLAN 5 and set the failover time to 3 seconds: Cat6k-2(config-module-csm)# ft group 123 vlan 5 Cat6k-2(config-slb-ft)# failover 3 Related Commands failover (fault tolerant submode) heartbeat-time (fault tolerant submode) preempt (fault tolerant submode) priority (fault tolerant submode) show module csm ft Catalyst 6500 Series Switch Content Switching Module wit
Chapter 2 Content Switching Module with SSL Commands failover (fault tolerant submode) failover (fault tolerant submode) To set the time for a standby CSM to wait before becoming an active CSM, use the failover command in the SLB fault-tolerant configuration submode. To remove the failover configuration, use the no form of this command. failover failover-time no failover Syntax Description failover-time Defaults Failover time is 3 seconds.
Chapter 2 Content Switching Module with SSL Commands heartbeat-time (fault tolerant submode) heartbeat-time (fault tolerant submode) To set the time interval between heartbeat messages that are transmitted by the CSM, use the heartbeat-time command in the SLB fault-tolerant configuration submode. To restore the default heartbeat interval, use the no form of this command. heartbeat-time heartbeat-time no heartbeat-time Syntax Description heartbeat-time Defaults Heartbeat time is 1 second.
Chapter 2 Content Switching Module with SSL Commands preempt (fault tolerant submode) preempt (fault tolerant submode) To allow a higher priority CSM to take control of a fault-tolerant group when it comes online, use the preempt command in the SLB fault-tolerant configuration submode. To restore the preempt default value, use the no form of this command. preempt no preempt Syntax Description This command has no arguments or keywords. Defaults The default value is that preempt is disabled.
Chapter 2 Content Switching Module with SSL Commands priority (fault tolerant submode) priority (fault tolerant submode) To set the priority of the CSM, use the priority command in the SLB fault-tolerant configuration submode. To restore the priority default value, use the no form of this command. priority value [alt value] no priority Syntax Description alt (Optional) Configures the alternate priority value for the standby CSM. value (Optional) Priority of a CSM; the range is from 1 to 254.
Chapter 2 Content Switching Module with SSL Commands track (fault tolerant submode) track (fault tolerant submode) To set the fault-tolerant tracking for the gateway, HSRP group, or interface of the CSM, use the track command in the SLB fault-tolerant configuration submode. track {gateway ip_addr | group group_number | interface {async | ctunnel | dialer | fastethernet | gigabitethernet} | mode {all | any}} Syntax Description gateway ip_addr Configures a gateway or host for tracking.
Chapter 2 Content Switching Module with SSL Commands hw-module csm standby config-sync hw-module csm standby config-sync To synchronize the configuration between the active CSM and standby CSM, enter the hw-module csm standby config-sync command on the active CSM: hw-module csm slot standby config-sync Syntax Description slot Defaults Route processor mode. Command Modes Global configuration Command History Release Modification CSM release 4.2(1) This command was introduced.
Chapter 2 Content Switching Module with SSL Commands ip slb mode ip slb mode To operate as a CSM load-balancing device instead of a Cisco IOS server load balancing (SLB) device, use the ip slb mode command to configure the switch. To remove the mode configuration, use the no form of this command.
Chapter 2 Content Switching Module with SSL Commands ip slb mode Examples This example shows how to configure the CSM load-balancing mode: Cat6k-2(config)# ip slb mode csm Related Commands module csm show ip slb mode Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference OL-7029-01 2-23
Chapter 2 Content Switching Module with SSL Commands map cookie map cookie To create a cookie map, and then enter the cookie map configuration submode for specifying cookie match rules, use the map cookie command. To remove the cookie maps from the configuration, use the no form of this command. map cookie-map-name cookie no map cookie-map-name Syntax Description cookie-map-name Cookie map instance; the character string is limited to 15 characters. cookie Enters the cookie map submode.
22 Chapter 2 Content Switching Module with SSL Commands match protocol http cookie (cookie map submode) match protocol http cookie (cookie map submode) To add cookies to a cookie map, use the match protocol http cookie command in SLB cookie map configuration submode. Multiple match rules can be added to a cookie map. To remove the cookie map name from the cookie map, use the no form of this command.
Chapter 2 Content Switching Module with SSL Commands map dns map dns To enter the SLB DNS map mode and configure a DNS map, use the map dns command. To remove the DNS map from the configuration, use the no form of this command. map dns-map-name dns no map dns-map-name dns Syntax Description dns-map-name Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands match protocol dns domain (DNS map submode) match protocol dns domain (DNS map submode) To add a DNS domain to a DNS map, use the match protocol dns domain command in the SLB DNS map configuration submode. To remove the DNS domain from the URL map, use the no form of this command. match protocol dns domain name no match protocol dns domain name Syntax Description name Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands map header map header To create a map group for specifying HTTP headers, and then enter the header map configuration submode, use the map header command. To remove the HTTP header group from the configuration, use the no form of this command. map name header no map name Syntax Description name Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands insert protocol http header (header map submode) insert protocol http header (header map submode) To insert header fields and values into an HTTP request, use the insert protocol http header command in SLB header map configuration submode. To remove the header insert item from the header map, use the no form of this command.
Chapter 2 Content Switching Module with SSL Commands match protocol http header (header map submode) match protocol http header (header map submode) To specify header fields and values for the CSM to search for when receiving a request, use the match protocol http header command in SLB header map configuration submode. Multiple match rules can be added to a header map. To remove the header match rule from the header map, use the no form of this command.
Chapter 2 Content Switching Module with SSL Commands map retcode map retcode To enable return code checking, and then enter the return code map submode, use the map retcode command. To remove the return code checking from the configuration, use the no form of this command. map name retcode no map name Syntax Description name Return error code map instance; the character string is limited to 15 characters. retcode Keyword to enter the return error code map submode.
Chapter 2 Content Switching Module with SSL Commands match protocol http retcode (return code map submode) match protocol http retcode (return code map submode) To specify return code thresholds, count and log return codes, and send syslog messages for return code events received from the servers, use the match protocol http retcode command in SLB return code map configuration submode. To remove the return code thresholds, use the no form of this command.
Chapter 2 Content Switching Module with SSL Commands map url map url To enter the SLB URL map mode and configure a URL map, use the map url command. To remove the URL map from the configuration, use the no form of this command. map url-map-name url no map url-map-name Syntax Description url-map-name Defaults This command has no default settings. Command Modes SLB URL map configuration submode Command History Release Name of an SLB URL map; the character string range is from 1 to 15 characters.
Chapter 2 Content Switching Module with SSL Commands match protocol http url (URL map submode) match protocol http url (URL map submode) To add a URL regular expression to a URL map, use the match protocol http url command in the SLB URL map configuration submode. Multiple match rules can be added to a URL map. To remove the URL regular expression from the URL map, use the no form of this command.
Chapter 2 Content Switching Module with SSL Commands module csm module csm To allow the association of load-balancing commands to a specific CSM module, and then enter the CSM module configuration submode for the specified slot, use the module csm command. To remove the module csm configuration, use the no form of this command. Note The module ContentSwitching Module slot command is the full syntax; the module csm slot command is a valid shortcut.
Chapter 2 Content Switching Module with SSL Commands natpool (module CSM submode) natpool (module CSM submode) To configure source NAT and create a client address pool, use the natpool command in module CSM configuration submode. To remove a natpool configuration, use the no form of this command.
Chapter 2 Content Switching Module with SSL Commands variable (module CSM submode) variable (module CSM submode) To specify the environmental variables in the configuration, use the variable command. To remove a environmental variables from the configuration, use the no form of this command. variable name value no variable name Syntax Description name Specifies a name string for the variable. value Specifies a value string for the variable. Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands variable (module CSM submode) Name Default Valid Values Description ADVERTISE_RHI_FREQ 10 Integer (1 to 65535) Frequency (in seconds) that the CSM uses to check for RHI updates. AGGREGATE_BACKUP_SF_STATE_TO_V S 0 Integer (0 to 1) Specifies whether to include the operational state of a backup server farm into the state of a virtual server.
Chapter 2 Content Switching Module with SSL Commands variable (module CSM submode) Name Default Valid Values Description SWITCHOVER_SP_ACTION 0 Integer (0 to 1) Specifies whether to recover (0) or halt/reboot (1) after a supervisor engine SP switchover occurs. SYN_COOKIE_INTERVAL 3 Integer (1 to 60) Specifies the interval (in seconds), at which a new syn-cookie key is generated.
Chapter 2 Content Switching Module with SSL Commands owner owner To configure an owner object, use the owner command in module CSM configuration submode. To remove an owner configuration, use the no form of this command. owner name no owner Syntax Description name Defaults This command has no default settings. Command Modes Module CSM configuration submode Command History Release Name of the object owner. Modification CSM release 4.1(1) This command was introduced. CSM-S release 1.
Chapter 2 Content Switching Module with SSL Commands billing-info (owner submode) billing-info (owner submode) To configure billing information for an owner object, use the billing-info command in the owner configuration submode. To remove billing information from the configuration, use the no form of this command. billing-info billing-address-information no billing-info Syntax Description billing-address-information Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands contact-info (owner submode) contact-info (owner submode) To configure an e-mail address for an owner object, use the contact-info command in owner configuration submode. To remove the contact information from the owner configuration, use the no form of this command. contact-info string no contact-info Syntax Description string Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands maxconns (owner submode) maxconns (owner submode) To configure the maximum number of concurrent connections allowed for an owner object, use the maxconns command in owner configuration submode. To remove the maximum connections from the owner configuration, use the no form of this command. maxconns number no maxconns Syntax Description number Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands policy policy To configure policies, associate attributes to a policy, and then enter the policy configuration submode, use the policy command. In this submode, you can configure the policy attributes. The policy is associated with a virtual server in virtual server submode. To remove a policy, use the no form of this command. policy policy-name no policy policy-name Syntax Description policy-name Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands client-group (policy submode) client-group (policy submode) To associate an access list with a policy, use the client-group command in SLB policy configuration submode. To remove an access list from a policy, use the no form of this command. client-group {1–99 | std-access-list-name} no client-group Syntax Description 1–99 Standard IP access list number. std-access-list-name Standard access list name.
Chapter 2 Content Switching Module with SSL Commands cookie-map (policy submode) cookie-map (policy submode) To associate a list of cookies with a policy, use the cookie-map command in SLB policy configuration submode. To remove a cookie map, use the no form of this command. cookie-map cookie-map-name no cookie-map Syntax Description cookie-map-name Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands header-map (policy submode) header-map (policy submode) To specify the HTTP header criteria to include in a policy, use the header-map command in SLB policy configuration submode. To remove a header map, use the no form of this command. Note If any HTTP header information is matched, the policy rule is satisfied. header-map name no header-map Syntax Description name Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands nat client (policy submode) nat client (policy submode) To specify a set of client NAT pool addresses that should be used to perform the NAT function on clients connecting to this policy, use the nat client command in SLB serverfarm configuration submode. To remove the NAT pool from the configuration, use the no form of this command. nat client {client-pool-name | static} no nat client Syntax Description client-pool-name Client pool name.
Chapter 2 Content Switching Module with SSL Commands serverfarm (policy submode) serverfarm (policy submode) To associate a server farm with a policy, use the serverfarm command in the SLB policy configuration submode. To remove the server farm from the policy, use the no form of this command.
Chapter 2 Content Switching Module with SSL Commands serverfarm (policy submode) When the real server in the primary server farm is operational, the following actions result: Examples • The existing connections to the backup real server continue to be serviced by the backup real server. • The new requests from the client are sent to the backup real server if the sticky option is enabled for the backup server farm.
Chapter 2 Content Switching Module with SSL Commands set ip dscp (policy submode) set ip dscp (policy submode) To mark packets that match the policy with a DSCP value, use the set ip dscp command in the SLB policy configuration submode. To stop marking packets, use the no form of this command. set ip dscp dscp-value no set ip dscp Syntax Description dscp-value Defaults The default is that the CSM does not store DSCP values.
Chapter 2 Content Switching Module with SSL Commands sticky-group (policy submode) sticky-group (policy submode) To associate a sticky group and the sticky group attributes to the policy, use the sticky-group command in the SLB policy configuration submode. To remove the sticky group from the policy, use the no form of this command. sticky-group group-id no sticky-group Syntax Description group-id Defaults The default is 0, which means that no connections are sticky.
Chapter 2 Content Switching Module with SSL Commands url-map (policy submode) url-map (policy submode) To associate a list of URLs with the policy, use the url-map command in SLB policy configuration submode. To remove the URL map from the policy, use the no form of this command. url-map url-map-name no url-map Syntax Description url-map-name Defaults The default is no URL map.
Chapter 2 Content Switching Module with SSL Commands probe probe To configure a probe and probe type for health monitoring, and then enter the probe configuration submode, use the probe command. To remove a probe from the configuration, use the no form of this command. probe probe-name {http | icmp | telnet | tcp | ftp | smtp | dns | udp | script} no probe probe-name Syntax Description probe-name Name of the probe; the character string is limited to 15 characters.
Chapter 2 Content Switching Module with SSL Commands probe When configuring Global Server Load Balancing (GSLB) type probes, the port submode command is not used to specify which destination UDP port to query. Use the CSM environment variable GSLB_KALAP_UDP_PORT instead. The default is port 5002.
