Administration Guide vA1(7), Cisco ACE 4700 Series Application Control Engine Appliance
Managing the ACE Software
Downloads: This chapterpdf (PDF - 324.0KB) The complete bookPDF (PDF - 6.38MB) | Feedback

Managing the ACE Software

Table Of Contents

Managing the ACE Software

Saving Configuration Files

Saving the Configuration File in Flash Memory

Saving Configuration Files to a Remote Server

Copying the Configuration File to the disk0: File System

Merging the Startup-Configuration File with the Running-Configuration File

Viewing Configuration Files

Viewing User Context Running-Config Files from the Admin Context

Clearing the Startup-Configuration File

Loading Configuration Files from a Remote Server

Using the File System on the ACE

Listing the Files in a Directory

Copying Files

Copying Files to Another Directory on the ACE

Copying Licenses

Copying a Packet Capture Buffer

Copying Files to a Remote Server

Copying Files from a Remote Server

Copying an ACE Software System Image to a Remote Server

Uncompressing Files in the disk0: File System

Untarring Files in the disk0: File System

Creating a New Directory

Deleting an Existing Directory

Moving Files

Deleting Files

Displaying File Contents

Saving show Command Output to a File

Viewing and Copying Core Dumps

Copying Core Dumps

Clearing the Core Directory

Deleting a Core Dump File

Capturing and Copying Packet Information

Capturing Packet Information

Copying Capture Buffer Information

Viewing Packet Capture Information

Using the Configuration Checkpoint and Rollback Service

Overview

Creating a Configuration Checkpoint

Deleting a Configuration Checkpoint

Rolling Back a Running Configuration

Displaying Checkpoint Information

Reformatting Flash Memory


Managing the ACE Software


This chapter describes how to manage the software running on the Cisco 4700 Series Application Control Engine (ACE) appliance and contains the following sections:

Saving Configuration Files

Loading Configuration Files from a Remote Server

Using the File System on the ACE

Viewing and Copying Core Dumps

Capturing and Copying Packet Information

Using the Configuration Checkpoint and Rollback Service

Reformatting Flash Memory

Saving Configuration Files

Upon startup, the ACE loads the startup-configuration file stored in Flash memory (nonvolatile memory) to the running-configuration file stored in RAM (volatile memory). When you partition your ACE into multiple contexts, each context contains its own startup-configuration file.

Flash memory stores the startup-configuration files for each existing context. When you create a new context, the ACE creates a new context directory in Flash memory to store the context-specific startup-configuration files. When you copy a configuration file from the ACE, you create a copy of the configuration information of the context from where you executed the command.

To display the contents of the startup-configuration file associated with the current context, use the show startup-config command in Exec mode (see the "Viewing Configuration Files" section).

When you make configuration changes, the ACE places those changes in a virtual running-configuration file called the running-config, which is associated with the context that you are working in. When you enter a CLI command, the change is made only to the running-configuration file in volatile memory. Before you log out or reboot the ACE, copy the contents of the running-configuration file to the startup-configuration file (startup-config) to save configuration changes for the current context to Flash memory. The ACE uses the startup-configuration file on subsequent reboots.

This section contains the following topics:

Saving the Configuration File in Flash Memory

Saving Configuration Files to a Remote Server

Copying the Configuration File to the disk0: File System

Merging the Startup-Configuration File with the Running-Configuration File

Viewing Configuration Files

Viewing User Context Running-Config Files from the Admin Context

Clearing the Startup-Configuration File

Saving the Configuration File in Flash Memory

After you create or update the running-configuration file in RAM (volatile memory), save the contents to the startup-configuration file for the current context in Flash memory (nonvolatile memory) on the ACE. To copy the contents of the running-configuration file to the startup-configuration file, use the copy running-config startup-config command from Exec mode.

The syntax for the command is:

copy running-config startup-config

For example, to save the running-configuration file to the startup-configuration file in Flash memory on the ACE, enter:

host1/Admin# copy running-config startup-config 

You can also use the write memory command to copy the contents of the running-configuration file for the current context to the startup-configuration file. The write memory command is equivalent to the copy running-config startup-config command.

The syntax for the command is:

write memory [all]

The optional write memory all keyword saves configurations for all existing contexts. This keyword is available only in the Admin context.

If you intend to use the write memory command to save the contents of the running-configuration file for the current context to the startup-configuration file, be sure to also specify this command in the Admin context. You should save changes to the Admin context startup-configuration file; the Admin context startup-configuration file contains all configurations that are used to create each user context.

Saving Configuration Files to a Remote Server

To save the running-configuration file or startup-configuration file to a remote server using File Transfer Protocol (FTP), Secure Transfer Protocol (SFTP), or Trivial Transfer Protocol (TFTP), use the copy running-config or copy startup-config command in Exec mode. The copy serves as a backup file for the running-configuration file or startup-configuration file for the current context. Before installing or migrating to a new software version, back up the ACE startup-configuration file to a remote server using FTP, SFTP, or TFTP. When you name the backup file, we recommend that you name it in such a way that you can easily tell the context source of the file (for example, running-config-ctx1, startup-config-ctx1).

The syntax for the command is:

copy {running-config | startup-config} {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}

The keywords, arguments, and options are:

running-config—Specifies the running-configuration file currently residing on the ACE in volatile memory.

startup-config—Specifies the startup-configuration file currently residing on the ACE in Flash memory.

ftp://server/path[/filename]—Specifies the FTP network server and, optionally, the renamed configuration file.

sftp://[username@]server/path[/filename]—Specifies the SFTP network server and, optionally, the renamed configuration file.

tftp://server[:port]/path[/filename]—Specifies the TFTP network server and, optionally, the renamed configuration file.

When you select a destination file system using ftp:, sftp:, or tftp:, the ACE performs the following tasks:

Prompts you for your username and password if the destination file system requires user authentication.

Prompts you for the server information if you do not provide the information with the command.

Copies the file to the root directory of the destination file system if you do not provide the path information.

For example, to save a startup-configuration file to a remote FTP server, enter:

host1/Admin# copy running-config 
ftp://192.168.1.2/running-config_Adminctx
Enter username[]? user1
Enter the file transfer mode[bin/ascii]: [bin]
Password: password1
Passive mode on.
Hash mark printing on (1024 bytes/hash mark).
####

Note The bin (binary) file transfer mode is intended for transferring compiled files (executables). The ascii file transfer mode is intended for transferring text files, such as config files. The default selection of bin should be sufficient in all cases when copying files to a remote FTP server.


Copying the Configuration File to the disk0: File System

After you create or update the running-configuration file or the startup-configuration file, you can copy the file to the disk0: file system in Flash memory on the ACE by using the following commands:

To save the contents of the running-configuration file to the disk0: file system, use the copy running-config disk0: command in Exec mode.

To save the contents of the startup-configuration file to the disk0: file system, use the copy startup-config disk0: command in Exec mode.

The syntax for the command is:

copy {running-config | startup-config} disk0:[path/]filename

The keywords, arguments, and options are:

running-config—Specifies the running-configuration file currently residing on the ACE in RAM (volatile memory).

startup-config—Specifies the startup-configuration file currently residing on the ACE in Flash memory (nonvolatile memory).

disk0:—Specifies that the running-configuration file or startup-configuration file is copied to the disk0: file system.

[path/]filename—(Optional) The path in the disk0: file system. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system.

