-
CSS Command Reference (Software Version 5.00)
-
About This Guide
-
Using the Command Line Interface
-
General Commands
-
Global Configuration Mode Commands
-
ACL Configuration Mode Commands
-
Boot Configuration Mode Commands
-
Circuit and IP Configuration Mode Commands
-
DQL Configuration Mode Commands
-
EQL Configuration Guide
-
Group Configuration Mode Commands
-
Header-Field Group Configuration Mode Commands
-
Interface and VLAN Configuration Mode Commands
-
Keepalive Configuration Mode Commands
-
NQL Configuration Mode Commands
-
Owner and Content Configuration Mode Commands
-
RMON Alarm, Event, and History Configuration Mode Commands
-
Service Configuration Mode Commands
-
URQL Configuration Mode Commands
-
Table Of Contents
Global Configuration Mode Commands
dns-boomerang client cpu-threshold
(config) dns-server accelerate domains
(config) dns-server bufferCount
(config) dns-server domain-cache
(config) domain hotlist interval
(config) domain hotlist threshold
proximity probe rtt metric-weighting
(config) virtual authentication
Global Configuration Mode Commands
Global configuration mode allows a SuperUser to:
•
Configure global CSS parameters.
•
To access global configuration mode, use the configure command in SuperUser mode.
This section describes the commands in global configuration mode. For more information on commands for the subordinate configuration modes available on the CSS, refer to their sections later in this chapter.
For a list of general commands you can use in global configuration mode, refer to "General Commands".
(config) acl
To access ACL configuration mode and configure an Access Control List (ACL) on the CSS, and enable or disable all ACLs on the CSS, use the acl command. Use the no form of this command to delete an ACL.
acl [index|enable|disable]
no acl indexSyntax Description
index
The number you want to use to create a new ACL or the number for an existing ACL to access ACL mode. Enter a number from 1 to 99.
When you access this mode, the prompt changes to (config-acl [index]). For information about commands available in this mode, refer to "ACL Configuration Mode Commands".
disable
Disables all ACLs on the CSS.
enable
Enables all ACLs on the CSS.
Usage Guidelines
To enable global logging for ACLs, you must enter the (config) logging subsystem acl level debug-7 command.
Caution
Related Commands
show acl
(config-acl) apply
(config-acl) clause
(config-acl) remove(config) app
To enable all Application Peering Protocol (APP) sessions, use the app command. An APP session is the exchange of content information between a group of configured CSSs. APP provides a guaranteed and private communications channel for this exchange. Use the no form of this command to disable all APP sessions.
app
no appRelated Commands
(config) dns-server
(config-owner) dns
(config-owner-content) add dns(config) app framesz
To set the maximum frame size allowed on an APP channel between CSSs, use the app framesz command. Use the no form of this command to restore the default frame size to 10240.
app framesz size
no app frameszSyntax Description
(config) app port
To set the TCP port number, use the app port command. This port listens for APP connections. Use the no form of this command to restore the default port number to 5001.
app port port_number
no app portSyntax Description
(config) app session
To create an APP session between the CSS and its peer CSS, use the app session command. These CSSs are a content domain that share the same content rules, load, and DNS information with each other. Use the no form of this command to terminate an APP session.
app session ip_address {ka_freq {[authChallenge|authNone] secret
{[encryptMd5hash|encryptNone] {[rcmdEnable|rcmdDisable]}}}}
no app session ip_addressSyntax Description
ip_address
The IP address for the peer CSS. Enter the address in dotted-decimal notation (for example, 192.168.11.1).
ka_freq
The optional time in seconds between sending keepalive messages to the peer CSS. Enter an integer from 14 to 900 (15 minutes). The default is 14.
authChallenge|
authNoneThe optional authentication method for the session. Enter either authChallenge for Challenge Handshake Authentication Protocol (CHAP) method or authNone for no authentication method. The default is no authentication.
secret
The secret sent with each packet identifier. Enter an unquoted text string with a maximum of 32 characters. If you entered authNone for the authentication method, enter any character as the secret.
encryptMd5hash|
encryptNoneThe optional encryption method for the packets. Enter either encryptMd5hash for MD5 base hashing method or encryptNone for no encryption method. The default is no encryption.
rcmdEnable|
rcmdDisableThe optional setting for sending remote CLI commands to the peer through the rcmd command. Enter either rcmdEnable to send CLI commands or rcmdDisable to not send CLI commands. The default setting is enabled.
Related Commands
show app
show dns-peer
show dns-server(config) app-udp
To enable Application Peering Protocol-User Datagram Protocol (APP-UDP) datagram messaging, use the app-udp command. Messaging is enabled by default. An APP datagram allows an exchange of information between applications resident on the CSS. Use the no form of this command to disable APP-UDP messaging.
app-udp
no app-udpUsage Guidelines
The app-udp command is available on a Proximity Database and a DNS CSS.
Related Commands
(config) app-udp options
To configure encryption with an IP address, use the app-udp options command. Use the no form of this command to delete the options from an IP address.
app-udp options ip_address encrypt-md5hash secret
no app-udp options ip_addressSyntax Description
Usage Guidelines
The CSS applies encryption to packets sent to this destination address or when the CSS receives datagrams with a matching source IP address. You can set the IP address to 0.0.0.0 to apply encryption to all incoming and outbound datagrams that are not more specifically configured. The use of the 0.0.0.0 IP address allows you to set a global security configuration that may be applied to an arbitrary number of peers.
Examples
The following example shows the application of a specific option set to 10.6.3.21 and a global option set to all other IP addresses. The CSS encrypts datagrams received from 10.6.3.21 and transmitted to 10.6.3.21 with secret mySecret. The CSS subjects all other datagrams, received or transmitted, to the default encryption secret anotherSecret.
(config) # app-udp options 10.6.3.21 encrypt-md5hash mySecret(config) # app-udp options 0.0.0.0 encrypt-md5hash anotherSecretRelated Commands
(config) app-udp port
To set the UDP port number, use the app-udp port command. This port listens for APP datagrams. Use the no form of this command to restore the UDP port number to its default value of 5002.
app-udp port port_number
no app-udp portSyntax Description
(config) app-udp secure
To require the encryption of all inbound APP datagrams, use the app-udp secure command. This prevents unauthorized messages from entering the CSS. Use the no form of this command to restore the default behavior of allowing the CSS to accept all APP datagrams.
app-udp secure
no app-udp secureUsage Guidelines
Use the app-udp secure command in conjunction with the (config) app-udp options command to specify the secure messages that are accepted. If you use this command without the (config) app-udp options command, the CSS drops all incoming data.
Examples
The following commands only allow incoming traffic from 10.6.3.21 encrypted with the secret "mySecret."
(config) # app-udp secure(config) # app-udp options 10.6.3.21 encrypt-md5hash mySecretRelated Commands
(config) arp
To define a static ARP mapping IP address to Media Access Control (MAC) address translations necessary for the CSS to send data to network nodes, use the arp command. Use the no form of this command to delete a static mapping address.
arp ip_or_host mac_address interface {vlan}
no arp ip_or_hostSyntax Description
Usage Guidelines
To show static ARP mapping when you use the show arp command, the IP route must exist in the routing table. To view all static ARP entries, use the show running-config command.
The CSS discards ARP requests from hosts that are not on the same network as the CSS circuit IP address. Thus, if a CSS and a host are within the same VLAN but configured for different IP networks, the CSS does not respond to ARP requests from the host.
Related Commands
clear
show arp
show running-config
update arp(config) arp timeout
To set the time in seconds to hold an ARP resolution result in the ARP cache, use the arp timeout command. Use the no form of this command to restore the default timeout value of 14400 seconds.
arp timeout timeout_time
no arp timeoutSyntax Description
Usage Guidelines
When you change the timeout value, it only affects new ARP entries. All previous ARP entries retain the old timeout value. To remove all entries with the old timeout value, enter the clear arp cache command.
Related Commands
clear arp cache
show arp config(config) arp wait
To set the time in seconds to wait for an ARP resolution before discarding the packet waiting to be forwarded to the address, use the arp wait command. Use the no form of this command to restore the default wait time of 5 seconds.
arp wait wait_time
no arp waitSyntax Description
wait_time
The number of seconds to wait for an ARP resolution. Enter an integer from 5 to 30. The default is 5 seconds.
Related Commands
show arp config
(config) boot
To access boot configuration mode, use the boot command. Boot configuration mode contains all commands necessary to manage booting the CSS and to maintain the software revision.
boot
Usage Guidelines
When you use the boot command to access boot mode, the prompt changes to (config-boot). For information about commands available in this mode, refer to "Boot Configuration Mode Commands".
(config) bridge
To configure the bridge parameters that apply to the CSS, use the bridge command. The options for this global configuration mode command are:
•
•
•
•
•
•
For more information on these options and associated variables, refer to the following commands.
Note
Related Commands
show bridge
(config) interface
(config-if) bridgebridge aging-time
To set the bridge filtering database aging time, use the bridge aging-time command. Use the no form of this command to restore the default aging time of 300.
bridge aging-time timeout
no bridge aging-timeSyntax Description
timeout
The timeout period in seconds for aging out dynamically learned forwarding information. Enter an integer from 10 to 1000000. The default is 300.
Command Modes
Global configuration mode
Related Commands
show bridge status
bridge forward-time
To set the bridge forward delay time, use the bridge forward-time command. Use the no form of this command to restore the default delay time of 4.
bridge forward-time delay
no bridge forward-timeSyntax Description
delay
The delay time in seconds that all bridges use for forward delay when this bridge is acting as the root. Enter an integer from 4 to 30. The default is 4.
Note
Command Modes
Global configuration mode
Related Commands
show bridge status
(config) bridge max-agebridge hello-time
To set the bridge hello time interval, use the bridge hello-time command. Use the no form of this command to restore the default hello time interval of 1.
bridge hello-time hello
no bridge hello-timeSyntax Description
hello
The hello time in seconds that all bridges use when this bridge is acting as the root. Enter an integer from 1 to 10. The default is 1.
Command Modes
Global configuration mode
Usage Guidelines
Make sure that bridge maximum age is greater than or equal to 2 x (bridge hello-time + 1 second) and less than or equal to 2 x (bridge forward-time - 1 second).
Related Commands
show bridge status
(config) bridge max-agebridge max-age
To set the bridge spanning-tree maximum age, use the bridge max-age command. Use the no form of this command to restore the default maximum age of 6.
bridge max-age age
no bridge max-ageSyntax Description
age
The maximum age in seconds that all bridges use when this bridge is acting as the root. Enter an integer from 6 to 40. The default is 6.
Note
Command Modes
Global configuration mode
Related Commands
show bridge status
(config) bridge forward-time
(config) bridge hello-timebridge priority
To set the priority used by the spanning-tree protocol to choose the root bridge on the network, use the bridge priority command. This command can override the root bridge selection in your network. Use the no form of this command to restore the default priority of 32768.
bridge priority priority
no bridge prioritySyntax Description
Command Modes
Global configuration mode
Related Commands
show bridge status
bridge spanning-tree
To enable or disable the spanning-tree, use the bridge spanning-tree command.
bridge spanning-tree [disable|enable]
Syntax Description
disable
Disables the spanning-tree.