Chapter 2 Content Switching Module with SSL Commands address (probe submode) address (probe submode) To specify a destination IP address for health monitoring, use the address command in SLB probe configuration submode. To remove the address, use the no form of this command. address ip-address [routed] no address ip-address Syntax Description ip-address Specifies the real server’s destination IP address. routed (Optional) Specifies that the probe is routed according to the CSM routing table.
Chapter 2 Content Switching Module with SSL Commands credentials (probe submode) credentials (probe submode) To configure basic authentication values for an HTTP probe, use the credentials command in the SLB HTTP probe configuration submode. To remove the credentials configuration, use the no form of this command. credentials username [password] no credentials Syntax Description username Name that appears in the HTTP header. password (Optional) Password that appears in the HTTP header.
Chapter 2 Content Switching Module with SSL Commands description (serverfarm submode) description (serverfarm submode) To add a description for the server farm, use the description command in the SLB probe configuration submode. To remove the description, use the no form of this command. description line no description Syntax Description line Description text. Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands expect status (probe submode) expect status (probe submode) To configure a status code for the probe, use the expect status command in the SLB HTTP/FTP/Telnet/SMTP probe configuration submode. To remove the status code from the configuration, use the no form of this command. expect status min-number [max-number] no expect status min-number [max-number] Syntax Description min-number Single status code if the max-number value is not specified.
Chapter 2 Content Switching Module with SSL Commands expect status (probe submode) Examples This example shows how to configure an HTTP probe with multiple status code ranges: Cat6k-2(config-slb-probe-http)# expect status 34 99 Cat6k-2(config-slb-probe-http)# expect status 0 33 Cat6k-2(config-slb-probe-http)# Related Commands probe show module csm probe Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference 2-60 OL-7029-01
Chapter 2 Content Switching Module with SSL Commands failed (probe submode) failed (probe submode) To set the time to wait before probing a failed server, use the failed command in the SLB probe configuration submode. To reset the time to wait before probing a failed server to default, use the no form of this command. failed failed-interval no failed Syntax Description failed-interval Defaults The default value for the failed interval is 300 seconds.
Chapter 2 Content Switching Module with SSL Commands header (probe submode) header (probe submode) To configure a header field for the HTTP probe, use the header command in the SLB HTTP probe configuration submode. To remove the header field configuration, use the no form of this command. header field-name [field-value] no header field-name Syntax Description field-name Name for the header being defined. field-value (Optional) Content for the header. Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands interval (probe submode) interval (probe submode) To set the time interval between probes, use the interval command in the SLB probe configuration submode. To reset the time interval between probes to default, use the no form of this command. interval seconds no interval Syntax Description seconds Defaults The default value for the interval between probes is 120 seconds.
Chapter 2 Content Switching Module with SSL Commands name (probe submode) name (probe submode) To configure a domain name for the DNS probe, use the name command in the SLB DNS probe configuration submode. To remove the name from the configuration, use the no form of this command. name domain-name no name Syntax Description domain-name Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands open (probe submode) open (probe submode) To set the time to wait for a TCP connection, use the open command in the SLB HTTP/TCP/FTP/Telnet/SMTP probe configuration submode. To reset the time to wait for a TCP connection to default, use the no form of this command. open open-timeout no open Syntax Description open-timeout Defaults The default value for the open timeout is 10 seconds.
Chapter 2 Content Switching Module with SSL Commands port (probe submode) port (probe submode) To configure an optional port for the DNS probe, use the port command in the SLB probe configuration submode. To remove the port from the configuration, use the no form of this command. port port-number no port Syntax Description port-number Defaults The default value for the port number is 0. Command Modes This command is available in all SLB probe configuration submodes except ICMP.
Chapter 2 Content Switching Module with SSL Commands receive (probe submode) receive (probe submode) To set the time to wait for a reply from a server, use the receive command in the SLB probe configuration submode. To reset the time to wait for a reply from a server to default, use the no form of this command. receive receive-timeout no receive Syntax Description receive-timeout Defaults The default value for a receive timeout is 10 seconds.
Chapter 2 Content Switching Module with SSL Commands recover (probe submode) recover (probe submode) To set the number of consecutive responses that are sent before marking a failed server as healthy, use the recover command. recover recover_value no recover Syntax Description recover_value Defaults The default value is 1. Command Modes SLB probe configuration submode Command History Release Modification CSM release 4.2(1) This command was introduced.
Chapter 2 Content Switching Module with SSL Commands request (probe submode) request (probe submode) To configure the request method used by the HTTP probe, use the request command in the SLB HTTP probe configuration submode. To remove the request method from the configuration, use the no form of this command.
Chapter 2 Content Switching Module with SSL Commands retries (probe submode) retries (probe submode) To set the number of failed probes that are allowed before marking the server failed, use the retries command in the SLB probe configuration submode. To reset the number of failed probes allowed before marking a server as failed to default, use the no form of this command. retries retry-count no retries Syntax Description retry-count Defaults The default value for retries is 3.
Chapter 2 Content Switching Module with SSL Commands script (probe submode) script (probe submode) To create a script for a probe, use the script command. script script_name Syntax Description script_name Defaults This command has no default settings. Command Modes SLB probe script configuration submode Command History Release Modification CSM release 3.1(1) This command was introduced. CSM-S release 1.1(1) This command was introduced. Specifies a probe script.
Chapter 2 Content Switching Module with SSL Commands real real To identify a real server that is a member of the server farm, and then enter the real server configuration submode, use the real command in the SLB serverfarm configuration submode. To remove the real server from the configuration, use the no form of this command. real ip-address [port] [local] no real ip-address [port] Syntax Description ip-address Real server IP address.
Chapter 2 Content Switching Module with SSL Commands real Examples This example shows how to identify a real server and enter the real server submode: Cat6k-2(config-slb-sfarm)# real 102.43.55.
Chapter 2 Content Switching Module with SSL Commands backup real (real server submode) backup real (real server submode) To apply new connections to real servers when a primary server is down, use the backup real command in the SLB real server configuration submode. To remove a real server from service, use the no form of this command. backup real {ip | name name} [port] no backup real Syntax Description ip Specifies the backup server’s IP address. name name Specifies the real server name.
Chapter 2 Content Switching Module with SSL Commands health probe (real server submode) health probe (real server submode) To configure a probe for the real server, use the health probe command in the SLB real server configuration submode. To remove the probe from the configuration, use the no form of this command. health probe probe-name tag string no health probe Syntax Description probe-name Names the probe. tag Specifies a tag for the probe. string Specifies a string to identify the probe.
Chapter 2 Content Switching Module with SSL Commands inservice (real server submode) inservice (real server submode) To enable the real servers, use the inservice command in the SLB real server configuration submode. To remove a real server from service, use the no form of this command. inservice [standby] no inservice Syntax Description standby Defaults The real server is not in service.
Chapter 2 Content Switching Module with SSL Commands maxconns (real server submode) maxconns (real server submode) To limit the number of active connections to the real server, use the maxconns command in the SLB real server configuration submode. To change the maximum number of connections to its default value, use the no form of this command. maxconns max-conns no maxconns Syntax Description max-conns Defaults The default value is the maximum value or infinite (not monitored).
Chapter 2 Content Switching Module with SSL Commands minconns (real server submode) minconns (real server submode) To establish a minimum connection threshold for the real server, use the minconns command in the SLB real server configuration submode. To change the minimum number of connections to the default value, use the no form of this command. minconns min-cons no minconns Syntax Description min-cons Defaults The default value is the set minumum number of connections.
Chapter 2 Content Switching Module with SSL Commands redirect-vserver (real server submode) redirect-vserver (real server submode) To configure a real server to receive traffic redirected by a redirect virtual server, use the redirect-vserver command in the SLB real server configuration submode. To specify that traffic is not redirected to the real server, use the no form of this command.
Chapter 2 Content Switching Module with SSL Commands weight (real server submode) weight (real server submode) To configure the capacity of the real servers in relation to the other real servers in the server farm, use the weight command in the SLB real server configuration submode. To change the server’s weight to its default capacity, use the no form of this command. weight weighting-value no weight Syntax Description weighting-value Defaults The weighting value default is 8.
Chapter 2 Content Switching Module with SSL Commands redirect-vserver redirect-vserver To specify the name of a virtual server to receive traffic redirected by the server farm, and then enter redirect virtual server configuration submode, use the redirect-vserver command. To remove the redirect virtual server, use the no form of this command. redirect-vserver name no redirect-vserver name Syntax Description name Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands advertise (redirect virtual server submode) advertise (redirect virtual server submode) To allow the CSM to advertise the IP address of the virtual server as the host route, use the advertise command in the SLB redirect virtual server configuration mode. To stop advertising the host route for this virtual server, use the no form of this command. advertise [active] no advertise Syntax Description active Defaults The default for network mask is 255.
Chapter 2 Content Switching Module with SSL Commands client (redirect virtual server submode) client (redirect virtual server submode) To restrict which clients are allowed to use the redirect virtual server, use the client command in the SLB redirect virtual server configuration mode. To remove the client definition from the configuration, use the no form of this command. client ip-address [network-mask] [exclude] no client ip-address [network-mask] Syntax Description ip-address Client’s IP address.
Chapter 2 Content Switching Module with SSL Commands idle (redirect virtual server submode) idle (redirect virtual server submode) To specify the connection idle timer duration, use the idle command in the SLB redirect virtual server configuration submode. To disable the idle timer, use the no form of this command. idle duration no idle Syntax Description duration Defaults The default is 3600.
Chapter 2 Content Switching Module with SSL Commands inservice (redirect virtual server submode) inservice (redirect virtual server submode) To enable the real server for use by the CSM, use the inservice command in the SLB redirect virtual server configuration submode. If this command is not specified, the virtual server is defined but not used. To disable the virtual server, use the no form of this command. inservice no inservice Syntax Description This command has no arguments or keywords.
Chapter 2 Content Switching Module with SSL Commands replicate csrp (redirect virtual server submode) replicate csrp (redirect virtual server submode) To enable connection redundancy, use the replicate csrp command in the SLB redirect virtual server configuration submode. To remove connection redundancy, use the no form of this command. replicate csrp no replicate csrp Syntax Description This command has no keywords or arguments. Defaults Connection redundancy is removed.
Chapter 2 Content Switching Module with SSL Commands ssl (redirect virtual server submode) ssl (redirect virtual server submode) To redirect an HTTP request to either HTTPS (SSL) or the FTP service, use the ssl command in the SLB redirect virtual server configuration submode. To reset the redirect of an HTTP request to an HTTP service, use the no form of this command. ssl {https | ftp | ssl-port-number} no ssl Syntax Description https Specifies secure HTTP service. ftp Specifies FTP service.
Chapter 2 Content Switching Module with SSL Commands virtual (redirect virtual server submode) virtual (redirect virtual server submode) To specify the virtual server’s IP address, the protocol used for traffic, and the port the protocol is using, use the virtual command in SLB redirect virtual server configuration submode. To reset the virtual server to its defaults, use the no form of this command.
Chapter 2 Content Switching Module with SSL Commands vlan (redirect virtual server submode) vlan (redirect virtual server submode) To define which source VLANs can be accessed on the redirect virtual server, use the vlan command in the SLB redirect virtual server submode. To remove the VLAN, use the no form of this command. vlan {vlan-number | all} no vlan Syntax Description vlan-number The VLAN that the virtual server can access. all Specifies that all VLANs are accessed by the virtual server.
Chapter 2 Content Switching Module with SSL Commands webhost backup (redirect virtual server submode) webhost backup (redirect virtual server submode) To specify a backup string sent in response to HTTP requests, use the webhost backup command in SLB redirect virtual server configuration submode. To disable the backup string, use the no form of this command.
Chapter 2 Content Switching Module with SSL Commands webhost relocation (redirect virtual server submode) webhost relocation (redirect virtual server submode) To specify a relocation string sent in response to HTTP requests, use the webhost relocation command in the SLB redirect virtual server configuration submode. To disable the relocation string, use the no form of this command.
Chapter 2 Content Switching Module with SSL Commands reverse-sticky reverse-sticky To ensure that the CSM switches connections in the opposite direction and back to the original source, use the reverse-sticky command. To remove the reverse sticky option from the policy or the default policy of a virtual server, use the no form of this command. reverse-sticky group-id no reverse-sticky Syntax Description group-id Defaults The default is that the reverse sticky option is not connected.
Chapter 2 Content Switching Module with SSL Commands script file script file To load scripts from a script file to the CSM, use the script file command. To remove the script file command from the configuration, use the no form of this command. script file {file-url | bootflash: | const_nvram: | disk0: | flash: | ftp: | null: | nvram: | rcp: | slot0: | sup-bootflash: | sup-microcode: | sup-slot0: | system: | tftp:} no script file Syntax Description file-url Sets the location of the script file to a URL.
Chapter 2 Content Switching Module with SSL Commands script file Examples This example shows how to load scripts from a script file to the CSM: Cat6k-2(config-module-csm)# script file file-url Related Commands show module csm script Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference 2-94 OL-7029-01
Chapter 2 Content Switching Module with SSL Commands script task script task To run a standalone task, use the script task command. To remove the standalone task from the configuration, use the no form of this command. script task 1-100 script name no script task 1-100 script name Syntax Description 1-100 Task ID that identifies a specific running script. script name Identifies the script by name. Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands serverfarm serverfarm To identify a server farm, and then enter the serverfarm configuration submode, use the serverfarm command. To remove the server farm from the configuration, use the no form of this command. serverfarm serverfarm-name no serverfarm serverfarm-name Syntax Description serverfarm-name Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands bindid (serverfarm submode) bindid (serverfarm submode) To assign a unique ID to allow the DFP agent to differentiate a real server in one server farm versus another server farm, use the bindid command in the SLB serverfarm configuration submode. To disable the bind identification, use the no form of this command. bindid [bind-id] no bindid Syntax Description bind-id Defaults The default is 0.
