Administration Guide vA1(7), Cisco ACE 4700 Series Application Control Engine Appliance
Setting Up the ACE
Download this chapter
Setting Up the ACESetting Up the ACE
Download the complete book
Cisco 4700 Series Application Control Engine Appliance Administration Guide, Book-Length PDF (Software Version A1(7))Cisco 4700 Series Application Control Engine Appliance Administration Guide, Book-Length PDF (Software Version A1(7)) (PDF - 7 MB)
 Feedback

Table Of Contents

Setting Up the ACE

Establishing a Console Connection on the ACE

Using the Setup Script to Enable Connectivity to the Device Manager

Connecting and Logging into the ACE

Changing the Administrative Password

Resetting the Administrator CLI Account Password

Assigning a Name to the ACE

Configuring an ACE Inactivity Timeout

Configuring a Message-of-the-Day Banner

Configuring the Time, Date, and Time Zone

Setting the System Time and Date

Setting the Time Zone

Adjusting for Daylight Saving Time

Viewing the System Clock Settings

Synchronizing the ACE with an NTP Server

Configuring NTP Server and Peer Associations

Viewing NTP Statistics and Information

.Clearing NTP Statistics

Configuring Terminal Settings

Configuring Terminal Display Attributes

Configuring Terminal Line Settings

Configuring Console Line Settings

Configuring Virtual Terminal Line Settings

Modifying the Boot Configuration

Setting the Boot Method from the Configuration Register

Setting the BOOT Environment Variable

Configuring the ACE to Bypass the Startup Configuration File During the Boot Process

Displaying the ACE Boot Configuration

Restarting the ACE

Shutting Down the ACE


Setting Up the ACE

This chapter describes how to initially configure basic settings on the Cisco 4700 Series Application Control Engine (ACE) appliance. It includes the following major sections:

Establishing a Console Connection on the ACE

Using the Setup Script to Enable Connectivity to the Device Manager

Connecting and Logging into the ACE

Changing the Administrative Password

Assigning a Name to the ACE

Configuring an ACE Inactivity Timeout

Configuring a Message-of-the-Day Banner

Configuring the Time, Date, and Time Zone

Synchronizing the ACE with an NTP Server

Configuring Terminal Settings

Modifying the Boot Configuration

Restarting the ACE

Shutting Down the ACE

For details on assigning VLANs to the ACE, configuring VLAN interfaces on the ACE, and configuring a default or static route on the ACE, see the Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide.

Establishing a Console Connection on the ACE

You establish a direct serial connection between your terminal or a PC and the ACE by making a serial connection to the console port on the rear panel of the ACE. The ACE has one standard RS-232 serial port found on the rear panel that operates as the console port. The integrated serial port uses a 9-pin male D-shell connector. Use a straight-through cable to connect the switch to a DTE device, such as a terminal or a PC. For instructions on connecting a console cable to your ACE appliance, see the Cisco Application Control Engine Appliance Hardware Installation Guide.

Any device connected to this port must be capable of asynchronous transmission. Connection requires a terminal configured as 9600 baud, 8 data bits, hardware flow control on, 1 stop bit, no parity.

Note Only the Admin context is accessible through the console port; all other contexts can be reached through Telnet or SSH sessions.

Once connected, use any terminal communications application to access the ACE CLI. The following procedure uses HyperTerminal for Windows.

To access the ACE by using a direct serial connection, perform the following steps:

Step 1 Launch HyperTerminal. The Connection Description window appears.

Step 2 Enter a name for your session in the Name field.

Step 3 Click OK. The Connect To window appears.

Step 4 From the drop-down list, choose the COM port to which the device is connected.

Step 5 Click OK. The Port Properties window appears.

Step 6 Set the following port properties as follows:

Baud Rate = 9600

Data Bits = 8

Hardware Flow Control = On

Parity = none

Stop Bits = 1

Step 7 Click OK to connect.

Step 8 Press Enter to access the CLI prompt. 

switch login:

Once a session is created, choose Save As from the File menu to save the connection description. Saving the connection description has the following two advantages:

The next time that you launch HyperTerminal, the session is listed as an option under Start > Programs > Accessories > HyperTerminal > Name_of_session. This option lets you reach the CLI prompt directly without going through the configuration steps.

You can connect your cable to a different device without configuring a new HyperTerminal session. If you use this option, make sure that you connect to the same port on the new device as was configured in the saved HyperTerminal session. Otherwise, a blank screen appears without a prompt.

Using the Setup Script to Enable Connectivity to the Device Manager

When you boot the ACE for the first time and the appliance does not detect a startup-configuration file, a setup script appears to guide you through the process of configuring a management VLAN on the ACE through one of its Gigabit Ethernet ports. The primary intent of the setup script is to simplify connectivity to the Device Manager GUI (as described in the Cisco 4700 Series Application Control Engine Appliance Device Manager GUI Quick Configuration Guide).

After you specify a gigabit Ethernet port, port mode, and a management VLAN, the setup script automatically applies the following default configuration:

Management VLAN allocated to the specified Ethernet port.

Extended IP access list that allows IP traffic originating from any other host addresses.

Traffic classification (class map and policy map) created for management protocols HTTP, HTTPS, ICMP, SSH, Telnet, and XML-HTTPS. HTTPS is dedicated for connectivity with the Device Manager GUI.

VLAN interface configured on the ACE and a policy map assigned to the VLAN interface.

The ACE provides a default answer in brackets [ ] for each question in the setup script. To accept a default configuration prompt, press Enter, and the ACE accepts the setting. To skip the remaining configuration prompts, press Ctrl-C any time during the configuration sequence.

Note The script configuration process described in this section is identical to the script configuration process performed using the setup CLI command.

To configure the ACE from the setup script, perform the following steps:

Step 1 Ensure that you have established a direct serial connection between your terminal or a PC and the ACE (see the "Establishing a Console Connection on the ACE" section).

Step 2 Press the power button on the front of the ACE and the boot process occurs. See the Cisco Application Control Engine Appliance Hardware Installation Guide for details.

Step 3 At the login prompt, log into the ACE by entering the login username and password. By default, the username and password are admin. For example, enter: 

switch login: admin

Password: admin


---- Basic System Configuration Dialog ----


This setup utility will guide you through the basic configuration of 
the system. Setup configures only enough connectivity to the

ACE appliance Device Manager GUI of the system.


*Note: setup is mainly used for configuring the system initially,

when no configuration is present. So setup always assumes system

defaults and not the current system configuration values.


Press Enter at anytime to skip a dialog. Use ctrl-c at anytime

to skip the remaining dialogs.


Would you like to enter the basic configuration dialog (yes/no):

Caution For software versions A1(8.0a) and higher, you must change the default Admin password if you have not already done so. Otherwise, you will be able to log in to the ACE only through the console port.