Note
enabled
Enables the spanning-tree. This is the default state.
Command Modes
Global configuration mode
Related Commands
show bridge status
(config) bypass persistence
To determine if the CSS performs either a service remapping or HTTP redirection operation to reset a bypassed service when a content request matches on a content rule, but a previous request caused the bypass, use the bypass persistence command. By default, bypass persistence is enabled.
bypass persistence [disable|enable]
Syntax Description
Usage Guidelines
The bypass persistence command affects all flows.
Related Commands
show remap
(config) persistence reset
(config-owner-content) persistent(config) circuit
To access circuit configuration mode and configure a circuit on the CSS, use the circuit command. A circuit on the CSS is a logical entity that maps IP interfaces to a logical port or group of logical ports.
circuit circuit_name
Syntax Description
circuit_name
The name of the circuit you want to configure. To see a list of available circuits, enter:
circuit ?
Usage Guidelines
When you use the circuit command to access circuit mode, the prompt changes to (config-circuit [circuit_name]). For information about commands available in this mode, refer to "Circuit Configuration Mode Commands".
Related Commands
(config) cmd-sched
To enable command scheduling, use the cmd-sched command. Use the no form of this command to disable command scheduling.
cmd-sched
no cmd-sched(config) cmd-sched record
To create a configuration record for the scheduled execution of any CLI commands, including the playing of scripts, use the cmd-sched record command. Use the no form of this command to delete a configuration record.
Note
cmd-sched record name minute hour day month weekday "command..." {logfile_name}
no cmd-sched recordSyntax Description
Usage Guidelines
The commands that the cmd-sched record command executes are referred to as the command string. To schedule commands, you must create a configuration record including when to execute the commands, and the command string.
For example, you can use this command to schedule periodic content replication, the gathering of statistics, and scheduled configuration changes. At the specified time, the command scheduler executes a command string by creating a pseudo login shell where each string is executed. A cmd-sched record is only scheduled for execution upon completion of its shell. Use the show lines command to display information about active pseudo shells.
Related Commands
disconnect
show cmd-sched
show lines(config) console
To enable console port authentication of locally-defined usernames and passwords logging into the CSS, use the console command. Use the no form of this command to disable authentication on the console port allowing users to access the CSS without a username and password.
console authentication {local-radius|radius|radius-local}
no console authenticationSyntax Description
Usage Guidelines
Before you can enable communication between the CSS and a RADIUS server configured with the (config) radius-server command, you must enable a RADIUS virtual or console authentication method.
Related Commands
show user-database
(config) restrict console
(config) radius-server
(config) virtual authentication(config) dns
To enter commands that control the Domain Name Service (DNS) client, the facility that translates host names such as myhost.mydomain.com to IP (Internet Protocol) addresses such as 192.168.11.1, use the dns command. The options for this global configuration mode command are:
•
•
•
For information on these options and associated variables, refer to the following commands.
Related Commands
show running-config global
(config) dns-serverdns primary
To specify the primary DNS server to use for DNS queries and resolution, use the dns primary command. Use the no form of this command to remove the primary DNS server.
dns primary ip_or_host
no dns primarySyntax Description
ip_or_host
The default DNS address to use for DNS queries. Enter the IP address in dotted-decimal notation (for example, 192.168.11.1) or the mnemonic host name (for example, myhost.mydomain.com).
Command Modes
Global configuration mode
dns secondary
To specify the secondary DNS server, use the dns secondary command. When the primary server fails, the CSS uses the secondary server for DNS name resolution. Use the no form of this command to remove a secondary DNS server on a client.
dns secondary ip_or_host
no dns secondary ip_or_hostSyntax Description
ip_or_host
The address for the secondary DNS server. Enter the IP address in dotted-decimal notation (for example, 192.168.11.1) or the mnemonic host name (for example, myhost.mydomain.com).
Command Modes
Global configuration mode
Usage Guidelines
You can specify up to two secondary servers. To specify each additional server, repeat the dns secondary command. The order in which you enter them is the order in which they are used if the primary DNS server fails.
dns suffix
To specify the default suffix to use when querying the DNS server to resolve a DNS name, use the dns suffix command. Use the no form of this command to remove the default suffix.
dns suffix suffix
no dns suffixSyntax Description
suffix
The default suffix. Enter an unquoted text string with no spaces and a maximum length of 64 characters (for example, webhoster.com).
Command Modes
Global configuration mode
(config) dns-boomerang client
To configure and enable the Content Routing Agent (CRA) functionality on the CSS, use the dns-boomerang client command. The CSS functioning as a CRA improves HTTP response time for a client request. A Cisco Content Router 4430B configured as a Content Routing server redirects a client to the closest (best) replicated-content site represented by a CRA, based on network delay.
The options for this global configuration mode command are:
•
•
•
For information on these options and associated variables, refer to the following commands.
Related Commands
dns-boomerang client cpu-threshold
To set the CPU load threshold for a CSS CRA, use the dns-boomerang client cpu-threshold command. If the CSS CPU load exceeds the configured threshold value, then the CSS drops incoming DNS requests from the Content Router. Use the no form of this command to reset the CSS CPU threshold to the default value of 99.
dns-boomerang client cpu-threshold number
no dns-boomerang client cpu-thresholdSyntax Description
Command Modes
Global configuration mode
Usage Guidelines
The load threshold value is the percentage of CPU utilization shown in the show system-resources command.
Related Commands
show system-resources
(config) dns-boomerang client domaindns-boomerang client domain
To create a client domain record in the CSS CRA or an alias for the record, use the dns-boomerang client domain command. The record maps to each of the domains you associated with the agent when you configured domains on the Content Router. Use the no form of this command to remove a client domain or the alias for the domain.
dns-boomerang client domain dns_name [alias alias_name|ip_or_host
{"uri"} {key ["secret"|des-encrypted encrypted_key|"encrypt_key"]}
{dns-ttl number1} {ip-ttl number2} {threshold number3}
no dns-boomerang client domain dns_name {alias alias_name}Syntax Description
dns_name
The domain name mapped to the client record. Enter the name as a case-sensitive, unquoted text string with no spaces and a maximum length of 72 characters. For example, www.sample.com.
alias
Creates an alias for an existing client domain. The alias behaves exactly the same as the configured domain.
alias_name
The alias name for the associated DNS name. Enter the name as a case-sensitive unquoted text string with no spaces and a maximum length of 72 characters.
ip_or_host
The IP address or host name of the content server or web cache bound to the domain name on the CSS. This address can be a local VIP. Enter the address in dotted-decimal notation (for example, 192.168.11.1) or a mnemonic host name (for example, myhost.mydomain.com).
"uri"
Optionally defines the URI that the CSS uses for the keepalive probe to the Content Router for a domain. Enter a quoted text string with a maximum of 255 characters. If you do not prepend the URI with a slash (/) character, the CSS prepends it.
key
Optionally defines the clear-text secret or DES encryption key on the Content Router.
"secret"
The clear-text secret for encrypting packets sent between a Content Router and the CSS client.The secret is the same as the secret on the CR. Enter the secret as a case-sensitive quoted text string with a maximum of 64 characters.
des-encrypted
Optionally defines a Data Encryption Standard (DES) encryption key.
encrypted_key
The DES encryption key that the CSS had previously encrypted. The CSS does not reencrypt this key and saves it in the running-config as you entered it. Enter an unquoted case-sensitive text string with no spaces and a maximum of 64 characters.
"encrypt_key"
The DES encryption key that you want the CSS to encrypt. The CSS saves the encrypted key in the running-config as you entered it. Enter a quoted case-sensitive text string with no spaces and a maximum of 16 characters.
dns-ttl number1
Optionally defines the DNS time-to-live value returned with the DNS responses of the CSS client. This option determines the length of time that a domain name server caches the returned information for reuse. Enter an integer from 10 to 2147483647 seconds. The default value is from the Content Router.
ip-ttl number2
Optionally defines the IP routing time-to-live value in hops that is set in the IP packets for returned CSS client DNS responses. This option determines how many router hops a response packet traverses enroute to the client's local name server, D-Proxy, before it is discarded. This helps to eliminate the CSS client from longer races. Enter an integer from 1 to 255. The default value is from the Content Router.
threshold number3
Optionally defines the load threshold for testing the keepalive state of a local VIP. If the load on the associated rule is greater than the threshold, then the CSS drops Content Router requests until the load goes below the threshold. Enter an integer from 2 to 254. The default value is 254.
Note
Command Modes
Global configuration mode
Usage Guidelines
If the matching domain record keepalive messaging succeeds, the CSS uses this record for DNS resolutions and will respond to the D-Proxy on behalf of the Content Router.
dns-boomerang client enable
To enable the Content Routing Agent (CRA) functionality on a CSS, use the dns-boomerang client enable command. Use the no form of this command to disable the CRA functionality.
dns-boomerang client enable
no dns-boomerang client enableCommand Modes
Global configuration mode
Usage Guidelines
Before you enable the CRA functionality on a CSS, configure a Cisco Content Router 4430B as a Content Routing server and CRAs on the server. For information on configuring the server, refer to the Cisco Content Router 4430B User Guide.
(config) dns-peer
To control the DNS peer functionality on the CSS. You can configure the CSS as a DNS peer to exchange DNS information over an APP connection to other CSSs, use the dns-peer command. The options for this global configuration mode command are:
•
•
•
For information on these options and associated variables, refer to the following commands.
Related Commands
show dns-peer
(config) app
(config) dns
(config-owner) dns
(config-owner-content) add dnsdns-peer interval
To set the time between sending load reports to CSS DNS peers over an APP connection, use the dns-peer interval command. Use the no form of this command to reset the interval to its default value of 5.
dns-peer interval number
no dns-peer intervalSyntax Description
number
The time in seconds between generating load reports. Enter an integer from 5 to 120. The default is 5.
Command Modes
Global configuration mode
dns-peer receive-slots
To set the maximum number of DNS names that the CSS can receive from each CSS DNS peer over an APP connection, use the dns-peer receive-slots command. Use the no form of this command to reset the maximum number of DNS names received from a peer to its default value of 128.
dns-peer receive-slots number
no dns-peer receive-slotsSyntax Description
number
The maximum number of DNS names that can be received from a peer. Enter an integer from 128 to 1024. The default is 128.
Command Modes
Global configuration mode
dns-peer send-slots
To set the maximum DNS names that the CSS can send to each CSS DNS peer, use the dns-peer send-slots command. Use the no form of this command to reset the maximum number of DNS names sent to a peer to its default value of 128.
dns-peer send-slots number
no dns-peer send-slotsSyntax Description
number
The maximum number of DNS names sent to a peer. Enter an integer from 128 to 1024. The default is 128.
Command Modes
Global configuration mode
(config) dns-record
To create a domain record, use the dns-record command and its options. This command is not available on a Proximity Database CSS. The command options are:
•
•
•
•
For information on these options and associated variables, refer to the following commands.