Chapter 2 Content Switching Module with SSL Commands description (serverfarm submode) description (serverfarm submode) To add a description for the serverfarm, use the description command in the SLB serverfarm configuration submode. To remove the description, use the no form of this command. description line no description Syntax Description line Description text. Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands failaction (serverfarm submode) failaction (serverfarm submode) To set the behavior of connections when the real servers have failed, use the failaction command in the SLB serverfarm configuration submode. To disable the behavior of connections to real servers that have failed, use the no form of this command. failaction {purge | reassign} no failaction {purge | reassign} Syntax Description purge Specifies that the connection is removed.
Chapter 2 Content Switching Module with SSL Commands health (serverfarm submode) health (serverfarm submode) To set the retry attempts to real servers that have failed, use the health command in the SLB serverfarm configuration submode. To disable the retries or the time to wait for connections to real servers that have failed, use the no form of this command. health retries count failed seconds no health Syntax Description retries Specifies the number of tries to attempt to failed real servers.
Chapter 2 Content Switching Module with SSL Commands nat client (serverfarm submode) nat client (serverfarm submode) To specify a set of client NAT pool addresses that should be used to perform the NAT function on clients connecting to this server farm, use the nat client command in SLB serverfarm configuration submode. To remove the NAT pool from the configuration, use the no form of this command.
Chapter 2 Content Switching Module with SSL Commands nat server (serverfarm submode) nat server (serverfarm submode) To specify NAT to servers in this server farm, use the nat server command in SLB serverfarm configuration submode. To disable server NAT, use the no form of this command. nat server [source-mac] no nat server Syntax Description source-mac Defaults Server NAT is enabled by default.
Chapter 2 Content Switching Module with SSL Commands predictor (serverfarm submode) predictor (serverfarm submode) To specify the load-balancing algorithm for the server farm, use the predictor command in the SLB serverfarm configuration submode. To remove the load-balancing algorithm, use the no form of this command.
Chapter 2 Content Switching Module with SSL Commands predictor (serverfarm submode) Usage Guidelines Note Use this command to define the load-balancing algorithm used in choosing a real server in the server farm. If you do not specify the predictor command, the default algorithm is roundrobin. Using the no form of this command changes the predictor algorithm to the default algorithm. The nat server command has no effect when predictor forward is configured, because no servers can be configured.
Chapter 2 Content Switching Module with SSL Commands predictor (serverfarm submode) Related Commands maxconns (owner submode) minconns (real server submode) nat client (serverfarm submode) nat server (serverfarm submode) script task serverfarm (virtual server submode) show module csm serverfarm Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference OL-7029-01 2-105
Chapter 2 Content Switching Module with SSL Commands probe (serverfarm submode) probe (serverfarm submode) To associate a probe with a server farm, use the probe command in the SLB serverfarm configuration submode. To disable a specific probe, use the no form of this command. probe probe-name no probe probe-name Syntax Description probe-name Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands retcode-map (serverfarm submode) retcode-map (serverfarm submode) To assign a return code map to a server farm, use the retcode-map command in the SLB serverfarm configuration submode. To disable a specific probe, use the no form of this command. retcode-map retcodemap_name no retcode-map Syntax Description retcodemap_name Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands show module csm show module csm To display information about the CSM module, use the show module csm command. show module csm slot [group-id] Syntax Description slot Slot where the CSM resides. group-id (Optional) Group ID to which the CSM belongs. Defaults This command has no default settings. Command Modes Privileged EXEC Command History Release Modification CSM release 3.2(1) This command was introduced as show ip slb.
Chapter 2 Content Switching Module with SSL Commands show module csm arp show module csm arp To display the CSM ARP cache, use the show module csm arp command. show module csm slot arp Syntax Description slot Defaults This command has no default settings. Command Modes Privileged EXEC Command History Release Modification CSM release 1.1(1) This command was introduced as show ip slb arp. CSM release 2.1(1) This command was changed to show module csm slot (for ip slb mode rp only).
Chapter 2 Content Switching Module with SSL Commands show module csm capp show module csm capp To display the CSM Content Application Peering Protocol (CAPP) configuration and statistics, use the show module csm capp command. show module csm capp [udp] [details] Syntax Description udp (Optional) Restricts output to UDP CAPP. details (Optional) Displays the client security options list. Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands show module csm capp Transmit Errors:0 Receive Frames: 1764 Receive Bytes: 1940400 Receive Errors: 0 Cat6k-2# show module csm 4 capp udp detail CAPP UDP Info Port:5002, Allow non-secure:No Transmit Frames:1764 Transmit Bytes: 1961568 Transmit Errors:0 Receive Frames: 1764 Receive Bytes: 1961568 Receive Errors: 0 Security Options IP address Type Secret -----------------------------------------------10.3.0.
Chapter 2 Content Switching Module with SSL Commands show module csm conns show module csm conns To display active connections, use the show module csm conns command. show module csm slot conns [vserver virtserver-name] [client ip-address] [detail] Syntax Description slot Slot where the CSM resides. conns Specifies the connections. vserver (Optional) Specifies the connections associated with a particular virtual server. virtserver-name (Optional) Name of the virtual server to be monitored.
Chapter 2 Content Switching Module with SSL Commands show module csm conns Examples State Explanation SYN_SRV On a persistent Layer 7 connection (where the CSM parses each GET and eventually remaps the connection in the backend), if the load-balancing decision has selected a different server, the CSM has sent its SYN to the new server and is waiting on a server SYN_ACK from the new server.
Chapter 2 Content Switching Module with SSL Commands show module csm dfp show module csm dfp To display DFP agent and manager information, such as passwords, timeouts, retry counts, and weights, use the show module csm dfp command. show module csm slot dfp [agent [detail | ip-address port] | manager [ip_addr] | detail | weights] Syntax Description slot Slot where the CSM resides. agent (Optional) Specifies information about a DFP agent. detail (Optional) Specifies all data available.
Chapter 2 Content Switching Module with SSL Commands show module csm dfp Related Commands agent (DFP submode) dfp manager (DFP submode) module csm Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference OL-7029-01 2-115
Chapter 2 Content Switching Module with SSL Commands show module csm ft show module csm ft To display statistics and counters for the CSM fault-tolerant pair, use the show module csm ft command. show module csm slot ft [detail] Syntax Description slot Slot where the CSM resides. detail (Optional) Displays more detailed information. Defaults No values are displayed. Command Modes Privileged EXEC Command History Release Modification CSM release 1.
Chapter 2 Content Switching Module with SSL Commands show module csm map show module csm map To display information about URL maps, use the show module csm map command. show module csm slot map [url | cookie | header | retcode] [name map-name] [detail] Syntax Description slot Slot where the CSM resides. url (Optional) Specifies only the URL map configuration. cookie (Optional) Specifies only the cookie map configuration. header (Optional) Specifies only the header map configuration.
Chapter 2 Content Switching Module with SSL Commands show module csm map This example shows how to display return code maps: Cat6k-2# RETCODE return return return return Related Commands show module csm 5 map retcode detail map HTTPCODES rules: codes:401 to 401 action:log threshold:5 codes:402 to 415 action:count threshold:0 codes:500 to 500 action:remove threshold:3 codes:503 to 503 action:remove threshold:3 reset:120 reset:0 reset:0 reset:0 map cookie map header map url module csm Catalyst 6500 Se
Chapter 2 Content Switching Module with SSL Commands show module csm memory show module csm memory To display information about memory use, use the show module csm memory command. show module csm slot memory [vserver vserver-name] [detail] Syntax Description slot Slot where the CSM resides. vserver (Optional) Specifies the virtual server configuration. vserver-name (Optional) Option to restrict output to the named virtual server. detail (Optional) Displays the memory information in detail.
Chapter 2 Content Switching Module with SSL Commands show module csm natpool show module csm natpool To display NAT configurations, use the show module csm natpool command. show module csm slot natpool [name pool-name] [detail] Syntax Description slot Slot where the CSM resides. name (Optional) Displays a specific NAT pool. pool-name (Optional) NAT pool name string to display. detail (Optional) Lists the interval ranges currently allocated in the client NAT pool.
Chapter 2 Content Switching Module with SSL Commands show module csm owner show module csm owner To display the current connections count for the specified owner objects, use the show module csm slot owner command. show module csm slot owner [name owner-name] [detail] Syntax Description slot Slot where the CSM resides. name (Optional) Displays a specific owner object. owner-name (Optional) Owner object name string to display.
Chapter 2 Content Switching Module with SSL Commands show module csm policy show module csm policy To display a policy configuration, use the show module csm policy command. show module csm slot policy [name policy-name] Syntax Description slot Slot where the CSM resides. name (Optional) Displays a specific policy. policy-name (Optional) Policy name string to display. Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands show module csm probe show module csm probe To display HTTP or ping probe data, use the show module csm probe command. show module csm slot probe [http | icmp | telnet | tcp | ftp | smtp | dns] [name probe_name] [detail] Syntax Description slot Slot where the CSM resides. http (Optional) Displays information about the HTTP configuration. icmp (Optional) Displays information about the ICMP configuration.
Chapter 2 Content Switching Module with SSL Commands show module csm probe Related Commands module csm probe (serverfarm submode) Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference 2-124 OL-7029-01
Chapter 2 Content Switching Module with SSL Commands show module csm probe script show module csm probe script To display probe script data, use the show module csm probe script command. show module csm slot probe script [name probe-name] [detail] Syntax Description slot Slot where the CSM resides. name (Optional) Displays information about the specific probe named. probe-name (Optional) Probe name to display. detail (Optional) Displays detailed information.
Chapter 2 Content Switching Module with SSL Commands show module csm pvlan show module csm pvlan To display information about the private VLAN status of the CSM, use the show module csm real command. show module csm slot pvlan Syntax Description slot Defaults This command has no default settings. Command Modes Privileged EXEC Command History Release Modification CSM release 4.2(1) This command was introduced. Examples Slot where the CSM resides.
Chapter 2 Content Switching Module with SSL Commands show module csm real show module csm real To display information about real servers, use the show module csm real command. show module csm slot real [sfarm sfarm-name] [detail] Syntax Description slot Slot where the CSM resides. sfarm (Optional) Displays real servers for only a single server farm. sfarm-name (Optional) Name of the server farm to restrict output. detail (Optional) Displays detailed information.
Chapter 2 Content Switching Module with SSL Commands show module csm real Table 2-1 describes the fields in the display. Table 2-1 show module csm real Command Field Information Field Description real Information about each real server is displayed on a separate line. server farm Name of the server farm associated to the real server. weight Weight assigned to the real server. The weight identifies the capacity of the real server compared to other real servers in the server farm.
Chapter 2 Content Switching Module with SSL Commands show module csm real retcode show module csm real retcode To display information about the return code configuration, use the show module csm real retcode command. show module csm slot real retcode [sfarm sfarm-name] [detail] Syntax Description slot Slot where the CSM resides. sfarm (Optional) Displays real servers for only a single server farm. sfarm-name (Optional) Name of the server farm to restrict output.
Chapter 2 Content Switching Module with SSL Commands show module csm script show module csm script To display the contents of all loaded scripts, use the show module csm script command. show module csm slot script [name full_file_URL] [code] Syntax Description slot Slot where the CSM resides. name (Optional) Displays information about a particular script. full_file_URL (Optional) Name of the script. code (Optional) Displays the contents of the script.
Chapter 2 Content Switching Module with SSL Commands show module csm script task show module csm script task To display all loaded scripts, use the show module csm script task command. show module csm slot script task [index script-index] [detail] Syntax Description slot Slot where the CSM resides. index (Optional) Displays information about a particular script. script-index (Optional) Specifies the script index. detail (Optional) Displays the contents of the script.
Chapter 2 Content Switching Module with SSL Commands show module csm serverfarm show module csm serverfarm To display information about a server farm, use the show module csm serverfarm command. show module csm slot serverfarm [name serverfarm-name] [detail] Syntax Description slot Slot where the CSM resides. name (Optional) Displays information about a particular server farm. serverfarm-name (Optional) Name of the server farm. detail (Optional) Displays detailed server farm information.
Chapter 2 Content Switching Module with SSL Commands show module csm serverfarm Table 2-2 show module csm serverfarm Command Field Information (continued) Field Description redirect Number of redirect virtual servers configured in the server farm. bind id Bind ID configured on the server farm.
Chapter 2 Content Switching Module with SSL Commands show module csm static show module csm static To display information about server NAT configurations, use the show module csm static command. show module csm slot static [drop | nat {ip-address | virtual}] Syntax Description slot Slot where the CSM resides. drop (Optional) Displays information about real servers configured to drop connections. nat (Optional) Displays information about real servers configured to NAT.
Chapter 2 Content Switching Module with SSL Commands show module csm static server show module csm static server To display information about actual servers that are having NAT performed, use the show module csm static server command. show module csm slot static server [ip-address] [drop | nat {ip-address | virtual} | pass-through] Syntax Description slot Slot where the CSM resides. ip-address (Optional) Option to limit output to a specified server address.