Step 4 At the prompt "Would you like to enter the basic configuration dialog? (yes/no):", type yes to continue the setup (or select no to or bypass its operation and directly access the CLI).

Step 5 At the prompt "Which port is used to carry Management vlan (1 - 4)? [1]:", specify the Ethernet port that you want to use to access the Device Manager GUI. Valid entries are 1 through 4. The default is Ethernet port 1. Press Enter.

Step 6 At the prompt "Configure GigabitEthernet port mode (Access/Trunk) [Trunk]:", identify whether the Ethernet port is to be configured as a VLAN access port or as a VLAN trunk port. The default is Trunk. Press Enter.

Step 7 At the prompt "Which vlan is used as Management vlan (2 - 4095)? [10]:", specify the number you want to assign to the VLAN interface. Valid values are from 2 to 4094. The default is VLAN 10. Press Enter.

Step 8 At the prompt "What is the Management VLAN ip address [192.168.1.10]:", assign an IP address to the management VLAN interface. When you assign an IP address to a VLAN interface, the ACE automatically makes it a routed mode interface. Press Enter.

Step 9 At the prompt "What is the Management VLAN ip netmask [255.255.255.0]:", assign a subnet mask to the management VLAN interface. Press Enter.

Step 10 At the prompt "Configure the default gateway? (yes/no) [y]:", choose whether to assign an IP address of the gateway router (the next-hop address for this route). If you specify yes, enter the IP address of default gateway. The gateway address must be in the same network as specified in the IP address for a VLAN interface. Press Enter.

Step 11 After you configure the Ethernet port, port mode, and management VLAN, the setup script automatically applies the appropriate configuration: 


The following configuration will be applied:

interface gigabitEthernet 1/1

  switchport trunk allowed vlan 2

  no shut

access-list ALL extended permit ip any any

class-map type management match-any remote_access

  match protocol xml-https any

  match protocol icmp any

  match protocol telnet any

  match protocol ssh any

  match protocol http any

  match protocol https any

policy-map type management first-match first-match 
remote_mgmt_allow_policy

  class remote_access

    permit

interface vlan 2

  ip address 192.168.1.10 255.255.255.0

  access-group input ALL

  service-policy input remote_mgmt_allow_policy

  no shutdown

ip route 0.0.0.0 0.0.0.0 172.16.2.1

Step 12 At the prompt "Would you like to edit the configuration? (yes/no) [n]:", enter one of the following replies:

Type y to modify the configuration at the CLI.

Type n to accept the configuration without any additional changes. This setting is the default.

Step 13 At the prompt "Use this configuration? (yes/no) [y]":, enter one of the following replies:

Type y to instruct the ACE to boot using the newly created running-configuration file. This is the default.

Type n to bypass using the newly created running-configuration file and boot with an empty configuration.

Step 14 At the prompt "Would you like to save the running-config to startup-config? (yes/no) [n]:, enter one of the following replies:

Type y to save the running-configuration to the startup-configuration file.

Type n to bypass saving the running-configuration to the startup-configuration file.


Connecting and Logging into the ACE

This section describes how to connect to the ACE as the default user from the ACE console port. Once you connect to the ACE as the default user, you can then log in and enter the configuration mode to configure the ACE. Only the Admin context is accessible through the console port; all other contexts can be reached through a Telnet or SSH remote access session.

The ACE creates the following default users at startup: admin, dm, and www.

The admin user is the global administrator and cannot be deleted.

The dm user is for accessing the Device Manager GUI and cannot be deleted. The dm user is an internal user required by the Device Manager GUI; it is hidden on the ACE CLI.

Note Do not modify the dm user password from the ACE CLI. If the password is changed, the Device Manager GUI will become inoperative. If this occurs, restart the Device Manager using the dm reload command (you must be the global administrator to access the dm reload command). Note that restarting the Device Manager does not impact ACE functionality; however, it may take a few minutes for the Device Manager to reinitialize as it reads the ACE CLI configuration. This command is available only in software versions A1(8.0) and higher.

The ACE uses the www user account for the XML interface and cannot be deleted.

Later, when you configure interfaces and IP addresses on the ACE itself, you can remotely access the ACE CLI through an ACE interface by using a Telnet or SSH session. To configure remote access to the ACE CLI, see Chapter 2, Enabling Remote Access to the ACE. For details on configuring interfaces on the ACE, see the Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide.

You can configure the ACE to provide a higher level of security for users accessing the ACE. For information about configuring user authentication for login access, see the Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide.

To connect to the ACE and access configuration mode to perform initial configuration, perform the following steps:

Step 1 Access the ACE directly by its console port, attach a terminal to the asynchronous RS-232 serial port on the rear panel of the ACE. The ACE has one standard RS-232 serial port found on the rear panel that operates as the console port. Any device connected to this port must be capable of asynchronous transmission. Connection requires a terminal configured as 9600 baud, 8 data bits, hardware flow control on, 1 stop bit, no parity.See the "Establishing a Console Connection on the ACE" section.

Step 2 Log into the ACE by entering the login username and password at the following prompt: 

switch login: admin

Password: admin

By default, both the username and password are admin.

The prompt changes to the following: 

switch/Admin#

To change the default login password, see the "Changing the Administrative Password" section for details.

Note When you boot the ACE for the first time and the appliance does not detect a startup-configuration file, a setup script appears to enable connectivity to the ACE Device Manager GUI. The start-up script is not intended for use with the CLI. Select no to skip the use of the setup script and proceed directly to the CLI. See "Using the Setup Script to Enable Connectivity to the Device Manager" section for details.

Caution For software versions A1(8.0a) and higher, you must change the default Admin password if you have not already done so. Otherwise, you will be able to log in to the ACE only through the console port.

Step 3 To access configuration mode, enter the following command: 

switch/Admin# configure

Enter configuration commands, one per line. End with CNTL/Z

The prompt changes to the following: 

switch/Admin(config)#

Changing the Administrative Password

During the initial login process to the ACE, you enter the default user name admin and the default password admin in lowercase text. You cannot modify or delete the default administrative username; however, for security reasons, you must change the administrative password. If you do not change the administrative password, security on your ACE can be compromised because the administrative password is configured to be the same for every ACE shipped from Cisco Systems.

Caution For software versions A1(8.0a) and higher, you must change the default Admin password if you have not already done so. Otherwise, you will be able to log in to the ACE only through the console port.

The administrative username and password are stored in Flash memory. Each time that you reboot the ACE, it reads the username and password from Flash memory. Global administrative status is assigned to the administrative username by default.

Note For users that you create in the Admin context, the default scope of access is for the entire ACE. If you do not assign a user role to a new user, the default user role is Network-Monitor. For users that you create in other contexts, the default scope of access is the entire context. To verify the account and permission for each user, use the show user-account Exec command. For details on contexts, user roles, and domains, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide.

