Table Of Contents
Cisco CSM-to-ACE Conversion Tool User Guide
This document describes how to use the CSM-to-ACE conversion tool to migrate Cisco Content Switching Module (CSM) running- or startup-configuration files to the Cisco Application Control Engine (ACE) module. It describes how to access the conversion tool, use the tool to convert a CSM configuration to an ACE configuration, and copy the converted configuration to the ACE. This document also includes a summary of the CSM commands that are not supported by the conversion tool.
This document contains the following sections.
Accessing the CSM-to-ACE Conversion Tool
The conversion tool is included as part of the ACE software image and is accessible from the Cisco ACE Module web page using either HTTP or secure HTTP (HTTPS). To access the conversion tool, perform the following steps:
Step 1 Log in to the ACE CLI.
Step 2 Create a Layer 3 and Layer 4 management policy. Ensure that, at a minimum, you permit HTTP or HTTPS traffic in the management policy to enable remote access to the Cisco ACE Module web page. The following excerpt is a typical configuration example that illustrates how to enable web access to the ACE to access the Cisco ACE Module web page. For details on enabling remote access to the ACE, refer to the Cisco Application Control Engine Module Administration Guide.Cat6k Configurationsvclc multiple-vlan-interfacessvclc module 3 vlan-group 1svclc vlan-group 1 10Cisco ACE Configurationclass-map type management match-any L4_REMOTE-ACCESS_CLASSdescription Enabling remote access traffic to the ACE and the Cisco ACE Module web page2 match protocol telnet any3 match protocol ssh any4 match protocol icmp any5 match protocol http any6 match protocol https anypolicy-map type management first-match L4_REMOTE-ACCESS_MATCHclass L4_REMOTE-ACCESS_CLASSpermitinterface vlan 10ip address 192.168.215.134 255.255.255.0service-policy input L4_REMOTE-ACCESS_MATCHno shutdownip route 0.0.0.0 0.0.0.0 192.168.215.1
Step 3 Open your preferred Internet web browser application, such as Microsoft Internet Explorer or Netscape Navigator.
Step 4 Specify the HTTP or HTTPS address of your ACE in the address field:http://ace_ip_addresshttps://ace_ip_address
Step 5 If this your first time accessing the ACE web page by HTTPS, you will be prompted to accept (trust) and install the signed certificate from Cisco Systems. Click Yes at the prompt to accept and install the signed certificate. To avoid approving the signed certificate each time you log in to the ACE web page, accept the certificate. For instructions on trusting certificates from a particular owner or website, see the online help included with your browser.
Step 6 When the dialog box appears, login with your ACE username and password in the fields provided, then click OK. The ACE web page appears (Figure 1).
Note Users with administrative privileges can access the CSM-to-ACE conversion tool.
Figure 1 Cisco ACE Module Web Page
Step 7 Click the CSM2ACE conversion tool link in the Tools section of the ACE web page. The CSM-to-ACE conversion tool appears (Figure 2). Proceed to the "Using the CSM-to-ACE Conversion Tool" section.
Figure 2 CSM-to-ACE Conversion Tool
Using the CSM-to-ACE Conversion Tool
You can convert a CSM startup- or running-config to an equivalent ACE startup- or running-config by using one of the following methods:
•Copying and pasting the contents from a saved CSM configuration file or from the CSM show running-config or show startup-config command output to the conversion tool `
•Uploading a saved CSM configuration file to the conversion tool
To use the conversion tool to convert a CSM configuration, perform the following steps:
Step 1 By default, the Admin context is always assumed as the target virtual context on the ACE. To migrate a CSM configuration to a different virtual context (for example, C1), specify a different virtual context name in the User Context Name: text box (see Figure 3). The conversion tool generates the corresponding ACE configuration for the Admin context to create the requested virtual context.
Step 2 To add the contents from a saved CSM configuration file or from the CSM show running-config or show startup-config command output, copy and paste the complete configuration into the text area of the Paste CSM Commands: section of the conversion tool (Figure 3). Proceed to Step 4.
Figure 3 Pasting the Content of a CSM Configuration into the CSM-to-ACE Conversion Tool
Step 3 To select a CSM configuration file to upload to the conversion tool, click Browse. Navigate to the CSM configuration file that you want to convert, then click Open. The CSM configuration file appears in the Upload CSM Command File: section of the conversion tool (Figure 4). Proceed to Step 4.
Figure 4 Uploading a CSM Configuration File
Step 4 To convert the CSM commands, click Get ACE Commands. The tool converts the CSM startup- or running-config to an equivalent ACE startup- or running-config (Figure 5).
Figure 5 Converted CSM Commands to ACE Commands Example
In addition, the conversion tool lists the CSM commands from the original configuration file (Figure 6).
Figure 6 Summary of Converted CSM Commands Example
The conversion tool also includes a list of any unsupported CSM commands (Figure 7). The Notes section provides additional information, as necessary. Proceed to the "Copying the Converted Configuration File to the ACE" section.