For example, to save the running-configuration file to the disk0: file system as running-config_copy, enter:

host1/Admin# copy running-config disk0:running-config_copy

Merging the Startup-Configuration File with the Running-Configuration File

To merge the contents of the startup-configuration file into the running-configuration file, use the copy startup-config running-config command in Exec mode. This command copies any additional configurations from the startup-configuration file into the running-configuration file. If any common commands exist in both files, the startup-configuration file overwrites the attributes in the running-configuration file.

The syntax for the command is:

copy startup-config running-config

For example, enter:

host1/Admin# copy startup-config running-config

Viewing Configuration Files

To display the ACE running-configuration file associated with the current context, use the show running-config command in Exec mode. Configuration entries within each mode in the running-configuration file appear in chronological order, based on the order in which you configure the ACE. The ACE does not display default configurations in the ACE running-configuration file.


Note The write terminal command can also be used to display the ACE running-configuration file. The write terminal command is equivalent to the copy running-config command.


To view the content of the running- and startup-configuration files, use the following commands:

To view the running-configuration file, use the show running-config command.

To view the startup-configuration file, use the show startup-config command.

The syntax for the show startup-config command is as follows:

show startup-config

The syntax for the show running-config command is as follows:

show running-config [aaa | access-list | action-list | class-map | context | dhcp | domain | ft | interface | parameter-map | policy-map | probe | resource-class | role | rserver | serverfarm | sticky]

The keywords and options are:

aaa—(Optional) Displays AAA information.

access-list—(Optional) Displays access control list (ACL) information.

action-list—(Optional) Displays action list information.

class-map—(Optional) Displays the list of all class maps configured for the current context. The ACE also displays configuration information for each class map listed.

context—(Optional) Displays the list of contexts configured on the ACE. The ACE also displays the resource class (member) assigned to each context. The context keyword works only from within the Admin context.

dhcp—(Optional) Displays Dynamic Host Configuration Protocol (DHCP) information.

domain—(Optional) Displays the list of domains configured for the current context. The ACE also displays configuration information for each domain listed.

ft—(Optional) Displays the list of redundancy or fault-tolerance (FT) configurations configured for the current context. The ACE also displays configuration information for each ft configuration listed.

interface—(Optional) Displays interface information.

parameter-map—(Optional) Displays parameter map information.

policy-map—(Optional) Displays policy map information.

probe—(Optional) Displays probe information.

resource-class—(Optional) Displays resource class information.

role—(Optional) Displays the list of roles configured for the current context. The ACE also displays configuration information for each role on the list.

rserver—(Optional) Displays real server information.

serverfarm—(Optional) Displays serverfarm information.

sticky—(Optional) Displays sticky information.

For details on the show running-config output associated with the optional keywords, see the chapters in the ACE documentation set related to the specific software functions.

For example, to view the entire contents of the running-configuration file on the ACE, enter:

host1/Admin# show running-config
Generating configuration....

logging enable

access-list acl1 line 10 extended permit ip any any

rserver type host real1
  address 16.1.1.102
  inservice
rserver type host real2
  address 16.1.1.103
  inservice
rserver type host real3
  address 16.1.1.105
  inservice

serverfarm type host serverfarm1
  predictor hash address
  real real1
    inservice
  real real2
    inservice
  real real3
    inservice

class-map match-any vipmap1
  10 match virtual-address 17.1.2.1 tcp any

policy-map type loadbalance first-match policymap1
  class class-default
    serverfarm serverfarm1

policy-map multi-match policy1
  class vipmap1
    loadbalance vip inservice
    loadbalance policymap1

interface vlan 16
  ip address 16.1.1.12 255.0.0.0
  access-group input acl1
  no shutdown
interface vlan 17
  ip address 17.1.1.12 255.0.0.0
  access-group input acl1
  service-policy input policy1
  no shutdown

context Admin
  member default

username admin password 5 $1$faXJEFBj$TJR1Nx7sLPTi5BZ97v08c/  role 
Admin domain
default-domain
username www password 5 $1$UZIiwUk7$QMVYN1JASaycabrHkhGcS/  role Admin 
domain de
fault-domain

snmp-server user www Network-Monitor
snmp-server user admin Network-Monitor

Viewing User Context Running-Config Files from the Admin Context

To display the ACE running-configuration file of a user context from the Admin context, use the invoke context command in Exec mode. The syntax of this command is as follows:

invoke context context_name show running-config

The context_name argument is the name of the user context.

For example, to view the running-configuration file of the C1 context from the Admin context, enter:

host1/Admin# invoke context C1 show running-config
Generating configuration....

Clearing the Startup-Configuration File

To clear the contents of the ACE startup-configuration file of the current context in Flash memory, use either the clear startup-config or write erase command in Exec mode. Both commands reset the startup-configuration file to the default settings and take effect immediately. The running-configuration file is not affected. In addition, the clear startup-config or write erase commands do not clear the boot variables, such as config-register and boot system settings.


Note The clear startup-config and write erase commands do not remove license files or crypto files from the ACE startup-configuration file. To remove license files, use the license uninstall filename command. To remove crypto files, use the crypto delete filename or the crypto delete all command.


Before you clear the contents of the ACE startup-configuration file, back up your startup-configuration file to a remote server (see the "Saving Configuration Files to a Remote Server" section). Once you clear the startup-configuration file, you can perform one of the following processes to recover a copy of an existing configuration:

Copy the contents of the existing running-configuration file to the startup-configuration file by using the copy running-config startup-config command. See the "Saving the Configuration File in Flash Memory" section

Upload a backup of a previously saved startup-configuration file from a remote server. See the "Loading Configuration Files from a Remote Server" section.

For example, to reset the ACE startup-configuration file, enter:

host1/Admin# clear startup-config

Loading Configuration Files from a Remote Server

You can configure the ACE by loading configuration files previously backed up to a remote FTP, SFTP, or TFTP server. Before you begin loading a configuration file from a remote server, ensure the following:

You know the location of the configuration file to be loaded from the remote server.

The configuration file permissions are set to world-read.

The ACE has a route to the remote server. The ACE and the remote server must be in the same subnetwork if you do not have a router or default gateway to route the traffic between subnets. To check connectivity to the remote server, use the ping or traceroute command in Exec mode. See the Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide for details on how to use the ping and traceroute commands.

When you copy the backup configuration file to the ACE, you copy the configuration information to the context from where you initially executed the copy command. When you copy a configuration file to the ACE, ensure that the configuration file is appropriate for use in the current context. For example, you would copy the backup configuration file startup-config-ctx1 to context 1.

To configure the ACE using a running-configuration file or startup-configuration file downloaded from a remote server, use the copy command in Exec mode.

The syntax for the command is:

copy {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]} {running-config | startup-config}

The keywords, arguments, and options are:

ftp://server/path[/filename]—Specifies the FTP network server and, optionally, the configuration filename.

sftp://[username@]server/path[/filename]—Specifies the SFTP network server and, optionally, the configuration filename.

tftp://server[:port]/path[/filename]—Specifies the TFTP network server and, optionally, the configuration filename.

running-config—Specifies to replace the running-configuration file currently residing on the ACE in RAM (volatile memory).

startup-config—Specifies to replace the startup-configuration file currently residing on the ACE in Flash memory (nonvolatile memory).

For example, to copy a startup-configuration file from a remote FTP server to the ACE, enter:

Host/Admin# copy ftp://192.168.1.2/configs/startup-config-Adm_ctx 
startup-config

Using the File System on the ACE

Flash memory stores the operating system, startup-configuration files, software licenses, core dump files, system message log files, SSL certificates and keys, and other data on the ACE. Flash memory comprises a number of individual file systems, or partitions, that include this data.