To change the default administrative password, use the username command in configuration mode. The syntax of this command is as follows:

username admin [password [0 | 5] {password}]

The keywords, arguments, and options are:

admin—Specifies the default administrative user name.

password—(Optional) Keyword that indicates that a password follows.

0—(Optional) Specifies a clear text password.

5—(Optional) Specifies an MD5-hashed strong encryption password.

password—The password in clear text, encrypted text, or MD5 strong encryption, depending on the numbered option (0 or 5) that you enter. If you do not enter a numbered option, the password is in clear text by default. Enter a password as an unquoted text string with a maximum of 64 characters. The ACE supports the following special characters in a password:

, . / = + - ^ @ ! % ~ # $ * ( )

Note that the ACE encrypts clear text passwords in the running-config.

For example, to create a user named user1 that uses the clear text password mysecret_801, enter the following command: 

switch/Admin(config)# username user1 password 0 mysecret_801

To remove the username from the configuration, enter the following command: 

switch/Admin(config)# no username user1

Resetting the Administrator CLI Account Password

If you forget the password for the ACE administrator account and cannot access the ACE, you can recover the admin password during the initial bootup sequence of the ACE. You must have access to the ACE through the console port to be able to reset the password for the Admin user back to the factory-default value of admin.

Note Only the Admin context is accessible through the console port.

To reset the password that allows the Admin user access to the ACE, perform the following steps:

Step 1 Connect to the console port on the ACE.

Step 2 Log in to the ACE. See the "Connecting and Logging into the ACE" section.

Step 3 Reboot the ACE. See the "Restarting the ACE" section.

Step 4 During the bootup process, output appears on the console terminal. Press ESC when the "Starting services..." message appears on the terminal (see the example below). The setup mode appears. If you miss the time window, wait for the ACE to properly complete booting, reboot the ACE, and try again to access the setup mode by pressing ESC. 

Daughter Card Found. Continuing...                                              

INIT: Entering runlevel: 3                                                      

Testing PCI path ....                                                           

This may take some time, Please wait ....                                       

PCI test loop , count 0                                                         

PCI path is ready                                                               

Starting services... <<<<< Press ESC when you see this message

Entering setup sequence...

Reset Admin password [y/n] (default: n): y

Resetting admin password to factory default... 

. 

Starting sysmgr processes.. Please wait...Done!!!

switch login:


Step 5 The setup mode prompts if you want to reset the admin password. Enter y. The "Resetting admin password to factory default" message appears. The ACE deletes the admin user password configuration from the startup-configuration and resets the password back to the factory default value of admin.

The boot process continues as normal and you are able to enter the admin password at the login prompt.

Assigning a Name to the ACE

The hostname is used for the command-line prompts and default configuration filenames. If you establish sessions to multiple devices, the hostname helps you track where you enter commands. By default, the hostname for the ACE is "switch." To specify a hostname for the ACE, use the host configuration mode command.

The syntax of this command is as follows:

hostname name

The name argument specifies a new hostname for the ACE. Enter a case-sensitive text string that contains from 1 to 32 alphanumeric characters.

For example, to change the hostname of the ACE from switch to ACE_1, enter the following command: 

switch/Admin(config)# hostname ACE_1

ACE_1/Admin(config)#

Configuring an ACE Inactivity Timeout

By default, the inactivity timeout value is 5 minutes. You can modify the length of time that can occur before the ACE automatically logs off an inactive user by using the login timeout command in configuration mode. This command specifies the length of time that a user session can be idle before the ACE terminates the console, Telnet, or SSH session.

Note The login timeout command setting overrides the terminal session-timeout setting (see the "Configuring Terminal Display Attributes" section).

The syntax for the login timeout command is as follows:

login timeout minutes

The minutes argument specifies the length of time that a user can be idle before the ACE terminates the session. Valid entries are from 0 to 60 minutes. A value of 0 instructs the ACE never to timeout. The default is 5 minutes.

For example, to specify a timeout period of 10 minutes, enter the following command: 

host1/Admin(config)# login timeout 10

To restore the default timeout value of 5 minutes, enter the following command. 

host1/Admin(config)# no login timeout

To display the configured login time value, use the show login timeout command in Exec mode. For example, enter the following command: 

host1/Admin# show login timeout

Login Timeout 10 minutes.

Configuring a Message-of-the-Day Banner

You can configure a message in configuration mode to display as the message-of-the-day banner when a user connects to the ACE. Once connected to the ACE, the message-of-the-day banner appears, followed by the login banner and Exec mode prompt.

The syntax of this command is as follows:

banner motd text

The text argument is a line of message text to be displayed as the message-of-the-day banner. The text string consists of all characters following the first space until the end of the line (carriage return or line feed).

The # character functions as the delimiting character for each line. For the banner text, spaces are allowed but tabs cannot be entered at the CLI. To instruct the ACE to display multiple lines in a message-of -the-day banner, enter a new banner motd command for each line that you wish to add.

The banner message is a maximum of 80 characters per line, up to a maximum of 3000 characters (3000 bytes) total for a message-of-the-day banner. This maximum value includes all line feeds and the last delimiting character in the message.

To add multiple lines in a message-of -the-day banner, precede each line by using the banner motd command. The ACE appends each line to the end of the existing banner. If the text is empty, the ACE adds a carriage return (CR) to the banner.

You can include tokens in the form $(token) in the message text. Tokens will be replaced with the corresponding configuration variable. For example:

$(hostname)—Displays the hostname for the ACE during run time.

$(line)—Displays the tty (teletypewriter) line or name (for example, "/dev/console", "/dev/pts/0", or "1").

To use the $(hostname) in single line banner motd input, you must include double quotes (") around the $(hostname) so that the $ is interpreted as a special character at the beginning of a variable in the single line. For example: 

switch/Admin(config)# banner motd #Welcome to "$(hostname)"...#

Do not use the double quote character (") or the percent sign character (%) as a delimiting character in a single line message string.

For multi-line input, double quotes (") are not required for the token because the input mode is different from the single line mode. When you operate in multi-line mode, the ACE interprets the double quote character (") literally. The following example shows how to span multiple lines and uses tokens to configure the banner message: 

switch/Admin(config)# banner motd #

Enter TEXT message. End with the character '#'.

================================

Welcome to Admin Context

--------------------------------

Hostname: $(hostname)

Tty Line: $(line)

=================================

#

To replace a banner or a line in a multi-line banner, use the no banner motd command before adding the new lines.

To display the configured banner message, use the show banner motd command in Exec mode as follows: 

host1/Admin# show banner motd

Configuring the Time, Date, and Time Zone

To manually configure the date, time, and time zone settings for an ACE, use the clock command.

You can automatically set the date and time of the ACE by synchronizing to a Network Time Protocol (NTP) server. For details, see the "Synchronizing the ACE with an NTP Server" section.