Figure 7 Unsupported CSM Commands and Notes Example
Copying the Converted Configuration File to the ACE
Once you convert the CSM configuration, you can use one of the following methods to copy the converted configuration to the ACE:
•Copy and paste the converted configuration directly at the ACE CLI configuration mode prompt.
•Copy and paste the converted configuration to a text file. You can store this configuration file locally and make the appropriate content changes in the configuration text file to support the ACE configuration.
Before you begin, for the ACE to allow the new VLANs identified in the converted CSM configuration file, first create the VLAN groups on the supervisor engine in the Catalyst 6500 series switch or Cisco 7600 series router, and then assign the groups to the ACE. By default, all VLANs are allocated to the Admin context on the ACE. See the Cisco Application Control Engine Module Routing and Bridging Configuration Guide for details.
This section includes the following topics:
Copying and Pasting the Converted Configuration to the ACE CLI Prompt
To copy and paste the converted configuration directly to the ACE CLI prompt, perform the following steps:
Step 1 Log in to the ACE by entering the login username and password at the following prompt:switch login: xxxxxxPassword: yyyyyy
By default, both the username and password are admin.
The prompt changes to:switch/Admin#
Step 2 Access configuration mode:switch/Admin# configureEnter configuration commands, one per line. End with CNTL/Z
The prompt changes to the following:switch/Admin(config)#
Step 3 Copy the converted configuration listed in the ACE Commands: section of the conversion tool (see Figure 5), from the Configuration Commands for Admin Context: section. Paste the copied content at the configuration mode prompt of the ACE. If you are operating in multiple contexts, this step automatically creates the new virtual context identified in the User Context Name: text box of the conversion tool.
For example, to paste the converted configuration to the Admin context::switch/Admin(config)# resource-class RC1switch/Admin(config-resource)# limit-resource sticky minimum 100 maximum unlimitedswitch/Admin(config-resource)# context C1switch/Admin(config-context)# allocate-interface vlan 16switch/Admin(config-context)# member RC1switch/Admin(config-context)#switch/Admin(config-context)# exitswitch/Admin(config)#
Step 4 If you are operating in multiple contexts, observe the CLI prompt to verify that you are operating in the desired context. If necessary, change to the correct context by using the changeto command in Exec mode.switch/Admin(config)# exitswitch/Admin# changeto C1switch/C1# configureEnter configuration commands, one per line. End with CNTL/Zswitch/C1(config)#
Step 5 Copy the converted configuration listed in the ACE Commands: section of the conversion tool (see Figure 5), from the Configuration Commands for xx Context:. Paste the copied contents at the configuration mode prompt of the ACE.
For example, to paste the converted configuration to the C1 context:switch/C1(config)# access-list LB_ALLOW_VIPS extended permit tcp any 10.9.8.53 255.255.255.255 eq wwwswitch/C1(config)# probe http EMEAswitch/C1(config-probe-http)# faildetect 2switch/C1(config-probe-http)# interval 5switch/C1(config-probe-http)# open 5switch/C1(config-probe-http)# passdetect interval 20switch/C1(config-probe-http)# request method get url /EMEA/KAL.htmlswitch/C1(config-probe-http)# probe http 200-OKswitch/C1(config-probe-http)# faildetect 2switch/C1(config-probe-http)# header host header-value healthcheck.cisco.comswitch/C1(config-probe-http)# interval 22switch/C1(config-probe-http)# passdetect interval 63switch/C1(config-probe-http)# port 80switch/C1(config-probe-http)# request method get url /serverstatus/status.aspswitch/C1(config-probe-http)#
Step 6 (Optional) Use the following commands to save the updated contents of the running- or startup-configuration file:
•To merge the contents of the startup configuration file into the running configuration file, use the copy startup-config running-config command.
•To copy the contents of the running configuration file to the startup configuration file in Flash memory, use the copy running-config startup-config command.
Proceed to the "Example of a Copied Configuration File for Use By the ACE" section.
Copying and Pasting the Converted Configuration to a Text File for Content Editing
To copy and paste the converted configuration to a text file and make content changes in the file, perform the following steps:
Step 1 Copy the converted configuration listed in the ACE Commands: section of the conversion tool (see Figure 5) to a text file. Save this text file as an appropriately named configuration file.
Step 2 Store this configuration text file.
Step 3 Make the appropriate changes in the configuration text file to support the ACE design configuration. This step helps you to avoid potential issues or conflicts before copying and pasting the converted CSM configuration text file to the ACE CLI prompt. See the"Unsupported CSM Commands" section for a list of the CSM CLI commands that are not supported during the conversion.
Step 4 Copy and paste the contents of the updated configuration file directly to the ACE CLI prompt as described in the"Copying and Pasting the Converted Configuration to the ACE CLI Prompt" section.
Proceed to the "Example of a Copied Configuration File for Use By the ACE" section.
Example of a Copied Configuration File for Use By the ACE
After you copy the contents of the converted CSM-to-ACE configuration to the ACE, use the following commands to view the updated content of either the running- or startup-configuration file:
•To view the running-configuration file, use the show running-config command.
•To view the startup-configuration file, use the show startup-config command.