The ACE contains the following file systems, or partitions:

disk0:—Contains all startup-configuration files, software licenses, system message log files, SSL certificates and keys, and user-generated data for all existing contexts on the ACE.

image:—Contains the system software images.

core:—Contains the core files generated after each time that the ACE becomes unresponsive.

volatile:—Contains the files residing in the temporary (volatile:) directory. The volatile: directory provides temporary storage; files in temporary storage are erased when the ACE reboots.

The Admin context supports all four file systems in the ACE. The user context supports only the disk0: and volatile: file systems.

When you create a new context, the ACE creates a new context directory in Flash memory to store context-specific data such as startup- configuration files.

The ACE provides a number of useful commands to help you manage software configuration and image and files.This section contains the following topics that will help you to manage files on the ACE:

Listing the Files in a Directory

Copying Files

Uncompressing Files in the disk0: File System

Untarring Files in the disk0: File System

Creating a New Directory

Deleting an Existing Directory

Moving Files

Deleting Files

Displaying File Contents

Saving show Command Output to a File

Listing the Files in a Directory

To display the directory contents of a specified file system, use the dir command in Exec mode. This command displays a detailed list of directories and files contained within the specified file system on the ACE, including names, sizes, and time created. You may optionally specify the name of a directory to list.

The syntax for this command is:

dir {core: | disk0:[directory/][filename] | image:[filename] | volatile:[filename]}

The keywords and arguments are:

core:—Displays the contents of the core: file system.

disk0:—Displays the contents of the disk0: file system.

image:—Displays the contents of the image: file system.

volatile:—Displays the contents of the volatile: file system.

directory/—(Optional) Contents of the specified directory.

filename—(Optional) Information that relates to the specified file, such as the file size and the date it was created. You can use wildcards in the filename. A wildcard character (*) matches all patterns. Strings after a wildcard are ignored.

For example, to list the files in the disk0: file system, enter:

host1/Admin# dir disk0:
host/Admin# dir disk0:

     7465  Jan 03 00:13:22 2007 C2_dsb
     2218  Mar 07 18:38:03 2007 ECHO_PROBE_SCRIPT4
     1024  Feb 16 12:47:24 2007 core_copies_dsb/
     1024  Jan 01 00:02:07 2007 cv/
     1024  Mar 13 13:53:08 2007 dsb_dir/
       12  Jan 30 17:54:26 2007 messages
     7843  Mar 09 22:19:56 2007 running-config
     4320  Jan 05 14:37:52 2007 startup-config
     1024  Jan 01 00:02:28 2007 www/

           Usage for disk0: filesystem
                    4254720 bytes total used
                    6909952 bytes free

For example, to list the core dump files in Flash memory, enter:

host1/Admin# dir core:

253151  Mar 14 21:23:33 2007 0x401_vsh_log.8249.tar.gz
262711  Mar 15 21:22:18 2007 0x401_vsh_log.15592.tar.gz
250037  Mar 15 18:35:27 2007 0x401_vsh_log.16296.tar.gz

        Usage for core: filesystem
                 1847296 bytes total used
                64142336 bytes free
                65989632 bytes available

Copying Files

This section contains the following topics:

Copying Files to Another Directory on the ACE

Copying Licenses

Copying a Packet Capture Buffer

Copying Files to a Remote Server

Copying Files from a Remote Server

Copying an ACE Software System Image to a Remote Server

Copying Files to Another Directory on the ACE

To copy a file from one directory in the disk0: file system of Flash memory to another directory in disk0:, use the copy disk0: command.


Note To view the content of the running- and startup-configuration files, use the dir disk0: command.


The syntax for this command is:

copy disk0:[path/]filename1 {disk0:[path]filename2}

The keywords and arguments are:

[path/]filename1—Name of the file to copy. Use the dir disk0: command to view the files available in the disk0: file system. If you do not provide the optional path, the ACE copies the file from the root directory on the disk0: file system.

disk0:[path]filename2—The file destination in the disk0: directory of the current context. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system.

For example, to copy the file called SAMPLEFILE to the MYSTORAGE directory in the disk0: file system, enter:

host1/Admin# copy disk0:samplefile disk0:MYSTORAGE/SAMPLEFILE

Copying Licenses

To protect your license files, we recommend that you back up your license files to the ACE Flash memory as tar files. To create a backup license for the ACE licenses in .tar format and copy it to the disk0: file system, use the copy licenses command in Exec mode.

The syntax of this command is:

copy licenses disk0:[path/]filename.tar

The keyword and argument are:

disk0:—Specifies that the backup license file is copied to the disk0: file system.

[path/]filename.tar—Destination filename for the backup licenses. The destination filename must have a .tar file extension. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system.

For example, enter:

host1/Admin# copy licenses disk0:mylicenses.tar

If you accidently remove or lose the license on the ACE, you can untar the backup file and reinstall it. To untar the backup license, use the untar command in Exec mode. The syntax for this command is:

untar disk0:[path/]filename.tar

The filename.tar is the filename of the .tar backup license file.

For example, to untar the mylicense.tar file on disk0, enter:

host1/Admin# untar disk0:mylicenses.tar

Copying a Packet Capture Buffer

To copy an existing packet capture buffer to the disk0: file system, use the copy capture command in Exec mode.

The syntax for the command is:

copy capture capture_name disk0:[path/]destination_name

The keywords, arguments, and options are:

capture_name—Name of the packet capture buffer on Flash memory. Specify a text string from 1 to 80 alphanumeric characters. If necessary, use the show capture command to view the files available in the disk0: file system. This list includes the name of existing packet capture buffers.

disk0:—Specifies that the buffer is copied to the disk0: file system.

[path/]destination_name—Destination path (optional) and name for the packet capture buffer. Specify a text string from 1 to 80 alphanumeric characters. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system.

For example, to copy a packet capture buffer to the disk0: file system, enter:

host1/Admin# copy capture packet_capture_Jan_17_07 disk0:

Copying Files to a Remote Server

To copy a file from Flash memory on the ACE to a remote server using FTP, SFTP, or TFTP, use the copy command in Exec mode. The copy serves as a backup file for such files as the capture buffer file, core dump, ACE licenses in .tar format, running-configuration file, or startup-configuration file.

The syntax for the command is:

copy {core:filename | disk0:[path/]filename | running-config | startup-config} {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}

The keywords, arguments, and options are:

core:filename—Specifies a core dump residing on the ACE in Flash memory (see the "Viewing and Copying Core Dumps" section). The copy core: command is available only in the Admin context. Use the dir core: command to view the core dump files available in the core: file system. Copy the complete filename (for example, 0x401_vsh_log.25256.tar.gz) by using the copy core: command.

disk0:[path/]filenameSpecifies a file in the disk0: file system of Flash memory (for example, a packet capture buffer file, ACE licenses in .tar format, or a system message log). Use the dir disk0: command to view the files available in the disk0: file system.

running-config—Specifies the running-configuration file residing on the ACE in volatile memory.

startup-config—Specifies the startup-configuration file currently residing on the ACE in Flash memory.

ftp://server/path[/filename]—Specifies the FTP network server and, optionally, the renamed file.

sftp://[username@]server/path[/filename]—Specifies the SFTP network server and, optionally, the renamed file.

tftp://server[:port]/path[/filename]—Specifies the TFTP network server and, optionally, the renamed file.

When you select a destination file system using ftp:, sftp:, or tftp:, the ACE performs the following tasks:

Prompts you for your username and password if the destination file system requires user authentication.

Prompts you for the server information if you do not provide the information with the command.

