Cisco ACNS Software Configuration Guide for Centrally Managed Deployments, Release 5.4
Chapter 20: Configuring Platform and System Settings
Download this chapter
Chapter 20: Configuring Platform and System SettingsChapter 20: Configuring Platform and System Settings
Download the complete book
Full-Length PDF BookFull-Length PDF Book (PDF - 19 MB)
give_us_feedback

Table Of Contents

Configuring Platform and System Settings

Configuring Remote Login Access Control Settings

Enabling the Telnet Service on the Content Engine

Configuring Secure Shell Settings

About the Secure Shell Host Key

About Secure Shell Daemon Password Guesses

Configuring Message of the Day Settings for the Content Engine

Configuring Exec Timeout Settings

Configuring Line Console Carrier Detection

Configuring Network Services

Configuring CDP Settings

Enabling RCP Services on the Content Engine

Configuring the Content Router for Interoperability with a Layer 4 Switch

Configuring Date and Time Settings

Configuring NTP Settings

Configuring Device Clock and Time Zone Settings

Configuring System-Wide Distribution QoS Settings Based on Channel Priority

Setting DSCP Values for QoS Packets

Modifying System Default Properties

Configuring Faster Detection of Offline Content Engines

About Faster Detection of Offline Content Engines

Printing ACNS Network Data

Creating Proxy Error Messages

Configuring Proxy Error Message Download Settings for the Content Engine

Configuring Proxy Error Message Upload Settings for the Content Engine

Enabling Offline Operation of Network Devices


Configuring Platform and System Settings

This chapter explains how to configure platform and system settings. It contains the following sections:

Configuring Remote Login Access Control Settings

Configuring Network Services

Configuring Date and Time Settings

Configuring System-Wide Distribution QoS Settings Based on Channel Priority

Modifying System Default Properties

Configuring Faster Detection of Offline Content Engines

Printing ACNS Network Data

Creating Proxy Error Messages

Enabling Offline Operation of Network Devices

Configuring Remote Login Access Control Settings

This section explains how to configure connection settings for various means of remote login and access to the system software.

Enabling the Telnet Service on the Content Engine

To enable the Telnet service on the Content Engine, follow these steps:

Step 1 Choose Devices > Devices. The Devices window appears, listing all the device types configured in the ACNS network.

Step 2 Click the Edit icon next to the Content Engine for which you want to enable Telnet. The Device Home for Content Engine window appears.

Step 3 In the Contents pane, choose General Settings > Login Access Control > Telnet. The Telnet Settings for Content Engine window appears.

Step 4 To enable the terminal emulation protocol for remote terminal connection, check the Telnet Enable.

Note You must use a console connection instead of a Telnet session to define device network settings on the Content Engine. However, after you have used a console connection to define the device network settings for this Content Engine, you can use a Telnet session to perform subsequent configuration tasks (for example, configure DNS caching).

Step 5 To save the settings, click Submit. A "Click Submit to Save" message appears in red next to the Current Settings line when there are pending changes to be saved after you have applied default or device group settings. You can also revert to the previously configured settings by clicking the Reset button. The Reset button is visible only when you have applied default or group settings to change the current device settings but have not yet submitted the changes.

If you try to leave this window without saving the modified settings, a warning dialog box prompts you to submit the changes. This dialog box only appears if you are using the Internet Explorer browser.

To enable the Telnet service on the Content Engine from the CLI, use the telnet enable global configuration command.

Configuring Secure Shell Settings

Secure Shell (SSH) consists of a server and a client program. Like Telnet, you can use the client program to remotely log in to a machine that is running the SSH server, but unlike Telnet, messages transported between the client and the server are encrypted. The functionality of SSH includes user authentication, message encryption, and message authentication.

The SSH management window in the Content Distribution Manager GUI allows you to specify the key length, login grace time, and maximum number of password guesses allowed when logging in.

To enable the SSH daemon on the Content Engine, follow these steps:

Step 1 Choose Devices > Devices. The Devices window appears, listing all the device types configured in the ACNS network.

Step 2 Click the Edit icon next to the Content Engine for which you want to enable SSH. The Device Home for Content Engine window appears.

Step 3 In the Contents pane, choose General Settings > Login Access Control > SSH. The SSH Configuration window appears. (See Figure 20-1.) Table 20-1 describes the fields in this window and provides the corresponding CLI global configuration commands.

Figure 20-1 SSH Configuration Window

Step 4 To enable the SSH feature, check the Enable check box. SSH enables login access to the Content Engine through a secure and encrypted channel.

