2 C H A P T E R Configuring User Profiles and CSS Parameters This chapter describes how to configure user profiles and CSS parameters. This chapter also contains information on using the Content API and Command Scheduler features. Information in this chapter applies to all models of the CSS except where noted.
Chapter 2 Configuring User Profiles and CSS Parameters Configuring User Profiles Configuring User Profiles The CSS contains a default-profile that resides in the scripts directory on the Internal Disk Module (IDM). This file contains settings that are user-specific; that is, they apply uniquely to each user when the user logs in.
Chapter 2 Configuring User Profiles and CSS Parameters Configuring User Profiles For example: # show profile @prompt CSS11150 @no expert alias all reboot "@configure;boot;rebo" alias all shutdown "@configure;boot;shutd" alias all logon "@configure;logging line \${LINE};exit" alias all logoff "@configure;no logging line \${LINE};exit" alias all aca-load "@script play service-load" alias all dnslookup "@script play dnslookup" alias super save_config "copy running-config startup-config;archive startup-config
Chapter 2 Configuring User Profiles and CSS Parameters Configuring User Profiles The options for this command are: • terminal idle - Set the session idle timer. • terminal length - Set the terminal screen output length. • terminal more - Enable terminal more support. The default is enabled. • terminal netmask-format - Control subnet mask display. • terminal timeout - Set the session maximum login time.
Chapter 2 Configuring User Profiles and CSS Parameters Configuring User Profiles Configuring Terminal More To enable support for more terminal functions, use the terminal more command. This command is available at the User and SuperUser prompts. You can also toggle the more function on and off within a session by using the ESC-M key sequence.
Chapter 2 Configuring User Profiles and CSS Parameters Configuring User Profiles To set a terminal timeout value, enter: # terminal timeout 30 To revert the terminal timeout value to its default (disabled), enter: # no terminal timeout Using Expert Mode Expert mode allows you to turn the CSS confirmation capability on or off. Expert mode is available at the SuperUser prompt and is off by default.
Chapter 2 Configuring User Profiles and CSS Parameters Configuring User Profiles Changing the CLI Prompt The CLI default prompt displays as the product model number followed by the # symbol. The CSS adds a # sign to the prompt automatically to indicate SuperUser mode. To change the default prompt, enter the prompt command as shown in the following example (maximum of 15 alphanumeric characters): CSS11800# prompt CSS1-lab CSS1-lab# To save the new prompt, add it to user or default profiles.
Chapter 2 Configuring User Profiles and CSS Parameters Configuring User Profiles For example: # show history history show history show ip routes show ip summary show ip stat clock clock date clock time show history Copying and Saving User Profiles Use the copy profile command to copy the running profile from the CSS to the default-profile, an FTP server, a TFTP server, or your user-profile.
Chapter 2 Configuring User Profiles and CSS Parameters Configuring User Profiles For example, enter: # copy profile default-profile Copying the Running Profile to a User Profile Use the copy profile user-profile command to proactively copy the changes made to the running profile to the user profile. This command creates a file username-profile if one does not exist (where username is the current username).
Chapter 2 Configuring User Profiles and CSS Parameters Boot Configuration Mode Commands The variables are: • ip_address or host - The IP address or host name of the server to receive the file. Enter an IP address in dotted-decimal notation (for example, 192.168.11.1) or in mnemonic host-name format (for example, myhost.mydomain.com). • filename - The name you want to assign to the file on the server. Include the full path to the file.
Chapter 2 Configuring User Profiles and CSS Parameters Boot Configuration Mode Commands Unpacking an ArrowPoint Distribution Image (ADI) Use the unpack command to unpack the ArrowPoint Distribution Image (ADI) on the CSS disk. Enter the ADI filename as an unquoted text string with a maximum length of 32 characters. For example, enter: (config-boot)# unpack ap0500002.adi Note Before unpacking the ADI, you must first copy the ADI to the CSS disk.
Chapter 2 Configuring User Profiles and CSS Parameters Boot Configuration Mode Commands Configuring the Primary Boot-File Use the primary boot-file command to specify the primary boot file. Enter the primary boot file as an unquoted text string with no spaces and a maximum length of 64 characters.