Copies the file to the root directory of the destination file system if you do not provide path information.

For example, to save a running-configuration file to a remote FTP server, enter:

host1/Admin# copy running-config 
ftp://192.168.215.124/running-config_Adminctx
Enter username[]? user1
Enter the file transfer mode[bin/ascii]: [bin]
Password: password1
Passive mode on.
Hash mark printing on (1024 bytes/hash mark).
####

Note The bin (binary) file transfer mode is intended for transferring compiled files (executables). The ascii file transfer mode is intended for transferring text files, such as config files. The default selection of bin should be sufficient in all cases when copying files to a remote FTP server.


For example, to save a core dump file to a remote FTP server, enter:

host1/Admin# copy core:0x401_vsh_log.8249.tar.gz ftp://192.168.1.2 

Copying Files from a Remote Server

To copy a file from a remote server to a location on the ACE using FTP, SFTP, or TFTP, use the copy command in Exec mode.

The syntax for the command is:

copy {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]} {disk0:[path/]filename | image:image_name | running-config | startup-config}

The keywords, arguments, and options are:

ftp://server/path[/filename]—Specifies the FTP network server and, optionally, the filename.

sftp://[username@]server/path[/filename]—Specifies the SFTP network server and, optionally, the filename.

tftp://server[:port]/path[/filename]—Specifies the TFTP network server and, optionally, the filename.

disk0:[path/]filenameSpecifies a file destination in the disk0: file system of Flash memory. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system.

image:image_name—Specifies to copy a system software image to Flash memory. Use the boot system command as described in Chapter 1, Setting Up the ACE to specify the BOOT environment variable. The BOOT environment variable specifies a list of image files on various devices from which the ACE can boot at startup.

running-config—Specifies to replace the running-configuration file currently residing on the ACE in RAM (volatile memory).

startup-config—Specifies to replace the startup-configuration file currently residing on the ACE in Flash memory (nonvolatile memory).

For example, to copy a startup-configuration file from a remote FTP server to the disk0: file system, enter:

host1/Admin# copy ftp://192.168.1.2/ startup-config
Enter source filename[]? startup_config_Adminctx
File already exists, do you want to overwrite?[y/n]: [y] y
Enter username[]? user1
Enter the file transfer mode[bin/ascii]: [bin]
Password:
Passive mode on.
Hash mark printing on (1024 bytes/hash mark).

Note The bin (binary) file transfer mode is intended for transferring compiled files (executables). The ascii file transfer mode is intended for transferring text files, such as config files. The default selection of bin should be sufficient in all cases when copying files to a remote FTP server.


Copying an ACE Software System Image to a Remote Server

To copy an ACE software system image from Flash memory to a remote server using FTP, SFTP, or TFTP, use the copy image: command in Exec mode. The copy image: command is available only in the Admin context.


Note To view the software system images available in Flash memory, use the dir image: command and the show version command.


The syntax for the command is:

copy image:filename {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}

The keywords, arguments, and options are:

filename—Name of the ACE system software image.

ftp://server/path[/filename]—Specifies the FTP network server and, optionally, the renamed software system image.

sftp://[username@]server/path[/filename]—Specifies the SFTP network server and, optionally, the renamed software system image.

tftp://server[:port]/path[/filename]—Specifies the TFTP network server and, optionally, the renamed software system image.

When you select a destination file system using ftp:, sftp:, or tftp:, the ACE performs the following tasks:

Prompts you for your username and password if the destination file system requires user authentication.

Prompts you for the server information if you do not provide the information with the command.

Copies the file to the root directory of the destination file system if you do not provide path information.

For example, to save a software system image to a remote FTP server, enter:

host1/Admin# copy image:sb-ace.NOV_11 ftp://192.168.1.2 

Uncompressing Files in the disk0: File System

To uncompress (unzip) LZ77 coded files in the disk0: file system (for example, zipped probe script files), use the gunzip command in Exec mode. This command is useful in uncompressing large files. The filename must end with a .gz extension for the file to be uncompressed using the gunzip command. The .gz extension indicates a file zipped by the gzip (GNU zip) compression utility.

The syntax for the command is:

gunzip disk0:filename

The filename argument identifies the name of the compressed file on the disk0: file system. The filename must end with a .gz extension. To display a list of available zipped files on disk0:, use the dir command.

For example, to unzip a compressed series of probe script files residing in the disk0: file system, enter:

host1/Admin# gunzip disk0:PROBE_SCRIPTS.gz 

Untarring Files in the disk0: File System

A .tar file keeps related files together and facilitates the transfer of multiple files. A .tar file is a series of separate files, typically not compressed, added together into a single file by a UNIX TAR program. The resulting file is known as a tarball, which is similar to a ZIP file but without the compression. The files in a .tar file must be extracted before they can be used.

To untar a single file with a .tar extension in the disk0: file system, use the untar command in Exec mode. Use this command to untar the sample scripts file. You can also use this command to unzip a back-up licenses if a license becomes corrupted or lost. Before you can use the untar command, the filename must end with a .tar extension.


Note The copy licenses disk0: command creates backup .tar license files on the ACE. If a license becomes corrupted or lost, or you accidently remove the license on the ACE, you can untar the license and reinstall it. See the "Copying Licenses" section.


The syntax for the command is:

untar disk0:[path/]filename

The filename argument identifies the name of the .tar file in the disk0: file system. The filename must end with a .tar extension. You can optionally provide a path to the .tar file if it exists in another directory in the disk0: file system.

For example, to untar a series of license files in the mylicense.tar file in the disk0: file system, enter:

host1/Admin# untar disk0:mylicenses.tar

Creating a New Directory

To create a directory in the disk0: file system of Flash memory, use the mkdir disk0: command in Exec mode. The syntax for this command is:

mkdir disk0:[path/]directory

The directory argument provides the name of the directory to create in disk0:. If a directory with the same name already exists, the ACE does not create the new directory and the "Directory already exists" message appears.

For example, to create a directory called TEST_DIRECTORY in the disk0: file system, enter:

host1/Admin# mkdir disk0:TEST_DIRECTORY

Deleting an Existing Directory

To remove an existing directory from the disk0: file system of Flash memory, use the rmdir disk0: command in Exec mode. The directory must be empty before you can delete it.


Note To remove a file from the ACE file system, use the delete command (see the "Deleting Files" section).


The syntax for this command is:

rmdir disk0:[path/]directory

The directory argument provides the name of the directory to delete from the disk0: file system. The directory must be empty before you can delete it. You can optionally provide a path to a directory in the disk0: file system.

For example, to delete a directory called TEST_DIRECTORY from the disk0: file system, enter:

host1/Admin# rmdir disk0:TEST_DIRECTORY

Moving Files

To move a file between directories in the disk0: file system, use the move command in Exec mode. If a file with the same name already exists in the destination directory, that file is overwritten by the moved file.


Note To view the files available in the disk0: file system, use the dir disk0: command.


The syntax for this command is:

move disk0:[source_directory/]filename disk0:[destination_directory/]filename

The keywords and arguments are:

source_directory—(Optional) Name of the source directory in the disk0: file system.

destination_directory—(Optional) Name of the destination directory in the disk0: file system.

filename—Name of the file to move in the disk0: file system.

For example, to move the file called SAMPLEFILE to the MYSTORAGE directory in the disk0: file system, enter:

host1/Admin# move disk0:SAMPLEFILE disk0:MYSTORAGE/SAMPLEFILE

Deleting Files

To delete a file from a specific file system in the ACE, use the delete command in Exec mode. When you delete a file, the ACE erases the file from the specified file system.


