-
Cisco GSS Administration Guide (Software Version 2.0)
-
Index
-
Preface
-
Managing GSS Devices from the GUI
-
Managing the GSS from the CLI
-
Creating and Managing User Accounts
-
Managing GSS User Accounts Through a TACACS+ Server
-
Configuring Access Lists and Filtering GSS Traffic
-
Configuring SNMP
-
Backing Up, Restoring, and Downgrading the GSSM Database
-
Viewing Log Files
-
Monitoring GSS Operation
-
Upgrading the GSS Software
-
Table Of Contents
A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W -
Index
A
access lists
access-list command 5-4
adding rules to 5-8
associating with an interface 5-7
creating 5-4
destination port 5-5
disassociating from an interface 5-8
displaying 5-10
filtering traffic 5-1
ICMP traffic filtering 5-5
operator 5-5
overview 5-2
removing rules 5-9
source address 5-5
TCP traffic filtering 5-5
UDP traffic filtering 5-5
viewing 5-9
activating GSS devices 1-6
adding rules to access lists 5-8
administration password
restoring 3-28
administrator account, resetting 3-26
associating access list with interface 5-7
B
backup of GSSM
full backup procedure 7-3
overview 7-2
boot information, displaying 2-48
C
certificate
accepting 1-2
attributes, modifying 2-25
certificate set-attributes command 2-25
installing 1-2
keys, deleting 2-25
modifying 2-25
trusting 1-2
changing GSSM roles in GSS network 2-40
CLI
GSS device monitoring 8-2, 8-4
logging in 2-2
monitoring GSS network statistics 8-1
privileged EXEC mode, enabling 2-2
privilege level, specifying 3-2
resetting CLI administrator account 3-26
resetting password 3-15
TACACS+ server, authorization settings 4-9
user account, creating 3-2
CNR
CLI, accessing 2-9
installing 2-6
license file, acquiring 2-4
license file, installing 2-4
restricted CNR shell, invoking 2-11
cold restart, performing 2-28
copying
files 2-22
startup configuration to or from disk 2-14, 2-15
CPU or memory processes 2-49
D
database
monitoring status of 8-5
purging 9-15
records, purging 9-16
restoring GSSM from full backup 7-5
validating records 8-6
validation report 8-6
DDoS
license file, acquiring 2-4
license file, installing 2-4
debug log message 9-15
default
password 1-3
username 1-3
deleting files 2-23
deployment, GSS devices behind firewall 5-12
directory
current working directory, displaying 2-20
displaying files 2-20
disabling GSS software 2-29
disassociating access list from interface 5-8
disk
displaying information 2-50
specifying for log file destination 9-5
documentation
audience xi
caution and note overview xvi
organization xii
related xiii
set xiii
symbols and conventions xv
downgrading
GSS device software 7-8
order of operation 7-8
restoring earlier software version 7-9
E
enabling GSS software 2-29
Ethernet interface, segmenting traffic 5-9
exporting primary GSSM data 1-14
F
factory defaults, restoring 2-29
fatal error log message 9-15
files
deleting 2-23
displaying entire contents 2-19
displaying in directory 2-20
displaying last 10 lines 2-19
listing within directory 2-51
renaming 2-21
securely copying 2-22
filtering
GSS traffic 5-1
ICMP traffic 5-5
TCP traffic 5-5
traffic type 5-5
UDP traffic 5-5
firewall
configuring for GSS 5-16
deploying GSS devices 5-12
inbound traffic to GSS 5-12
inbound traffic to the GSS 5-13
outbound traffic from the GSS 5-14
full GSSM backup 7-3
G
Global Site Selector
activating from primary GSSM 1-6
CNR, installing 2-6
cold restart, performing 2-28
CPU or memory processes, displaying 2-49
deleting devices from primary GSSM 1-10
disabling GSS device 2-29
downgrading software 7-8
enabling GSS device 2-29
GSS-related port and protocols 5-3
hard disk information, displaying 2-50
inactivity timeout 2-24
inter-GSS communications 5-9
license data, displaying 2-46
license file, obtaining 2-4
logically removing or replacing 1-11
login accounts 3-1
memory blocks and statistics, displaying 2-47
MIB files 6-9
modifying device configuration from primary GSSM 1-9
monitoring through CLI 8-2, 8-4
monitoring through GUI 8-4
online status and resource usage 8-2, 8-4
operating configuration, displaying for TAC 8-8
purging system log messages 9-15
recovering deregistered GSS 2-3
registering 1-6
renaming a file 2-21
replacing 2-39
reporting interval 1-14
restarting GSS software 2-28
running configuration 2-12, 2-14
services information, displaying 2-52
shutting down GSS software 2-27
software licenses 2-3
startup configuration 2-12, 2-14
stopping GSS software 2-27
subsystem levels 9-1
system status, displaying 2-51, 8-4
UDI, displaying 2-50
user account, creating 3-2
user account, deleting 3-3
user account, modifying 3-3
version information 2-45
Global Site Selector Manager
activating 1-6
activating devices 1-6
