-
Cisco GSS Administration Guide (Software Version 3.0)
-
Index
-
Preface
-
Managing GSS Devices from the GUI
-
Managing the GSS from the CLI
-
Creating and Managing User Accounts
-
Managing GSS User Accounts Through a TACACS+ Server
-
Configuring Access Lists and Filtering GSS Traffic
-
Configuring SNMP
-
Backing Up and Restoring the GSSM Database
-
Viewing Log Files
-
Monitoring GSS Operation
-
Configuring the GSS Network with Anycast
-
Installing GSS Licenses and CNR
-
Performing GSS Software Upgrades and Downgrades
-
Table Of Contents
A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W -
Index
A
access lists
access-list command 5-4
adding rules to 5-8
associating with an interface 5-7
creating 5-4
destination port 5-5
disassociating from an interface 5-8
displaying 5-10
filtering traffic 5-1
ICMP traffic filtering 5-5
operator 5-5
overview 5-2
removing rules 5-9
source address 5-5
TCP traffic filtering 5-5
UDP traffic filtering 5-5
viewing 5-9
activating GSS devices 1-6
adding rules to access lists 5-8
administration password
restoring 3-28
administrator account, resetting 3-26
anycast
configuring 10-3
overview 10-1
associating access list with interface 5-7
B
backup of GSSM
full backup procedure 7-3
overview 7-2
boot information, displaying 2-41
C
certificate
accepting 1-2
attributes, modifying 2-17
certificate set-attributes command 2-17
installing 1-2
keys, deleting 2-17
modifying 2-17
trusting 1-2
changing GSSM roles in GSS network 2-32
CLI
GSS device monitoring 9-2, 9-4
logging in 2-2
monitoring GSS network statistics 9-1
privileged EXEC mode, enabling 2-2
privilege level, specifying 3-3
resetting CLI administrator account 3-26
resetting password 3-15
TACACS+ server, authorization settings 4-9
user account, creating 3-2
CNR
CLI, accessing 11-9
installing 11-6
installing or upgrading 11-5
license file, acquiring 11-3
license file, installing 11-3
restricted CNR shell, invoking 11-10
uninstalling 11-20
CNR GUI access mode, configuring 11-11
CNR Security kit, installing 11-20
cold restart, performing 2-20
copying
files 2-13
startup configuration to or from disk 2-5, 2-6
CPU or memory processes 2-42
D
database
monitoring status of 9-6
purging 8-16
records, purging 8-16
restoring GSSM from full backup 7-5
validating records 9-6
validation report 9-7
DDoS
license file, acquiring 11-3
license file, installing 11-3
debug log message 8-16
default
password 1-3
username 1-3
deleting files 2-14
deployment, GSS devices behind firewall 5-12
directory
current working directory, displaying 2-11
displaying files 2-11
disabling GSS software 2-20
disassociating access list from interface 5-8
disk
displaying information 2-43
specifying for log file destination 8-5
documentation
audience xi
caution and note overview xvi
organization xii
related xiii
set xiii
symbols and conventions xv
downgrading
installing a lower software image A-12
E
enable command password 1-11
enabling GSS software 2-21
Ethernet interface, segmenting traffic 5-9
exporting primary GSSM data 1-14
F
factory defaults, restoring 2-21
fatal error log message 8-15
files
deleting 2-14
displaying entire contents 2-10
displaying in directory 2-11
displaying last 10 lines 2-10
listing within directory 2-45
renaming 2-12
securely copying 2-13
filtering
GSS traffic 5-1
ICMP traffic 5-5
TCP traffic 5-5
traffic type 5-5
UDP traffic 5-5
firewall
configuring for GSS 5-16
deploying GSS devices 5-12
inbound traffic to GSS 5-13
inbound traffic to the GSS 5-13
outbound traffic from the GSS 5-14
full GSSM backup 7-3
G
Global Site Selector
activating from primary GSSM 1-6
CNR, installing 11-6
cold restart, performing 2-20
CPU or memory processes, displaying 2-42
deleting devices from primary GSSM 1-10
disabling GSS device 2-20
enabling GSS device 2-21
GSS-related port and protocols 5-3
hard disk information, displaying 2-43
inactivity timeout 2-15
inter-GSS communications 5-9
license data, displaying 2-39
license file, obtaining 11-3
logically removing or replacing 1-11
login accounts 3-1
memory blocks and statistics, displaying 2-40
MIB files 6-15
modifying device configuration from primary GSSM 1-9
monitoring through CLI 9-2, 9-4
monitoring through GUI 9-5
online status and resource usage 9-2, 9-4
operating configuration, displaying for TAC 9-9
purging system log messages 8-16
registering 1-6
renaming a file 2-12
replacing 2-31
reporting interval 1-14
restarting GSS software 2-19
running configuration 2-3, 2-5
services information, displaying 2-45
shutting down GSS software 2-19
software licenses 11-2
startup configuration 2-3, 2-5
stopping GSS software 2-18
subsystem levels 8-1
system status, displaying 2-45, 9-4
UDI, displaying 2-44
user account, creating 3-2
user account, deleting 3-4