Note To remove a directory from the ACE file system, use the rmdir command (see the "Deleting an Existing Directory" section).


The syntax for this command is:

delete {core:filename | disk0:[directory/]filename | image:filename | volatile:filename}

The keywords and arguments are:

core:filename—Deletes the specified file from the core: file system (see the "Viewing and Copying Core Dumps" section). The delete cores: command is available only in the Admin context.

disk0:[directory/]filename— Deletes the specified file from the disk0: file system (for example, a packet capture buffer file or system message log). You can optionally provide a path to a file in directory in the disk0: file system.

image:filename—Deletes the specified file from the image: file system. The delete image: command is available only in the Admin context.

volatile:filename—Deletes the specified file from the volatile: file system.

For example, to delete a copy of the running-configuration file called my_running-config1 from the mystorage directory on the disk0: file system, enter:

host1/Admin# delete disk0:mystorage/my_running-config1

Displaying File Contents

To display the contents of a specified file in a directory in Flash memory or in nonvolatile memory, use the show file command. The syntax for this command is:

show file {disk0: [path/]filename | volatile: filename} [cksum | md5sum]

The keywords, arguments, and options are:

disk0: [path/]filename—The name of a file residing in the disk0: file system of Flash memory (for example, a packet capture buffer file or system message log). You can optionally provide a path to a file in a directory in the disk0: file system.

volatile: filenameSpecifies the name of a file in the volatile memory file system of the ACE.

cksum—(Optional) Displays the cyclic redundancy check (CRC) checksum for the file. The checksum values compute a CRC for each named file. Use this command to verify that the file is not corrupt. You compare the checksum output for the received file against the checksum output for the original file.

md5sum—(Optional) Displays the MD5 checksum for the file. MD5 is an electronic fingerprint for the file. MD5 is the latest implementation of the internet standards described in RFC 1321 and is useful for data security and integrity.

For example, to display the contents of a file residing in the current directory, enter:

host1/Admin# show file disk0:myfile md5sum
3d8e05790155150734eb8639ce98a331

Saving show Command Output to a File

You can force all show screen output to be directed to a file by appending > filename to any command. For example, you can enter show interface > filename at the Exec mode CLI prompt to redirect the interface configuration command output to a file created at the same directory level.

The syntax for redirecting show command output is as follows:

show keyword [| {begin pattern | count | end | exclude pattern | include pattern | last | more}] [> {filename | {disk0:| volatile}:[path/][filename] | {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}

The arguments, keywords, and options include:

|—(Optional) Enables an output modifier that filters the command output.

begin pattern—Begins with the line that matches the pattern that you specify.

count—Counts the number of lines in the output.

end pattern—Ends with the line that matches the pattern that you specify.

exclude pattern—Excludes the lines that match the pattern that you specify.

include pattern—Includes the lines that match the pattern that you specify.

last—Displays the last few lines of the output.

more—Displays one window page at a time.

>—(Optional) Enables an output modifier that redirects the command output to a file.

filename—Name of the file that the ACE saves the output to on the volatile: file system.

disk0:—Specifies that the destination is the disk0: file system on the ACE Flash memory.

volatile:—Specifies that the destination is the volatile: file system on the ACE.

[path/][filename]—(Optional) Path and filename to the disk0: or volatile: file system.

ftp://server/path[/filename]—Specifies the FTP network server and, optionally, a filename.

sftp://[username@]server/path[/filename]—Specifies the SFTP network server and, optionally, a filename.

tftp://server[:port]/path[/filename]—Specifies the TFTP network server and, optionally, a filename.

Viewing and Copying Core Dumps

A core dump occurs when the ACE experiences a fatal error. The ACE writes information about the fatal error to the core: file system in Flash memory before a switchover or reboot occurs. The core: file system is the storage location for all core files generated during a fatal error. Three minutes after the ACE reboots, the saved last core file is restored from the core: file system back to its original RAM location. This restoration is a background process and is not visible to the user.

You can view the list of core files in the core: file system by using the dir core: command in Exec mode.

The core: file system is available only from the Admin context.


Note Core dump information is for Cisco Technical Assistance Center (TAC) use only. If the ACE becomes unresponsive, you can view the dump information in the core through the show cores command. We recommend that you contact TAC for assistance in interpreting the information in the core dump.


The time stamp on the restored last core file displays the time when the ACE booted up, not when the last core was actually dumped. To obtain the exact time of the last core dump, check the corresponding log file with the same process identifier (PID).

This section contains the following topics:

Copying Core Dumps

Clearing the Core Directory

Deleting a Core Dump File

Copying Core Dumps

You can save a core dump from the ACE to the disk0: file system or to a remote server. To save a core to a remote server, use the copy core: command in Exec mode. The ACE copies a single file based on the provided process identifier. The copy core: command is available only in the Admin context.

To display the list of available core files, use the dir core: command. Copy the complete filename (for example, 0x401_vsh_log.25256.tar.gz) into the copy core: command.

The syntax for the copy core: Exec mode command is:

copy core:filename {disk0:[path/][filename] | ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}

The keywords, arguments, and options are:

filename—Core dump that resides on the ACE in Flash memory. Use the dir core: command to view the core dump files available in the core: file system.

disk0:[path/][filename]Specifies a file location for the core dump in the disk0: file system and a filename for the core.

ftp://server/path[/filename]—Specifies the FTP network server and, optionally, the renamed core dump.

sftp://[username@]server/path[/filename]—Specifies the SFTP network server and, optionally, the renamed core dump.

tftp://server[:port]/path[/filename]—Specifies the TFTP network server and, optionally, the renamed core dump.

When you select a destination file system using ftp:, sftp:, or tftp:, the ACE performs the following tasks:

Prompts you for your username and password if the destination file system requires user authentication.

Prompts you for the server information if you do not provide the information with the command.

Copies the file to the root directory of the destination file system if you do not provide path information.

For example, to copy a core file from the ACE to a remote FTP server, enter:

host1/Admin# copy core:0x401_vsh_log.8249.tar.gz ftp://192.168.1.2 
Enter the destination filename[]? [0x401_vsh_log.8249.tar.gz]
Enter username[]? user1
Enter the file transfer mode[bin/ascii]: [bin]
Password:
Passive mode on.
Hash mark printing on (1024 bytes/hash mark).

Note The bin (binary) file transfer mode is intended for transferring compiled files (executables). The ascii file transfer mode is intended for transferring text files, such as config files. The default selection of bin should be sufficient in all cases when copying files to a remote FTP server.


Clearing the Core Directory

To clear out all of the core dumps stored in the core: file system, use the clear cores command in Exec mode of the Admin context. The syntax for the command is:

clear cores

For example, to clear out all of the core dumps stored in the core: file system, enter:

host1/Admin# clear cores

Deleting a Core Dump File

To delete a core dump file from the core: file system in Flash memory, use the delete core: command in Exec mode of the Admin context. To view the core dump files available in Flash memory, use the dir core: command.

The syntax for the command is:

delete core:filename

The filename argument specifies the name of a core dump file located in the core: file system.

For example, to delete the file 0x401_VSH_LOG.25256.TAR.GZ from the core: file system, enter:

host1/Admin# delete core:0x401_VSH_LOG.25256.TAR.GZ

Capturing and Copying Packet Information

Capturing packets is a useful aid in troubleshooting connectivity problems with the ACE or for monitoring suspicious activity. The ACE can track packet information for network traffic that passes through the ACE. The attributes of the packet are defined by an ACL. The ACE buffers the captured packets, and you can copy the buffered contents to a file in Flash memory on the ACE or to a remote server. You can also display the captured packet information on your console or terminal.