The following output example is from the show running-config command. This example includes hypertext cross-references to the applicable chapters in the ACE documentation set that you can refer to for the configuration details. You can click the URLs located above the command output for the configuration details. Use the ACE CLI commands to make modifications to the configuration, as needed.switch/C1# show running-configGenerating configuration....access-list LB_ALLOW_VIPS line 8 extended permit tcp any host 10.9.8.53 eq wwwprobe http 200-OKinterval 22faildetect 2passdetect interval 63request method get url /serverstatus/status.aspheader Host header-value "healthcheck.cisco.com"probe http EMEAinterval 5faildetect 2passdetect interval 20request method get url /EMEA/KAL.htmlopen 5parameter-map type connection HR-CORP_CONNset timeout inactivity 1800parameter-map type http HR-CORP_HTTPpersistence-rebalanceset header-maxparse-length 4000rserver host WIN-EMEA-S1description SJ-Z8ip address 10.9.8.187inservicerserver host WIN-EMEA-S2description SJ-Z8ip address 10.9.8.188inservicerserver host WIN-EMEA-S3description SJ-Z8ip address 10.9.8.189inservicerserver host WIN-GLO-S1description SJ-Z4ip address 10.9.8.28inservicerserver host WIN-GLO-S2description SJ-Z4ip address 10.9.8.29inservicerserver host WIN-GLO-S3description SJ-Z4ip address 10.9.8.30inservicerserver host WIN-HR-S1description SJ-Z1ip address 10.9.8.76inservicerserver host WIN-HR-S2description SJ-Z1ip address 10.9.8.78inservicerserver host WIN-HR-S3description SJ-Z1ip address 10.9.8.77inserviceserverfarm host EMEApredictor leastconnsprobe EMEArserver WIN-EMEA-S1inservicerserver WIN-EMEA-S2inservicerserver WIN-EMEA-S3inserviceserverfarm host HR-CORPpredictor leastconnsprobe 200-OKrserver WIN-HR-S1inservicerserver WIN-HR-S2inservicerserver WIN-HR-S3inserviceserverfarm host HR-GLOBALpredictor leastconnsprobe 200-OKrserver WIN-GLO-S1inservicerserver WIN-GLO-S2inservicerserver WIN-GLO-S3inserviceclass-map type http loadbalance match-all HR-CORP2 match http url /HR.*class-map match-all HR-CORP_L32 match virtual-address 10.9.8.53 tcp eq wwwclass-map type http loadbalance match-all HR-EMEA2 match http header Accept-Language header-value "en-us"class-map type management match-any TO-CP-POLICY2 match protocol http any3 match protocol icmp any4 match protocol telnet anypolicy-map type management first-match TO-CP-POLICYclass TO-CP-POLICYpermitpolicy-map type loadbalance http first-match HR-CORPclass HR-EMEAclass HR-CORPserverfarm HR-CORPclass class-defaultserverfarm HR-GLOBALpolicy-map multi-match POLICY1057590class HR-CORP_L3loadbalance vip inserviceloadbalance policy HR-CORPloadbalance vip icmp-reply activeappl-parameter http advanced-options HR-CORP_HTTPconnection advanced-options HR-CORP_CONNservice-policy input POLICY1057590service-policy input TO-CP-POLICYaccess-group input LB_ALLOW_VIPSinterface vlan 130ip address 10.86.215.74 255.255.255.0no shutdowninterface bvi 16no shutdown
Unsupported CSM Commands
The tool converts the majority of the CSM commands to comparable ACE commands. The converted output includes a list of the commands that are not supported by the tool during the conversion process (Figure 8).
Figure 8 Unsupported CSM Commands Area of the CSM-to-ACE Conversion Tool
This section summarizes the CSM commands that are not supported by the conversion tool. It includes the following tables:
•Table 1 lists the CSM commands that do not have an equivalent function in the ACE.
•Table 2 lists the CSM commands that have an equivalent function in the ACE, but are not directly converted by the tool. Table 2 also identifies the commands in the ACE CLI that provide the most comparable function to match the associated CSM command.
Both tables include references to the ACE module documentation that best address the associated CSM function not supported by the conversion tool. For a complete listing of the ACE module documentation available on www.cisco.com, see the "ACE Module Documentation"section.
ACE Module Documentation
You can access the ACE module documentation on www.cisco.com at:
To familiarize yourself with the ACE module, refer to the following documentation:
•Release Note for the Cisco Application Control Engine Module
•Cisco Application Control Engine Module Hardware Installation Note
•Cisco Application Control Engine Module Administration Guide
•Cisco Application Control Engine Module Command Reference
•Cisco Application Control Engine Module Getting Started Guide
•Cisco Application Control Engine Module Routing and Bridging Configuration Guide
•Cisco Application Control Engine Module Security Configuration Guide
•Cisco Application Control Engine Module Server Load-Balancing Configuration Guide
•Cisco Application Control Engine Module SSL Configuration Guide
•Cisco Application Control Engine Module System Message Guide
•Cisco Application Control Engine Module Virtualization Configuration Guide
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
©2008 Cisco Systems, Inc. All rights reserved.