Chapter 2 Content Switching Module with SSL Commands show module csm static server Related Commands module csm real (static NAT submode) static Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference 2-136 OL-7029-01
Chapter 2 Content Switching Module with SSL Commands show module csm stats show module csm stats To display SLB statistics, use the show module csm stats command. show module csm slot stats Syntax Description slot Defaults This command has no default settings. Command Modes Privileged EXEC Command History Release Modification CSM release 1.1(1) This command was introduced as show ip slb stats. CSM-S release 2.
Chapter 2 Content Switching Module with SSL Commands show module csm stats MAC Frames: Tx:Unicast:1506, Multicast:0, Broadcast:50898, Underflow Errors:0 Rx:Unicast:2385, Multicast:6148349, Broadcast:53916, Overflow Errors:0, CRC Errors:0 Table 2-3 describes the fields in the display. Table 2-3 Related Commands show module csm stats Command Field Information Field Description Connections Created Number of connections that have been created since the last time counters were cleared.
Chapter 2 Content Switching Module with SSL Commands show module csm status show module csm status To display if the CSM is online, use the show module csm status command. If the CSM is online, this command shows the CSM chassis slot location and indicates if the configuration download is complete. show module csm slot status Syntax Description slot Defaults This command has no default settings. Command Modes Privileged EXEC Command History Release Modification CSM release 1.
Chapter 2 Content Switching Module with SSL Commands show module csm sticky show module csm sticky To display the sticky database, use the show module csm sticky command. show module csm slot sticky [groups | client ip_address] Syntax Description slot Slot where the CSM resides. groups (Optional) Displays all of the sticky group configurations. client (Optional) Displays the sticky database entries associated with a particular client IP address. ip_address (Optional) IP address of the client.
Chapter 2 Content Switching Module with SSL Commands show module csm sticky Table 2-4 describes the fields in the display. Table 2-4 Related Commands show module csm stats Command Field Information Field Description Group Specifies the sticky group. CurrConns Number of sticky entries that are currently active. Timeout Specifies the timeout Type Specifies the connection identification.
Chapter 2 Content Switching Module with SSL Commands show module csm tech-script show module csm tech-script To display the status of a script, use the show module csm tech-script command. show module csm slot tech-script Syntax Description slot Defaults If no options are specified, the command displays all information. Command Modes Privileged EXEC Command History Release Modification CSM release 3.1(1) This command was introduced. CSM-S release 1.1(1) This command was introduced.
Chapter 2 Content Switching Module with SSL Commands show module csm tech-support show module csm tech-support To display technical support information for the CSM, use the show module csm tech-support command. show module csm slot tech-support [all | processor num | redirect | slowpath | probe | fpga | core-dump] Syntax Description slot Slot where the CSM resides. all (Optional) Displays all of the available statistics.
Chapter 2 Content Switching Module with SSL Commands show module csm tech-support Cat6k-2# show module csm 4 tech-support processor 2 ------------------------------------------------------------------------------------ TCP Statistics -----------------------------------------------------------------------------------Aborted rx 3350436013 66840864 New sessions rx 180 0 Total Packets rx 16940 0 Total Packets tx 0 0 Packets Passthrough 697 0 Packets Dropped 0 0 Persistent OOO Packets Dropped 0 0 Persistent F
Chapter 2 Content Switching Module with SSL Commands show module csm tech-support Related Commands Session Redundancy Standby: Rx Fake SYN Rx Repeat Fake SYN Rx Fake Reset Fake SYN Sent to NAT Tx Port Sync Encap Not Found Fake SYN, TCP State Invalid 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Session Redundancy Active: L4 Requests Sent L7 Requests Sent Persistent Requests Sent Rx Fake SYN Fake SYN Sent to NAT 0 0 0 0 0 0 0 0 0 0 Session's torn down Rx Close session Slowpath(low pri) buffer allocs Slowpath(high pri
Chapter 2 Content Switching Module with SSL Commands show module csm variable show module csm variable To display the environmental variables in the configuration, use the show module csm variable command. show module csm slot variable [name name] [detail] Syntax Description name name (Optional) Displays the named variable information. detail (Optional) Displays the variable details. Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands show module csm variable You can display the details of a current set of CSM environmental variables by using the show module csm slot variable detail command: Cat6k-2# show module csm 5 variable detail Name: ARP_INTERVAL Rights: RW Value: 300 Default: 300 Valid values: Integer (15 to 31536000) Description: Time (in seconds) between ARPs for configured hosts Name: ARP_LEARNED_INTERVAL Rights: RW Value: 14400 Default: 14400 Valid values: Integer (60 to 3
Chapter 2 Content Switching Module with SSL Commands show module csm vlan show module csm vlan To display the list of VLANs, use the show module csm vlan command. show module csm slot vlan [client | server | ft] [id vlan-id] [detail] Syntax Description slot Slot where the CSM resides. client (Optional) Displays only the client VLAN configuration. server (Optional) Displays only the server VLAN configuration. ft (Optional) Displays only the fault-tolerant configuration.
Chapter 2 Content Switching Module with SSL Commands show module csm vlan Related Commands vlan (virtual server submode) Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference OL-7029-01 2-149
Chapter 2 Content Switching Module with SSL Commands show module csm vserver redirect show module csm vserver redirect To display the list of virtual servers, use the show module csm vserver redirect command. show module csm slot vserver redirect Syntax Description slot Defaults If no options are specified, the command displays information about all clients. Command Modes Privileged EXEC Command History Release Modification CSM release 1.
Chapter 2 Content Switching Module with SSL Commands show module csm vserver redirect Related Commands module csm Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference OL-7029-01 2-151
Chapter 2 Content Switching Module with SSL Commands show module csm xml stats show module csm xml stats To display a list of extensible markup language (XML) statistics, use the show module csm xml stats command. show module csm xml stats Defaults If no options are specified, the command displays information about all clients. Command Modes Privileged EXEC Command History Release Modification CSM release 3.1(1) This command was introduced. CSM-S release 1.1(1) This command was introduced.
Chapter 2 Content Switching Module with SSL Commands snmp enable traps slb ft snmp enable traps slb ft To enable or disable fault-tolerant traps, use the snmp enable traps slb ft command. To disable fault-tolerant traps, use the no form of this command. snmp enable traps slb ft no snmp enable traps slb ft Defaults This command has no default settings. Command Modes Module CSM configuration submode Command History Release Modification CSM release 3.1(1) This command was introduced.
Chapter 2 Content Switching Module with SSL Commands static static To configure the server NAT behavior, and then enter the NAT configuration submode, use the static command. This command configures the CSM to support connections initiated by real servers. Both client NAT and server NAT can exist in the same configuration. To remove NAT from the CSM configuration, use the no form of this command.
Chapter 2 Content Switching Module with SSL Commands real (static NAT submode) real (static NAT submode) To specify the address for a real server or the subnet mask for multiple real servers performing server NAT, use the real command in SLB static NAT configuration submode. To remove the address of a real server or the subnet mask of multiple real servers so they are no longer performing NAT, use the no form of this command.
Chapter 2 Content Switching Module with SSL Commands sticky sticky To ensure that connections from the same client that match the same SLB policy use the same real server on subsequent connections and enter the sticky submode, use the sticky command. To remove a sticky group, use the no form of this command.
Chapter 2 Content Switching Module with SSL Commands sticky New connections from the client to the virtual server initiated before the sticky time expires and that match SLB policy are balanced to the same real server that was used for the previous connection. A sticky time of 0 means sticky connections are not tracked. The cookie insert feature allows the CSM to insert a cookie in the Set-Cookie header in the HTTP response.
Chapter 2 Content Switching Module with SSL Commands cookie offset (sticky submode) cookie offset (sticky submode) To maintain a connections persistence by specifying a portion of the cookie to use to “stick” the connection, use the cookie offset command in the sticky configuration submode. To remove the offset, use the no form of this command. cookie offset offset [length length] no cookie offset Syntax Description offset offset Specifies the byte offset count. Range is from 0 to 3999.
Chapter 2 Content Switching Module with SSL Commands cookie secondary (sticky submode) cookie secondary (sticky submode) To stick a connection based on an alternate cookie name appearing in the URL string, and add a secondary sticky entry, use the cookie secondary command in the name configuration submode. To remove a secondary sticky, use the no form of this command. cookie secondary name no cookie secondary Syntax Description name Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands header (sticky submode) header (sticky submode) To stick a connection based on the contents of the HTTP header, use the header command in the sticky configuration submode. header offset value length value Syntax Description Defaults offset value Specifies the number of bytes to ignore from the start of the header. Valid values are from 0 to 3399. length value Specifies the number of bytes to parse in the header. Valid values are from 1 to 4000.
Chapter 2 Content Switching Module with SSL Commands static (sticky submode) static (sticky submode) To add a static sticky entry, use the static command. To remove a sticky group, use the no form of this command. static client source ip-address [destination ip-address] real ip-address static cookie value real ip-address static ssl id real ip-address no static Syntax Description client source ip-address Identifies the client source for thte sticky entry.
Chapter 2 Content Switching Module with SSL Commands vserver vserver To identify a virtual server, and then enter the virtual server configuration submode, use the vserver command. To remove a virtual server from the configuration, use the no form of this command. vserver virtserver-name no vserver virtserver-name Syntax Description virtserver-name Defaults This command has no default settings. Command Modes Module CSM configuration submode Command History Release Modification CSM release 1.
Chapter 2 Content Switching Module with SSL Commands advertise (virtual server submode) advertise (virtual server submode) To allow the CSM to advertise the IP address of the virtual server as the host route, use the advertise command in the SLB virtual server configuration mode. To stop advertising the host route for this virtual server, use the no form of this command. advertise [active] no advertise Syntax Description active Defaults The default for network mask is 255.255.255.
Chapter 2 Content Switching Module with SSL Commands client (virtual server submode) client (virtual server submode) To restrict which clients are allowed to use the virtual server, use the client command in the SLB virtual server configuration mode. To remove the client definition from the configuration, use the no form of this command. client ip-address [network-mask] [exclude] no client ip-address [network-mask] Syntax Description ip-address Client’s IP address.
Chapter 2 Content Switching Module with SSL Commands description (virtual server submode) description (virtual server submode) To add a description for the server farm, use the description command in the virtual server configuration submode. To remove the description, use the no form of this command. description line no description Syntax Description line Description text. Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands domain (virtual server submode) domain (virtual server submode) To set the domain name, use the domain command in the SLB virtual server configuration mode. To remove the domain name from the configuration, use the no form of this command. domain domain-name no domain domain-name Syntax Description domain-name Defaults There are no default values.
Chapter 2 Content Switching Module with SSL Commands idle (virtual server submode) idle (virtual server submode) To control the amount of time the CSM maintains connection information in the absence of packet activity, use the idle command in the SLB virtual server configuration submode. To change the idle timer to its default value, use the no form of this command. idle duration no idle Syntax Description duration Defaults The default is 3600.
Chapter 2 Content Switching Module with SSL Commands inservice (virtual server submode) inservice (virtual server submode) To enable the virtual server for load balancing, use the inservice command in the SLB virtual server configuration submode. To remove the virtual server from service, use the no form of this command. inservice no inservice Syntax Description This command has no keywords or arguments. Defaults The virtual server is not in service.
Chapter 2 Content Switching Module with SSL Commands owner (virtual server submode) owner (virtual server submode) To define an owner that may access the virtual server, use the owner command in the SLB virtual server submode. To remove the owner, use the no form of this command. owner owner-name maxconns number no owner maxconns Syntax Description owner-name Name of the owner object. maxconns Sets the maximum number of connections for this owner. number Maximum number of connections.
Chapter 2 Content Switching Module with SSL Commands parse-length (virtual server submode) parse-length (virtual server submode) To set the maximum number of bytes to parse for URLs and cookies, use the parse-length command in the SLB virtual server configuration submode. To restore the default, use the no form of this command. parse-length bytes no parse-length Syntax Description bytes Defaults The default is 600.
Chapter 2 Content Switching Module with SSL Commands pending (virtual server submode) pending (virtual server submode) To set the pending connection timeout, use the pending command in the SLB virtual server configuration submode. To restore the default, use the no form of this command. pending timeout no pending Syntax Description timeout Defaults The default pending timeout is 30 seconds.
Chapter 2 Content Switching Module with SSL Commands persistent rebalance (virtual server submode) persistent rebalance (virtual server submode) To enable or disable HTTP 1.1 persistence for connections in the virtual server, use the persistent rebalance command in the SLB virtual server configuration submode. To disable persistence, use the no form of this command. persistent rebalance no persistent rebalance Syntax Description This command has no keywords or arguments.
Chapter 2 Content Switching Module with SSL Commands replicate csrp (virtual server submode) replicate csrp (virtual server submode) To enable connection redundancy, use the replicate csrp command in the SLB virtual server configuration submode. To disable connection redundancy, use the no form of this command. replicate csrp {sticky | connection} no replicate csrp {sticky | connection} Syntax Description sticky Replicates the sticky database to the backup CSM.
Chapter 2 Content Switching Module with SSL Commands reverse-sticky (virtual server submode) reverse-sticky (virtual server submode) To ensure that the CSM switches connections in the opposite direction back to the original source, use the reverse-sticky command in the virtual server submode. To remove the reverse-sticky option from the policy or the default policy of a virtual server, use the no form of this command.