This section includes the following topics:

Setting the System Time and Date

Setting the Time Zone

Adjusting for Daylight Saving Time

Viewing the System Clock Settings

Setting the System Time and Date

To set the time and the date for an ACE, use the clock set command in Exec mode. When you enter this command, the ACE displays the current configured date and time.

The syntax of this command is as follows:

clock set hh:mm:ss DD MONTH YYYY

The arguments are:

hh:mm:ss—Current time to which the ACE clock is being reset. Specify two digits for the hours, minutes, and seconds.

DD MONTH YYYY—Current date to which the ACE clock is being reset. Specify one or two digits for the day, the full name of the month, and four digits for the year. The following month names are recognized: January, February, March, April, May, June, July, August, September, October, November, and December.

For example, to specify a time of 1:38:30 and a date of October 7, 2007, enter: 

host1/Admin# clock set 01:38:30 7 October 2007

Tues Oct 7 01:38:30 PST 2007

Follow these guidelines when you use NTP to automatically configure the ACE system clock:

If you wish to use the Network Time Protocol (NTP) to automatically synchronize the ACE system clock to an authoritative time server (such as a radio clock or an atomic clock), see the "Synchronizing the ACE with an NTP Server" section. In this case, the NTP time server automatically sets the ACE system clock.

If you previously configured NTP on an ACE, the ACE prevents you from using the clock set command and displays an error message. To manually set the ACE system clock, remove the NTP peer and NTP server from the configuration before setting the clock on an ACE. See the "Synchronizing the ACE with an NTP Server" section for more information.

Setting the Time Zone

To set the time zone for the ACE, use the clock timezone command in configuration mode. The ACE keeps time internally in Universal Time Coordinated (UTC) offset.

The syntax of this command is as follows:

clock timezone {zone_name{+ | -} hours minutes} | {standard timezone}

The keywords, arguments, and options are:

zone_name—Eight-character name of the time zone (for example, PDT) to be displayed when the time zone is in effect. Table 1-1 lists the common time zone acronyms used for the zone argument.

{+ | -} hours—Hours offset from UTC (plus or minus).

minutes—Minutes offset from UTC. The range is from 0 to 59 minutes.

standard timezone—Displays a list of well-known time zones that include an applicable UTC hours offset. Available choices are as follows:

ACST—Australian Central Standard Time as UTC +9.5 hours

AKST—Alaska Standard Time as UTC -9 hours

AST—Atlantic Standard Time as UTC -4 hours

BST—British Summer Time as UTC +1 hour

CEST—Central Europe Summer Time as UTC +2 hours

CET—Central Europe Time as UTC +1 hour

CST—Central Standard Time as UTC -6 hours

EEST—Eastern Europe Summer Time as UTC +3 hours

EET—Eastern Europe Time as UTC +2 hours

EST—Eastern Standard Time as UTC -5 hours

GMT—Greenwich Mean Time as UTC

HST—Hawaiian Standard Time as UTC -10 hours

IST—Irish Summer Time as UTC +1 hour

MSD—Moscow Summer Time as UTC +4 hours

MSK—Moscow Time as UTC +3 hours

MST—Mountain Standard Time as UTC -7 hours

PST—Pacific Standard Time as UTC -8 hours

WEST—Western Europe Summer Time as UTC +1 hour

WST—Western Standard Time as UTC +8 hours

Table 1-1 lists the common time zone acronyms that you can specify for the zone_name argument.

Table 1-1 Common Time Zone Acronyms 

Acronym
Time Zone Name and UTC Offset

Europe

BST

British Summer Time, as UTC +1 hour

CET

Central Europe Time, as UTC +1 hour

CEST

Central Europe Summer Time, as UTC +2 hours

EET

Eastern Europe Time, as UTC +2 hours

EEST

Eastern Europe Summer Time, as UTC +3 hours

GMT

Greenwich Mean Time, as UTC

IST

Irish Summer Time, as UTC +1 hour

MSD

Moscow Summer Time as UTC +4 hours

MSK

Moscow Time, as UTC +3 hours

WET

Western Europe Time as UTC

WEST

Western Europe Summer Time as UTC +1 hour

United States and Canada

AST

Atlantic Standard Time as UTC -4 hours

ADT

Atlantic Daylight Time as UTC -3 hours

CT

Central Time, either as CST or CDT, depending on the place and the time of year

CST

Central Standard Time as UTC -6 hours

CDT

Central Daylight Saving Time as UTC -5 hours

ET

Eastern Time, either as EST or EDT, depending on the place and the time of year

EST

Eastern Standard Time as UTC -5 hours

EDT

Eastern Daylight Saving Time as UTC -4 hours

MT

Mountain Time, either as MST or MDT, depending on the place and the time of year

MDT

Mountain Daylight Saving Time as UTC -6 hours

MST

Mountain Standard Time as UTC -7 hours

PT

Pacific Time, either as PST or PDT, depending on place and time of year

PDT

Pacific Daylight Saving Time as UTC -7 hours

PST

Pacific Standard Time as UTC -8 hours

AKST

Alaska Standard Time as UTC -9 hours

AKDT

Alaska Standard Daylight Saving Time as UTC -8 hours

HST

Hawaiian Standard Time as UTC -10 hours

Australia

CST

Central Standard Time as UTC +9.5 hours

EST

Eastern Standard/Summer Time as UTC +10 hours (+11 hours during summer time)

WST

Western Standard Time as UTC +8 hours


For example, to set the time zone to PDT and to set an UTC offset of -8 hours, enter: 

host1/Admin(config)# clock timezone PDT -8 0

To remove the clock timezone setting, use the no form of this command. For example, enter: 

host1/Admin(config)# no clock timezone

Adjusting for Daylight Saving Time

To configure the ACE to change the time automatically to summer time (daylight savings time), use the clock summer-time command in configuration mode.

The first part of the command specifies when summer time begins, and the second part of the command specifies when summer time ends. All times are relative to the local time zone; the start time is relative to the standard time and the end time is relative to the summer time. If the starting month is after the ending month, the ACE assumes that you are found in the Southern Hemisphere.