Step 5 In the Length of key field, specify the number of bits needed to create an SSH key. The default is 1024.

When you enable SSH, be sure to generate both a private and a public host key, which client programs use to verify the server's identity. (See the "About the Secure Shell Host Key" section.)

Step 6 In the Login grace time field, specify the number of seconds for which an SSH session will be active during the negotiation (authentication) phase between client and server before it times out.

Step 7 In the Maximum number of password guesses field, specify the maximum number of incorrect password guesses allowed per connection. The default is 3. (See the "About Secure Shell Daemon Password Guesses" section.)

Step 8 To allow clients to connect using SSH protocol version 1, check the Enable SSHv1 check box.

Step 9 To allow clients to connect using SSH protocol version 2, check the Enable SSHv2 check box.

Note You can enable both SSHv1 and SSHv2, or you can enable one version and not the other. You cannot disable both versions of SSH unless you disable the SSH feature by unchecking the Enable check box. (See Step 4.)

Step 10 To save the settings, click Submit. A "Click Submit to Save" message appears in red next to the Current Settings line when there are pending changes to be saved after you have applied default or device group settings. You can also revert to the previously configured settings by clicking the Reset button. The Reset button is visible only when you have applied default or group settings to change the current device settings but have not yet submitted the changes.

If you try to leave this window without saving the modified settings, a warning dialog box prompts you to submit the changes. This dialog box only appears if you are using the Internet Explorer browser.

Table 20-1 SSH Settings 

GUI Parameter
Function
CLI Command

Enable

Enables the SSH feature.

sshd enable

Length of key

Number of bits needed to create an SSH key.

ssh-key-generate key-length length

Login grace time

Number of seconds for which an SSH session will be active during the negotiation (authentication) phase between client and server before it times out.

sshd timeout seconds

Maximum number of password guesses

Maximum number of incorrect password guesses allowed per connection.

sshd password-guesses num

Enable SSHv1

Allows clients to connect using SSH protocol version 1.

sshd version 1

Enable SSHv2

Allows clients to connect using SSH protocol version 2.

sshd version 2


About the Secure Shell Host Key

When you use an SSH client and log in to the Content Engine, the public key for the SSH daemon running on the Content Engine is recorded in the client machine known_hosts file in your home directory. If the Content Engine administrator subsequently regenerates the host key by specifying the number of bits in the Length of key field, you must delete the old public key entry associated with the Content Engine in the known_hosts file before running the SSH client program to log in to the Content Engine. When you use the SSH client program after deleting the old entry, the known_hosts file is updated with the new SSH public key for the Content Engine.

About Secure Shell Daemon Password Guesses

Although the value in the Maximum number of password guesses field specifies the number of allowed password guesses from the SSH server side, the actual number of password guesses for an SSH login session is determined by the combined number of allowed password guesses of the SSH server and the SSH client. Some SSH clients limit the maximum number of allowed password guesses to three (or to one in some cases), even though the SSH server allows more than this number of guesses.

When you specify n allowed password guesses, certain SSH clients interpret this number as n + 1. For example, when configuring the number of guesses to two for a particular device, SSH sessions from some SSH clients will allow three password guesses.

Configuring Message of the Day Settings for the Content Engine

The Message of the Day (MOTD) feature enables you to provide information bits to the users when they log in to a Content Engine that is part of your ACNS network. There are three types of messages that you can set up:

MOTD Banner

EXEC Process Creation Banner

Login Banner

Note When you run an SSH version 1 client and log in to the device, the MOTD and login banners are not displayed. You need to use SSH version 2 to display the banners when you log in to the device.

To configure the banner settings, follow these steps:

Step 1 From the Content Distribution Manager GUI, choose Devices > Devices. The Devices window appears.

Step 2 Click the Edit icon next to the Content Engine for which you want to set up the message of the day. The Device home window for the chosen Content Engine appears.

Step 3 In the Contents pane, choose General Settings > Login Access Control > Message of the Day from the Contents Pane. The MOTD Configuration window for the chosen Content Engine appears.

Step 4 To enable the MOTD settings, check the Enable check box. The Message of the Day (MOTD) banner, EXEC process creation banner, and Login banner fields become enabled.

Step 5 In the Message of the Day (MOTD) Banner field, enter a string that you want to display as the MOTD banner when a user attempts to login to the Content Distribution Manager.