Chapter 2 Configuring User Profiles and CSS Parameters Boot Configuration Mode Commands To remove the primary boot type, enter: (config-boot)# no primary boot-type Configuring the Primary Config-Path Use the primary config-path command to specify the alternate path to a network configuration for the network boot method. An alternate configuration path allows multiple CSSs to use the same boot image while keeping their configuration information in separate directories.
Chapter 2 Configuring User Profiles and CSS Parameters Boot Configuration Mode Commands Specifying the Secondary Boot Configuration Use the secondary command to specify the secondary boot configuration. The secondary boot configuration is used when the primary configuration fails.
Chapter 2 Configuring User Profiles and CSS Parameters Boot Configuration Mode Commands Specifying the Secondary Boot-Type Use the secondary boot-type command to boot the system using the local disk, FTP, or a network-mounted file system. The FTP record contains the IP address, username, and password for the FTP server. Enter the ftp_record as an unquoted text string with no spaces.
Chapter 2 Configuring User Profiles and CSS Parameters Boot Configuration Mode Commands Enter the configuration pathname as an unquoted text string with no spaces and a maximum length of 64 characters.
Chapter 2 Configuring User Profiles and CSS Parameters Boot Configuration Mode Commands The options for this boot mode command are: • passive ip address - Configure the system boot IP address for the passive SCM. • passive primary boot-file - Specify the primary boot file for the passive SCM. • passive primary boot-type - Specify the primary boot method, local disk, FTP, or network-mounted file system using FTP, for the passive SCM.
Chapter 2 Configuring User Profiles and CSS Parameters Boot Configuration Mode Commands Configuring the Passive SCM Primary Boot File Use the passive primary boot-file command to specify the primary boot image for the passive SCM. Enter the filename of the primary boot image for the passive SCM as an unquoted text string with no spaces and a maximum length of 64 characters. To display a list of filenames, enter passive primary boot-file ?.
Chapter 2 Configuring User Profiles and CSS Parameters Boot Configuration Mode Commands Configuring the Passive SCM Primary Configuration Path Use the passive primary config-path command to specify the alternate path to a network configuration for the network boot method for the passive SCM. An alternate configuration path allows multiple CSSs to use the same boot image while keeping their configuration information in separate directories.
Chapter 2 Configuring User Profiles and CSS Parameters Boot Configuration Mode Commands Configuring the Passive SCM Secondary Boot Type Use the passive secondary boot-type command to boot the system using the local disk, FTP, or a network-mounted file system for the passive SCM. The syntax and options for this boot mode command are: • passive secondary boot-type boot-via-disk - Boot the system from local disk.
Chapter 2 Configuring User Profiles and CSS Parameters Boot Configuration Mode Commands When using an alternate configuration path, make sure that the path leads to a directory containing the script, log and info subdirectories and the startup-config file. These subdirectories must contain the files in the corresponding subdirectories of the unzipped boot image. First, create these subdirectories. Then copy the files from the boot image to the subdirectories.
Chapter 2 Configuring User Profiles and CSS Parameters Boot Configuration Mode Commands Showing the BOOT Configuration Use the show boot-config command to display your boot configuration. For example: (config-boot)# show boot-config !*********************** BOOT CONFIG *********************** primary boot-file ap0500002 primary boot-type boot-via-disk subnet mask 255.0.0.0 ip address 172.16.36.
Chapter 2 Configuring User Profiles and CSS Parameters Boot Configuration Mode Commands You can configure network boot for CSS 11800: • Primary SCMs • Passive SCMs Configuring Network Boot for a Primary SCM To configure network boot for a primary SCM: 1. Ensure the SCM management port has access to the network drive from which you are booting the CSS. The SCM will mount the drive, and read and write to it. 2. FTP the software .
Chapter 2 Configuring User Profiles and CSS Parameters Boot Configuration Mode Commands Configuring Network Boot for a Passive SCM To configure network boot for a CSS 11800 passive SCM: 1. Configure an FTP record for the passive SCM, if not already configured. Refer to “Configuring a Boot Configuration Record for the Passive SCM” in this chapter. 2. Ensure the passive SCM management port has access to the network drive from which you are booting the CSS.
Chapter 2 Configuring User Profiles and CSS Parameters Boot Configuration Mode Commands Showing Network Boot Configurations To display the network boot configuration, use the version command. For example: (config)# version Version: ap0500002 (5.00 Build 02) Network Path: e:/adi_directory/ Config Path: e:/adi_directory/ Flash (Locked): 4.10 Build 8 Flash (Operational):4.