The syntax of this command is as follows:

clock summer-time {daylight_timezone_name start_week start_day start_month start_time end_week end_day end_month end_time daylight_offset | standard timezone}

The keywords, arguments, and options are:

daylight_timezone_nameEight-character name of the time zone (for example, PDT) to be displayed when summer time is in effect. See Table 1-1 for the list the common time zone acronyms used for the daylight_timezone_name argument.

start_week end_weekThe week, ranging from 1 through 5.

start_day end_dayThe day, ranging from Sunday through Saturday.

start_month end_monthThe month, ranging from January through December.

start_time end_timeTime, in military format, specified in hours and minutes.

daylight_offsetNumber of minutes to add during the summer time. Valid entries are from 1 to 1440.

standard timezone—Displays a list of well known time zones that include an applicable daylight time start and end range along with a daylight offset. Available choices are:

ADT—Atlantic Daylight Time: 2 am on the first Sunday in April to 2 am on the last Sunday in October, +60 min

AKDT—Alaska Standard Daylight Time: 2 am on the first Sunday in April to 2 am on the last Sunday in October, +60 min

CDT—Central Daylight Time: 2 am on the first Sunday in April to 2 am on the last Sunday in October, +60 min

EDT—Eastern Daylight Time: 2 am on the first Sunday in April to 2 am on the last Sunday in October, +60 min

MDT—Mountain Daylight Time: 2 am on the first Sunday in April to 2 am on the last Sunday in October, +60 min

PDT—Pacific Daylight Time: 2 am on the first Sunday in April to 2 am on the last Sunday in October, +60 min

For example, to specify that summer time begins on the first Sunday in April at 02:00 and ends on the last Sunday in October at 02:00, with a daylight offset of 60 minutes, enter: 

host1/Admin(config)# clock summer-time Pacific 1 Sun Apr 02:00 5 Sun 
Oct 02:00 60

To remove the clock summer-time setting, use the no form of this command. For example, enter: 

host1/Admin(config)# no clock summer-time

Viewing the System Clock Settings

To display the system clock of the ACE, use the show clock command in Exec mode. The syntax of this command is as follows:

show clock

For example, to view the current clock settings, enter: 

host1/Admin# show clock

Sun Oct 7 07:43:02 UTC 2007

Synchronizing the ACE with an NTP Server

The Network Time Protocol (NTP) enables you to synchronize the ACE system clock to a time server. NTP is an Internet protocol designed to synchronize the clocks of computers over a network. Typically, an NTP network receives its time from an authoritative time source, such as a radio clock or an atomic clock attached to a time server, and assures accurate local time-keeping. NTP distributes this time across the network. The NTP protocol can synchronize distributed clocks within milliseconds over long time periods.

NTP runs over User Datagram Protocol (UDP), which runs over IP. NTP is documented in RFC 1305. All NTP communication uses Coordinated Universal Time (UTC), which is the same as Greenwich Mean Time.

An NTP server must be accessible by the client ACE.

Note If you are configuring application acceleration and optimization functionality (as described in the Cisco 4700 Series Application Control Engine Appliance Application Acceleration and Optimization Configuration Guide), and you plan to use an optional Cisco AVS 3180A Management Console with multiple ACE nodes, we strongly recommend that you synchronize the system clock of each ACE node with an NTP server. AppScope performance monitoring relies on very accurate time measurement, in the millisecond range. If you instal multiple ACE appliances, you must synchronize the clocks so that different parts of a single transaction can be handled by different nodes.

This section contains the following topics:

Configuring NTP Server and Peer Associations

Viewing NTP Statistics and Information

.Clearing NTP Statistics

Configuring NTP Server and Peer Associations

An NTP association can be a peer association, which means that the ACE is willing to synchronize to the other system or to allow the other system to synchronize to the ACE. An NTP association can also be a server association, which means that only this system will synchronize to the other system, not the other way around. You can identify multiple servers; the ACE uses the most accurate server. To configure the ACE system clock to synchronize a peer (or to be synchronized by a peer) or to be synchronized by a time server, use the ntp command.

The syntax of this command is as follows:

ntp {peer ip_address1 [prefer] | server ip_address2 [prefer]}

Note Only users authenticated in the Admin context can use the ntp peer and ntp server commands.

The keywords, arguments, and options are:

peer—Configure the ACE system clock to synchronize a peer or to be synchronized by a peer. You can specify multiple associations.

ip_address1—IP address of the peer providing or being provided by the clock synchronization.

prefer—(Optional) Makes this peer the preferred peer that provides synchronization. Using the prefer keyword reduces switching back and forth between peers.

server—Configures the ACE system clock to be synchronized by a time server. You can specify multiple associations.

ip_address2—IP address of the time server that provides the clock synchronization.

prefer(Optional) Makes this server the preferred server that provides synchronization. The prefer keyword sets this NTP server as the preferred server if multiple servers have similar accuracy. NTP uses an algorithm to determine which server is the most accurate and synchronizes to that one. If servers have similar accuracy, then the prefer keyword specifies which server to use.

For example, to specify multiple NTP server IP addresses and identify a preferred server, enter: 

host1/Admin(config)# ntp server 192.168.10.10 prefer

host1/Admin(config)# ntp server 192.168.4.143

host1/Admin(config)# ntp server 192.168.5.10

For example, to form a peer association with a preferred peer, enter: 

host1/Admin(config)# ntp peer 192.168.10.0 prefer

To remove an NTP peer or server from the configuration, use the no form of this command. For example: 

host1/Admin(config)# no ntp peer 192.168.10.0

Viewing NTP Statistics and Information

You can configure the ACE to display the following NTP statistics and information:

NTP peer statistics

Input/output statistics

Counters maintained by the local NTP

Counters related to the memory code

Listing of all associated peers

The syntax of this command is as follows:

show ntp {peer-status | peers | statistics [io | local | memory | peer ip_address]

Note Only users who are authenticated in the Admin context can use the show ntp command.

The keywords, arguments, and options are:

peer-status—Displays the status for all configured NTP servers and peers.

peers—Displays a listing of all NTP peers.

statistics—Displays the NTP statistics.

io—Displays the input/output statistics.

local—Displays the counters maintained by the local NTP.

memory—Displays the statistic counters related to the memory code.

peer—Displays the per-peer statistics counter of a peer.

ip_addressDisplays the peer statistics for the specified IP address.

For example, to display the status for all NTP servers and peers, enter: 

switch/Admin# show ntp peer-status

Table 1-2 Field Descriptions for the show ntp peer-status Command 

Field
Description

Total Peers

Number of associated peers

Remote

IP addresses that correspond to the remote server and peer entries listed in the configuration file

Local

IP addresses that correspond to the local server and peer entries listed in the configuration file

St

The stratum

Poll

The poll interval (in seconds)

Reach

The status of the reachability register (see RFC-1305) in octal

Delay

The latest delay (in microseconds)

Peer IP Address

IP address of each associated peer

Serv/Peer

Indication of whether the peer functions as an NTP server or NTP peer


Table 1-2 describes the fields in the show ntp peer-status command output.

For example, to display a summary of all peers, enter: 

switch/Admin# show ntp peers

Table 1-3 describes the fields in the show ntp peers command output.

Table 1-3 Field Descriptions for the show ntp peers Command 

Field
Description

Peer IP Address

The IP address of each associated peer

Serv/Peer

Indicates whether the peer functions as an NTP server or NTP peer


For example, to display the NTP input/output statistics, enter: 

switch/Admin# show ntp statistics io

Table 1-4 describes the fields in the show ntp statistics io command output.