Related Commands
show dns-record
(config) dns-server {zone}dns-record a
To create a domain record on the CSS Zone Domain Name Server that maps the DNS name to an IP address, use the dns-record a command. If a domain can be directly translated to an IP address, configure it as an a-record. Use the no form of this command to delete a domain address record.
dns-record a dns_name ip_address {ttl_value {single|multiple {kal-ap|kal-icmp|kal-none {ip_address2 {threshold}}}}}
no dns-record a dns_nameSyntax Description
Command Modes
Global configuration mode
Usage Guidelines
This command is available on a CSS PDNS.
Related Commands
dns-record accel
To create a DNS acceleration record for the domains you want to accelerate on the CSS, use the dns-record accel command. Use the no form of this command to delete a DNS acceleration record.
dns-record accel dns_name ip_address {ageout}
no dns-record accel dns_nameSyntax Description
Usage Guidelines
The DNS acceleration record indicates a DNS name that is eligible for content acceleration. The record maps the name to a content rule through an IP address. To enable the acceleration of domains, use the (config) dns-server accelerate domains command. The dns-record accel command is not available on a Proximity Database CSS.
Configure non-accelerated domains as either A-records or NS-records.
Note
Related Commands
show dns-record accel
(config) dns-server accelerate domainsdns-record ns
To create a domain record on the CSS Zone Domain Name Server that maps the DNS name to a Name Server IP address, use the dns-record ns command. If a domain cannot be directly translated to an IP address, configure it as an ns-record. Use the no form of this command to delete a DNS record.
dns-record ns dns_name ip_address {ttl_value {single|multiple {kal-ap|kal-icmp|kal-none {ip_address2 {threshold {default|forwarder}}}}}}
no dns-record ns dns_nameSyntax Description
Command Modes
Global configuration mode
Usage Guidelines
This command is available on a CSS PDNS.
Related Commands
show dns-record
(config) dns-server forwarderdns-record zero
To reset the statistics displayed by the show dns-record command to zero, use the dns-record zero command.
dns-record zero [a/ns {domain_name}|accel {domain_name}]
Syntax Description
a/ns
Resets the statistics for the domain records displayed by the show dns-record statistics command and the show dns-record proximity command.
domain_name
Resets the statistics for the specified domain name mapped to the DNS record. To view a list of domain names, enter:
dns-record zero [a/ns|accel] ?accel
Resets the counters for the acceleration records displayed by the show dns-record accel command.
Usage Guidelines
The dns-record zero command is not available on a Proximity Database CSS.
Related Commands
show dns-record
(config) dns-record(config) dns-server
To enable the DNS server function on the CSS, use the dns-server command. The CSS acts as the authoritative name server for the content domain. Use the no form of this command to disable DNS server functionality on the CSS.
dns-server
no dns-serverRelated Commands
show dns-server
show zone
(config) app
(config) dns
(config-owner) dns
(config-owner-content) add dns(config) dns-server accelerate domains
To enable the domain acceleration and configure the Client Side Accelerator (CSA) on the CSS, use the dns-server accelerate domains command. Use the no form of this command to disable domain acceleration.
dns-server accelerate domains {threshold interval max_number [single-location|multi-location]}
no dns-server accelerate domainsSyntax Description
Usage Guidelines
Use dns-server accelerate command to enable the acceleration of domains configured through the dns-record accel command.
Related Commands
show dns-server accelerate domains
(config) dns-record accel(config) dns-server bufferCount
To change the DNS response buffer count on the CSS, use the dns-server bufferCount command. Use the no form of this command to set the DNS response buffer count to its default value of 50.
dns-server bufferCount number
no dns-server bufferCountSyntax Description
number
The number of buffers allocated for query responses. Enter an integer from 2 to 1000. The default is 50.
Usage Guidelines
Only use the dns-server bufferCount command to tune the CSS if the CSS experiences buffer depletion during normal use. If the name server buffers (NS Buffers) drops below two, increase the buffer count and the responder task with the (config) dns-server respTasks command. To view the buffers, use the show dns-server command.
Related Commands
(config) dns-server domain-cache
To enable domain caching to track DNS request counts and configure the parameters for the domain cache on the CSA, use the dns-server domain-cache command. Use the no form of this command to disable domain caching.
dns-server domain-cache {cache_size ageout|purge {dns_name}
|zero {dns_name}}
no dns-server domain-cacheSyntax Description
cache_size
The number of domains that the CSA can cache. Enter a number from 1 to 4096. The default is 1024.
ageout
The maximum number of seconds that the domain entry remains in cache. Enter a number from 0 to 60. The default is 10 seconds. If you enter 0, the domain entries remain in cache unless they are removed with the purge option.
purge
Removes all entries or the specified entries in the domain cache.
dns_name
The DNS entry in the domain cache. To see a list of entries, enter:
dns-server domain-cache [purge|zero] ?zero
Resets all counters for all entries or the specified entry in the domain cache displayed through the show dns-server domain-cache command.
Usage Guidelines
Use the dns-server domain-cache command to create the domain cache and enable it. The domain cache records all domains including accelerated domains.
Note
The operation of the domain cache can impact the DNS request/response rate performance. Use the domain cache only when you need to identify potential acceleration candidates.Related Commands
show dns-server domain-cache
(config) dns-server forwarder
To configure a DNS server forwarder on a CSS, use the dns-server forwarder command. The forwarder is an alternative server for resolving DNS requests. In the case of proximity, the forwarder is a CSS in the same zone as the PDB. When the CSS is acting as a CSA, the forwarder is a fully-functional Berkeley Internet Name Domain (BIND) DNS server, not a CSS. Use the no form of this command to delete the DNS forwarder.
dns-server forwarder [primary ip_address|secondary ip_address|zero]
no dns-server forwarder primary|secondarySyntax Description
primary
Specifies the first choice forwarder.
The CSS sends unresolvable requests to the primary forwarder unless it is unavailable, in which case, it uses the secondary forwarder. When the primary forwarder is available again, the CSS resumes sending requests to the primary forwarder.
secondary
The second choice as the forwarder.
ip_address
The IP address for the DNS forwarder. Enter the address in dotted-decimal notation (for example, 192.168.11.1).
zero
Resets the statistics of both forwarders on a CSS displayed through the show dns-server forwarder command.
Usage Guidelines
The CSS uses the primary forwarder first. If it is unavailable, the CSS uses the secondary forwarder.
The forwarder receives DNS requests that the CSS cannot resolve, or contains an unsupported request or record type. The forwarder sends DNS responses to the client transparently through the CSS. To monitor forwarder health, an internal keepalive mechanism sends queries periodically to validate the state of the forwarder.
Related Commands
show dns-server forwarder
(config) dns-record ns(config) dns-server respTasks
To change the DNS server responder task count, use the dns-server respTasks command. These tasks handle responses to incoming DNS query requests. Use the no form of this command to set the DNS responder task count to its default value of 2.
dns-server respTasks number
no dns-server respTasksSyntax Description
Usage Guidelines
If you increase the responder task count, also increase the buffer count with the (config) dns-server bufferCount command.
(config) dns-server zero
To set the DNS server request and response statistics displayed by the show dns-server command to zero, use the dns-server zero command.
dns-server zero
Usage Guidelines
The dns-server zero command is not available on a Proximity Database CSS.
Related Commands
show dns-server
(config) dns-server(config) dns-server zone
To enable the CSS Zone Domain Name Server (DNS) on the CSS, use the dns-server zone command. This service allows the CSS to respond to DNS requests based upon proximity and shared zone domain availability. Use the no form of this command to disable the CSS Proximity Domain Name Server.
dns-server zone zoneIndex {tier1|tier2 {"description" {roundrobin|preferlocal|ip_address {roundrobin|preferlocal}}}}
no dns-server zoneSyntax Description
Usage Guidelines
The dns-server zone command is available in the CSS Enhanced feature set.
(config) dnsflow
To either setup UDP traffic to DNS server port 53 as a CSS flow or forward the traffic, use the dnsflow command.
dnsflow [disable|enable]
Syntax Description
Command Modes
Global configuration mode
(config) domain hotlist
To enable the domain hotlist, use the domain hotlist command. The domain hotlist is disabled by default. A domain hotlist lists the most accessed domains on the CSS during a user-defined period of time. Use the no form of this command to disable the domain hotlist.
domain hotlist
no domain hotlistRelated Commands
show domain hotlist
(config) domain hotlist interval
To configure the interval, in minutes, to refresh the domain hotlist and start a new list, use the domain hotlist interval command. Use the no form of this command to reset the interval to its default setting of 1 minute.
domain hotlist interval minutes
no domain hotlist intervalSyntax Description
Related Commands
show domain hotlist
(config) domain hotlist size
To configure the maximum number of domain entries contained in the hotlist, use the domain hotlist size command. Use the no form of this command to reset the maximum size to its default setting of 10 entries.
domain hotlist size max_entries
no domain hotlist sizeSyntax Description
max_entries
The maximum number of domain hotlist entries. Enter an integer from 1 to 100. The default is 10.
Related Commands
show domain hotlist
(config) domain hotlist threshold
To configure the threshold, the number of domain hits per interval, which must be exceeded for a domain to be considered hot and added to the list, use the domain hotlist threshold command. Use the no form of this command to reset the threshold to its default setting of 0.
domain hotlist threshold number
no domain hotlist thresholdSyntax Description
number
The threshold number. Enter a number from 0 to 65535. The default is 0 which indicates that the threshold is disabled.
Related Commands
show domain hotlist
(config) dql
To access and configure a Domain Qualifier List (DQL), use the dql command. A DQL is a collection of domain names that you can assign to a content rule, instead of creating a rule for each domain.
Use the no form of this command to remove an existing DQL.
dql dql_name
no dql existing_dql_nameSyntax Description
Usage Guidelines
When you use the dql command to access DQL mode, the prompt changes to (config-dql [name]). You can also use this command from DQL mode to access another DQL. For information about commands available in this mode, refer to "DQL Configuration Mode Commands".
Related Commands
show dql
(config-owner-content) url(config) dump
To enable or disable core dumps when the CSS experiences a fatal error, use the dump command. Core dumps are enabled by default.
Note
dump [disable|enable]
Syntax Description
Usage Guidelines
For a flash disk-based system, if the core dump file is older than 15 minutes, it may be overwritten. If you want to save the core dump file for later examination, archive it to another directory or disk before it is overwritten. To archive a log file, refer to the archive log command
Related Commands
(config) eql
To access EQL configuration mode and configure an Extension Qualifier List (EQL), use the eql command. This list is a collection of file extensions for content requests joined together through content rules. The CSS uses this list to identify which requests to send to a service.
Use the no form of this command to delete an existing extension list.
eql eql_name
no eql existing_eql_nameSyntax Description
Usage Guidelines
When you use the eql command to access eql mode, the prompt changes to (config-eql [name]). For information about commands available in this mode, refer to "EQL Configuration Mode Commands".
Related Commands
show eql
(config-owner-content) url(config) flow permanent
To define a set of TCP ports that will have permanent connections and not be reclaimed by the CSS when they are inactive, use the flow permanent command. You can define a amximum of 10 ports. Use the no form of this command to disable a permanent connection by setting its port number to 0.
flow permanent [port[1|2|3|4|5|6|7|8|9|10]] port_number
no flow permanent [port[1|2|3|4|5|6|7|8|9|10]]Syntax Description
number
The number of the port. Enter an integer from 0 to 65535. The default is 0 which disables the port.