backing up 7-2
changing role in GSS network 2-40
changing the GUI password 3-13
changing to standby 2-40
cold restart, performing 2-28
configuring, primary 4-29
configuring, standby 4-29
creating user account (GUI) 3-9
database, monitoring 8-5
default username and password 1-3
deleting GSS devices 1-10
disabling GSSM device 2-29
downgrading software 7-8
enabling GSSM device 2-29
exporting data 1-14
GUI, configuring 1-13
inactivity timeout 2-24
logging on 1-2
logically removing GSS or standby GSSM 1-11
login accounts 3-4
modifying devices 1-9
modifying user account (GUI) 3-12
monitoring device status from GUI 8-4
password 3-13
platform information 7-6
printing data 1-14
registering GSS devices 1-6
removing user account (GUI) 3-12
restarting GSS software 2-28
restoring factory defaults 2-29
restoring full backup 7-5
reversing role in GSS network 2-43
role change 2-40
shutting down GSS software 2-27
stopping GSS software 2-27
TACACS+ server authorization 4-12
verifying role prior to upgrading A-2
viewing system logs 9-13
gss.log file 9-10
gssm standby-to-primary command 2-32, 2-42
GSS network
changing GSSM role 2-40
GSS, logically removing 1-11
limiting network traffic 5-9
logically removing a GSS 1-11
monitoring through CLI 8-1
monitoring through GUI 8-4
primary GSSM, logically removing 1-11
reversing GSSM role 2-43
segmenting network traffic 5-9
standby GSSM, logically removing 1-11
GSS-related ports and protocols 5-3
GUI
configuration 1-13
default username and password 1-3
logging on 1-2
logging out 1-4
monitoring GSS device status 8-5
password 3-13
refreshing 1-14
session inactivity timeout 1-13
timeout 1-14
user account, creating 3-9
user account, modifying 3-12
user account, removing 3-12
user view, creating 3-16
GUI privilege level
specifying 3-10
TACACS+ server authorization 4-12
H
host, specifying as log file destination 9-6
I
Info log message 9-15
inter-GSS communications 5-9
K
keepalives with TACACS+ server 4-22
L
licenses
CNR, installing 2-6
installing 2-5
obtaining 2-4
overview 2-3
Product Access Key 2-3
SWIFT application 2-4
uninstalling 2-5
loading startup configuration from external file 2-14
log files
destination, specifying disk 9-5
host destination, specifying 9-6
logging levels 9-1
rotating 9-12
subsystem 9-11
viewing from CiscoWorks RME Syslog Analyzer 9-18
logging
facility 9-8
follow command option 9-10
host destination, specifying 9-6
log activity, displaying 9-11
logs, displaying 9-11
purging log records 9-15
syslog facility 9-8
system logging 9-4
system message log, displaying 9-11
tail command option 9-10
to a specific file on disk 9-5
to sys.log file, disabling 9-8
to sys.log file, enabling 9-6
turning off from disk 9-6, 9-7, 9-8
logically removing
GSS from a network 1-11
GSS or standby GSSM from the network 1-11
standby GSSM from a network 1-11
log in
CLI 2-2
default GUI username and password 1-3
inactivity timeout, specifying 2-24
logging out 1-4
primary GSSM GUI 1-2
login accounts
creating on GSS 3-2
creating on GSSM 3-9
deleting 3-3
GSSM 3-4
managing 3-1
removing 3-12
log out 1-4
M
memory blocks and statistics 2-47
messages
purging 9-15
system log 9-16
viewing 9-13
monitoring
database status 8-5
GSS network status 8-1
status of GSS devices by CLI 8-2
status of GSS devices from the GUI 8-5
N
network
O
operator range 5-5
P
packets
denying 5-4
permitting 5-4
Partner Initiated Customer Access
password
changing default administration password 3-27, 3-28
CLI, resetting 3-15
CLI user account, creating 3-2
default (GUI) 1-3
GSSM GUI, changing 3-13
GUI, entering 1-3
GUI user account, changing password 3-13
GUI user account, creating 3-10
resetting CLI administrator account 3-26
restoring default administration password 3-28
PICA A-3
platform information
restoring 7-6
summary 7-6
ports and protocols 5-2, 5-3, 5-12
printing primary GSSM data 1-14
privileged EXEC mode, enabling 2-2
protocols and ports for GSS devices 5-3
purging system log messages 9-15
R
record
database records, validating 8-6
purging 9-15
refreshing the GUI 1-14
registering GSS devices 1-6
renaming a GSS file 2-21
replacing
flowchart 2-30
GSS 2-39
primary GSSM 2-35
standby GSSM 2-37
report, database validation creating 8-6
reset-gui-admin-password command 3-28
resetting
CLI administrator account 3-26
CLI password 3-15
password 3-26
restarting GSS software 2-28
restoring
default administration password 3-28
GSSM from full backup 7-5
GSSM platform information 7-6
overview 7-4
rotating log files 9-12
running configuration file
changing 2-13
copying 2-14
copying as startup-config file 2-13
displaying 2-15
overview 2-12
saving to startup configuration 2-13
S
segmenting GSS traffic by interface 5-9