Table 1-4 Field Descriptions for show ntp statistics io Command 

Field
Description

Time since reset

Time since the last reset of the NTP software on the primary server

Receive buffers

Total number of UDP client-receive buffers

Free receive buffers

Current number of available client-receive buffers

Used receive buffers

Current number of unavailable client-receive buffers

Low water refills

Total number of times buffers were added, which also indicates the number of times there have been low memory resources during buffer creation

Dropped packets

Total number of NTP packets dropped by the ACE

Ignored packets

Total number of NTP packets ignored by the ACE

Received packets

Total number of NTP packets received by the ACE

Packets sent

Total number of NTP packets transmitted by the ACE

Packets not sent

Total number of NTP packets not sent by the ACE due to an error

Interrupts handled

Total number of NTP timer interrupts handled by the ACE

Received by int

Total number of pulses received that triggered an interrupt


For example, to display the counters maintained by the local NTP, enter: 

switch/Admin# show ntp statistics local

Table 1-5 describes the fields in the show ntp statistics local command output.

Table 1-5 Field Descriptions for show ntp statistics local Command 

Field
Description

System uptime

Length of time that the ACE has been running.

Time since reset

Time in hours since the ACE was last rebooted.

Old version packets

Number of packets that match the previous NTP version. The version number is in every NTP packet.

New version packets

Number of packets that match the current NTP version. The version number is in every NTP packet.

Unknown version number

Number of packets with an unknown NTP version.

Bad packet format

Number of NTP packets that were received and dropped by the ACE due to an invalid packet format.

Packets processed

Number of NTP packets received and processed by the ACE.

Bad authentication

Number of packets not verified as authentic.


For example, to display the statistic counters related to the memory code, enter: 

switch/Admin# show ntp statistics memory

Table 1-6 describes the fields in the show ntp statistics memory command output.

Table 1-6 Field Descriptions for show ntp statistics memory Command 

Field
Description

Time since reset

Time in hours since the ACE was last rebooted.

Total peer memory

Total peer memory available for the allocation of memory to peer structures.

Free peer memory

Current available peer memory.

Calls to findpeer

The number of calls to findpeer.

Note findpeer is an entry point to the allocation of memory to peer structures that looks for matching peer structures in the peer list.

New peer allocations

Number of allocations from the free list.

Peer demobilizations

Number of structures freed to the free list.

Hash table counts

The count of peers in each hash table.


For example, to display the per-peer statistics counter of a peer, enter: 

switch/Admin# show ntp statistics peer 192.168.1.2

Table 1-7 describes the fields in the show ntp statistics peer command output.

Table 1-7 Field Descriptions for show ntp statistics peer Command 

Field
Description

Remote Host

IP address of the specified peer.

Local Interface

IP address of specified local interface.

Time Last Received

Time that the last NTP response was received.

Time Until Next Send

Length of time until the next send attempt.

Reachability Change

The reachability status for the peer.

Packets Sent

Number of packets sent to the NTP peer.

Packets Received

Number of packets received from the NTP peer.

Bogus Origin

Number of packets received from the NTP peer of a suspect origin.

Duplicate

Number of duplicate packets received from the NTP peer.

Bad Dispersion

Number of packets with an invalid dispersion.

Note Dispersion measures the errors of the offset values, based on the round-trip delay and the precision of the system and the server.

Bad Reference Time

Number of packets with an invalid reference time source.

Candidate Order

Order in which the ACE may consider this server when it chooses the master.


.Clearing NTP Statistics

To clear NTP information, use the clear ntp statistics command in Exec mode. The syntax of this command is as follows:

clear ntp statistics {all-peers | io | local | memory}

The keywords are:

all-peers—Clears I/O statistics for all peers

io—Clears I/O statistics for I/O devices

local—Clears I/O statistics for local devices

memory—Clears I/O statistics for memory

For example, to clear the NTP statistics for all peers, enter: 

host1/Admin# clear ntp statistics all-peers

For example, to clear the NTP statistics for the I/O devices, enter: 

host1/Admin# clear ntp statistics io

For example, to clear the NTP statistics for the local devices, enter: 

host1/Admin# clear ntp statistics local

For example, to clear the NTP statistics for memory, enter: 

host1/Admin# clear ntp statistics memory

Configuring Terminal Settings

You can access the ACE CLI as follows:

Make a direct connection using a dedicated terminal attached to the console port on the front of the ACE.

Establish a remote connection to the ACE by using the Secure Shell (SSH) or Telnet protocols.

Note Only the Admin context is accessible through the console port; all other contexts can be reached through Telnet or SSH.

This section contains the following topics:

Configuring Terminal Display Attributes

Configuring Terminal Line Settings

For details on configuring remote access to the ACE CLI using SSH or Telnet, see Chapter 2, Enabling Remote Access to the ACE.

Configuring Terminal Display Attributes

You can specify the number of lines and the width for displaying information on a terminal during a console session. The maximum number of displayed screen lines is 511 columns. To configure the terminal display settings, use the terminal command in Exec mode. The terminal command allows you to set the width for displaying command output.

The syntax for the command is as follows:

terminal {length lines | monitor | session-timeout minutes | terminal-type text | width characters}

The keywords, arguments, and options are as follows:

length lines—Sets the number of lines displayed on the current terminal screen. This command is specific to only the console port. Telnet and SSH sessions set the length automatically. Valid entries are from 0 to 511. The default is 24 lines. A selection of 0 instructs the ACE to scroll continuously (no pausing).

monitor—Displays syslog output on the terminal for the current terminal and session. To enable the various levels of syslog messages to the terminal, use the logging monitor command (see the Cisco 4700 Series Application Control Engine Appliance System Message Guide for details).

session-timeout minutes—Specifies the inactivity timeout value in minutes to configure the automatic logout time for the current terminal session on the ACE. When inactivity exceeds the time limit configured by this command, the ACE closes the session and exits. The range is from 0 to 525600. The default is 5 minutes. You can set the terminal session-timeout value to 0 to disable this feature so that the terminal remains active until you choose to exit the ACE. The ACE does not save this change in the configuration file.

Note The login timeout command setting overrides the terminal session-timeout setting (see the "Configuring an ACE Inactivity Timeout" section).

terminal-type text—Specifies the name and type of the terminal used to access the ACE. If a Telnet or SSH session specifies an unknown terminal type, the ACE uses the VT100 terminal by default. Specify a text string from 1 to 80 alphanumeric characters.

width characters—Sets the number of characters displayed on the current terminal screen. This command is specific to only the console port. Telnet and SSH sessions set the width automatically. Valid entries are from 24 to 512. The default is 80 columns.