(config) flow port-reset
To enable the CSS to automatically reset Fast Ethernet and Gigabit Ethernet ports when it detects that they are not responding, use the flow port-reset command. By default, port resetting is enabled on the CSS. Use the no form of this command to disable port resets on the CSS.
flow port-reset
no flow port-reset
Caution
(config) flow reserve-clean
To define how often the CSS scans flows from reserved Telnet and FTP control ports to reclaim them, use the flow reserve-clean command. Control ports have ports numbers less than 23. When the CSS determines that one of these port has a flow with asymmetrical routing, it reclaims the port. Use the no form of this command to reset the flow cleanup on Telnet and FTP control ports to its default setting of 10 seconds.
flow reserve-clean seconds
no flow reserve-cleanSyntax Description
seconds
The time interval in seconds to scan flows. Enter an integer from 0 to 100. The default is 10. A setting of 0 disables the flow.
(config) ftp-record
To create a File Transfer Protocol (FTP) record file to use when accessing an FTP server from the CSS, use the ftp-record command. Use the no form of this command to delete an FTP record file from the CSS.
ftp-record ftp_record ip_or_host username ["password"|des-password des_pwd|encrypted-password encrypted_pwd] {base_directory}
no ftp-record ftp_recordSyntax Description
Related Commands
copy ftp
copy log
copy running-config
copy script
copy startup-config
(config-boot) primary
(config-boot) secondary(config) gem-traffic-bursty
To smooth bursty traffic on Gigabit Ethernet Modules (GEMs) in the CSS 11800 for applications sensitive to packet loss, use the gem-traffic-bursty command. Use the no form of this command to reset to the default traffic handling behavior on GEMs.
gem-traffic-bursty
no gem-traffic-burstyUsage Guidelines
Traffic burstiness is the occurrence of extreme amounts of traffic for a short period of time. During extremely heavy traffic loads, when a single GEM port has greater than one gigabit per second of incoming network traffic, substantial packet loss can occur. This condition can easily occur when a group of servers attached to multiple ports send traffic simultaneously to a single client uplink port.
If the traffic load at the client uplink port is at a rate close to a gigabit per second with occasional bursts of greater than one gigabit per second, you can use the gem-traffic-bursty command to reduce overall packet loss. This command can greatly reduce packet loss for applications sensitive to this condition, for example, video and audio streaming applications.
If the traffic load at the client uplink port remains at a constant rate greater than one gigabit per second, you may need to perform a network reconfiguration, for example, configure an additional client uplink port. You should not use the gem-traffic-bursty command to solve the problem.
Note
(config) group
To access group configuration mode and configure a group, use the group command. A group is a collection of local servers that initiate flows from within the local web farm. For example, after processing a group of real audio transmitters, they all appear on the same source IP address. The CSS lets you treat a group as a virtual server with its own source IP address.
Use the no form of this command to delete an existing group.
group group_name
no group existing_group_nameSyntax Description
Usage Guidelines
When you use the group command to access group mode, the prompt changes to (config-group [name]). For information about commands available in this mode, refer to "Group Configuration Mode Commands".
Caution
(config) header-field-group
To access header-field-group configuration mode and configure a request header-field group, use the header-field-group command. A request header-field group contains a list of defined header-field entries used by the content rule lookup process. Each header-field group is given a unique name so different content rules can use them. A group can contain several header-field entries. Use the no form of this command to remove a header-field group.
header-field-group group_name
no header-field-group group_nameSyntax Description
Usage Guidelines
To access header-field-group configuration mode, use header-field-group command from all configuration modes, except boot and RMON modes. The prompt changes to (config-header-field-group [group_name]). You can also use this command in header-field-group mode to access another group. For information about commands available in this mode, refer to "Header-Field Group Configuration Mode Commands".
Note
Related Commands
show header-field-group
(config-owner-content) header-field-rule(config) host
To manage entries in the Host table, use the host command. The Host table is the static mapping of mnemonic host names to IP address, analogous to the ARP table. Use the no form of this command to remove an existing host from the Host table.
host host_name ip_address
no host host_nameSyntax Description
Note
Related Commands
(config) idle timeout
To set the maximum amount of time that any Telnet, console, or FTP session can be idle on the CSS before the CSS logs it out, use the idle timeout command. Use the no form of this command to set the idle timeout for any session connected to the CSS to the default of 0.
idle timeout minutes
no idle timeoutSyntax Description
Usage Guidelines
You can override the idle timeout command with the terminal command in SuperUser mode.
(config) interface
To enter interface configuration mode and configure an interface, use the interface command.
interface interface_name
Syntax Description
Usage Guidelines
When you use the interface command to access this mode, the prompt changes to (config-if [interface_name]). For information about commands available in this mode, refer to "Interface Configuration Mode Commands".
(config) ip
To enter global IP configuration commands, use the ip command. The options for this global configuration mode command are:
•
•
•
•
•
•
•
•
•
For more information on these options and associated variables, refer to the following commands.
Related Commands
ip ecmp
To set the equal-cost multipath selection algorithm and the preferred reverse egress path, use the ip ecmp command. Use the no form of this command to reset the ingress path of a flow for its preferred reverse egress path.
ip ecmp [address|no-prefer-ingress|round-robin]
no ip ecmp no-prefer-ingressSyntax Description
Command Modes
Global configuration mode
Usage Guidelines
The equal-cost multipath selection algorithm for non-TCP/UDP packets (for example, ICMP) is applied on a packet-by-packet basis. Multipath selection for TCP and UDP is performed on a per-flow basis and all packets for a particular flow take the same path.
Note
ip firewall
To configure an index that identifies a physical firewall, use the ip firewall command. Use the no form of this command to delete a firewall index.
ip firewall index local_firewall_address remote_firewall_address remote_switch_address
no ip firewall indexSyntax Description
Command Modes
Global configuration mode
Usage Guidelines
You can configure indices for multiple parallel firewalls allowing for traffic load balancing. To avoid dropping packets, all connections in either direction between a pair of IP addresses cross the same firewall. If a failure occurs on one path, all traffic uses the remaining path.
A CSS must exist on each side of the firewall to control which firewall is selected for each flow. You must configure a firewall index identifier on the remote CSS with the same index number to the same physical firewall.
Note
Firewalls cannot perform Network Address Translation (NAT). If your configuration requires NATing, you must configure a content rule or source group on the CSS to provide this function.
Caution
Related Commands
ip no-implicit-service
To stop the CSS from starting an implicit service for the next hop of static routes, use the ip no-implicit-service command. By default, this option is disabled. Use the no form of this command to reset the default setting.
ip no-implicit-service
no ip no-implicit-serviceCommand Modes
Global configuration mode
ip opportunistic
To configure the opportunistic Layer-3 forwarding of packets, use the ip opportunistic command. Opportunistic Layer-3 forwarding allows the CSS to forward packets according to the IP destination address. The MAC destination address does not need to belong to the CSS.
By default, the CSS allows this forwarding for local destinations; when the IP destination address belongs to a node that resides on one of the subnets directly attached to the CSS and an ARP resolution is known for this node.
Use the no form of this command to allow opportunistic Layer-3 forwarding for local destinations.
ip opportunistic [all|disable]
no ip opportunisticSyntax Description
Command Modes
Global configuration mode
ip record-route
To enable the CSS to process frames with a record-route option, use the ip record-route command. Use the no form of this command to disable the processing of frames with a record-route option (the default behavior).
ip record-route
no ip record-routeCommand Modes
Global configuration mode
ip redundancy
To enable CSS-to-CSS redundancy on two CSSs interfaced with a crossover cable, use the ip redundancy command. You can also use the master option to manually designate which CSS is the master. By default, redundancy is disabled on a CSS. Use the no form of the ip redundancy command to disable CSS-to-CSS redundancy. Use the no form of the ip redundancy master to unassign the CSS as the master CSS.
ip redundancy {master}
no ip redundancy {master}Syntax Description
Command Modes
Global configuration mode
Usage Guidelines
If you have no requirement to designate a specific CSS as the master, use the ip redundancy command with no option on both CSSs. When you do not manually designate a master CSS, the CSSs negotiate to determine the master and backup. In this negotiation, the master CSS is the CSS that boots first. If both CSSs boot at the same time, the CSS with the higher IP address becomes the master. In case the master CSS goes down, the backup CSS automatically becomes master. When the former master CSS comes up again, it becomes the backup CSS.
To manually designate a CSS as the master CSS, issue the master option on it. You can issue this option on a negotiated master or backup. If you issue this option on a master, it remains the master. If you issue this option on the backup CSS, it becomes the master and the other CSS automatically becomes the backup.
Caution
Because the designated master CSS saves its configuration setting in the running-config, if it goes down and then comes up again, it regains its master status. For example, when the master CSS goes down, the backup CSS becomes master. When the former master CSS comes up again, it becomes the master again.
Note
Note
Related Commands
redundancy force-master
show redundancy
(config-if) redundancy-phy
(config-circuit) redundancy
(config-circuit-ip) redundancy-protocolip route
To configure a static route including routes for firewalls, use the ip route command. Use the no form of the command to remove a black-hole, static, or firewall route.
ip route ip_address subnet_mask [blackhole|ip_address2 {distance|originated-packets}|firewall index {distance}]
no ip route ip_address subnet_mask [blackhole|ip_address2
|firewall index]
Note
Syntax Description
ip_address
The destination network address. Enter the IP address in dotted-decimal notation (for example, 192.168.11.1).
subnet_mask
The IP subnet mask. Enter the mask as either:
•
•
blackhole
Instructs the CSS to drop any packets addressed to the route.
ip_address2
The next hop address for a static route. Enter the IP address in dotted-decimal notation (for example, 192.168.11.1).
distance
The optional administrative distance. Enter an integer from 1 to 254. A smaller number is preferable. The default value is 1.
firewall
Configures a firewall route.
index
An existing index number for the firewall route. For information on configuring a firewall index, refer to the ip firewall command.
originated-packets
The optional originated-packets keyword instructs the CSS to use this route for flow and session packets going to and from the CSS (for example, a Telnet session to the CSS). Flows or session packets that go through the CSS (for example, between an attached server and a remote client) do not use this route.
Command Modes
Global configuration mode
ip source-route
To enable the processing of source-routed frames, use the ip source-route command. Use the no form of this command to disable the processing of source-routed frames (the default behavior).
ip source-route
no ip source-routeCommand Modes
Global configuration mode
ip subnet-broadcast
To enable the forwarding of subnet broadcast addressed frames, use the ip subnet-broadcast command. Use the no form of this command to disable the forwarding of subnet broadcast addressed frames (the default behavior).
ip subnet-broadcast
no ip subnet-broadcast
Caution
If the attack is successful, all the destination subnet hosts reply to the echo and flood the path back to the source. When the subnet broadcast forwarding is disabled, the original echo never reaches the hosts.