Chapter 2 Content Switching Module with SSL Commands serverfarm (virtual server submode) serverfarm (virtual server submode) To associate a server farm with a virtual server, use the serverfarm command in SLB virtual server configuration submode. To remove a server farm association from the virtual server, use the no form of this command.
Chapter 2 Content Switching Module with SSL Commands serverfarm (virtual server submode) By default, the sticky option does not apply to the backup server farm. To remove the backup server farm, you can either use the serverfarm command without the backup option or use the no serverfarm command.
Chapter 2 Content Switching Module with SSL Commands slb-policy (virtual server submode) slb-policy (virtual server submode) To associate a load-balancing policy with a virtual server, use the slb-policy command in the SLB virtual server configuration submode. To remove a policy from a virtual server, use the no form of this command. slb-policy policy-name [priority priority_value] no slb-policy policy-name Syntax Description policy-name Policy associated with a virtual server.
Chapter 2 Content Switching Module with SSL Commands ssl-sticky (virtual server submode) ssl-sticky (virtual server submode) To allow SSL sticky operation, use the ssl-sticky command in the SLB virtual server configuration submode. To remove the SSL sticky feature, use the no form of this command. ssl-sticky offset X length Y no ssl-sticky Syntax Description offset Specifies the SSL ID offset. X Sets the offset value. length Specifies the SSL ID length. Y Sets the length.
Chapter 2 Content Switching Module with SSL Commands status-tracking (virtual server submode) status-tracking (virtual server submode) To link virtual servers to create a virtual server dependency, use the status-tracking command. If a virtual server goes out of service, the specified dependent virtual server is taken out of service automatically. status-tracking vserver_name Syntax Description vserver_name Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands sticky (virtual server submode) sticky (virtual server submode) To ensure that connections from the client use the same real server, use the sticky command in the virtual server submode. To change the sticky timer to its default value and remove the sticky option from the virtual server, use the no form of this command.
Chapter 2 Content Switching Module with SSL Commands sticky (virtual server submode) Examples This example shows how to set the sticky timer duration and places the virtual server in a sticky group for connection coupling: Cat6k-2(config-module-csm)# vserver PUBLIC_HTTP Cat6k-2(config-slb-vserver)# sticky 60 group 3 Related Commands advertise (virtual server submode) reverse-sticky (virtual server submode) show module csm sticky show module csm vserver redirect sticky sticky-group (policy submode) Cat
Chapter 2 Content Switching Module with SSL Commands unidirectional (virtual server submode) unidirectional (virtual server submode) To select the traffic type and appropriate timeout value, use the unidirectional command in the SLB virtual server submode. [no | default] unidirectional Syntax Description no (Optional) Removes the traffic type and timeout values from the configuration.
Chapter 2 Content Switching Module with SSL Commands url-hash (virtual server submode) url-hash (virtual server submode) To set the beginning and ending pattern of a URL to parse URLs for the URL hash load-balancing algorithm, use the url-hash command in the SLB virtual server configuration submode. To remove the hashing from service, use the no form of this command. url-hash {begin-pattern | end-pattern} pattern no url-hash Syntax Description begin-pattern Specifies the beginning of the URL to parse.
Chapter 2 Content Switching Module with SSL Commands virtual (virtual server submode) virtual (virtual server submode) To configure virtual server attributes, use the virtual command in the SLB virtual server configuration submode. To set the virtual server’s IP address to 0.0.0.0 and its port number to zero, use the no form of this command.
Chapter 2 Content Switching Module with SSL Commands virtual (virtual server submode) Usage Guidelines Clients connecting to the virtual server use this address to access the server farm. A port of 0 (or any) means that this virtual server handles all ports not specified for handling by another virtual server with the same IP address. The port is used only for TCP or UDP load balancing. No virtual servers can be configured with the same virtual settings and VLAN.
Chapter 2 Content Switching Module with SSL Commands virtual (virtual server submode) Examples This example shows how to create a virtual server and assign it an IP address, protocol, and port: Cat6k-2(config-slb-vserver)# virtual 102.35.44.
Chapter 2 Content Switching Module with SSL Commands vlan (virtual server submode) vlan (virtual server submode) To define which source VLANs may access the virtual server, use the vlan command in the SLB virtual server submode. To remove the VLAN, use the no form of this command. vlan vlan-number local no vlan Syntax Description vlan-number VLAN that the virtual server may access. local Allows the virtual server to accept connections from the SSL daughter card. Defaults The default is all VLANs.
Chapter 2 Content Switching Module with SSL Commands vlan vlan To define which source VLANs may access the virtual server, and then enter the VLAN submode, use the vlan command in the CSM submode. To remove the VLAN, use the no form of this command. vlan vlan-number [client | server] no vlan Syntax Description vlan-number VLAN that the virtual server may access. client | server (Optional) Specifies the client-side or server-side VLAN. Defaults The default is all VLANs.
Chapter 2 Content Switching Module with SSL Commands alias (VLAN submode) alias (VLAN submode) To assign multiple IP addresses to the CSM, use the alias command in the SLB VLAN configuration submode.To remove an alias IP addresses from the configuration, use the no form of this command. alias ip-address netmask no alias ip-address netmask Syntax Description ip-address Alias IP address; a maximum of 255 addresses are allowed per VLAN. netmask Network mask.
Chapter 2 Content Switching Module with SSL Commands alias (VLAN submode) Related Commands show module csm vlan vlan (XML submode) Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference 2-190 OL-7029-01
Chapter 2 Content Switching Module with SSL Commands description (VLAN submode) description (VLAN submode) To add a description for the VLAN, use the description command in the SLB VLAN configuration submode.To remove the description, use the no form of this command. description line no description Syntax Description line Description text. Defaults This command has no default settings. Command Modes SLB VLAN configuration submode Command History Release Modification CSM release 4.
Chapter 2 Content Switching Module with SSL Commands gateway (VLAN submode) gateway (VLAN submode) To configure a gateway IP address, use the gateway command in the SLB VLAN configuration submode.To remove the gateway from the configuration, use the no form of this command. gateway ip-address no gateway ip-address Syntax Description ip-address IP address of the client-side gateway. Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands ip address (VLAN submode) ip address (VLAN submode) To assign an IP address to the CSM that is used for probes and ARP requests on a VLAN, use the ip address command in the SLB VLAN configuration submode.To remove the CSM IP address and disable probes and ARP requests from the configuration, use the no form of this command. ip address active_ip_addr netmask alt standby_ip_addr netmask no ip address Syntax Description netmask Network mask.
Chapter 2 Content Switching Module with SSL Commands route (VLAN submode) route (VLAN submode) To configure networks that are one Layer 3 hop away from the CSM, use the route command in the SLB VLAN configuration submode.To remove the subnet or gateway IP address from the configuration, use the no form of this command. route ip-address netmask gateway gw-ip-address no route ip-address netmask gateway gw-ip-address Syntax Description ip-address Subnet IP address. netmask Network mask.
Chapter 2 Content Switching Module with SSL Commands xml-config xml-config To enable XML for a CSM module, and then enter the XML configuration submode, use the xml-config command. To remove the XML configuration, use the no form of this command. xml-config no xml-config Defaults This command has no default settings. Command Modes Module CSM configuration submode Command History Release Modification CSM release 3.1(1) This command was introduced. CSM-S release 1.
Chapter 2 Content Switching Module with SSL Commands client-group (XML submode) client-group (XML submode) To allow only connections sourced from an IP address matching the client group, use the client-group command in the SLB XML configuration submode. To remove the client group connections, use the no form of this command. client-group [1–99 | name] no client-group Syntax Description 1–99 (Optional) Client group number. name (Optional) Name of the client group.
Chapter 2 Content Switching Module with SSL Commands credentials (XML submode) credentials (XML submode) To define one or more username and password combinations, use the credentials command in the SLB XML configuration submode. To remove the credentials, use the no form of this command. credentials user-name password no credentials user-name Syntax Description user-name Name of the credentials user. password Password for the credentials user. Defaults This command has no default settings.
Chapter 2 Content Switching Module with SSL Commands inservice (XML submode) inservice (XML submode) To enable XML for use by the CSM, use the inservice command in the SLB XML configuration submode. If this command is not specified, XML is not used. To disable XML, use the no form of this command. inservice no inservice Defaults This command has no default settings. Command Modes SLB XML configuration submode Command History Release Modification CSM release 3.1(1) This command was introduced.
Chapter 2 Content Switching Module with SSL Commands port (XML submode) port (XML submode) To specify the TCP port on which the CSM HTTP server listens, use the port command in the SLB XML configuration submode. To remove the port, use the no form of this command. port port-number no port Syntax Description port-number Defaults The default is port 80. Command Modes SLB XML configuration submode Command History Release Examples Sets the CSM port. Modification CSM release 3.
Chapter 2 Content Switching Module with SSL Commands vlan (XML submode) vlan (XML submode) To restrict the CSM HTTP server to accept connections only from the specified VLAN, use the vlan command in the SLB XML configuration submode. To specify that all VLANs are accepted, use the no form of this command. vlan id no vlan Syntax Description id Defaults All VLANs are accepted. Command Modes SLB XML configuration submode Command History Release Examples VLAN name. Modification CSM release 3.
C H A P T E R 3 Commands Specific to the Content Switching Module with SSL This chapter contains an alphabetical listing of SSL specific commands for the Catalyst 6500 series switch Content Switching Module with SSL. These commands are not supported on the Catalyst 6500 series switch Content Switching Module.
Chapter 3 Table 3-1 Commands Specific to the Content Switching Module with SSL Command Descriptions (continued) Command Description show ssl-proxy conn Displays the TCP connections from the SSL Services Module. show ssl-proxy crash-info Displays the crash information. show ssl-proxy mac address Displays the current MAC address. show ssl-proxy natpool Displays NAT pool information. show ssl-proxy policy Displays the configured SSL or TCP policies.
Chapter 3 Commands Specific to the Content Switching Module with SSL Table 3-2 lists the modes and submode commands.
Chapter 3 Table 3-2 Commands Specific to the Content Switching Module with SSL Commands and Submode Commands (continued) Commands Submode Commands ssl-proxy service certificate rsa general-purpose trustpoint trustpoint-name default {nat} exit help inservice nat {server | client natpool-name} server ipaddr ip-addr protocol protocol port portno server policy tcp server-side-tcp-policy-name virtual {ipaddr ip-addr} {protocol protocol} {port portno} [secondary] virtual {policy ssl ssl-policy-name} virtua
Chapter 3 Commands Specific to the Content Switching Module with SSL clear ssl-proxy conn clear ssl-proxy conn To clear all TCP connections on the entire system, use the clear ssl-proxy conn command. clear ssl-proxy conn [service name] Syntax Description service name Defaults This command has no default settings. Command Modes EXEC Command History Release Modification Cisco IOS Release 12.1(13)E and SSL Services Module Release 1.
Chapter 3 Commands Specific to the Content Switching Module with SSL clear ssl-proxy session clear ssl-proxy session To clear all entries from the session cache, use the clear ssl-proxy session command. clear ssl-proxy session [service name] Syntax Description service name Defaults This command has no default settings. Command Modes EXEC Command History Release Modification SSL Services Module Release 1.2(1) Support for this command was introduced on the Catalyst 6500 series switches.
Chapter 3 Commands Specific to the Content Switching Module with SSL clear ssl-proxy stats clear ssl-proxy stats To reset the statistics counters that are maintained in the different system components on the Content Switching Module with SSL, use the clear ssl-proxy stats command. clear ssl-proxy stats [crypto | fdu | ipc | pki | service | ssl | tcp] Syntax Description crypto (Optional) Clears statistics information about the crypto. fdu (Optional) Clears statistics information about the F6DU.
Chapter 3 Commands Specific to the Content Switching Module with SSL crypto ca export pem crypto ca export pem To export privacy-enhanced mail (PEM) files from the Content Switching Module with SSL, use the crypto ca export pem command. crypto ca export trustpoint_label pem {terminal {des | 3des} {url url}} pass_phrase Syntax Description trustpoint-label Name of the trustpoint. terminal Displays the request on the terminal. des Specifies the 56-bit DES-CBC encryption algorithm.
Chapter 3 Commands Specific to the Content Switching Module with SSL crypto ca export pem You can change the default file extensions when prompted. The default file extensions are as follows: Note Examples • public key (.pub) • private key (.prv) • certificate (.crt) • CA certificate (.ca) • signature key (-sign) • encryption key (-encr) In SSL software release 1.2, only the private key (.prv), the server certificate (.crt), and the issuer CA certificate (.
Chapter 3 Commands Specific to the Content Switching Module with SSL crypto ca import pem crypto ca import pem To import a PEM-formatted file to the Content Switching Module with SSL, use the crypto ca import pem command. crypto ca import trustpoint_label pem [exportable] {terminal | url url | usage-keys} pass_phrase Syntax Description trustpoint-label Name of the trustpoint. exportable (Optional) Specifies the key that can be exported. terminal Displays the request on the terminal.
Chapter 3 Commands Specific to the Content Switching Module with SSL crypto ca import pem The crypto ca import pem command imports only the private key (.prv), the server certificate (.crt), and the issuer CA certificate (.ca). If you have more than one level of CA in the certificate chain, you need to import the root and subordinate CA certificates before this command is issued for authentication. Use cut-and-paste or TFTP to import the root and subordinate CA certificates.