session inactivity timeout 1-13
severity log message 9-15
show commands
show access-group command 5-11
show access-list command 5-9, 5-10
show boot-config command 2-48
show disk command 2-50
show inventory command 2-50
show license command 2-46
show logging command 9-11
show logs command 9-10
show memory command 2-47
show processes command 2-49
show services command 2-52
show system-status command 2-51, 8-4
show tacacs command 4-26
show tech-support command 8-8
show uptime command 2-50
show user command 2-23
show users command 2-23
show version command 2-45
shutting down GSS software 2-27
SNMP
configuring 6-2
configuring server information 6-4
disabling 6-3
enabling 6-2
MIB files, viewing 6-9
overview 6-2
port, changing 6-9
setup 6-2
snmp command 6-2
snmp-server command 6-4
specifying notification operation recipients 6-7
viewing status 6-8
SNMP notification operations
snmp-server host command 6-7
specifying recipients 6-7
SNMP server information
configuring 6-4
SNMP server notifications
snmp-server enable traps command 6-5, 6-6
software
boot information, showing 2-48
disabling GSS device 2-29
downgrade, restoring earlier software version 7-9
downgrade procedure 7-8
enabling GSS device 2-29
restarting 2-28
shutting down 2-27
stopping 2-27
update, obtaining update file A-3
upgrade procedure A-1
version information, showing 2-45
software licenses
CNR, installing on GSS 2-6
installing 2-5
obtaining 2-4
overview 2-3
Product Access Key 2-3
SWIFT application 2-4
uninstalling 2-5
standby GSSM 1-11
changing to primary 2-40
logically removing 1-11
registering with primary GSSM 1-6
replacing 2-37
startup configuration
loading from external file 2-14
saving running configuration as startup configuration 2-13
startup configuration file
changing 2-13
copying 2-14
copying device startup configuration settings 2-15
copying running configuration file as 2-13
displaying 2-17
loading from external file 2-15
overview 2-12
stopping GSS software 2-27
subsystem log files
rotating 9-12
viewing 9-11
SWIFT application 2-4
syslog, configuring 9-4
system
logging 9-4
message log 9-11
system log
messages 9-16
purging 9-15
severity 9-15
typical messages 9-16
viewing 9-13
viewing from CiscoWorks RME Syslog Analyzer 9-18
viewing from GUI 9-14
system uptime, displaying 2-50
T
TAC
displaying GSS operating configuration 8-8
tech report 8-8
TACACS+
accounting overview 4-3
authentication overview 4-3
authorization overview 4-3
Cisco Secure Access Control Server (ACS) 4-5
disabling 4-28
GSS, disabling/enabling keepalives 4-22
GSS, specifying accounting 4-25
GSS, specifying authentication 4-23
GSS, specifying authorization 4-24
GSS, specifying server hosts 4-19
GSS, specifying server timeout 4-23
overview 4-2
primary GSSM GUI privilege level authorization 4-12
primary GSSM user view authorization 4-16
quick start 4-4
server, accounting settings 4-17
server, authentication settings 4-5
server, authorization settings 4-7
server, configuring 4-5
shared secret with GSS 4-20
statistics, clearing 4-28
statistics, displaying 4-26
tail command option 9-12
terminal screen line length, configuring 2-24
third-party software, viewing information 1-15
traffic
filtering 5-4
limiting 5-9
segmenting by interface 5-9
U
UDI 2-50
upgrading
GSS software A-1
obtaining update file A-3
sequence A-1
update file, obtaining A-3
verifying GSSM role prior to upgrading A-2
user
account, creating 3-9
account, modifying 3-12
account, removing 3-12
information, displaying 2-23
user account
CLI account, creating 3-2
CLI account, deleting 3-3
CLI account, modifying 3-3
CLI user, privilege levels 3-2
creating for GUI 3-9
creating with CLI 3-2
deleting 3-3
GUI user, privilege levels 3-5, 3-6, 3-8, 3-10
GUI user, views 3-11
GUI user account, changing password 3-13
GUI user account, creating 3-9
GUI user account, modifying 3-12
GUI user account, removing 3-12
removing 3-12
view overview 3-15
username
default (GUI) 1-3
GUI, entering 1-3
GUI user account, creating 3-10
user view
answers, adding 3-18
answers, removing 3-22
creating 3-16
deleting 3-25
general configuration 3-18
keepalives, adding 3-19
keepalives, removing 3-22
locations, adding 3-20
locations, removing 3-22
modifying 3-24
naming 3-18
overview 3-15
owners, adding 3-21
owners, removing 3-22
specifying 3-11
TACACS+ server authorization 4-16
V
validating database records 8-6
verifying GSSM role A-2
version information 2-45
viewing
access lists 5-9
gss.log file 9-10
MIB files 6-9
SNMP status 6-8
subsystem log files 9-11
system log 9-13
system logs from CiscoWorks RME Syslog Analyzer 9-18
system logs from GUI 9-14
third-party software information 1-15
W
warning log message 9-15