Command Modes
Global configuration mode
(config) keepalive
To access keepalive configuration mode and configure the properties for a global keepalive which you can apply to any service, use the keepalive command. Use the no form of this command to delete an existing keepalive.
keepalive name
no keepalive existing_keepalive_nameSyntax Description
Usage Guidelines
The CSS supports a maximum of 255 keepalives. If you configure more than 255 keepalives, any services assigned to the keepalives over 255 will not work.
Keepalives include:
•
•
When you access keepalive mode, the prompt changes to (config-keepalive [name]). For information about commands available in this mode, refer to "Keepalive Configuration Mode Commands".
Related Commands
show keepalive
(config-service) keepalive type named(config) load
To configure global load parameters for the eligibility and ineligibility of CSS services, use the load command. Load is a relative measurement for a service's ability to handle flows. The CSS calculates load by using the variances in normalized response times for each server. You can adjust load calculations by changing the load step size, which is the difference in milliseconds between load numbers. The CSS can determine the load step size dynamically or you can configure it.
Each service has two load values, short and long. Short loads have file sizes of equal to or less than 15Kb. Long flows have file sizes of more than 15Kb.
The CSS determines the best service for each flow based on the service load and the size of the requested content. The CSS estimates the file size based on previous requests for the same content. If the CSS has never seen the content or it has been purged, it uses short load to select the best service.
The load on a service has a range from 2 to 255, with an eligible load state from 2 to 254. An eligible service is an active service that can receive flows. A service with a lower load receives more flows than a service with a higher load. When a service initially comes up, its load value is 2.
A load of 255 indicates that the service is down, as detected through the keepalive. A service becomes ineligible when its load number exceeds the configured load threshold. The service regains eligibility when its load information is considered stale; the tearing down of flows is not detected during the ageout time interval. The CSS erases stale load information for a service and resets the service load to 2. The options for the load command are:
•
•
•
•
•
For more information on these options and associated variables, refer to the following commands.
load ageout-timer
To set the time interval in seconds in which stale load information for a service is aged out, use the load ageout-timer command. Use the no form of the command to set the ageout time to the default of 60.
load ageout-timer seconds
no load ageout-timerSyntax Description
seconds
The number of seconds to age out load information for a service. Enter an integer from 0 to 1000000000. The default is 60. The value of 0 disables the timer.
Command Modes
Global configuration mode
Usage Guidelines
When the ageout timer interval expires, the CSS erases the information and resets the service load to 2. Load information is stale when the teardown report number recorded on a service has not incremented during the ageout time interval because no flows (long or short) are being torn down on the service.
At the beginning of the time interval, the ageout timer saves the number of the current teardown report. When the SFM generates a new teardown report, the report number in the SFM increments, and any services in the report saves this number. At the end of the ageout time interval, the CSS compares the initial teardown number, saved at the beginning of the time interval, with the current teardown number saved by each service. If the number of a service is less than or equal to the timer number, the load information is stale. The CSS erases it and the service load is reset to 2.
Related Commands
show load
(config) load reportingload reporting
To enable the CSS to generate teardown reports and derive load numbers, use the load reporting command. A teardown report is a summary of response times for services when flows are being torn down. The CSS uses the teardown report to derive the load number for a service.
Use the no form of the command to disable load reporting.
load reporting
no load reportingCommand Modes
Global configuration mode
Related Commands
load step
To set the difference in milliseconds between load numbers, use the load step command. Use the no form of this command to set the load step to the default of 10.
load step msec [dynamic|static]
no load stepSyntax Description
Command Modes
Global configuration mode
Usage Guidelines
Eligible load numbers have a range from 2 to 254. By default, the CSS dynamically calculates the load step as it accumulates minimum and maximum response times for the services.
When you configure the load step to reduce the flows to a slower service, consider the differences in response times between services. For example:
•
•
Related Commands
show load
(config) load reportingload teardown-timer
To set the maximum time between teardown reports, use the load teardown-timer command. Use the no form of this command to reset the teardown time interval to its default of 20 seconds.
load teardown-timer seconds
no load teardown-timerSyntax Description
seconds
The number of seconds between teardown report. Enter an integer from 0 to 1000000000. The default is 20. The value of 0 disables the timer.
Command Modes
Global configuration mode
Usage Guidelines
A teardown report is a summary of response times for services when flows are being torn down. The CSS uses the teardown report to derive the load number for a service. When the SFM has sufficient teardown activity for a service, it generates a teardown report and the teardown timer is reset. If a teardown report is not triggered at the end of the teardown timer interval due to insufficient activity, the CSS triggers the SFM to generate a teardown report based on its current activity. If there is no activity on the SFM, no report is generated and the timer resets.
Note
Related Commands
show load
(config) load reportingload threshold
To define the global load number that the CSS uses to determine if a service is eligible to receive flows, use the load threshold command. Use the no form of this command to set the load threshold to the default of 254.
load threshold number
no load thresholdSyntax Description
Note
Command Modes
Global configuration mode
Usage Guidelines
If the service load exceeds the threshold, the service becomes ineligible to receive flows until its load information is stale. Information is stale when the teardown report number recorded on a service has not incremented during the ageout time interval.
Related Commands
show load
(config) load ageout-timer(config) logging
Use the logging command to:
•
•
•
By default, the sys.log file on the CSS disk contains the Notice-level activities for all CSS subsystems. The options for this global configuration mode command are:
•
•
•
•
•
•
•
For more information on these options and associated variables, refer to the following commands.
Related Commands
logging buffer
To set the size of the disk buffer, use the logging buffer command. Use the no form of this command to set the disk buffer size to the default of 0.
logging buffer size
no logging bufferSyntax Description
size
The size of the disk buffer in bytes. Enter an integer from 0 to 64000. The default is 0, where the CSS sends the logging information directly to the disk.
Command Modes
Global configuration mode
Usage Guidelines
The logging buffer command is only applicable when you configure logging to the CSS disk through the logging disk command.
When the log activity information for the subsystem fills the buffer, the CSS empties it into the log file on the disk. The larger you configure the buffer size, the less frequently the CSS empties the buffer.
Related Commands
(config) logging disk
logging commands enable
To enable the CSS to log CLI commands, use the logging commands enable command. Use the no form of this command to disable the logging of CLI commands.
logging commands enable
no logging commandsCommand Modes
Global configuration mode
logging disk
To log the activity of a subsystem to a new or existing file on the disk, use the logging disk command. Use the no form of this command to turn off logging to the specified file on the disk and re-enable logging to the sys.log file.
logging disk filename
no logging diskSyntax Description
Command Modes
Global configuration mode
Usage Guidelines
You can have only one active log file on the disk. If you want to send the log information to a different log file, re-enter the logging disk command.
Note that the maximum size of a log file is 50 Mb. If you enter this command when logging is occurring on an existing file, logging on that file terminates and then starts on the newly designated file.
Related Commands
(config) logging buffer
(config) logging subsystemlogging host
To send the log activity of a subsystem to the syslog daemon on the host system, use the logging host command. Use the no form of this command to turn off logging to the syslog daemon on the host.
logging host ip_or_host facility number
no logging host ip_or_hostSyntax Description
Command Modes
Global configuration mode
Syntax Description
(config) logging subsystem
logging line
To send the log activity of a subsystem to an active CSS session, use the logging line command. Use the no form of this command to turn off logging to a session.
logging line session
no logging line sessionSyntax Description
session
A valid active session on the CSS. Enter a case-sensitive unquoted text string with a maximum length of 32 characters. To see a list of sessions, enter:
logging line ?
Command Modes
Global configuration mode
Related Commands
(config) logging subsystem
logging sendmail
To send the log activity of a subsystem to an email address, use the logging sendmail command. Use the no form of this command to turn off logging to an email address.
logging sendmail email_address host_address level {domain}
no logging sendmail email_addressSyntax Description
Command Modes
Global configuration mode
logging subsystem
To select a CSS subsystem and determine which type of activity to log, use the logging subsystem command. Use the no form of this command to reset a subsystem logging level to the default setting of warning.
logging subsystem name level level
no logging subsystem nameSyntax Description
Command Modes
Global configuration mode
Related Commands
clear log
(config) logging disk
(config) logging host
(config) logging line(config) no
To negate a command or set it to its default, use the no command. Not all commands have a no form. For information on general no commands you can use in this mode, refer to the general no command.
All of the following options are available in global configuration mode.