Chapter 2 Configuring User Profiles and CSS Parameters Configuring Host Name Configuring Host Name Use the host command to manage entries in the Host table. The Host table is the static mapping of mnemonic host names to IP address, analogous to the ARP table. The syntax for this global configuration mode command is: host host_name ip_address • host_name - The name of the host. Enter an unquoted text string with no spaces and a length of 1 to 16 characters.
Chapter 2 Configuring User Profiles and CSS Parameters Configuring the CSS as a Client of a RADIUS Server It is recommended that you configure the idle timeout to at least 30 minutes.
Chapter 2 Configuring User Profiles and CSS Parameters Configuring the CSS as a Client of a RADIUS Server If no response is returned by the RADIUS server within a period of time, the authentication request is retransmitted a predefined number of times (both options are specified in the radius-server command). The RADIUS client can forward requests to an alternate secondary RADIUS server in the event that the primary server is down or is unreachable.
Chapter 2 Configuring User Profiles and CSS Parameters Configuring the CSS as a Client of a RADIUS Server Note • radius-server retransmit number - Set the number of retransmissions for an authentication request to the RADIUS server. • radius-server timeout seconds - Set the time interval the CSS waits before retransmitting an authentication request.
Chapter 2 Configuring User Profiles and CSS Parameters Configuring the CSS as a Client of a RADIUS Server To remove a primary RADIUS server, enter: (config)# no radius-server primary Specifying a Secondary RADIUS Server Use the radius-server secondary command to specify a secondary RADIUS server to authenticate user information from the CSS RADIUS client (console or virtual authentication).
Chapter 2 Configuring User Profiles and CSS Parameters Configuring the CSS as a Client of a RADIUS Server To specify a secondary RADIUS server, enter: (config)# radius-server secondary 172.27.56.
Chapter 2 Configuring User Profiles and CSS Parameters Configuring the CSS as a Client of a RADIUS Server To configure the number of RADIUS server retransmits to 5, enter: (config)# radius-server retransmit 5 To set the RADIUS server retransmit request back to the default of 3 retries, enter: (config)# no radius-server retransmit Configuring the RADIUS Server Dead-Time Use the radius-server dead-time command to set the time interval in which the CSS verifies whether a non-functional server is operation
Chapter 2 Configuring User Profiles and CSS Parameters Configuring the CSS as a Client of a RADIUS Server To view the configuration for a RADIUS primary server, enter: (config)# show radius config primary To view the authentication statistics for a RADIUS secondary server, enter: (config)# show radius stats secondary Table 2-1 describes the fields in the show radius config output.
Chapter 2 Configuring User Profiles and CSS Parameters Configuring the CSS as a Client of a RADIUS Server Table 2-2 describes the fields in the show radius stat output.
Chapter 2 Configuring User Profiles and CSS Parameters Controlling Remote Access to the CSS Controlling Remote Access to the CSS To control remote access to the CSS, use the virtual command or the console command. By using virtual commands, you allow users to log into the CSS remotely with or without requiring a username and password, or you can deny all remote access to users. Telnet, FTP, SSHD, and the Device Management user interface are examples of remote access.
Chapter 2 Configuring User Profiles and CSS Parameters Controlling Remote Access to the CSS • virtual authentication radius-local - Performs a RADIUS server authentication to verify username and password. If the RADIUS server authentication is unsuccessful, the CSS checks the local username database for authentication. • no virtual authentication - Does not require users to enter a login name and password to log into the CSS (disables virtual authentication).
Chapter 2 Configuring User Profiles and CSS Parameters Restricting Console, FTP, SNMP, Telnet, XML, and Web Management Access to the CSS Restricting Console, FTP, SNMP, Telnet, XML, and Web Management Access to the CSS Use the restrict command to enable or disable console, FTP, SNMP, Telnet, XML, and Web management access to the CSS. Access through a console, FTP, SNMP, and Telnet is enabled by default. Note Disable Telnet access when you want to use the Secure Shell Host (SSH) server.