Chapter 3 Commands Specific to the Content Switching Module with SSL crypto ca export pkcs12 crypto ca export pkcs12 To export a PKCS12 file from the Content Switching Module with SSL, use the crypto ca export pkcs12 command. crypto ca export trustpoint_label pkcs12 file_system [pkcs12_filename] pass_phrase Syntax Description trustpoint_label Specifies the trustpoint label. file_system Specifies the file system.
Chapter 3 Commands Specific to the Content Switching Module with SSL crypto ca export pkcs12 Writing TP1.p12 Writing pkcs12 file to scp://admin-1@10.1.1.1/TP1.p12 Password: ! CRYPTO_PKI:Exported PKCS12 file successfully.
Chapter 3 Commands Specific to the Content Switching Module with SSL crypto ca import pkcs12 crypto ca import pkcs12 To import a PKCS12 file to the Content Switching Module with SSL, use the crypto ca import command. crypto ca import trustpoint_label pkcs12 file_system [pkcs12_filename] pass_phrase Syntax Description trustpoint_label file_system Specifies the trustpoint label. Specifies the file system.
Chapter 3 Commands Specific to the Content Switching Module with SSL crypto ca import pkcs12 Examples This example shows how to import a PKCS12 file using SCP: ssl-proxy(config)# crypto ca import TP2 pkcs12 scp: sky is blue Address or name of remote host []? 10.1.1.1 Source username [ssl-proxy]? admin-1 Source filename [TP2]? /users/admin-1/pkcs12/TP2.p12 Password:password Sending file modes:C0644 4379 TP2.p12 ! ssl-proxy(config)# *Aug 22 12:30:00.
Chapter 3 Commands Specific to the Content Switching Module with SSL crypto key export rsa pem crypto key export rsa pem To export a PEM-formatted RSA key to the Content Switching Module with SSL, use the crypto key export rsa pem command. crypto key export rsa keylabel pem {terminal | url url} {{3des | des} [exportable] pass_phrase} Syntax Description keylabel Name of the key. terminal Displays the request on the terminal. url url Specifies the URL location.
Chapter 3 Commands Specific to the Content Switching Module with SSL crypto key export rsa pem Examples This example shows how to export a key from the Content Switching Module with SSL: ssl-proxy(config)# crypto key export rsa test-keys pem url scp: 3des password % Key name:test-keys Usage:General Purpose Key Exporting public key... Address or name of remote host []? 7.0.0.7 Destination username [ssl-proxy]? lab Destination filename [test-keys.pub]? Password: Writing test-keys.
Chapter 3 Commands Specific to the Content Switching Module with SSL crypto key import rsa pem crypto key import rsa pem To import a PEM-formatted RSA key from an external system, use the crypto key import rsa pem command. crypto key import rsa keylabel pem [usage-keys] {terminal | url url} [exportable] passphrase} Syntax Description keylabel Name of the key. usage-keys (Optional) Specifies that two special-usage key pairs should be generated, instead of one general-purpose key pair.
Chapter 3 Commands Specific to the Content Switching Module with SSL crypto key import rsa pem Examples This example shows how to import a PEM-formatted RSA key from an external system and export the PEM-formatted RSA key to the Content Switching Module with SSL: ssl-proxy(config)# crypto key import rsa newkeys pem url scp: password % Importing public key or certificate PEM file... Address or name of remote host []? 7.0.0.7 Source username [ssl-proxy]? lab Source filename [newkeys.pub]? test-keys.
Chapter 3 Commands Specific to the Content Switching Module with SSL debug ssl-proxy debug ssl-proxy To turn on the debug flags in different system components, use the debug ssl-proxy command. Use the no form of this command to turn off the debug flags. debug ssl-proxy {app | fdu [type] | ipc | pki [type] | ssl [type] | tcp [type]} Syntax Description app Turns on App debugging. fdu type Turns on FDU debugging; (optional) type valid values are cli, hash, ipc, and trace.
Chapter 3 Commands Specific to the Content Switching Module with SSL debug ssl-proxy The pki type includes the following values: • certs—Debugs the certificate management. • events—Debugs events. • history—Debugs the certificate history. • ipc—Debugs the IPC messages and buffers. • key—Debugs key management. The ssl type includes the following values: Note • alert—Debugs the SSL alert events. • error—Debugs the SSL error events. • handshake—Debugs the SSL handshake events.
Chapter 3 Commands Specific to the Content Switching Module with SSL debug ssl-proxy This example shows how to turn on TCP debugging: ssl-proxy# debug ssl-proxy tcp ssl-proxy# This example shows how to turn off TCP debugging: ssl-proxy# no debug ssl-proxy tcp ssl-proxy# Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference 3-22 OL-7029-01
Chapter 3 Commands Specific to the Content Switching Module with SSL do do To execute EXEC-level commands from global configuration mode or other configuration modes or submodes, use the do command. do command Syntax Description command Defaults This command has no default settings. Command Modes Global configuration or any other configuration mode or submode from which you are executing the EXEC-level command. Command History Release Modification Cisco IOS Release 12.
Chapter 3 Commands Specific to the Content Switching Module with SSL show ssl-proxy admin-info show ssl-proxy admin-info To display the administration VLAN and related IP and gateway addresses, use the show ssl-proxy admin-info command. show ssl-proxy admin-info Syntax Description This command has no arguments or keywords. Defaults This command has no default settings. Command Modes EXEC Command History Release Modification Cisco IOS Release 12.1(13)E and SSL Services Module Release 1.
Chapter 3 Commands Specific to the Content Switching Module with SSL show ssl-proxy buffers show ssl-proxy buffers To display information about TCP buffer usage, use the show ssl-proxy buffers command. show ssl-proxy buffers Syntax Description This command has no arguments or keywords. Defaults This command has no default settings. Command Modes EXEC Command History Release Modification Cisco IOS Release 12.1(13)E and SSL Services Module Release 1.
Chapter 3 Commands Specific to the Content Switching Module with SSL show ssl-proxy certificate-history show ssl-proxy certificate-history To display information about the event history of the certificate, use the show ssl-proxy certificate-history command. show ssl-proxy certificate-history [service [name]] Syntax Description service name Defaults This command has no default settings. Command Modes EXEC Command History Release Modification Cisco IOS Release 12.
Chapter 3 Commands Specific to the Content Switching Module with SSL show ssl-proxy certificate-history Examples This example shows how to display the event history of all the certificate processing: ssl-proxy# show ssl-proxy certificate-history Record 1, Timestamp:00:00:51, 16:36:34 UTC Oct 31 2002 Installed Server Certificate, Index 5 Proxy Service:s1, Trust Point:t3 Key Pair Name:k3, Key Usage:RSA General Purpose, Exportable Time of Key Generation:12:27:58 UTC Oct 30 2002 Subject Name:OID.1.2.840.
Chapter 3 Commands Specific to the Content Switching Module with SSL show ssl-proxy certificate-history This example shows how to display the certificate record for a specific proxy service: ssl-proxy# show ssl-proxy certificate-history service s6 Record 3, Timestamp:00:01:34, 16:37:18 UTC Oct 31 2002 Installed Server Certificate, Index 7 Proxy Service:s6, Trust Point:t10 Key Pair Name:k10, Key Usage:RSA General Purpose, Exportable Time of Key Generation:07:56:43 UTC Oct 11 2002 Subject Name:CN = host1.
Chapter 3 Commands Specific to the Content Switching Module with SSL show ssl-proxy conn show ssl-proxy conn To display the TCP connections from the Content Switching Module with SSL, use the show ssl-proxy conn command.
Chapter 3 Commands Specific to the Content Switching Module with SSL show ssl-proxy conn Examples These examples show different ways to display the TCP connection that is established from the Content Switching Module with SSL: ssl-proxy# show ssl-proxy conn Connections for TCP module 1 Local Address Remote Address --------------------- --------------------2.0.0.10:4430 1.200.200.14:48582 1.200.200.14:48582 2.100.100.
Chapter 3 Commands Specific to the Content Switching Module with SSL show ssl-proxy conn ssl-proxy# show ssl-proxy conn 4tuple remote ip 1.200.200.14 Connections for TCP module 1 Local Address Remote Address VLAN Conid Send-Q Recv-Q State --------------------- --------------------- ---- ------ ------ ------ -----2.50.50.131:443 1.200.200.14:38814 2 58796 0 0 TWAIT No Bound Connection 2.50.50.131:443 No Bound Connection 1.200.200.14:38815 2 58800 0 0 TWAIT 2.50.50.131:443 No Bound Connection 1.200.
Chapter 3 Commands Specific to the Content Switching Module with SSL show ssl-proxy crash-info show ssl-proxy crash-info To collect information about the software-forced reset from the Content Switching Module with SSL, use the show ssl-proxy crash-info command. show ssl-proxy crash-info [brief | details] Syntax Description brief (Optional) Collects a small subset of software-forced reset information, limited to processor registers.
Chapter 3 Commands Specific to the Content Switching Module with SSL show ssl-proxy crash-info t0 :00247834, t1 :02BFAAA0, t2 :02BF8BB0, t3 :02BF8BA0 t4 :02BF8BB0, t5 :00247834, t6 :00000000, t7 :00000001 s0 :00000000, s1 :0024783C, s2 :00000000, s3 :00000000 s4 :00000001, s5 :0000003C, s6 :00000019, s7 :0000000F t8 :00000001, t9 :00000001, k0 :00400001, k1 :00000000 gp :0023AE80, sp :031FFF58, s8 :00000019, ra :00216894 LO :00000000, HI :0000000A, BADVADDR :828D641C EPC :00222D48, ErrorEPC :BFC02308, SRE
Chapter 3 Commands Specific to the Content Switching Module with SSL show ssl-proxy mac address show ssl-proxy mac address To display the current MAC address, use the show ssl-proxy mac address command. show ssl-proxy mac address Syntax Description This command has no arguments or keywords. Defaults This command has no default settings. Command Modes EXEC Command History Release Modification Cisco IOS Release 12.1(13)E and SSL Services Module Release 1.
Chapter 3 Commands Specific to the Content Switching Module with SSL show ssl-proxy natpool show ssl-proxy natpool To display information about the NAT pool, use the show ssl-proxy natpool command. show ssl-proxy natpool [name] Syntax Description name Defaults This command has no default settings. Command Modes EXEC Command History Release (Optional) NAT pool name. Modification Support for this command was introduced on the Catalyst 6500 series Cisco IOS Release switches. 12.
Chapter 3 Commands Specific to the Content Switching Module with SSL show ssl-proxy policy show ssl-proxy policy To display the configured SSL proxy policies, use the show ssl-proxy policy command. show ssl-proxy policy {http-header | ssl | tcp | url-rewrite} [name] Syntax Description http-header Displays the configured HTTP header policies. ssl Displays the configured SSL policies. tcp Displays the configured TCP policies. url-rewrite Displays the configured URL rewrite policies.
Chapter 3 Commands Specific to the Content Switching Module with SSL show ssl-proxy policy SSL Versions enabled:SSL3.0, TLS1.
Chapter 3 Commands Specific to the Content Switching Module with SSL show ssl-proxy service show ssl-proxy service To display information about the configured SSL virtual service, use the show ssl-proxy service command. show ssl-proxy service [name] Syntax Description name Defaults This command has no default settings. Command Modes EXEC Command History Release (Optional) Service name. Modification Cisco IOS Release Support for this command was introduced on the Catalyst 6500 series 12.
Chapter 3 Commands Specific to the Content Switching Module with SSL show ssl-proxy service Proxy status: No Client VLAN, No Server VLAN ssl-proxy# Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference OL-7029-01 3-39
Chapter 3 Commands Specific to the Content Switching Module with SSL show ssl-proxy stats show ssl-proxy stats To display information about the statistics counter, use the show ssl-proxy stats command. show ssl-proxy stats [type] Syntax Description type Defaults This command has no default settings. Command Modes EXEC Command History Release Modification Cisco IOS Release 12.1(13)E and SSL Services Module Release 1.
Chapter 3 Commands Specific to the Content Switching Module with SSL show ssl-proxy stats Data packets sent Total Pkts rcvd Bytes rcvd in seq SSL Statistics: conns attempted full handshakes active conns renegs attempted handshake failures fatal alerts rcvd no-cipher alerts no-compress alerts pad errors FDU Statistics: IP Frag Drops Conn Id Drops Vlan Id Drops IOS Congest Drops Hash Full Drops Flow Creates conn_id allocs Tagged Drops Add ipcs Disable ipcs Unsolicited ipcs IOS broadcast pkts IOS total pkts
Chapter 3 Commands Specific to the Content Switching Module with SSL show ssl-proxy stats Intermediate CA certificate added: 0 Intermediate CA certificate deleted: 0 Root CA certificate added: 0 Root CA certificate deleted: 0 Certificate overwritten: 0 History records written: 0 History records read from NVRAM: 0 Key cert table entries in use: 0 ssl-proxy# This example shows how to display the FDU statistics: ssl-proxy# show ssl-prox stats fdu FDU Statistics: IP Frag Drops : 0 IP Addr Discards : 0 Conn
Chapter 3 Commands Specific to the Content Switching Module with SSL show ssl-proxy status show ssl-proxy status To display information about the Content Switching Module with SSL proxy status, use the show ssl-proxy status command. show ssl-proxy status Syntax Description This command has no arguments or keywords. Defaults This command has no default settings. Command Modes EXEC Command History Release Modification Cisco IOS Release 12.1(13)E and SSL Services Module Release 1.