Syntax Description
no acl index
Deletes an existing ACL
no app
Disables APP on the CSS
no app framesz
Restores the default APP frame size to 10240
no app port
Restores the default APP port number to 5001
no app session ip_address
Terminates an APP session
no app-udp
Disables APP-UDP messaging on the CSS
no app-udp options ip_address
Deletes the APP-UDP options from the IP address
no app-udp port
Restores the default APP-UDP port number to 5002
no app-udp options ip_address
Deletes the APP-UDP options from the IP address
no app-udp secure
Restores the default behavior of accepting all APP datagrams
no arp ip_or_host
Removes a static mapping address
no arp timeout
Restores the default timeout of 14400 seconds
no arp wait
Restores the default wait time of 5 seconds
no bridge aging-time
Restores the default aging time of 300
no bridge forward-time
Restores the default delay time of 4
no bridge hello-time
Restores the default hello time interval of 1
no bridge max-age
Restores the default maximum age of 6
no bridge priority
Restores the default priority of 32768
no cmd-sched
Disables the execution of scheduled CLI commands
no cmd-sched record
Deletes a configuration record for the execution of CLI commands
no console authentication
Sets console authentication to none
no dns primary
Removes the primary DNS server
no dns secondary ip_or_host
Removes a secondary DNS server
no dns suffix
Removes the default suffix
no dns-boomerang client cpu-threshold
Resets the CSS CPU threshold to the default value of 99
no dns-boomerang client domain dns_name {alias alias_name}
Removes a client domain or the alias for the domain
no dns-boomerang client enable
Disables the Content Routing Agent (CRA) functionality on the CSS
no dns-peer interval
Resets the time between load reports to the CSS DNS peers to its default of 5 seconds
no dns-peer receive-slots
Resets the maximum number of DNS names received from a peer to its default value of 128
no dns-peer send-slots
Resets the maximum number of DNS names sent to a peer to its default value of 128
no dns-record a dns_name
Deletes a domain address record
no dns-record accel dns_name
Deletes a DNS acceleration record
no dns-record ns dns_name
Deletes a domain name server record
no dns-server
Disables the DNS server functionality on the CSS
no dns-server accelerate domains
Disables domain acceleration
no dns-server bufferCount
Restores the default response buffer count to 10
no dns-server domain-cache
Disables domain caching
no dns-server forwarder primary|secondary
Deletes a CSS DNS forwarder
no dns-server respTasks
Restores the default responder task count to 2
no dns-server zone
Disables the CSS Proximity Domain Name Server
no domain hotlist
Disables the domain hotlist
no domain hotlist interval
Resets the domain hotlist interval to 1 minute
no domain hotlist size
Resets the maximum number of entries in the domain hotlist to 100
no domain hotlist threshold
Resets the domain hotlist threshold to 0, which disables the threshold
no dql dql_name
Deletes the specified DQL
no eql eql_name
Deletes the specified EQL
no flow permanent port[1|2|3|4|5|6|7|8|9|10]
Resets a port to its default number of 0
no flow port-reset
Disables Fast and Gigabit Ethernet port resets on the CSS
no flow reserve-clean
Resets the reclaiming of port numbers to 10 seconds
no ftp-record ftp_record
Deletes an FTP record file from the CSS
no gem-traffic-bursty
Reset to the default traffic behavior on the GEMs
no group existing_group_name
Deletes an existing group
no header-field-group existing_group_name
Deletes an existing header-field group
no host host_name
Removes an existing host from the Host table
no idle timeout
Sets the idle timeout for any session connected to the CSS to the default of 0 (disabled)
no ip ecmp no-prefer-ingress
Resets the ECMP ingress path for a flow to be its preferred reverse egress path
no ip firewall index
Deletes a configured firewall
no ip no-implicit-service
Resets the CSS to start an implicit service for the next hop of static routes
no ip opportunistic
Allows opportunistic Layer-3 forwarding for local destinations
no ip record-route
Disables processing of frames with a record-route option
no ip redundancy
Disables CSS-to-CSS redundancy
no ip redundancy master
Unassigns the CSS as the master CSS
no ip route ip_address subnet_mask ip_address2
Removes a static route
no ip route ip_address subnet_mask blackhole
Disables the dropping of packets to a black-hole route
no ip route ip_address subnet_mask firewall index
Removes a firewall route
no ip source-route
Disables processing of source-routed frames
no ip subnet-broadcast
Disables forwarding of subnet broadcast addressed frames
no keepalive name
Deletes an existing keepalive
no load ageout-timer
Resets the number of ageout time interval for load information to its default value of 60 seconds
no load reporting
Disables load reporting
no load step
Resets the load step to its default value of 10 milliseconds
no load teardown-timer
Resets the teardown time interval to its default value of 20 seconds
no load threshold
Resets the global load threshold to its default value of 254
no logging buffer
Sets the disk buffer size to the default of 0
no logging commands
Disables the logging of CLI commands
no logging disk
Turns off logging to specified file on disk
no logging host ip_or_host
Turns off logging to the syslog daemon on the host
no logging line session
Turns off logging to an active CSS session
no logging sendmail email_address
Turns off logging to an email address
no logging subsystem name
Resets the logging level of a subsystem to the default setting of warning
no nql name
Deletes an existing NQL
no ospf advertise ip_address subnet_mask
Stops advertising of the route as OSPF ASE through the OSPF interfaces
no ospf area ip_address
Removes the OSPF area
no ospf as-boundary
Unassigns the CSS as a AS boundary router
no ospf default
Stops advertising the routes originated through OSPF
no ospf enable
Disables OSPF
no ospf equal-cost
Resets the number of equal-cost routes OSPF can use to its default of 15
no ospf range area_id address mask
Removes the range to summarize routes at an area border
no ospf redistribute [firewall|local|rip|static]
Stops advertising a route of a specific protocol type through OSPF
no ospf router-id
Deletes the OSPF router ID on the CSS
no owner existing_owner_name
Deletes an existing owner
no proximity cache-size
Restores the proximity lookup cache size to its default of 16000 entries
no proximity db
Disables the CSS Proximity Database
no proximity probe rtt interval
Resets the delay in seconds between ICMP samples to its default of 1 second
no proximity probe rtt metric-weighting
Resets the percentage of the previous metric value to derive the new metric to its default of 0
no proximity probe rtt samples
Resets the number of ICMP echo requests that the CSS uses for averaging during an initial probe to its default of 2
no proximity probe rtt tcp-ports
Resets the default probe ports for SYN proximity metric discovery
no proximity ttl assigned
Resets the TTL value to its default of 60 minutes
no proximity ttl probe
Resets the TTL value to its default of 0, which disables the caching of responses at the Proximity Database
no radius-server dead-time
Resets the dead-time period to its default of 5 seconds
no radius-server primary
Deletes the primary RADIUS server.
no radius-server retransmit
Resets the retransmission of authentication request to its default of 3
no radius-server secondary
Deletes the secondary RADIUS server
no radius-server timeout
Resets the time interval that the CSS waits for a reply to a RADIUS request to 10 seconds
no restrict console
Enables access to the CSS from a console
no restrict ftp
Enables FTP access to the CSS
no restrict snmp
Enables SNMP access to the CSS
no restrict telnet
Enables Telnet access to the CSS
no restrict xml
Enables XML access to the CSS
no restrict web-mgmt
Enables Web management access to the CSS
no rip advertise ip_address/ip_mask
Stops advertising a route through all RIP interfaces
no rip equal-cost
Resets the number of equal-cost routes RIP can use to its default of 1
no rip redistribute [local|ospf|static|
firewall]Stops advertising routes from other protocols
no rmon-alarm index
Deletes an RMON alarm
no rmon-event index
Deletes an RMON event
no rmon-history index
Deletes an RMON history
no service service_name
Deletes an existing service
no snmp auth-traps
Disables reception of authentication traps
no snmp community community_name
Removes a community name
no snmp contact
Removes the contact name
no snmp location
Removes the location
no snmp name
Removes the SNMP name for this system
no snmp reload-enable
Disallows an SNMP-based reboot of the CSS
no snmp trap-host ip_or_host
Removes a specified trap host
no snmp trap-type generic
Disables generic traps
no snmp trap-type enterprise
Disables enterprise traps
no snmp trap-type enterprise dos_attack_type
Disables the generation of an SNMP enterprise trap for a Denial of Service attack type, as configured with the (config) snmp trap-type enterprise command
no snmp trap-type enterprise login-failure
Disables the generation of an SNMP enterprise trap when a login fails
no snmp trap-type enterprise reload
Disables the generation of an SNMP enterprise trap when the CSS reboots initiated directly through SNMP
no snmp trap-type enterprise redundancy-transition
Disables the generation of an SNMP enterprise trap when a redundant CSS transitions state
no snmp trap-type enterprise service-transition
Disables the generation of an SNMP enterprise trap when a service transitions state
no sntp poll-interval
Resets the poll interval to its default to 64 seconds
no sntp server
Removes the SNTP server
no sshd keepalive
Disables SSHD keepalive
no sshd port
Resets the SSHD port number to 22
no sshd server-keybits
Resets the number of bits for the server key to 768
no urql name
Deletes an existing URQL
no username name
Deletes an existing username
no virtual authentication
Disables virtual authentication
Command Modes
Global configuration mode
(config) nql
To access Network Qualifier List (NQL) configuration mode and configure an NQL, use the nql command. An NQL is a collection of subnet and host IP addresses which you can assign to an ACL clause, instead of creating a clause for each address. Use the no form of this command to remove an existing NQL.
nql nql_name
no nql existing_nql_nameSyntax Description
Command Modes
Global configuration mode
Usage Guidelines
You can access NQL mode from any configuration mode except boot, group, RMON alarm, RMON event, and RMON history configuration modes. The prompt changes to (config-nql [name]). You can also use the nql command from NQL mode to access another NQL. For information about commands available in this mode, refer to "NQL Configuration Mode Commands".
You can configure a maximum of 512 networks to an NQL, and a maximum of 512 NQLs on the CSS.
(config) ospf
To configure global Open Shortest Path First (OSPF) parameters on the CSS, use the ospf command and its options. The options for this global configuration mode command are:
•
•
•
•
•
•
•
•
•
For more detailed information about these options and their variables, refer to the following sections.
Related Commands
show ospf
(config-circuit-ip) ospfospf advertise
To advertise a route as OSPF ASE through all OSPF interfaces, use the ospf advertise command. Use the no form of this command to stop advertising the route as OSPF ASE through all OSPF interfaces.
ospf advertise ip_address subnet_mask {metric number1} {tag number2} {type1}
no ospf advertise ip_address subnet_maskSyntax Description
Command Modes
Global configuration mode
Usage Guidelines
Before you issue the ospf advertise command, you must configure the CSS as an Autonomous System (AS) boundary router. For more information, refer to the ospf as-boundary command.
The AS boundary router can perform external route summarization to consolidate multiple routes into a single advertisement. For a CSS, this is useful when you want to advertise VIP addresses for content as OSPF AS external (ASE) through all OSPF interfaces.
Note
For more information on configuring a redundant VIP within a virtual router, refer to the Content Services Switch Advanced Configuration Guide. To stop the advertisement of the route, issue the no ospf advertise command as described later in this section.
ospf area
To configure an OSPF area, use the ospf area command. Disable OSPF and then use the no form of this command to remove an OSPF area.
ospf area area_id {stub {default-metric metric|send-summaries}}
no ospf area area_idSyntax Description
Command Modes
Global configuration mode
ospf as-boundary
To configure the CSS as an Autonomous System (AS) boundary router, use the ospf as-boundary command. An AS boundary router exchanges routing information with routers belonging to other Autonomous Systems. It advertises AS external routing information throughout the Autonomous System. Use the no form of this command to unassign the CSS as an AS boundary router.
ospf as-boundary
no ospf as-boundaryCommand Modes
Global configuration mode
Usage Guidelines
You can issue the ospf as-boundary command only if OSPF is disabled.
ospf default
To advertise default ASE routes through OSPF, use the ospf default command. Routers use default routes when no more specific routes exist to AS external destinations. Use the no form of this command to shut off the advertising of default ASE routes originated through OSPF.
ospf default {metric number1} {tag number2} {type1}
no ospf defaultSyntax Description
Command Modes
Global configuration mode
Usage Guidelines
Use the ospf default command to force an AS boundary router to generate a default route. Normally, AS boundary routers do not generate default routes into the OSPF routing domain.
ospf enable
To enable OSPF, use the ospf enable command. Use the no form of this command to disable OSPF.
ospf enable
no ospf enableCommand Modes
Global configuration mode
Usage Guidelines
You must configure a router ID before enabling OSPF. For more information, refer to the ospf router-id command.
ospf equal-cost
To configure the number of equal-cost routes that OSPF can use, use the ospf equal-cost command. Use the no form of this command to reset the number of routes to its default value of 15.
ospf equal-cost number
no ospf equal-costSyntax Description
Command Modes
Global configuration mode
ospf range
To specify an IP address range to summarize routes at the CSS area border router, use the ospf range command. Use the no form of this command to remove the range.
ospf range area_id ip_address mask {block}
no ospf range area_id ip_address maskSyntax Description
Command Modes
Global configuration mode
Usage Guidelines
You can only issue the ospf range command if OSPF is disabled.
Define an address range by specifying an IP address and mask pair that represent networks in the area being summarized. You can also determine whether or not you want to advertise this range.
