CSS Security Configuration Guide (Software Version 8.10)
Preface
Download this chapter
PrefacePreface
Download the complete book
Cisco Content Services Switch Security Configuration Guide (Software Version 8.10), Book-Length PDFCisco Content Services Switch Security Configuration Guide (Software Version 8.10), Book-Length PDF (PDF - 1 MB)
give_us_feedback

Table Of Contents

Preface

Audience

How to Use This Guide

Related Documentation

Symbols and Conventions

Obtaining Documentation, Obtaining Support, and Security Guidelines


Preface

This guide provides instructions for configuring the security features of the Cisco 11500 Series Content Services Switches (CSS). Information in this guide applies to all CSS models except where noted.

The CSS software is available in a Standard or optional Enhanced feature set. Proximity Database and Secure Management, which includes Secure Shell Host and SSL strong encryption for the Device Management software, are optional features.

This preface contains the following major sections:

Audience

How to Use This Guide

Related Documentation

Symbols and Conventions

Obtaining Documentation, Obtaining Support, and Security Guidelines

Audience

This guide is intended for the following trained and qualified service personnel who are responsible for configuring the CSS:

Web master

System administrator

System operator

How to Use This Guide

This guide is organized as follows:

Chapter
Description

Chapter 1,
Controlling CSS Access

Control access to the CSS including user and network traffic access.

Chapter 2,
Configuring the Secure Shell Daemon Protocol

Configure Secure Shell Daemon (SSHD) protocol to provide secure encrypted communications between two hosts communicating over an insecure network.

Chapter 3,
Configuring the CSS as a Client of a RADIUS Server

Configure Remote Authentication Dial-In User Service (RADIUS) protocol as a client on the CSS.

Chapter 4,
Configuring the CSS as a Client of a TACACS+ Server

Configure Terminal Access Controller Access Control System (TACACS+) protocol as a client on the CSS.

Chapter 5,
Configuring Firewall Load Balancing

Configure firewall load balancing between CSSs for enhanced security.


Related Documentation

In addition to this guide, the Content Services Switch documentation includes the following publications.

Document Title
Description

Release Note for the
Cisco 11500 Series Content Services Switch

This release note provides information on operating considerations, caveats, and command line interface (CLI) commands for the Cisco 11500 series CSS.

Cisco 11500 Series Content Services Switch Hardware Installation Guide

This guide provides information for installing, cabling, and powering the Cisco 11500 series CSS. In addition, this guide provides information about CSS specifications, cable pinouts, and hardware troubleshooting.

Cisco Content Services Switch Getting Started Guide

This guide describes how to perform initial administration and configuration tasks on the CSS, including:

Booting the CSS for the first time and on a routine basis, and logging in to the CSS

Configuring the username and password, Ethernet management port, static IP routes, and the date and time

Configuring DNS server for hostname resolution

Configuring sticky cookies with a sticky overview and advanced load-balancing method using cookies

Installing the CSS Cisco View Device Manager (CVDM) browser-based user interface used to configure the CSS

A task list to help you find information in the CSS documentation

Troubleshooting the boot process

Cisco Content Services Switch Administration Guide

This guide describes how to perform administrative tasks on the CSS, including upgrading your CSS software and configuring the following:

Logging, including displaying log messages and interpreting sys.log messages

User profile and CSS parameters

SNMP

RMON

XML documents to configure the CSS

CSS scripting language

Offline Diagnostic Monitor (Offline DM) menu

Cisco Content Services Switch Routing and Bridging Configuration Guide

This guide describes how to perform routing and bridging configuration tasks on the CSS, including:

Management ports, interfaces, and circuits

Spanning-tree bridging

Address Resolution Protocol (ARP)

Routing Information Protocol (RIP)

Internet Protocol (IP)

Open Shortest Path First (OSPF) protocol

Cisco Discovery Protocol (CDP)

Dynamic Host Configuration Protocol (DHCP) relay agent

Cisco Content Services Switch Content Load-Balancing Configuration Guide

This guide describes how to perform CSS content load-balancing configuration tasks, including:

Flow and port mapping

Services

Service, global, and script keepalives

Source groups

Loads for services

Server/Application State Protocol (SASP)

Dynamic Feedback Protocol (DFP)

Owners

Content rules

Sticky parameters

HTTP header load balancing

Content caching

Content replication

Cisco Content Services Switch Global Server Load-Balancing Configuration Guide

This guide describes how to perform CSS global load-balancing configuration tasks, including:

Domain Name System (DNS)

DNS Sticky

Content Routing Agent

Client-Side Accelerator

Network proximity

Cisco Content Services Switch Redundancy Configuration Guide

This guide describes how to perform CSS redundancy configuration tasks, including:

VIP and virtual interface redundancy

Adaptive session redundancy

Box-to-box redundancy

Cisco Content Services Switch SSL Configuration Guide

This guide describes how to perform CSS SSL configuration tasks, including:

SSL certificate and keys

SSL termination

Back-end SSL

SSL initiation

HTTP data compression

Cisco Content Services Switch Command Reference

This reference provides an alphabetical list of all CLI commands including syntax, options, and related commands.


Symbols and Conventions

This guide uses the following symbols and conventions to identify different types of information.

Caution A caution means that a specific action you take could cause a loss of data or adversely impact use of the equipment.

Warning A warning describes an action that could cause you physical harm or damage the equipment.

Note A note provides important related information, reminders, and recommendations.

Bold text indicates a command in a paragraph.

Courier text indicates text that appears on a command line, including the CLI prompt.

Courier bold text indicates commands and text you enter in a command line.

Italics text indicates the first occurrence of a new term, book title, emphasized text, and variables for which you supply values.

1. A numbered list indicates that the order of the list items is important.

a. An alphabetical list indicates that the order of the secondary list items is important.

A bulleted list indicates that the order of the list topics is unimportant.

An indented list indicates that the order of the list subtopics is unimportant.

Obtaining Documentation, Obtaining Support, and Security Guidelines

For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html