user account, modifying 3-3
version information 2-37
Global Site Selector Manager
activating 1-6
activating devices 1-6
backing up 7-2
changing role in GSS network 2-32
changing the GUI password 3-13
changing to standby 2-32
cold restart, performing 2-20
configuring, primary 4-29
configuring, standby 4-29
creating user account (GUI) 3-9
database, monitoring 9-6
default username and password 1-3
deleting GSS devices 1-10
disabling GSSM device 2-20
enabling GSSM device 2-21
exporting data 1-14
GUI, configuring 1-13
inactivity timeout 2-15
logging on 1-2
logically removing GSS or standby GSSM 1-11
login accounts 3-4
modifying devices 1-9
modifying user account (GUI) 3-12
monitoring device status from GUI 9-5
password 3-13
platform information 7-6
printing data 1-14
registering GSS devices 1-6
removing user account (GUI) 3-12
restarting GSS software 2-19
restoring factory defaults 2-21
restoring full backup 7-5
reversing role in GSS network 2-35
role change 2-32
shutting down GSS software 2-19
stopping GSS software 2-18
TACACS+ server authorization 4-12
verifying role prior to upgrading A-5
viewing system logs 8-13
gss.log file 8-10
gssm standby-to-primary command 2-23, 2-34
GSS network
changing GSSM role 2-32
GSS, logically removing 1-11
limiting network traffic 5-9
logically removing a GSS 1-11
monitoring through CLI 9-1
monitoring through GUI 9-5
primary GSSM, logically removing 1-11
reversing GSSM role 2-35
segmenting network traffic 5-9
standby GSSM, logically removing 1-11
GSS-related ports and protocols 5-3
GUI
configuration 1-13
default username and password 1-3
logging on 1-2
logging out 1-4
monitoring GSS device status 9-6
password 3-13
refreshing 1-14
session inactivity timeout 1-13
timeout 1-14
user account, creating 3-9
user account, modifying 3-12
user account, removing 3-12
user view, creating 3-16
GUI privilege level
specifying 3-10
TACACS+ server authorization 4-12
H
hardware and software compatibility A-2
host, specifying as log file destination 8-6
I
Info log message 8-16
inter-GSS communications 5-9
K
keepalives with TACACS+ server 4-22
L
licenses
CNR, installing 11-6
installing 11-4
obtaining 11-3
overview 11-2
Product Access Key 11-2
SWIFT application 11-3
uninstalling 11-5
loading startup configuration from external file 2-5
log files
destination, specifying disk 8-5
host destination, specifying 8-6
logging levels 8-1
rotating 8-12
subsystem 8-11
viewing from CiscoWorks RME Syslog Analyzer 8-20
logging
facility 8-8
follow command option 8-10, 8-11
host destination, specifying 8-6
log activity, displaying 8-11
logs, displaying 8-11
purging log records 8-16
syslog facility 8-8
system logging 8-4
system message log, displaying 8-11
tail command option 8-10, 8-11
to a specific file on disk 8-5
to sys.log file, disabling 8-8
to sys.log file, enabling 8-6
turning off from disk 8-6, 8-8
logically removing
GSS from a network 1-11
GSS or standby GSSM from the network 1-11
standby GSSM from a network 1-11
log in
CLI 2-2
default GUI username and password 1-3
inactivity timeout, specifying 2-15
logging out 1-4
primary GSSM GUI 1-2
login accounts
creating on GSS 3-2
creating on GSSM 3-9
deleting 3-4
GSSM 3-4
managing 3-1
removing 3-12
log out 1-4
M
memory blocks and statistics 2-40
messages
purging 8-16
system log 8-17
viewing 8-13
monitoring
database status 9-6
GSS network status 9-1
status of GSS devices by CLI 9-2
status of GSS devices from the GUI 9-6
N
network
O
operator range 5-5
P
packets
denying 5-5
permitting 5-5
Partner Initiated Customer Access
password
changing default administration password 3-27, 3-28
CLI, resetting 3-15
CLI user account, creating 3-3
default (GUI) 1-3
GSSM GUI, changing 3-13
GUI, entering 1-3
GUI user account, changing password 3-13
GUI user account, creating 3-10
resetting CLI administrator account 3-26
restoring default administration password 3-28
PICA A-6
platform information
restoring 7-6
summary 7-6
ports and protocols 5-2, 5-3, 5-13
printing primary GSSM data 1-14
privileged EXEC mode, enabling 2-2
protocols and ports for GSS devices 5-3
purging system log messages 8-16
R
record
database records, validating 9-6
purging 8-16
recovery CD A-16
recovery image A-16
refreshing the GUI 1-14
registering GSS devices 1-6
renaming a GSS file 2-12
replacing
flowchart 2-22
GSS 2-31
primary GSSM 2-27
standby GSSM 2-29
report, database validation creating 9-7
reset-gui-admin-password command 3-28
resetting
CLI administrator account 3-26
CLI password 3-15
password 3-26
restarting GSS software 2-19
restoring
default administration password 3-28
GSSM from full backup 7-5
GSSM platform information 7-6
overview 7-4
rotating log files 8-12
running configuration file
changing 2-4
copying 2-5