Chapter 3 Commands Specific to the Content Switching Module with SSL show ssl-proxy status SSL cpu is alive! SSL cpu utilization: % process util : 0 % interrupt util : 0 proc cycles : 0xD475444 total cycles: 0xB958CCEB8059 % process util (5 sec) : 0 % process util (1 min) % process util (5 min) : 0 : 0 int cycles : 0x21865088E % interrupt util (5 sec) : 0 % interrupt util (1 min): 0 % interrupt util (5 min) : 0 Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference 3-44
Chapter 3 Commands Specific to the Content Switching Module with SSL show ssl-proxy version show ssl-proxy version To display the current image version, use the show ssl-proxy version command. show ssl-proxy version Syntax Description This command has no arguments or keywords. Defaults This command has no default settings. Command Modes EXEC Command History Release Modification Cisco IOS Release 12.1(13)E and SSL Services Module Release 1.
Chapter 3 Commands Specific to the Content Switching Module with SSL show ssl-proxy vlan show ssl-proxy vlan To display VLAN information, use the show ssl-proxy vlan command. show ssl-proxy vlan [vlan-id | debug] Syntax Description vlan-id (Optional) VLAN ID. Displays information for a specific VLAN; valid values are from 1 to 1005. debug (Optional) Displays debug information. Defaults This command has no default settings.
Chapter 3 Commands Specific to the Content Switching Module with SSL show ssl-proxy vts show ssl-proxy vts To display SSL proxy VLAN information, use the show ssl-proxy vlan command. show ssl-proxy vlan [vlan-id | debug] Syntax Description vlan-id (Optional) VLAN ID. Displays information for a specific VLAN; valid values are from 1 to 1005. debug (Optional) Displays debug information. Defaults This command has no default settings.
Chapter 3 Commands Specific to the Content Switching Module with SSL snmp-server enable snmp-server enable To configure the SNMP traps and informs, use the snmp-server enable command. Use the no form of this command to disable SNMP traps and informs.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy crypto selftest ssl-proxy crypto selftest To initiate a cryptographic self-test, use the ssl-proxy crypto selftest command. Use the no form of this command to disable the testing. ssl-proxy crypto selftest [time-interval seconds] no ssl-proxy crypto selftest Syntax Description time-interval seconds Defaults 3 seconds Command Modes Global configuration Command History Release Modification Cisco IOS Release 12.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy mac address ssl-proxy mac address To configure a MAC address, use the ssl-proxy mac address command. ssl-proxy mac address mac-addr Syntax Description mac-addr Defaults This command has no default settings. Command Modes Global configuration Command History Release Modification Cisco IOS Release 12.1(13)E and SSL Services Module Release 1.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy natpool ssl-proxy natpool To define a pool of IP addresses, which the Content Switching Module with SSL uses for implementing the client NAT, use the ssl-proxy natpool command. ssl-proxy natpool nat-pool-name start-ip-addr {netmask netmask} Syntax Description nat-pool-name NAT pool name. start-ip-addr Specifies the first IP address in the pool.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy pki ssl-proxy pki To configure and define the PKI implementation on the Content Switching Module with SSL, use the ssl-proxy pki command.Use the no form of this command to disable the logging and clear the memory.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy pki Usage Guidelines The ssl-proxy pki history command enables logging of certificate history records per-proxy service into memory and generates a syslog message per record. Each record tracks the addition or deletion of a key pair or certificate into the proxy services key and the certificate table.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy policy http-header ssl-proxy policy http-header To enter the HTTP header insertion configuration submode, use the ssl-proxy policy http-header command. ssl-proxy policy http-header http-header-policy-name Syntax Description http-header-policy-name Defaults This command has no default settings. Command Modes Global configuration Command History Release HTTP header policy name.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy policy http-header Table 3-3 lists the commands available in HTTP header insertion configuration submode. Table 3-3 Examples HTTP Header Insertion Configuration Submode Command Descriptions client-cert Allows the back-end server to see the attributes of the client certificate that the SSL module has authenticated and approved.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy policy ssl ssl-proxy policy ssl To enter the SSL-policy configuration submode, use the ssl-proxy policy ssl command. In the SSL-policy configuration submode, you can define the SSL policy for one or more SSL-proxy services. ssl-proxy policy ssl ssl-policy-name Syntax Description ssl-policy-name Defaults The defaults are as follows: SSL policy name. • cipher is all. • close-protocol is enabled.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy policy ssl Table 3-4 lists the commands available in SSL-policy configuration submode. Table 3-4 SSL-Policy Configuration Submode Command Descriptions cipher-suite {RSA_WITH_3DES_EDE_CBC_SHA | RSA_WITH_DES_CBC_SHA | RSA_WITH_RC4_128_MD5 | RSA_WITH_RC4_128_SHA | all} Allows you to configure a list of cipher-suites acceptable to the proxy-server; see the “Usage Guidelines” section for information about the cipher suites.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy policy ssl • RSA_WITH_RC4_128_SHA—RSA with rc4-sha • all—All supported ciphers If you enter the timeout session timeout absolute command, the session entry is kept in the session cache for the configured timeout before it is cleaned up. If the session cache is full, the timers are active for all the entries, the absolute keyword is configured, and all further new sessions are rejected.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy policy ssl These examples show how to enable the support of different SSL versions: ssl-proxy ssl-proxy ssl-proxy ssl-proxy (config-ssl-policy)# version all (config-ssl-policy)# version ssl3 (config-ssl-policy)# version tls1 (config-ssl-policy)# This example shows how to print out a help page: ssl-proxy (config-ssl-policy)# help ssl-proxy (config-ssl-policy)# Related Commands show ssl-proxy stats show ssl-proxy stats ssl C
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy policy tcp ssl-proxy policy tcp To enter the proxy policy TCP configuration submode, use the ssl-proxy policy tcp command. In proxy-policy TCP configuration submode, you can define the TCP policy templates. ssl-proxy policy tcp tcp-policy-name Syntax Description tcp-policy-name Defaults The defaults are as follows: TCP policy name. • timeout inactivity is 240 seconds. • timeout fin-wait is 600 seconds.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy policy tcp Table 3-5 lists the commands that are available in proxy-policy TCP configuration submode. Table 3-5 Proxy-policy TCP Configuration Submode Command Descriptions default Sets a command to its default settings. exit Exits from proxy-service configuration submode. [no] timeout fin-wait timeout-in-seconds Allows you to configure the FIN wait timeout; valid values are from 75 to 600 seconds.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy policy tcp These examples show how to set a given command to its default value: ssl-proxy ssl-proxy ssl-proxy ssl-proxy ssl-proxy ssl-proxy ssl-proxy (config-tcp-policy)# (config-tcp-policy)# (config-tcp-policy)# (config-tcp-policy)# (config-tcp-policy)# (config-tcp-policy)# (config-tcp-policy)# default default default default default default timeout fin-wait inactivity-timeout buffer-share rx buffer-share tx mss timeout sy
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy policy url-rewrite ssl-proxy policy url-rewrite To enter the URL rewrite configuration submode, use the ssl-proxy policy url-rewrite command. In URL rewrite configuration submode, you can define the URL-rewrite content policy that is applied to the payload. ssl-proxy policy url-rewrite url-rewrite-policy-name Syntax Description url-rewrite-policy-name Defaults This command has no arguments or keywords.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy policy url-rewrite Table 3-6 Proxy-policy Configuration Submode Command Descriptions (continued) clearport port-number (Optional) Specifies the port portion of the URL link that is to be rewritten; valid values are from 1 to 65535. sslport port-number (Optional) Specifies the port portion of the URL link that is to be written; valid values are from 1 to 65535. Enter the no form of the command to remove the policy.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy pool ca ssl-proxy pool ca To enter the certificate authority pool configuration submode, use the ssl-proxy pool ca command. In the certificate authority pool configuration submode, you can configure a certificate authority pool, which lists the CAs that the module can trust. ssl-proxy pool ca-pool-name Syntax Description ca-pool-name Defaults This command has no arguments or keywords.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy service ssl-proxy service To enter the proxy-service configuration submode, use the ssl-proxy-service command. ssl-proxy service ssl-proxy-name [client] Syntax Description ssl-proxy-name SSL proxy name. client (Optional) Allows you to configure the SSL-client proxy services. See the ssl-proxy service client command. Defaults Server NAT is enabled, and client NAT is disabled.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy service In most cases, all of the SSL-server-proxy configurations that are performed are also valid for the SSL-client-proxy configuration, except for the following: • You must configure a certificate for the SSL-server-proxy but you do not have to configure a certificate for the SSL-client-proxy.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy service Both secured and bridge mode between the Content Switching Module (CSM) and the Content Switching Module with SSL is supported. Use the secondary keyword (optional) for bridge-mode topology.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy service This example shows how to configure a NAT pool for the client address that is used in the server connection of the specified service SSL offload: ssl-proxy (config-ssl-proxy)# nat client NP1 ssl-proxy (config-ssl-proxy)# This example shows how to enable a NAT server address for the server connection of the specified service SSL offload: ssl-proxy (config-ssl-proxy)# nat server ssl-proxy (config-ssl-proxy)# Related Com
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy service client ssl-proxy service client To enter the client proxy-service configuration submode, use the ssl-proxy service client command. ssl-proxy service ssl-proxy-name client Syntax Description ssl-proxy-name Defaults Client NAT is disabled. Command Modes Global configuration Command History Release Modification SSL Services Module Release 2.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy service client Table 3-9 Proxy-client Configuration Submode Command Descriptions (continued) Syntax Description nat {server | client natpool-name} Specifies the usage of either server NAT or client NAT for the server side connection that is opened by the Content Switching Module with SSL. policy urlrewrite policy-name Applies a URL rewrite policy to the proxy server.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy service client This example shows how to configure the TCP policy for the specified virtual server: ssl-proxy (config-ssl-proxy)# virtual policy tcp tcppl1 ssl-proxy (config-ssl-proxy)# This example shows how to configure a clear-text web server for the Content Switching Module with SSL to forward the decrypted traffic: ssl-proxy (config-ssl-proxy)# server ipaddr 207.50.0.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy ssl ratelimit ssl-proxy ssl ratelimit To prohibit new connections during overload conditions, use the ssl-proxyy ssl ratelimit command. Use the no form of this command to allow new connections if memory is available. ssl-proxyy ssl ratelimit no ssl-proxyy ssl ratelimit Syntax Description This command has no arguments or keywords. Defaults This command has no default settings.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy vlan ssl-proxy vlan To enter the proxy-VLAN configuration submode, use the ssl-proxy vlan command. In proxy-VLAN configuration submode, you can configure a VLAN for the Content Switching Module with SSL. ssl-proxy vlan vlan Syntax Description vlan Defaults The defaults are as follows: VLAN ID; valid values are from 1 to 1005. • hellotime is 3 seconds. • holdtime is 10 seconds. • priority is 100.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy vlan Table 3-10 Proxy-VLAN Configuration Submode Command Descriptions (continued) Syntax Description route {prefix mask} {gateway prefix} Configures a gateway so that the Content Switching Module with SSL can reach a nondirect connected subnetwork. standby [group-number] {authentication Configures redundancy on the VLAN.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy vlan • delay—(Optional) Specifies the preemption delay. When a router first comes up, it does not have a complete routing table. If it is configured to preempt, it becomes the active router but cannot provide adequate routing services. You can configure a delay before the preempting router actually preempts the currently active router.
Chapter 3 Commands Specific to the Content Switching Module with SSL ssl-proxy vlan ssl-proxy(config-vlan)# ssl-proxy(config-vlan)# ssl-proxy(config-vlan)# ssl-proxy(config-vlan)# ssl-proxy(config-vlan)# ssl-proxy(config-vlan)# ssl-proxy(config-vlan)# ssl-proxy(config-vlan)# ssl-proxy(config-vlan)# ssl-proxy# Related Commands gateway admin standby standby standby standby standby standby end 10.1.0.1 1 1 1 2 2 2 ip 10.1.0.21 priority 110 preempt ip 10.1.0.
Chapter 3 Commands Specific to the Content Switching Module with SSL standby authentication standby authentication To configure an authentication string for HSRP, use the standby authentication command. Use the no form of this command to delete an authentication string. standby [group-number] authentication text string no standby [group-number] authentication text string Syntax Description Defaults group-number (Optional) Group number on the interface to which this authentication string applies.
Chapter 3 Commands Specific to the Content Switching Module with SSL standby delay minimum reload standby delay minimum reload To configure a delay before the HSRP groups are initialized, use the standby delay minimum reload command. Use the no form of this command to disable the delay.
Chapter 3 Commands Specific to the Content Switching Module with SSL standby delay minimum reload Examples This example shows how to set the minimum delay to 30 seconds and the delay after the first reload to 120 seconds: ssl-proxy (config-vlan)# standby delay minimum 30 reload 120 ssl-proxy (config-vlan)# Related Commands show standby delay standby preempt standby timers Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference 3-80 OL-7029-01
Chapter 3 Commands Specific to the Content Switching Module with SSL standby ip standby ip To activate HSRP, use the standby ip command. Use the no form of this command to disable HSRP. standby [group-number] ip [ip-address [secondary]] no standby [group-number] ip [ip-address] Syntax Description Defaults group-number (Optional) Group number on the interface for which HSRP is being activated. ip-address (Optional) IP address of the hot standby router interface.