Chapter 2 Configuring User Profiles and CSS Parameters Finding an IP Address Finding an IP Address Use the find ip address command to search the CSS configuration for the specified IP address. You can include a netmask for subnet (wildcard) searches. This search can help you avoid IP address conflicts when you configure the CSS. When you use this command, it checks services, source groups, content rules, ACLs, the management port, syslog, APP sessions, and local interfaces for the specified IP address.
Chapter 2 Configuring User Profiles and CSS Parameters Configuring Flow Parameters Configuring Flow Parameters The CSS enables you to configure the following flow parameters using the flow command: • flow permanent - Permanent TCP ports that are not reclaimed • flow port-reset - Resets Fast Ethernet and Gigabit Ethernet ports automatically when the CSS detects that they are not responding • flow reserve-clean - Interval flows with port numbers less than or equal to 23 are reclaimed Configuring Perma
Chapter 2 Configuring User Profiles and CSS Parameters Configuring Flow Parameters For example, to configure port 1520 as a permanent connection, enter: (config) flow permanent port1 1520 To reset a permanent connection to its default port number of 0, use the no flow permanent command.
Chapter 2 Configuring User Profiles and CSS Parameters Configuring Flow Parameters For example, enter: (config)# flow reserve-clean 36 To disable flow cleanup on Telnet and FTP control ports, enter: (config)# no flow reserve-clean Showing Flow Statistics Use the flow statistics command to display statistics on currently allocated flows.
Chapter 2 Configuring User Profiles and CSS Parameters Configuring Content API Configuring Content API The CSS Content Application Program Interface (API) feature allows you to use a network management workstation to make Web-based configuration changes to the CSS using Extensible Markup Language (XML) documents.
Chapter 2 Configuring User Profiles and CSS Parameters Configuring Content API 3. Pay attention to mode hierarchy of the CLI commands in the XML file. Each mode has its own set of commands. Many of the modes have commands allowing you to access other related modes. If you enter a series of commands in the improper mode hierarchy, this will result in an XML file that fails to execute properly. As an example, the following commands configure an access list (ACL):
Chapter 2 Configuring User Profiles and CSS Parameters Configuring Content API XML Document Example The following example is a complete XML document. The XML document creates three services, an owner, and a content rule, and assigns one of the newly created services to the content rule. 10.0.3.1 active 10.0.3.
Chapter 2 Configuring User Profiles and CSS Parameters Configuring Content API Controlling Access to the CSS HTTP Server To control access to the HTTP server running on the CSS, use the restrict xml and no restrict xml commands. Clients can send XML documents to this server to configure the CSS. The options for this global configuration mode command are: Note • no restrict xml - Allow client access to the HTTP server on the CSS. • restrict xml - Deny client access to the HTTP server on the CSS.
Chapter 2 Configuring User Profiles and CSS Parameters Configuring Content API Note Ensure that the CLI commands in the XML document do not have an impact on the interface configuration through which the XML file transfer process is to occur (for example, including the command no ip addr 10.1.2.3, which identifies the IP address of the CSS receiving the XML file). If this occurs, you will disconnect the workstation performing the XML file transfer.
Chapter 2 Configuring User Profiles and CSS Parameters Configuring the Command Scheduler Configuring the Command Scheduler Use the cmd-sched command to configure the scheduled execution of any CLI commands, including playing scripts. The commands that will be executed are referred to as the command string. To schedule commands, you must create a configuration record, which includes a provision as to when to execute the commands, and the command string.
Chapter 2 Configuring User Profiles and CSS Parameters Configuring the Command Scheduler • command - The commands you want to execute. Enter a quoted text string up to 255 characters. Separate multiple commands with a semicolon (;) character. If the command string includes quoted characters, use a single quote character; any single quoted characters not preceded by a backslash (\) character is converted to double quotes when the command string is executed.
Chapter 2 Configuring User Profiles and CSS Parameters Configuring the Command Scheduler Showing Configured Command Scheduler Records Use the show cmd-sched command to display the state of the command scheduler and information about the records for the scheduled CLI commands.
Chapter 2 Configuring User Profiles and CSS Parameters Configuring the Command Scheduler Table 2-3 Field Descriptions for the show cmd-sched Command (continued) Field Description dayList The configured day of the month to execute the command. monthList The configured month of the year to execute the command. weekdayList The configured day of the week to execute the command. Sunday is 1. cmd The commands you want to execute. Separate multiple commands with a ; character.