copying as startup-config file 2-4
displaying 2-7
overview 2-3
saving to startup configuration 2-4
S
segmenting GSS traffic by interface 5-9
session inactivity timeout 1-13
severity log message 8-15
show commands
show access-group command 5-12
show access-list command 5-9, 5-10
show boot-config command 2-41
show disk command 2-43
show inventory command 2-44
show license command 2-39
show logging command 8-11
show logs command 8-10
show memory command 2-40
show processes command 2-42
show services command 2-45
show system-status command 2-45, 9-4
show tacacs command 4-26
show tech-support command 9-9
show uptime command 2-43
show user command 2-15
show users command 2-15
show version command 2-37
shutting down GSS software 2-19
SNMP
configuring 6-5
disabling 6-6
MIB files, viewing 6-15
overview 6-2
port, changing 6-15
server notifications 6-7, 6-9, 6-11
setup 6-5
snmp command 6-5
specifying notification operation recipients 6-12
supported MIBs and notifications 6-2
viewing status 6-13
SNMP notification operations
snmp-server host command 6-12
specifying recipients 6-12
SNMP server notifications
snmp-server cpu-rising-threshold command 6-9
snmp-server enable traps command 6-7, 6-11
software
boot information, showing 2-41
disabling GSS device 2-20
enabling GSS device 2-21
restarting 2-19
shutting down 2-19
stopping 2-18
upgrade procedure A-1
version information, showing 2-37
software licenses
CNR, installing on GSS 11-6
installing 11-4
obtaining 11-3
overview 11-2
Product Access Key 11-2
SWIFT application 11-3
uninstalling 11-5
software upgrade
obtaining A-2
standby GSSM 1-11
changing to primary 2-32
logically removing 1-11
registering with primary GSSM 1-6
replacing 2-29
startup configuration
loading from external file 2-5
saving running configuration as startup configuration 2-4
startup configuration file
changing 2-4
copying 2-5
copying device startup configuration settings 2-6
copying running configuration file as 2-4
displaying 2-8
loading from external file 2-6
overview 2-3
stopping GSS software 2-18
subsystem log files
rotating 8-12
viewing 8-11
SWIFT application 11-3
syslog, configuring 8-4
system
logging 8-4
message log 8-11
system log
messages 8-17
purging 8-16
severity 8-15
typical messages 8-17
viewing 8-13
viewing from CiscoWorks RME Syslog Analyzer 8-20
viewing from GUI 8-14
system uptime, displaying 2-43
T
TAC
displaying GSS operating configuration 9-9
tech report 9-9
TACACS+
accounting overview 4-3
authentication overview 4-3
authorization overview 4-3
Cisco Secure Access Control Server (ACS) 4-5
disabling 4-28
GSS, disabling/enabling keepalives 4-22
GSS, specifying accounting 4-25
GSS, specifying authentication 4-23
GSS, specifying authorization 4-24
GSS, specifying server hosts 4-19
GSS, specifying server timeout 4-23
overview 4-2
primary GSSM GUI privilege level authorization 4-12
primary GSSM user view authorization 4-16
quick start 4-4
server, accounting settings 4-17
server, authentication settings 4-5
server, authorization settings 4-7
server, configuring 4-5
shared secret with GSS 4-20
statistics, clearing 4-28
statistics, displaying 4-26
tail command option 8-12
terminal screen line length, configuring 2-16
third-party software, viewing information 1-15
traffic
filtering 5-4
limiting 5-9
segmenting by interface 5-9
U
UDI 2-44
upgrading
GSS software A-1
installing a new software image A-10
sequence A-1
verifying GSSM role prior to upgrading A-5
user
account, creating 3-9
account, modifying 3-12
account, removing 3-12
information, displaying 2-15
user account
CLI account, creating 3-2
CLI account, deleting 3-4
CLI account, modifying 3-3
CLI user, privilege levels 3-3
creating for GUI 3-9
creating with CLI 3-2
deleting 3-4
GUI user, privilege levels 3-5, 3-6, 3-8, 3-10
GUI user, views 3-11
GUI user account, changing password 3-13
GUI user account, creating 3-9
GUI user account, modifying 3-12
GUI user account, removing 3-12
removing 3-12
view overview 3-15
username
default (GUI) 1-3
GUI, entering 1-3
GUI user account, creating 3-10
user view
answers, adding 3-18
answers, removing 3-22
creating 3-16
deleting 3-25
general configuration 3-18
keepalives, adding 3-19
keepalives, removing 3-22
locations, adding 3-20
locations, removing 3-22
modifying 3-24
naming 3-18
overview 3-15
owners, adding 3-21
owners, removing 3-22
specifying 3-11
TACACS+ server authorization 4-16
V
validating database records 9-6
verifying GSSM role A-5
version information 2-37
viewing
access lists 5-9
gss.log file 8-10
MIB files 6-15
SNMP status 6-13
subsystem log files 8-11
system log 8-13
system logs from CiscoWorks RME Syslog Analyzer 8-20
system logs from GUI 8-14
third-party software information 1-15
W
warning log message 8-15