Chapter 3 Commands Specific to the Content Switching Module with SSL standby ip Examples This example shows how to activate HSRP for group 1 on Ethernet interface 0. The IP address that is used by the hot standby group is learned using HSRP. ssl-proxy (config-vlan)# standby 1 ip ssl-proxy (config-vlan)# This example shows how to indicate that the IP address is a secondary hot standby router interface: ssl-proxy (config-vlan)# standby ip 1.1.1.254 ssl-proxy (config-vlan)# standby ip 1.2.2.
Chapter 3 Commands Specific to the Content Switching Module with SSL standby mac-address standby mac-address To specify a virtual MAC address for HSRP, use the standby mac-address command. Use the no form of this command to revert to the standard virtual MAC address (0000.0C07.ACxy). standby [group-number] mac-address mac-address no standby [group-number] mac-address Syntax Description group-number (Optional) Group number on the interface for which HSRP is being activated. The default is 0.
Chapter 3 Commands Specific to the Content Switching Module with SSL standby mac-address In an APPN network, an end node is typically configured with the MAC address of the adjacent network node. Use the standby mac-address command in the routers to set the virtual MAC address to the value that is used in the end nodes. Examples This example shows how to configure HSRP group 1 with the virtual MAC address: ssl-proxy (config-vlan)# standby 1 mac-address 4000.1000.
Chapter 3 Commands Specific to the Content Switching Module with SSL standby mac-refresh standby mac-refresh To change the interval at which packets are sent to refresh the MAC cache when HSRP is running over FDDI, use the standby mac-refresh command. Use the no form of this command to restore the default value. standby mac-refresh seconds no standby mac-refresh Syntax Description seconds Defaults seconds is 10 seconds.
Chapter 3 Commands Specific to the Content Switching Module with SSL standby name standby name To configure the name of the standby group, use the standby name command. Use the no form of this command to disable the name. standby name group-name no standby name group-name Syntax Description group-name Defaults HSRP is disabled. Command Modes Proxy-VLAN configuration submode Command History Release Modification SSL Services Module Release 2.
Chapter 3 Commands Specific to the Content Switching Module with SSL standby preempt standby preempt To configure HSRP preemption and preemption delay, use the standby preempt command. Use the no form of this command to restore the default values.
Chapter 3 Commands Specific to the Content Switching Module with SSL standby preempt When you use group number 0, no group number is written to NVRAM, providing backward compatibility. IP-redundancy clients can prevent preemption from taking place. The standby preempt delay sync delay command specifies a maximum number of seconds to allow IP-redundancy clients to prevent preemption. When this expires, preemption takes place regardless of the state of the IP-redundancy clients.
Chapter 3 Commands Specific to the Content Switching Module with SSL standby priority standby priority To configure the priority for HSRP, use the standby priority command. Use the no form of this command to restore the default values. standby [group-number] priority priority no standby [group-number] priority priority Syntax Description Defaults group-number (Optional) Group number on the interface to which the other arguments in this command apply.
Chapter 3 Commands Specific to the Content Switching Module with SSL standby priority Examples standby track Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference 3-90 OL-7029-01
Chapter 3 Commands Specific to the Content Switching Module with SSL standby redirects standby redirects To enable HSRP filtering of Internet Control Message Protocol (ICMP) redirect messages, use the standby redirects command. Use the no form of this command to disable the HSRP filtering of ICMP redirect messages.
Chapter 3 Commands Specific to the Content Switching Module with SSL standby redirects The no standby redirects command is the same as the standby redirects disable command. We do not recommend that you save the no form of this command to NVRAM. Because the command is enabled by default, we recommend that you use the standby redirects disable command to disable the functionality.
Chapter 3 Commands Specific to the Content Switching Module with SSL standby timers standby timers To configure the time between hello packets and the time before other routers declare the active hot standby or standby router to be down, use the standby timers command. Use the no form of this command to return to the default settings.
Chapter 3 Commands Specific to the Content Switching Module with SSL standby timers The standby timers command configures the time between standby hello packets and the time before other routers declare the active or standby router to be down. Routers or access servers on which timer values are not configured can learn timer values from the active or standby router. The timers configured on the active router always override any other timer settings.
Chapter 3 Commands Specific to the Content Switching Module with SSL standby track standby track To configure HSRP to track an object and change the hot standby priority based on the state of the object, use the standby track command. Use the no form of this command to remove the tracking.
Chapter 3 Commands Specific to the Content Switching Module with SSL standby track When you use group number 0, no group number is written to NVRAM, providing backward compatibility. The standby track command syntax prior to Release 12.2(15)T is still supported. Using the older form will cause a tracked object to be created in the new tracking process. This tracking information can be displayed using the show track command.
Chapter 3 Commands Specific to the Content Switching Module with SSL standby use-bia standby use-bia To configure HSRP to use the burned-in address of the interface as its virtual MAC address instead of the preassigned MAC address (on Ethernet and FDDI) or the functional address (on Token Ring), use the standby use-bia command. Use the no form of this command to restore the default virtual MAC address.
Chapter 3 Commands Specific to the Content Switching Module with SSL standby use-bia Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference 3-98 OL-7029-01
A P P E N D I X A Acronyms Table A-1 defines the acronyms that are used in this publication.
Appendix A Table A-1 Acronyms List of Acronyms (continued) Acronym Expansion CBAC context based access control CCA circuit card assembly CDP Cisco Discovery Protocol CEF Cisco Express Forwarding CHAP Challenge Handshake Authentication Protocol CIR committed information rate CIST Common and Internal Spanning Tree CLI command-line interface CLNS Connection-Less Network Service CMNS Connection-Mode Network Service CNS Cisco Networking Services COPS Common Open Policy Server COPS-D
Appendix A Acronyms Table A-1 List of Acronyms (continued) Acronym Expansion dot1q 802.1Q dot1x 802.
Appendix A Table A-1 Acronyms List of Acronyms (continued) Acronym Expansion ICD International Code Designator ICMP Internet Control Message Protocol IDB interface descriptor block IDP initial domain part or Internet Datagram Protocol IDSM Intrusion Detection System Module IFS IOS File System IGMP Internet Group Management Protocol IGMPv2 IGMP version 2 IGMPv3 IGMP version 3 IGRP Interior Gateway Routing Protocol ILMI Integrated Local Management Interface IP Internet Protocol I
Appendix A Acronyms Table A-1 List of Acronyms (continued) Acronym Expansion MD5 message digest 5 MDIX media-dependent interface crossover MDSS Multicast Distributed Shortcut Switching MFD multicast fast drop MIB Management Information Base MII media-independent interface MLS Multilayer Switching MLSE maintenance loop signaling entity MLSM multilayer switching for multicast MOP Maintenance Operation Protocol MOTD message-of-the-day MPLS Multiprotocol Label Switching MRM multic
Appendix A Table A-1 Acronyms List of Acronyms (continued) Acronym Expansion OSI Open System Interconnection OSM Optical Services Module OSPF open shortest path first PAE port access entity PAgP Port Aggregation Protocol PBD packet buffer daughterboard PBR policy-based routing PC Personal Computer (formerly PCMCIA) PCM pulse code modulation PCR peak cell rate PDP policy decision point PDU protocol data unit PEP policy enforcement point PFC Policy Feature Card PGM Pragmatic
Appendix A Acronyms Table A-1 List of Acronyms (continued) Acronym Expansion RMON rem ote netw ork m onitor ROM read-only memory ROMMON ROM monitor RP route processor or rendezvous point RPC remote procedure call RPF reverse path forwarding RPR Route ProcessorRedundancy RPR+ Route ProcessorRedundancy+ RSPAN remote SPAN RST reset RSTP Rapid Spanning Tree Protocol RSTP+ Rapid Spanning Tree Protocol plus RSVP ReSerVation Protocol SAID Security Association Identifier SAP servi
Appendix A Table A-1 Acronyms List of Acronyms (continued) Acronym Expansion STP Spanning Tree Protocol SVC switched virtual circuit SVI switched virtual interface TACACS+ Terminal Access Controller Access Control System Plus TARP Target Identifier Address Resolution Protocol TCAM Ternary Content Addressable Memory TCL table contention level TCP/IP Transmission Control Protocol/Internet Protocol TFTP Trivial File Transfer Protocol TIA Telecommunications Industry Association TopN U
Appendix A Acronyms Table A-1 List of Acronyms (continued) Acronym Expansion WRR weighted round-robin XNS Xerox Network System Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference OL-7029-01 A-9
Appendix A Acronyms Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference A-10 OL-7029-01
I N D EX probe Numerics 2-57 probe credentials 2-56 802.
Index certificate authority pool reverse sticky shutdown entering configuration submode router 2-3 switching policy 3-65 Cisco Express Forwarding 2-28 Content Application Peering Protocol See CEF See CAPP Cisco modes Content Switching Module 2-22 client See CSM address pool group controlling serverfarm start 2-36 byte parsing 2-196 length 2-36 pool addresses map 2-48, 2-101 removing definition sticky connections 2-164 2-180 command-line interface 2-170 2-158 2-44, 2-46 offs
Index ARP cache domain 2-109 CAPP configuration and statistics DFP agent and manager information loaded scripts name setting module status dot1q 2-139 NAT configurations See also 802.1Q tunneling 2-120 owner object connections policy configurations 2-121 See 802.
Index probe retries 2-70 server behavior server probe failover H 2-99 hash 2-61 ULR patterns 2-16 header fast software upgrade field for probe See FSU fault tolerance specifying match rules 2-153 feature interaction engine 2-30 regular expression specifying See FIE 2-30 2-47 health field-replaceable unit IP address for ICMP See FRU 2-56 monitoring fields insert header by configuring probes 2-29 using script files file system consistency check real server retries See fsck ut
Index secondary interface initialization delay period enabling policy information 3-81 3-79 entering 3-81 insertion configuration submode filtering of ICMP redirect messages 3-91 disabling 3-91 enabling 3-91 3-54 Hypertext Transfer Protocol ICMP redirect messages See HTTP I MAC address configuring 3-83 ICMP preemption delay configuring IP address 3-87 probe restoring default 3-87 2-56 2-55 identifying priority virtual server configuring 3-89 idle timer restoring 2-162 2
Index Media Access Control K See MAC address table KAL-AP probe memory 2-55 use keepalive messages 2-11 2-119 message digest 5 See MD5 message-of-the-day L See MOTD migrating least connections slow start configurations 2-104 leaving submodes MLSM 2-13 multilayer switching for multicast length cookie modes 2-158 Link Aggregation Control Protocol See LACP Cisco IOS SLB command load balancing 2-96 enabling a virtual server 2-177 target 2-72 URL hash 2-168 status 2-139 See MSFC
Index access-list standard NetFlow Data Export See NDE network configuring routes configuring 2-44, 2-122 cookie-map 2-46 load balancing 2-194 Network Address Translation server farm 2-51 2-49 specifying header map network entity title sticky-group See NET url-map 2-47 2-52 2-53 policy-service configuration submode O entering 3-66 pool offset cookie NAT 2-158 2-36 predefined HTTP header fields optional port DNS probe 2-30 predictor 2-66 load balancing algorithm order-depe
Index request method for HTTP retries placing in service 2-67 static NAT 2-54 VLAN IP address 2-75 redirect virtual server 2-67 weight 2-193 Protocol Independent Multicast 2-79 2-155 2-80 redirect See PIM real server in service 2-85 traffic from virtual server proxy policy traffic to server farm displaying configured HTTP header information 3-36 3-36 virtual server SSL configured TCP information 3-36 redirect virtual server configured URL rewrite information server farm 2-99
Index server farm Server Load Balancing 2-107 Reverse Path Forwarding See SLB See RPF server load balancing reverse sticky See SLB connections servers 2-174 removing from policy reverse-sticky connection balancing 2-52 failed 2-92 RFC 2281, Cisco Hot Standby Router Protocol (HSRP) 3-83 2-61, 2-70 failed connection behavior NAT route 2-194 2-154 configuration Route Processor Redundancy static See RPR 2-108, 2-134 2-135 session options Route Processor Redundancy+ 2-99 2-102 be
Index entering T configuration submode 3-54 HTTP header configuration submode SSL configuration submode 3-56 TCP configuration submode 3-60 3-54 table contention level See TCL task standalone script SSL proxy TCP enabling certificate expiring notication traps connection wait 3-47 enabling operation status notification traps 3-47 2-65 displaying policy information standalone script task port for XML 2-95 standby authentication command 3-78 TCP configuration 3-83 defining policy st
Index displaying maps hashing 2-117 2-183 multiple match rules policy maps 2-81 restricting clients 2-164 server farm 2-34 2-175 setting the domain name 2-44 regular expressions removing maps redirected traffic source VLAN 2-34 sticky 2-53 URL rewrite 2-187, 2-188 2-180 VLAN defining alias content policy 2-189 configuring routes 3-63 displaying 2-194 gateway IP address policy information listing 3-36 entering configuration submode 3-63 User Datagram Protocol 2-3 2-192
Index credentials enabling port 2-197 2-195 2-199 statistics display VLAN 2-152 2-200 Catalyst 6500 Series Switch Content Switching Module and Content Switching Module with SSL Command Reference IN-12 OL-7029-01