For example, to specify the VT200 terminal, set the number of screen lines to 35, and set the number of characters to 250, enter: 

host1/Admin# terminal terminal-type vt200

host1/Admin# terminal length 35

host1/Admin# terminal width 250

For example, to specify a terminal timeout of 600 minutes for the current session, enter: 

host1/Admin# terminal session-timeout 600

To reset a terminal setting to its default value, such as the screen line length, use the no form of the command: 

host1/Admin# terminal no width

For example, to start the current terminal monitoring session, enter: 

host1/Admin# terminal monitor

host/Admin# %ACE-7-111009: User 'admin' executed cmd: terminal monitor


 %ACE-7-111009: User 'admin' executed cmd: terminal monitor......

To stop the current terminal monitoring session, enter: 

host1/Admin# terminal no monitor

To display the console terminal settings, use the show terminal Exec mode command. For example, enter: 

host1/Admin# show terminal

TTY: /dev/pts/0 Type: "vt100"

Length: 25 lines, Width: 80 columns

Session Timeout: 60 minutes

Configuring Terminal Line Settings

This section describes how to configure the terminal line settings for accessing the ACE by a console or a virtual terminal. It includes the following procedures:

Configuring Console Line Settings

Configuring Virtual Terminal Line Settings

Configuring Console Line Settings

The console port is an asynchronous serial port on the ACE that allows you to directly access the appliance to perform an initial configuration through a standard RS-232 port with an RJ-45 connector. Any device connected to this port must be capable of asynchronous transmission. Connection requires a terminal configured as 9600 baud, 8 data bits, 1 stop bit, no parity.

Use the line console configuration mode command to configure the console interface settings. The CLI displays the console configuration mode.

To configure the line console settings from the console configuration mode, specify one or more of the following commands:

databits number—Specifies the number of data bits per character. The range is from 5 to 8. The default is 8 data bits.

parity—Sets the parity for the console connection. The supported choices are: even (even parity), none (no parity), or odd (odd parity). The default is none.

speed speed—Sets the transmit and receive speeds for the serial console. The range is between 110 and 115200 baud (110, 150, 300, 600, 1200, 2400, 4800, 9600,19200, 28800, 38400, 57600, or 115200). The default is 9600 baud.

stopbits—Sets the stop bits for the console connection. Valid values are 1 or 2 stop bits. The default is 1 stop bit.

For example, to configure the console line settings for the ACE, enter: 

host1/Admin# config 

Enter configuration commands, one per line. End with CNTL/Z

host1/Admin(config)#

host1/Admin(config)# line console

host1/Admin(config-console)# databits 6

host1/Admin(config-console)# parity even

host1/Admin(config-console)# speed 19200

host1/Admin(config-console)# stopbits 1

To disable a setting for the configured console line, use the no form of the command. For example: 

host1/Admin(config-console)# no stopbits 1

Use the show line console Exec mode command to verify the configured console settings for the ACE.

The syntax for this command is as follows:

show line console [connected]

The optional connected keyword displays the physical connection status.

For example, to display the configured console settings, enter: 

host1/Admin# show line console

line Console:

    Speed:        9600 bauds

    Databits:     8 bits per byte

    Stopbits:     1 bit(s)

    Parity:       none

Configuring Virtual Terminal Line Settings

Virtual terminal lines allow remote access to the ACE. A virtual terminal line is not associated with the console port; instead, it is a virtual port that allows you to access the ACE.

Use the line vty configuration mode command to configure the virtual terminal line settings. The CLI displays the line configuration mode. Use the session-limit command to configure the maximum number of terminal sessions per line.

The syntax for this command is as follows:

session-limit number

The number argument configures the maximum number of terminal sessions per line. The range is from 1 to 251.

For example, to configure a virtual terminal line, enter: 

host1/Admin# config 

Enter configuration commands, one per line. End with CNTL/Z

host1/Admin(config)#

host1/Admin(config)# line vty

host1/Admin(config-line)# session-limit 23

To disable a setting for the configured virtual terminal line, use the no form of the command. For example: 

host1/Admin(config-line)# no session-limit 23

Use the clear line command in Exec mode to close a specified vty session. The syntax for this command is as follows:

clear line vty_name

The vty_name argument specifies the name of the VTY session. Enter a maximum of 64 characters for the name of the virtual terminal.

For example, to close a specified vty session, enter: 

host1/Admin# clear line vty vty1

Modifying the Boot Configuration

You can control how the ACE performs its boot process. You can instruct the ACE to automatically boot the system image identified in the BOOT environment variable or you can manually identify the system boot image to use. In addition, you can choose to have the ACE load the startup-configuration file or ignore the startup-configuration file upon reboot.

This section describes how to modify the boot configuration of the ACE. It contains the following procedures:

Setting the Boot Method from the Configuration Register

Setting the BOOT Environment Variable

Configuring the ACE to Bypass the Startup Configuration File During the Boot Process

Displaying the ACE Boot Configuration

Setting the Boot Method from the Configuration Register

The configuration register can be used to modify how the ACE performs its boot process, automatically or manually.

You can modify the boot method that the ACE uses at the next startup by setting the boot field in the software configuration register. The configuration register identifies how the ACE should boot.

To specify the configuration register boot setting, use the config-register configuration command. This command affects only the configuration register bits that control the boot field and leaves the remaining bits unaltered.

The syntax for the command is as follows:

config-register value

The supported value entries are as follows:

0x0—Upon reboot, the ACE boots to the GNU GRand Unified Bootloader (GRUB). From the GRUB boot loader, you specify the system boot image to use to boot the ACE. Upon startup, the ACE loads the startup-configuration file stored in the Flash memory (nonvolatile memory) to the running-configuration file stored in RAM (volatile memory).

0x1—Upon reboot, the ACE boots the system image identified in the BOOT environment variable (see the "Setting the BOOT Environment Variable" section). The BOOT environment variable specifies a list of image files on various devices from which the ACE can boot at startup. If the ACE encounters an error or if the image is not valid, it will try the second image (if one is specified). Upon startup, the ACE loads the startup-configuration file stored in the Flash memory (nonvolatile memory) to the running-configuration file stored in RAM (volatile memory).

To set the boot field in the configuration register to automatically boot the system image identified in the BOOT environment variable upon reboot and to load the startup-configuration file stored in Flash memory, enter: 

host1/Admin(config)# config-register 0x1

To reset the config-register setting, enter: 

host1/Admin(config)# no config-register 0x1


Press Esc when the count down initiates on the GNU GRUB multiboot loader. 
The following GRUB menu appears. 


GNU GRUB  version 0.95  (639K lower / 3144640K upper memory)

 
**********************************************************************

 *  image(c4710ace-mz.3.0.0_AB0_0.453.bin)                            
*

 *  image(c4710ace-mz.3.0.0_AB0_0.488.bin)                            
*

*

 *                                                                         
*

 * 
**********************************************************************

In the GRUB menu, use the arrow keys to select from the ACE images loaded in the Flash memory. The ACE image entry is highlighted in the list.

Perform one of the following actions:

Press enter to boot the selected software version.

Type e to edit the commands before booting.