This section contains the following topics:

Capturing Packet Information

Copying Capture Buffer Information

Viewing Packet Capture Information

Capturing Packet Information

To enable the packet capture function on the ACE for packet sniffing and network fault isolation, use the capture command in Exec mode. As part of the packet capture process, you specify whether to capture packets from all input interfaces or an individual VLAN interface.


Note The packet capture function enables access-control lists (ACLs) to control which packets are captured by the ACE on the input interface. If the ACLs are selecting an excessive amount of traffic for the packet capture operation, the ACE will see a heavy load, which can cause a degradation in performance. We recommend that you avoid using the packet capture function when high network performance is critical.


The capture packet function works on an individual context basis. The ACE traces only the packets that belong to the current context where you execute the capture Exec command. The context ID, which is passed along with the packet, can be used to isolate packets that belong to a specific context. To trace the packets for a specific context, use the changeto Exec command to enter the specified context and then use the capture command.

The ACE does not automatically save the packet capture to a file. To copy the capture buffer information as a file in Flash memory or to a remote server, use the copy capture command (see the "Copying Capture Buffer Information" section).

The syntax for this command is:

capture buffer_name {{all | {interface vlan number}} access-list name [bufsize buf_size [circular-buffer]]} | remove | start | stop

The keywords, arguments, and options are:

buffer_name—Name of the packet capture buffer. The buffer_name argument associates the packet capture with a name. Specify a text string from 1 to 80 alphanumeric characters.

all—Specifies capture packets for all input interfaces.


Note To capture application acceleration and optimization traffic bound for the optional Cisco AVS 3180A Management Station interface, use the all keyword. This keyword captures all the traffic on all interfaces. You can then transfer the packet capture file to a remote machine to be scanned for traffic that is specific to the Management Station interface.


interface—Specifies the interface from which to capture packets.

vlan number—Specifies the VLAN identifier associated with the specified input interface.

access-list name—Selects packets based on a specific access list identification. A packet must pass the access list filters before the packet is stored in the capture buffer. Specify a previously created access list identifier. Enter an unquoted text string with a maximum of 64 alphanumeric characters.


Note Ensure that the access list is for an input interface. If you configure the packet capture on the output interface, the ACE will fail to match any packets.


bufsize buf_size—(Optional) Specifies the buffer size, in kilobytes (KB), used to store the packet capture. The range is from 1 to 5000 KB. The default is 64 kilobytes.

circular-buffer—(Optional) Enables the packet capture buffer to overwrite itself, starting from the beginning, when the buffer is full.

remove—Clears the packet capture configuration.

start— Starts the packet capture function. The packet capture function automatically stops when the buffer is full unless you enable the circular buffer function.

stop— Stops the packet capture function.

To enable packet capture on an interface VLAN, enter the following:

host1/Admin# access-list acl1 line 10 extended permit ip any any
host1/Admin# capture capture1 interface vlan50 access-list acl1
host1/Admin# capture capture1 start

To stop the packet capture function on the interface VLAN, enter the following:

host1/Admin# capture capture1 stop

Copying Capture Buffer Information

To copy an existing packet capture buffer to the disk0: file system, use the copy capture command in Exec mode.

The syntax for the command is:

copy capture capture_name disk0: [path/]destination_name

The keywords, arguments, and options are:

capture_name—Name of the packet capture buffer in Flash memory. Specify a text string from 1 to 80 alphanumeric characters. If necessary, use the show capture command to view the files available in Flash memory. This list includes the name of existing packet capture buffers.

disk0:—Specifies that the buffer is copied to the disk0: file system. Include a space between disk0: and a destination path.

[path/]destination_name—Destination path (optional) and name for the packet capture buffer. Specify a text string from 1 to 80 alphanumeric characters. If you do not provide the optional path, the ACE copies the file to the root directory on the disk0: file system.

For example, to copy a packet capture buffer to the disk0: file system as a file on disk0: called mycapture1, enter:

host1/Admin# copy capture packet_capture_Jan_17_06 disk0: mycapture1

To clear the capture packet buffer, use the clear capture command in Exec mode. The syntax for this command is:

clear capture buffer_name

The buffer_name argument specifies the name of the existing packet capture buffer to clear.

For example, to clear the capture buffer for the capture buffer packet_capture_Jan_17_06, enter:

host1/Admin# clear capture packet_capture_Jan_17_06

Viewing Packet Capture Information

To display the captured packet information on your console or terminal, use the show capture command in Exec mode. The syntax for this command is:

show capture buffer_name [detail [connid connection_id | range packet_start packet_end] | status]

The keywords, arguments, and options are:

buffer_name—Name of the packet capture buffer. Specify a text string from 1 to 80 alphanumeric characters.

detail—(Optional) Displays additional protocol information for each packet.

connid connection_id—(Optional) Displays protocol information for a specified connection identifier.

range packet_start packet_end—(Optional) Displays protocol information for a range of captured packets.

status—(Optional) Displays capture status information for each packet.

For all types of received packets, the console display is in tcpdump format.

For example, to display captured packet information for packet capture buffer capture1, enter:

host1/Admin# show capture capture1
0001: msg_type: ACE_HIT ace_id: 41 action_flag: 11 
0002: msg_type: CON_SETUP con_id: 1090519041 out_con_id: 16777218
0003: msg_type: PKT_RCV con_id: 16777218 other_con_id: 0 
0004: msg_type: PKT_RCV con_id: 1090519041 other_con_id: 0 
0005: msg_type: PKT_RCV con_id: 16777218 other_con_id: 0 
0006: msg_type: PKT_RCV con_id: 16777218 other_con_id: 0 
0007: msg_type: PKT_RCV con_id: 16777218 other_con_id: 0 
0008: msg_type: PKT_RCV con_id: 1090519041 other_con_id: 0 
0009: msg_type: PKT_RCV con_id: 1090519041 other_con_id: 0 
0010: msg_type: PKT_RCV con_id: 16777218 other_con_id: 0 
0011: msg_type: PKT_RCV con_id: 16777218 other_con_id: 0 
0012: msg_type: PKT_RCV con_id: 1090519041 other_con_id: 0 
0013: msg_type: PKT_RCV con_id: 16777218 other_con_id: 0 
0014: msg_type: PKT_RCV con_id: 16777218 other_con_id: 0 
0015: msg_type: PKT_RCV con_id: 1090519041 other_con_id: 0 

For example, to display packet capture status information, enter:

host1/Admin# show capture capture1 status
Capture session : cap1 
Buffer size     : 64 K
Circular        : no 
Buffer usage    : 19.00%
Status          : stopped

For example, to display protocol information for a range of captured packets, enter:

host1/Admin# show capture capture1 detail range 2-3
0002: msg_type: CON_SETUP 
con_id: 1090519041       out_con_id: 16777218
src_addr: 10.7.107.11      src_port: 30212 
dst_addr: 10.7.107.15      dst_port: 23 
l3_protocol: 0          l4_protocol: 0 
message_hex_dump: 
0x0000: 0000 0101 4100 0001 0100 0002 0000 0000  ....A...........
0x0010: 0a07 6b0b 0a07 6b0f 0619 0001 7604 0017  ..k...k.....v...
0x0020: 0000 0000 0002 0000 05b4 0000 0100 0002  ................
0x0030: 0000 0000 0010 0481 0208 0000 0000 0000  ................
0x0040: 0000 0000 1020 0010 0000 0000 19b2 fb3c  ...............<
0x0050: 000c 40ae 0000 0029 0000 0000 000c 40ae  ..@....)......@.
0x0060: 0000 0000 0000 0000 0000 0000 0000 0000  ................
0x0070: 0a07 6b0f 0a07 6b0b 0610 0001 0017 7604  ..k...k.......v.
0x0080: 0000 0000 0002 0000 05b4 0004 4100 0001  ............A...
0x0090: 0000 0000 0010 0480 0208 0000 0000 0000  ................
0x00a0: 0000 0000 1020 0010 0000 0000 19b2 fb3c  ...............<
0x00b0: 000c 40ae 0000 0029 0000 0000 000c 40ae  ..@....)......@.
0x00c0: 0000 0000 0000 0000 0000 0000            ............