The CSS advertises a single summary route or network ranges that cover all the individual networks within its area that fall into the specified range. This summarization applies to inter-area paths, which are paths to destinations in other OSPF areas. This summarization helps control routing table sizes and prevents the constant changing of routes whenever an interface within an area comes online or goes offline. These route changes do not cause route changes in backbone ABRs and other area routers.
ospf redistribute
To advertise routes from other protocols through OSPF, use the ospf redistribute command. Redistribution of these routes makes them OSPF external routes. Use the no form of this command to shut off the advertising of routes via OSPF.
ospf redistribute protocol {metric number1} {tag number2} {type1}
no ospf redistribute [firewall|local|rip|static]Syntax Description
Command Modes
Global configuration mode
ospf router-id
To configure the OSPF router ID for the CSS, use the ospf router-id command. Use the no form of this command to delete the router ID on the CSS.
ospf router-id id_number
no ospf router-idSyntax Description
id_number
The router ID 32-bit number that identifies the CSS within the AS. Enter the ID in dotted-decimal notation (for example, 121.23.21.1).
Command Modes
Global configuration mode
Usage Guidelines
Before you can enable OSPF, you must configure the router ID. To change the router ID, you must disable OSPF.
(config) owner
To access owner configuration mode and configure an owner, use the owner command. An owner is an entity that owns Web content and uses the CSS to manage access to that content through content rules. Up to 255 owners can use a single CSS and each owner has a configurable profile. Use the no form of this command to delete an existing owner.
owner owner_name
no owner existing_owner_nameSyntax Description
Usage Guidelines
When you access owner mode, the prompt changes to (config-owner [owner_name]). For information about commands available in this mode, refer to "Owner Configuration Mode Commands".
Caution
(config) persistence reset
To choose between an HTTP redirection or a back-end service remapping operation when resetting a connection to a new back-end service, use the persistence reset command. This command affects all flow setups that require redirecting or remapping.
persistence reset [redirect|remap]
Syntax Description
Usage Guidelines
The CSS does not use a remapping method when selecting services of type redirect.
If your topology consists of a CSS 11800 using ECMP to the servers and server port NAT configured on the services, to ensure the correct processing of packets either:
•
•
Related Commands
show remap
(config) bypass persistence
(config-owner-content) persistent(config) proximity
To configure proximity on the CSS, use the proximity command and its options. The command options are:
•
•
•
•
•
•
•
•
•
For more information, refer to the following commands.
proximity cache-remove
To remove entries from the proximity lookup cache, use the proximity cache-remove command. The prefix length parameter allows you to remove multiple entries in a single operation.
proximity cache-remove [ip_address ip_prefix|all]
Syntax Description
Command Modes
Global configuration mode
Usage Guidelines
The proximity cache-remove command is functional on a CSS with the Enhanced feature set.
Related Commands
proximity cache-size
To set the size of the proximity lookup cache, use the proximity cache-size command. Use the no form of this command to restore the default cache size of 16000 entries.
proximity cache-size cache_size
no proximity cache-sizeSyntax Description
cache_size
The size of the cache. Enter a size between 0 and 48,000. The default value is 16000 entries. Entering a value of 0 disables the cache.
Command Modes
Global configuration mode
Usage Guidelines
The proximity cache-size command is functional on a CSS with the Enhanced feature set. By default, the cache supports approximately 16,000 entries using 1 MB of CSS memory. You can increase or decrease the entries, depending upon your CSS configuration.
Note
Related Commands
show proximity cache
(config) proximity cache-removeproximity db
To enable the Proximity Database (PDB) on the CSS, use the proximity db command. This service allows the CSS to respond to proximity lookup requests and enables proximity probing. Use the no form of this command to disable the CSS Proximity Database.
proximity db zoneIndex {tier1|tier2 {"description"}}
no proximity dbSyntax Description
Command Modes
Global configuration mode
Usage Guidelines
The proximity db command is functional only on a Proximity Database CSS.
proximity probe rtt interval
To configure the delay in seconds between samples for the configured probe method, use the proximity probe rtt interval command. Use the no form of this command to reset the delay between samples to its default value of 1 second.
proximity probe rtt interval seconds
no proximity probe rtt intervalSyntax Description
seconds
The length of time in seconds to delay between samples. Enter a number from 1 to 10. The default is 1.
Command Modes
Global configuration mode
Usage Guidelines
The proximity probe rtt interval command is functional only on a Proximity Database CSS.
proximity probe rtt method
To configure the primary and secondary methods to be used for proximity metric discovery, use the proximity probe rtt method command. The discovery method uses ICMP Echo requests or a TCP SYN, SYN-ACK, RST sequence to the configured TCP ports as the Round-Trip Time (RTT) discovery method.
proximity probe rtt method [icmp tcp|icmp|tcp icmp|tcp]
Syntax Description
Command Modes
Global configuration mode
Usage Guidelines
The proximity probe rtt method command is functional only on a Proximity Database CSS.
proximity probe rtt metric-weighting
To configure the percentage of the previously stored metric value in the database that is used to determine the new metric value, use the proximity probe rtt metric-weighting command. Use the no form of this command to reset the percentage to its default value of 0.
proximity probe rtt metric-weighting number
no proximity probe rtt metric-weightingSyntax Description
number
The percentage of the previous metric value used. Enter a number from 0 to 99. The default is 0.
Command Modes
Global configuration mode
Usage Guidelines
This command is functional only on a Proximity Database CSS.
The proximity probe rtt metric-weighting command allows the PDB to smooth network metric variation caused by network congestion, flash crowds, and so on.
proximity probe rtt samples
To configure the number of ICMP requests to send for each configured probe method, use the proximity probe rtt samples command. Use the no form of this command to reset the number of requests to its default value of 2.
proximity probe rtt samples number
no proximity probe rtt samplesSyntax Description
number
The number of requests that the CSS uses for averaging during an initial probe. Enter a number from 1 to 30. The default is 2.
Command Modes
Global configuration mode
Usage Guidelines
This command is functional only on a Proximity Database CSS.
proximity probe rtt tcp-ports
To configure the probe ports for SYN proximity metric discovery, use the proximity probe rtt tcp-ports command. Use the no form of this command to reset the probe ports to their default values.
proximity probe rtt tcp-ports port_number1 {port_number2 {port_number3 {port_number4}}}
no proximity probe rtt tcp-portsSyntax Description
Command Modes
Global configuration mode
Usage Guidelines
This command is functional only on a Proximity Database CSS.
proximity ttl
To set the time-to-live (TTL) value, in minutes, for each Proximity Database response, use the proximity ttl command. This value informs the proximity DNS how long to cache the response. Use the no form of this command to reset the TTL value to its default value.
proximity ttl [assigned assigned_minutes|probe probe_minutes]
no proximity ttl [assigned|probe]Syntax Description
Command Modes
Global configuration mode
Usage Guidelines
This command is functional only on a Proximity Database CSS.
(config) radius-server
To configure the CSS as a RADIUS server client, use the radius-server command and its options. The command options are:
•
•
•
•
•
For more information, refer to the following commands.
radius-server dead-time
To set the time interval to send probe access-request packets to verify that the RADIUS server is available and can receive authentication requests, use the radius-server dead-time command. Use the no form of this command to reset the dead-time period to its default of 5 seconds.
radius-server dead-time seconds
no radius-server dead-timeSyntax Description
Usage Guidelines
The dead-time interval starts when the server does not respond to the number of authentication request retransmissions configured through the radius-server retransmit command. When the server responds to a probe access-request packet, the CSS transmits the authentication request to the server.
This command applies to primary and secondary servers.
Command Modes
Global configuration mode
Related Commands
show radius config
(config) radius-server retransmitradius-server primary
To configure the remote primary RADIUS server that authenticates user information from the CSS client, use the radius-server primary command. Use the no form of this command to delete the primary RADIUS server.
radius-server primary ip_or_host secret string {auth-port number}
no radius-server primarySyntax Description
Usage Guidelines
When you configure a primary server and enable RADIUS console or virtual authentication on the CSS, the CSS enables the RADIUS protocol, allowing the CSS to become a RADIUS client.
Command Modes
Global configuration mode
Related Commands
show radius config
show radius stat
(config) console
(config) radius-server dead-time
(config) radius-server timeout
(config) virtual authenticationradius-server retransmit
To configure the number of times that the CSS retransmits an authentication request to an active RADIUS server after the timeout interval occurred, use the radius-server retransmit command. Use the no form of this command to reset the retransmission of authentication request to its default of 3.
radius-server retransmit number
no radius-server retransmitSyntax Description
number
The number of times that the CSS retransmits an authentication request. Enter a number from 1 to 30. The default number is 3.
Usage Guidelines
If the RADIUS server does not respond to the CSS retransmitted requests, the CSS considers the server as dead, stops transmitting to the server, and starts the dead timer as defined through the radius-server dead-time command.
If a secondary server is configured, the CSS transmits the requests to the secondary server. If the secondary server does not respond to the request, the CSS considers it dead and start the dead timer.
If there is no active server, the CSS stops transmitting request until one of the servers becomes alive.
Command Modes
Global configuration mode
Related Commands
show radius config
show radius stat
(config) radius-server dead-timeradius-server secondary
To configure the remote secondary RADIUS server, use the radius-server secondary command. When the primary server becomes unavailable, the CSS directs authentication requests to the secondary server. Use the no form of this command to delete the secondary RADIUS server.
radius-server secondary host_or_ip secret text {auth-port number}
no radius-server secondarySyntax Description
Command Modes
Global configuration mode
Related Commands
show radius config
show radius stat
(config) radius-server dead-time
(config) radius-server timeoutradius-server timeout
To specify the time interval that the CSS waits for a reply to a RADIUS request before retransmitting requests to the RADIUS server, use the radius-server timeout command. Configure the number of retransmitted requests to the server through the radius-server retransmit command. Use the no form of this command to reset the interval to its default of 10 seconds.
radius-server timeout time
no radius-server timeoutSyntax Description
Usage Guidelines
This command applies to the primary and secondary RADIUS servers.
Command Modes
Global configuration mode
Related Commands
show radius config
show radius stat
(config) radius-server retransmit(config) restrict
To enable or disable Telnet, SNMP, console, FTP, user database, XML, or Web Management access to the CSS, use the restrict command. Use the no form of this command to enable access to the CSS.
restrict [console|ftp|snmp|telnet|user-database|xml|web-mgmt]
no restrict [console|ftp|snmp|telnet|user-database|xml|web-mgmt]Syntax Description
Command Modes
Global configuration mode
Usage Guidelines
Disable Telnet access when you want to use the Secure Shell Host (SSH) server.
Related Commands
show user-database
(config) sshd
(config) username(config) rip
To configure the Routing Information Protocol (RIP) parameters and run RIP on this interface, use the rip command. The default mode is to send RIP version 2 (v2) and receive either version. The options for this global configuration mode command are:
•
•
•
For information on these options and associated variables, refer to the following commands. For information on additional rip command options in IP mode, refer to the (config-circuit-ip) rip command.
rip advertise
To advertise a route through RIP on the CSS, use the rip advertise command. Use the no form of this command to stop advertising a route through all RIP interfaces.
rip advertise ip_address ip_mask_prefix {metric}
no rip advertise ip_address ip_mask_prefixSyntax Description
Command Modes
Global configuration mode
rip equal-cost
To set the maximum number of routes RIP can use, use the rip equal-cost command. Use the no form of this command to reset the number of routes to the default of 1.
rip equal-cost number
no rip equal-costSyntax Description
Command Modes
Global configuration mode
rip redistribute
To advertise routes from other protocols through RIP, use the rip redistribute command. By default, RIP advertises RIP routes and local routes for interfaces running RIP. This command advertises other routes. Use the no form of this command to stop advertising routes.
rip redistribute [firewall|local|ospf|static] {metric}
no rip redistribute [firewall|local|ospf|static]Syntax Description
Command Modes
Global configuration mode
(config) rmon-alarm
To enter RMON alarm configuration mode, use the rmon-alarm command. An RMON alarm allows you to monitor every SNMP object in the CSS for a desired transitory state. Use the no form of this command to delete an RMON alarm.
rmon-alarm index
no rmon-alarm indexSyntax Description
Usage Guidelines
When you use the rmon-alarm command to access this mode, the prompt changes to (config-rmonalarm [index]). For information about commands available in this mode, refer to "RMON Alarm Configuration Mode Commands".