Type c to access a command line.

If no ACE images are loaded in the Flash memory, the GNU GRUB multiboot loader appears as follows: 

grub>

Setting the BOOT Environment Variable

The BOOT environment variable specifies a list of image files on various devices from which the ACE can boot at startup. You can add several images to the BOOT environment variable to provide a fail-safe boot configuration. If the first file fails to boot the ACE, subsequent images that are specified in the BOOT environment variable are tried until the ACE boots or there are no additional images to attempt to boot. If there is no valid image to boot, the ACE enters ROMMON mode where you can manually specify an image to boot.

The ACE stores and executes images in the order in which you added them to the BOOT environment variable. If you want to change the order in which images are tried at startup, you can either prepend and clear images from the BOOT environment variable to attain the desired order or you can clear the entire BOOT environment variable and then redefine the list in the desired order.

To set the BOOT environment variable, use the boot system image: command. The syntax for this command is as follows:

boot system image:image_name

The image_name argument specifies the name of the system image file. If the file does not exist (for example, if you entered the wrong filename), then the filename is appended to the bootstring, and this message displays, "Warning: File not found but still added in the bootstring." If the file does exist, but is not a valid image, the file is not added to the bootstring, and the message "Warning: file found but it is not a valid boot image" displays.

For example, to set the BOOT environment variable, enter: 

host1/Admin(config)# boot system image:c4710ace-mz.3.0.0_AB0_0.488.bin

Configuring the ACE to Bypass the Startup Configuration File During the Boot Process

From the GRUB bootloader, the ACE includes an option that allows you to instruct the ACE to bypass the startup-configuration file stored on the appliance in the Flash memory (nonvolatile memory) during the boot process. You may require the ACE to bypass the startup configuration file during bootup in the following instances:

Certain configurations cause problems that result in the ACE becoming nonresponsive. You can bypass the startup configuration file to safely boot the ACE and then resolve issues with the configuration.

You forget the password for the ACE administrator CLI account and cannot access the ACE. You can bypass the startup configuration file and log in with the default password of admin.

Note For the procedure on resetting the administrator CLI account password, see the "Resetting the Administrator CLI Account Password" section.

To instruct the ACE to bypass the startup-configuration file during the boot process from the GRUB bootloader, perform the following steps:

1. Enter the config-register command so that upon reboot the ACE boots to the GRUB bootloader. See the "Setting the Boot Method from the Configuration Register" section.

2. Reboot the ACE. See the "Restarting the ACE" section. Upon reboot, the ACE boots to the GRUB bootloader.

3. Press Esc when the countdown initiates on the GNU GRUB multiboot loader. The following GRUB menu appears. 


GNU GRUB  version 0.95  (639K lower / 3144640K upper memory)

******************************************************************

 *  image(c4710ace-mz.3.0.0_AB0_0.453.bin)                            
*

 *  image(c4710ace-mz.3.0.0_AB0_0.488.bin)                            
*

*

 *                                                                         
*

 * 
******************************************************************

4. In the GRUB menu, use the arrow keys to select from the ACE images loaded in Flash memory. The ACE image entry is highlighted in the list.

5. Type e to edit the kernel command line. From the GRUB menu, choose ignorestartupcfg=1.

6. Press Esc to return to the GRUB menu.

7. Press enter to boot the selected software version. The ACE boot screen appears as follows: 

kernel=(hd0,0)/ACE_APPLIANCE_RECOVERY_IMAGE.bin ro root=LABEL=/ 
auto console=tt 
yS0,9600n8 quiet bigphysarea=32768 ignorestartupcfg=1 
[Linux-bzImage, setup=0x1400, size=0x43ff5d2] 


IP-Config: Incomplete network configuration information. 
INIT: version 2.85 booting 


INIT: Entering runlevel: 3 
Testing PCI path .... 
This may take some time, Please wait .... 
PCI test loop , count 0 
PCI path is ready 
Starting services... 
. 

Starting sysmgr processes.. Please wait...Done!!! 


switch login: admin

Password: admin


         ---- Basic System Configuration Dialog ----

This setup utility will guide you through the basic configuration 
of

the system. Setup configures only enough connectivity to the

ACE appliance Device Manager GUI of the system.

*Note: setup is mainly used for configuring the system initially,

when no configuration is present. So setup always assumes system

defaults and not the current system configuration values.

Press Enter at anytime to skip a dialog. Use ctrl-c at anytime

to skip the remaining dialogs.

Would you like to enter the basic configuration dialog (yes/no):no

Cisco Application Control Software (ACSW)

TAC support: http://www.cisco.com/tac

Copyright (c) 1985-2007 by Cisco Systems, Inc. All rights 
reserved.

The copyrights to certain works contained herein are owned by

other third parties and are used and distributed under license.

Some parts of this software are covered under the GNU Public

License. A copy of the license is available at

http://www.gnu.org/licenses/gpl.html.

Note When you boot the ACE for the first time and the appliance does not detect a startup-configuration file, a setup script appears to enable connectivity to the ACE Device Manager GUI. The start-up script is not intended for use with the CLI. Choose no to skip the use of the setup script and proceed directly to the CLI. See the "Using the Setup Script to Enable Connectivity to the Device Manager" section for details.


You may now configure the ACE to define basic configuration settings for the appliance.

Displaying the ACE Boot Configuration

To display the current BOOT environment variable and configuration register setting, use the show bootvar command in Exec mode.

For example, to display the BOOT environment variable settings, enter: 

host1/Admin# show bootvar

BOOT variable = 
"image:/c4710ace-mz.3.0.0_AB0_0.488.bin;image:/c4710ace-mz.3.0.0

_AB0_0.453.bin"

Configuration register is 0x1

Restarting the ACE

To reboot the ACE directly from its CLI and reload the configuration, use the reload command in Exec mode. The reload command reboots the ACE and performs a full power cycle of both the hardware and software. The reset process can take several minutes. Any open connections with the ACE are dropped after you enter the reload command.

Caution Configuration changes that are not written to the Flash partition are lost after a reload. Before rebooting, enter the copy running-conf startup-config command in Exec mode to store the current configuration in Flash memory. If you fail to save your configuration changes, the ACE reverts to its previous settings upon restart.

When you specify reload, the ACE prompts you for confirmation and performs a cold restart of the ACE: 

host1/Admin# reload

This command will reboot the system

Save configurations for all the contexts. Save? [yes/no]: yes

Generating configuration....

running config of context Admin saved

Perform system reload. [yes/no]: [yes] yes

Shutting Down the ACE

To remove power from the ACE, press the power button found on the front panel.

Caution Configuration changes that are not written to the Flash partition are lost after a shutdown. Before you shut down the ACE, enter the copy running-conf startup-config command in Exec mode to store the current configuration in Flash memory. If you fail to save your configuration changes, the ACE reverts to its previous settings upon restart.