0003: msg_type: PKT_RCV 
con_id: 16777218                other_con_id: 0 
message_hex_dump: 
0x0000: 8900 004e 0050 8034 0038 000a 0010 0a06  ...N.P.4.8......
0x0010: 0000 0005 9a3b 95d9 0011 5d6a f800 0800  .....;....]j....
0x0020: 45c0 002c b0de 0000 ff06 2005 0a07 6b0b  E..,..........k.
0x0030: 0a07 6b0f 7604 0017 19b2 fb3b 0000 0000  ..k.v......;....
0x0040: 6002 1020 12d5 00                        `......

For example, to display captured packet information in tcpdump format, enter:

host1/Admin# show capture capture1 detail
0001: msg_type: ACE_HIT 
ace_id: 41              action_flag: 0xb 
src_addr: 10.7.107.11      src_port: 30212 
dst_addr: 10.7.107.15      dst_port: 23 
l3_protocol: 0          l4_protocol: 6 
message_hex_dump: 
0x0000: 0000 0104 0000 0029 0000 0000 0a07 6b0b  .......)......k.
0x0010: 0a07 6b0f 0609 0001 7604 0017 0000 0000  ..k.....v.......
0x0020: 0000 0000 0000 0000 0000 0029 0b06 0000  ...........)....
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000  ................
0x0040: 0000 0000 0000 0001                      ........

0002: msg_type: CON_SETUP 
con_id: 1090519041       out_con_id: 16777218
src_addr: 10.7.107.11      src_port: 30212 
dst_addr: 10.7.107.15      dst_port: 23 
l3_protocol: 0          l4_protocol: 0 
message_hex_dump: 
0x0000: 0000 0101 4100 0001 0100 0002 0000 0000  ....A...........
0x0010: 0a07 6b0b 0a07 6b0f 0619 0001 7604 0017  ..k...k.....v...
0x0020: 0000 0000 0002 0000 05b4 0000 0100 0002  ................
0x0030: 0000 0000 0010 0481 0208 0000 0000 0000  ................
0x0040: 0000 0000 1020 0010 0000 0000 19b2 fb3c  ...............<
0x0050: 000c 40ae 0000 0029 0000 0000 000c 40ae  ..@....)......@.
0x0060: 0000 0000 0000 0000 0000 0000 0000 0000  ................
0x0070: 0a07 6b0f 0a07 6b0b 0610 0001 0017 7604  ..k...k.......v.
0x0080: 0000 0000 0002 0000 05b4 0004 4100 0001  ............A...
0x0090: 0000 0000 0010 0480 0208 0000 0000 0000  ................
0x00a0: 0000 0000 1020 0010 0000 0000 19b2 fb3c  ...............<
0x00b0: 000c 40ae 0000 0029 0000 0000 000c 40ae  ..@....)......@.
0x00c0: 0000 0000 0000 0000 0000 0000            ............

0003: msg_type: PKT_RCV 
con_id: 16777218                other_con_id: 0 
message_hex_dump: 
0x0000: 8900 004e 0050 8034 0038 000a 0010 0a06  ...N.P.4.8......
0x0010: 0000 0005 9a3b 95d9 0011 5d6a f800 0800  .....;....]j....
0x0020: 45c0 002c b0de 0000 ff06 2005 0a07 6b0b  E..,..........k.
0x0030: 0a07 6b0f 7604 0017 19b2 fb3b 0000 0000  ..k.v......;....
0x0040: 6002 1020 12d5 00                        `......

0004: msg_type: PKT_RCV 
con_id: 1090519041              other_con_id: 0 
message_hex_dump: 
0x0000: 0840 004e 0050 8034 0000 000a 0000 0000  .@.N.P.4........
0x0010: 0004 0011 5d6a f800 0005 9a3b 95d9 0800  ....]j.....;....
0x0020: 4500 002c 0000 4000 4006 50a4 0a07 6b0f  E..,..@.@.P...k.
0x0030: 0a07 6b0b 0017 7604 f31b 6f71 19b2 fb3c  ..k...v...oq...<
0x0040: 6012 16d0 a986 00                        `......

0005: msg_type: PKT_RCV 
con_id: 16777218                other_con_id: 0 
message_hex_dump: 
0x0000: 8900 004e 0050 8034 0038 000a 0010 0a06  ...N.P.4.8......
0x0010: 0000 0005 9a3b 95d9 0011 5d6a f800 0800  .....;....]j....
0x0020: 45c0 0028 b0df 0000 ff06 2008 0a07 6b0b  E..(..........k.
0x0030: 0a07 6b0f 7604 0017 19b2 fb3c f31b 6f72  ..k.v......<..or
0x0040: 5010 1020 c7f3 00                        P......

0006: msg_type: PKT_RCV 
con_id: 16777218                other_con_id: 0 
message_hex_dump: 
0x0000: 8900 005a 0050 8034 0038 000a 0010 0a06  ...Z.P.4.8......
0x0010: 0000 0005 9a3b 95d9 0011 5d6a f800 0800  .....;....]j....
0x0020: 45c0 003a b0e0 0000 ff06 1ff5 0a07 6b0b  E..:..........k.
0x0030: 0a07 6b0f 7604 0017 19b2 fb3c f31b 6f72  ..k.v......<..or
0x0040: 5018 1020 9a8a 0000 fffd 03ff fb18 fffb  P...............
0x0050: 17ff fb                                  ...

0007: msg_type: PKT_RCV 
con_id: 16777218                other_con_id: 0 
message_hex_dump: 
0x0000: 8900 004e 0050 8034 0038 000a 0010 0a06  ...N.P.4.8......
0x0010: 0000 0005 9a3b 95d9 0011 5d6a f800 0800  .....;....]j....
0x0020: 45c0 0028 b0e1 0000 ff06 2006 0a07 6b0b  E..(..........k.
0x0030: 0a07 6b0f 7604 0017 19b2 fb4e f31b 6f72  ..k.v......N..or
0x0040: 5010 1020 c7e1 00                        P......

0008: msg_type: PKT_RCV 
con_id: 1090519041              other_con_id: 0 
message_hex_dump: 
0x0000: 0840 004e 0050 8034 0000 000a 0000 0000  .@.N.P.4........
0x0010: 0004 0011 5d6a f800 0005 9a3b 95d9 0800  ....]j.....;....
0x0020: 4500 0028 7b6e 4000 4006 d539 0a07 6b0f  E..({n@.@..9..k.
0x0030: 0a07 6b0b 0017 7604 f31b 6f72 19b2 fb4e  ..k...v...or...N
0x0040: 5010 16d0 c131 00                        P....1.