(config) rmon-event
To enter RMON event configuration mode, use the rmon-event command. An RMON event is associated with an RMON alarm. It defines what should occur when an RMON alarm is triggered. Use the no form of this command to delete an RMON event.
rmon-event index
no rmon-event indexSyntax Description
Usage Guidelines
When you use the rmon-event command to access this mode, the prompt changes to (config-rmonevent [index]). For information about commands available in this mode, refer to "RMON Event Configuration Mode Commands".
(config) rmon-history
To enter RMON history configuration mode, use the rmon-history command. Use the no form of this command to delete an RMON history.
rmon-history index
no rmon-history indexSyntax Description
Usage Guidelines
When you use the rmon-history command to access this mode, the prompt changes to (config-rmonhistory [index]). For information about commands available in this mode, refer to "RMON History Configuration Mode Commands".
(config) service
To access service configuration mode and configure a service, use the service command. A service is an entity that contains and provides Internet content. It is identified by a name, an IP address, and optimally, a protocol and a port number. When you create a service, you can apply content rules to it. The rules allow the CSS to direct or deny requests for content from the service.
Use the no form of this command to delete an existing service.
service service_name
no service service_nameSyntax Description
Usage Guidelines
When you use the service command to access service mode, the prompt changes to (config-service [name]). For information about commands available in this mode, refer to "Service Configuration Mode Commands".
Related Commands
(config-service) ip address
(config-service) port(config) snmp
To configure Simple Network Management Protocol (SNMP) parameters, use the snmp command. The options for this global configuration mode command are:
•
•
•
•
•
•
•
•
•
Note
The CSS generates traps in SNMP version 1 (SNMP v1) format.For more information on these options and associated variables, refer to the following commands.
Related Commands
(config) restrict telnet
(config) rmon-alarm
(config) rmon-event
(config) rmon-historysnmp auth-traps
To enable reception of SNMP authentication traps, use the snmp auth-traps command. Use the no form of this command to disable reception of authentication traps.
snmp auth-traps
no snmp auth-trapsUsage Guidelines
The CSS generates these traps when an SNMP management station attempts to access your system with invalid community names.
Note
Command Modes
Global configuration mode
Related Commands
snmp community
To set or modify SNMP community names and access properties, use the snmp community command. Use the no form of this command to remove a community name.
snmp community community_name [read-only|read-write]
no snmp community community_nameSyntax Description
Command Modes
Global configuration mode
snmp contact
To set or modify the contact name for the SNMP system, use the snmp contact command. Use the no form of this command to remove the contact name.
snmp contact "contact_name"
no snmp contactSyntax Description
Command Modes
Global configuration mode
snmp location
To set or modify the SNMP system location, use the snmp location command. Use the no form of this command to remove the location.
snmp location "location"
no snmp locationSyntax Description
location
The physical location of this system. Enter a quoted text string with a maximum length of 255 characters.
Note
Command Modes
Global configuration mode
snmp name
To set or modify the SNMP name for this system, use the snmp name command. Use the no form of this command to remove the SNMP name for this system.
snmp name "name"
no snmp nameSyntax Description
Command Modes
Global configuration mode
snmp reload-enable
To allow the rebooting of the CSS through SNMP, use the snmp reload-enable command. Use the no form of this command to disallow a CSS reboot through SNMP (default behavior).
snmp reload-enable {reload_value}
no snmp reload-enableSyntax Description
Command Modes
Global configuration mode
Usage Guidelines
When you use the snmp reload-enable command, it allows any SNMP write to the reload object to force a CSS reboot. The reload object name is apSnmpExtReloadSet (1.3.6.1.4.1.2467.1.22.7). You can find this object in the enterprise MIB, snmpext.mib. When you include a reload value, an SNMP write equal to the reload_value forces a CSS reboot.
snmp trap-host
To set or modify the SNMP host to receive traps from this system, use the snmp trap-host command. Use the no form of this command to remove a specified trap host.
snmp trap-host ip_or_host community_name
no snmp trap-host ip_or_hostSyntax Description
Note
Command Modes
Global configuration mode
snmp trap-type enterprise
To enable SNMP enterprise traps and configure trap types, use the snmp trap-type enterprise command. Use the no form of this command to disable all or a specific trap. Use the no snmp trap-type enterprise command to disable all traps.
snmp trap-type enterprise {dos_attack_type {trap-threshold threshold_value}|login-failure|reload|redundancy-transition
|service-transition}
no snmp trap-type enterprise {dos_attack_type|login-failure
|reload|redundancy-transition|service-transition}Syntax Description
Command Modes
Global configuration mode
Usage Guidelines
You must enable enterprise traps before you configure an enterprise trap option. You can enable the CSS to generate enterprise traps when Denial of Service attack events occur, a login fails, or a CSS service transitions state.
Note
Related Commands
snmp auth-traps
snmp trap-host
show log traplogsnmp trap-type generic
To enable SNMP generic trap types, use the snmp trap-type generic command. The generic SNMP traps consist of cold start, warm start, link down, and link up. Use the no form of this command to disable a generic trap.
snmp trap-type generic
no snmp trap-type generic
Note
Command Modes
Global configuration mode
Related Commands
snmp auth-traps
snmp trap-host
show log traplog(config) sntp
To configure the SNTP server on the CSS, use the sntp command. You can configure one SNTP server. Use the no form of this command to remove the SNTP server or reset the poll interval.
sntp [server ip_address {version number}|poll-interval seconds]
no sntp [server|poll-interval]Syntax Description
Command Modes
Global configuration mode
Usage Guidelines
Before you synchronize the CSS with an SNTP server, make sure you configure the proper time zone for the CSS (for example, to EST). Also make sure that the time difference between the CSS internal clock and the SNTP server clock is less than 24 hours. Otherwise, the CSS will not synchronize its clock with the SNTP server.
Related Commands
(config) sshd
To control the Secure Shell Host server, use the sshd command. The options for this global configuration mode command are:
•
•
•
Note
For more information on these options and associated variables, refer to the following commands.
Related Commands
(config) restrict telnet
sshd keepalive
To enable SSHD keepalive, use the sshd keepalive command. SSHD keepalive is enabled by default. Use the no form of this command to disable SSHD keepalive.
sshd keepalive
no sshd keepaliveCommand Modes
Global configuration mode
sshd port
To set the port number that the server listens to connections from clients, use the sshd port command. Use the no form of this command to reset the port number to the default of 22.
sshd port number
no sshd portSyntax Description
Command Modes
Global configuration mode
sshd server-keybits
To set the number of bits in the server key, use the sshd server-keybits command. Use the no form of this command to reset the number of bits to the default of 768.
sshd server-keybits number
no sshd server-keybitsSyntax Description
Command Modes
Global configuration mode
(config) urql
To access Uniform Resource Locator Qualifier List (URQL) configuration mode and configure a URQL, use the urql command. Use the no form of this command to an existing URQL.
urql urql_name
no urql existing_urql_nameSyntax Description
Usage Guidelines
A URQL is a collection of URLs for content requests that you can associate to one or more content rules. The CSS uses this list to identify which requests to send to a service.
When you configure content replication and staging, you must configure an URL or URQL in a content rule to define which files you want replicated:
•
•
Then add the subscriber services to the content rule.
Note
You can access this mode from any configuration mode except ACL, boot, group, keepalive, and owner configuration modes. The prompt changes to (config-urql [name]). You can also use this command from URQL mode to access another URQL. For information about commands available in this mode, refer to "URQL Configuration Mode Commands".
(config) username
To configure a local username and its password for logging into the CSS, and allow it to access SuperUser mode, use the username command. Use the no form of this command to delete an existing username.
username name [encrypted-password password {superuser}
|password password {superuser}{dir-access access}
|des-password password {superuser}{dir-access access}]
no username nameSyntax Description
Usage Guidelines
If the (config) restrict user-database command is issued, only a user with administrative or technician privileges can use the username command.
The CSS can support up to 32 usernames including the administrator and technician usernames. It ships with a default username of admin and password of system.
You cannot permanently delete an administrative username and password. If you delete this username by using the no username command, it removes it from use until you reboot the CSS. When you reboot the CSS, it restores the username and password from NVRAM.
Related Commands
show running-config
show user-database
(config) restrict(config) username-offdm
To change the administrative username and password without having to use the Offline DM menu, use the username-offdm command. The CSS ships with a default administrative username of admin and password of system.
username-offdm name password password
Syntax Description
Usage Guidelines
Unlike other usernames and passwords, the CSS saves the administrative username and password in nonvolatile RAM (NVRAM). Anytime you reboot the CSS, it reads them from NVRAM and reinserts them into the user database.
Note
(config) username-technician
Note
To set the technician username and password without having to use the Technician Offline DM menu, use the username-technician command.
username-technician name password password
Syntax Description
(config) virtual authentication
To control virtual authentication on the CSS, use the virtual authentication command. Use this command to require users to enter a username and password to remotely log into the CSS. Use the no form of this command to allow users to access the CSS without a username and password.
virtual authentication {disallowed|local-radius|radius|radius-local}
no virtual authenticationSyntax Description
authentication
Requires users to enter a login name and password to remotely log into the CSS. The CSS checks the local username database. This is the default setting.
disallowed
Does not allow any additional users to log into the CSS. To remove users already logged into the CSS, use the admin-shutdown command.
local-radius
Checks the local username database for authentication. If the local authentication is unsuccessful, then the CSS performs a RADIUS server authentication to verify the username and password.
radius
Performs a RADIUS server authentication to verify username and password.
radius-local
Performs a RADIUS server authentication to verify username and password. If the RADIUS server authentication is unsuccessful, then the CSS checks the local username database for authentication.
Usage Guidelines
Before you can enable communication between the CSS and a RADIUS server configured with the (config) radius-server command, you must enable a RADIUS virtual or console authentication method.
Related Commands
(config) console
(config) radius-server(config) web-mgmt state
To allow or deny client access to the XML HTTP server running on the CSS, use the web-mgmt state command.
web-mgmt state [disable|enable]
Syntax Description
Usage Guidelines
The web-mgmt state command performs the same function as the (config) restrict xml command. Note that when you use this command, it does not appear in the configuration file. Instead, the (config) restrict command appears in the configuration file.
Related Commands