Using the Configuration Checkpoint and Rollback Service

This section describes how to make a checkpoint (or snapshot) of a running configuration on your ACE and how to use the rollback service to revert to the last known stable configuration. It contains the following topics:

Overview

Creating a Configuration Checkpoint

Deleting a Configuration Checkpoint

Rolling Back a Running Configuration

Overview

At some point, you may want to modify your running configuration. If you run into a problem with the modified configuration, you may need to reboot your ACE. To prevent having to reboot your ACE after unsuccessfully modifying a running configuration, you can create a checkpoint (a snapshot in time) of a known stable running configuration before you begin to modify it. If you encounter a problem with the modifications to the running configuration, you can roll back the configuration to the previous stable configuration checkpoint.

The ACE allows you to make a checkpoint configuration at the context level. The ACE stores the checkpoint for each context in a hidden directory in Flash memory. If, after you enter additional commands to modify the current running configuration, you enter the rollback command option, the ACE causes the running configuration to revert to the checkpointed configuration.

This section contains the following topics:

Creating a Configuration Checkpoint

Deleting a Configuration Checkpoint

Rolling Back a Running Configuration

Creating a Configuration Checkpoint

To create a configuration checkpoint, use the checkpoint create command in Exec mode in the context for which you want to create a checkpoint. The ACE supports a maximum of 10 checkpoints for each context.

Be sure that the current running configuration is stable and is the configuration that you want to make a checkpoint. If you change your mind after creating the checkpoint, you can delete it. See the "Deleting a Configuration Checkpoint" section.

The syntax of this command is:

checkpoint create name

The name argument specifies the unique identifier of the checkpoint. Enter a text string with no spaces and a maximum of 64 alphanumeric characters.

For example, enter:

host1/Admin# checkpoint create MYCHECKPOINT
Generating configuration....
Created checkpoint 'MYCHECKPOINT'

If the checkpoint already exists, you are prompted to overwrite it as follows:

Checkpoint already exists
Do you want to overwrite it? (y/n)  [n] y Generating configuration....
Created checkpoint 'MYCHECKPOINT'

The default is n. If you do not want to overwrite the existing checkpoint, press Enter. To overwrite the existing checkpoint, enter y.

Deleting a Configuration Checkpoint

To delete a configuration checkpoint, use the checkpoint delete command in Exec mode. Before you use this command, make sure that you want to delete the checkpoint. When you enter this command, the ACE removes the checkpoint from Flash memory. The syntax of this command is:

checkpoint delete name

The name argument specifies the unique identifier of the checkpoint. Enter a text string with no spaces and a maximum of 64 alphanumeric characters.

For example, enter:

host1/Admin# checkpoint delete MYCHECKPOINT
Deleted checkpoint 'MYCHECKPOINT'

Rolling Back a Running Configuration

To roll back the current running configuration to the previously checkpointed running configuration for the current context, use the checkpoint rollback command in Exec mode. The syntax of this command is:

checkpoint rollback name

The name argument specifies the unique identifier of the checkpoint. Enter a text string with no spaces and a maximum of 64 alphanumeric characters.

For example, enter:

host1/Admin# checkpoint rollback MYCHECKPOINT
This operation will rollback the system's running configuration to the 
checkpoint's configuration.
Do you wish to proceed? (y/n)  [n] y
Rollback in progress, please wait...
Generating configuration....
Rollback succeeded
switch/Admin#

Displaying Checkpoint Information

To display checkpoint information, use the show checkpoint command in Exec mode. The syntax of this command is:

show checkpoint {all | detail name}

The options and arguments are:

all—Displays a list of all existing checkpoints

detail name—Displays the running configuration of the specified checkpoint

For example, to display the running configuration for a specific checkpoint, enter:

host1/Admin# show checkpoint detail MYCHECKPOINT

Reformatting Flash Memory


Caution We recommend that you use the format flash command to reformat the ACE Flash memory only under the guidance and supervision of Cisco Technical Assistance Center (TAC).

The ACE uses the third extended file system (ext3) as the base file system. The file system is used to allocate and organize storage space for various types of storage, such as startup-configuration files, SSL certificate storage, core files, image storage, and log files.

To erase all data on the Flash memory and reformat it with the ext3 base file system, use the format flash: command. All user-defined configuration information is erased.

The ACE performs the following verification sequence prior to reformatting Flash memory:

If the system image (the current loaded image) is present in the GNU GRand Unified Bootloader (GRUB) boot loader, the ACE automatically performs a backup of that image and then performs the reformat of Flash memory.

If the system image is not present in the Grub boot loader, the ACE prompts you for the location of an available image to backup prior to reformatting the Flash memory.

If you choose not to backup an available image file, the ACE searches for the ACE-APPLIANCE-RECOVERY-IMAGE.bin image in the Grub partition of Flash memory. ACE-APPLIANCE-RECOVERY-IMAGE.bin is the recovery software image that the ACE uses if the disk partition in Flash memory is corrupted.

If ACE-APPLIANCE-RECOVERY-IMAGE.bin is present, the ACE continues with the Flash memory reformat. The CLI prompt changes to "switch(RECOVERY-IMAGE)/Admin#" as a means for you to copy the regular ACE software image.

If ACE-APPLIANCE-RECOVERY-IMAGE.bin is not present, the ACE stops the Flash memory reformat because there is no image to boot after format.

Before you reformat Flash memory, we recommend that you copy the following ACE operation and configuration files or objects to a remote server:

ACE software image

ACE license

Startup-configuration file of each context

Running-configuration file of each context

Core dump files of each context

Packet capture buffers of each context

SSL certificate and key pair files of each context

See the "Copying Files" section for details on how to use the copy command to save configuration files or objects, such as the existing startup-configuration files, running-configuration file, licenses, core dump files, or packet capture buffers, to a remote FTP, SFTP, or TFTP server.

See the Cisco 4700 Series Application Control Engine Appliance SSL Configuration Guide for details on how to use the crypto export command to export SSL certificate and key pair files to a remote FTP, SFTP, or TFTP server.

The syntax for the command is as follows:

format flash:

For example, to erase all information in Flash memory and reformat it, enter:

host1/Admin# format flash:
Warning!! This will erase everything in the compact flash 
including startup configs for all the contexts and reboot 
the system!!
Do you wish to proceed anyway? (yes/no) [no] yes

If the ACE fails to extract a system image from the Grub bootloader, it prompts you to provide the location of an available system image to backup:

Failed to extract system image Information from Grub
backup specific imagefile? (yes/no) [no] yes 
Enter Image name: c4710ace-t1k9-mz.A1_7.bin
Saving Image [c4710ace-t1k9-mz.A1_7.bin]
Formatting the cf.....
Unmounting ext3 filesystems...
Unmounting FAT filesystems...
Unmounting done...

Unmounting compact flash filesystems...
format completed  successfully
Restoring Image backupimage/scimi-3.bin
kjournald starting.  Commit interval 5 seconds
REXT3 FS on hdb2, internal journal
EXT3-fs: mounted filesystem with ordered data mode.
starting graceful shutdown
switch/Admin# Unmounting ext3 filesystems...
Unmounting FAT filesystems...
Unmounting done...

After you reformat the Flash memory, perform the following actions:

Reinstall the ACE software image by using the copy image: command (see Appendix A, Upgrading Your ACE Software).

Reinstall the ACE license by using the license install command (see Chapter 3, Managing ACE Software Licenses).

Import the startup and running-configuration files into the associated context by using the copy command (see the "Loading Configuration Files from a Remote Server" section).

Import SSL certificate files and key pair files into the associated context using by the crypto import command (see the Cisco 4700 Series Application Control Engine Appliance SSL Configuration Guide).