Note In the Message of the Day (MOTD) Banner, EXEC Process Creation Banner, and Login Banner fields, you can enter a maximum of 1024 characters. A new line character (or Enter) is counted as two characters, as it is interpreted as \n by the system. You cannot use special characters such as `, % ,^ , and " in the MOTD text. If your text contains any of these special characters, ACNS software removes it from the MOTD output.

Step 6 In the EXEC Process Creation Banner field, enter a string to be displayed as the EXEC process creation banner when a user enters into the EXEC shell of the Content Engine.

Step 7 In the Login Banner field, enter a string to be displayed after the MOTD banner, when a user attempts to login to the Content Engine.

Step 8 To save the configuration, click Submit.

To configure banner messages from the CLI, use the banner global configuration command.

banner {motd | login | exec} message message_text

banner enable

Configuring Exec Timeout Settings

To configure the length of time that an inactive Telnet session remains open on the Content Engine, follow these steps:

Step 1 From the Content Distribution Manger GUI, choose Devices > Devices. The Devices window appears, listing all the device types configured in the ACNS network.

Step 2 Click the Edit icon next to the Content Engine for which you want to configure the exec timeout. The Device Home for Content Engine window appears.

Step 3 In the Contents pane, choose General Settings > Login Access Control > Exec Timeout. The Exec Timeout Settings for Content Engine window appears.

Step 4 In the Exec Timeout field, specify the number of minutes after which an active session times out. The default is 15 minutes.

A Telnet session with the Content Engine can remain open and inactive for the period specified in this field. When the exec timeout period elapses, the Content Engine automatically closes the Telnet session.

Step 5 To save the settings, click Submit. A "Click Submit to Save" message appears in red next to the Current Settings line when there are pending changes to be saved after you have applied default or device group settings. You can also revert to the previously configured settings by clicking the Reset button. The Reset button is visible only when you have applied default or group settings to change the current device settings but have not yet submitted the changes.

If you try to leave this window without saving the modified settings, a warning dialog box prompts you to submit the changes. This dialog box only appears if you are using the Internet Explorer browser.

To configure the length of time that an inactive Telnet session remains open on the Content Engine from the CLI, use the exec-timeout minutes global configuration command.

Configuring Line Console Carrier Detection

Carrier detection should be enabled if the Content Engine, Content Router, or Content Distribution Manager is to be connected to a modem for receiving calls. If you are using a null-modem cable with no carrier detect pin, the device might appear unresponsive on the console until the carrier detect signal is asserted. To recover from a misconfiguration, the device should be rebooted and the 0x2000 bootflag should be set to ignore the Carrier Detect (CD) setting.

This feature is disabled by default in the Content Distribution Manager GUI.

To enable console line carrier detection using the Content Distribution Manager, follow these steps:

Step 1 From the Content Distribution Manager GUI, choose Devices > Devices (or Devices > Device Groups).

Step 2 Click the Edit icon next to the device (or device group) that you want to configure.

Step 3 In the Contents pane, choose General Settings > Login Access Control > Console Carrier Detect. The Console Carrier Detect Settings window appears.

Step 4 To enable the window for configuration, check the Enable console line carrier detection before writing to the console check box.

Step 5 To save this setting, click Submit.

To configure line console carrier detection from the CLI, use the line console carrier-detect global configuration command. To disable console line carrier detection, use the no form of the command.

Configuring Network Services

This section explains how to configure settings for various network services.

Configuring CDP Settings

CDP (Cisco Discovery Protocol) is a device discovery protocol that runs on all Cisco-manufactured devices. With CDP, each device in a network sends periodic messages to all devices in the network. All devices listen to periodic messages that are sent by others to learn about neighboring devices and determine the status of their interfaces.

With CDP, network management applications can learn the device type and the Simple Network Management Protocol (SNMP) agent address of neighboring devices. Applications are then able to send SNMP queries within the network. Also, CiscoWorks2000 discovers the Content Engine by means of the CDP packets that are sent by the Content Engine after booting.

Content Engine-related tasks require that the Content Engine platform support CDP to be able to notify the system manager of the existence, type, and version of the Content Engine platform.

To configure CDP settings using the Content Distribution Manager GUI, follow these steps:

Step 1 From the Content Distribution Manager GUI, choose Devices > Devices.

Step 2 Click the Edit icon next to the name of the Content Engine that you want to configure. The Contents pane appears on the left.

Step 3 From the Contents pane, choose General Settings > Services > CDP. The CDP Settings window appears. (See Figure 20-2.)

Figure 20-2 CDP Settings Window

Step 4 To enable CDP support, check the Enable check box.

Step 5 In the Hold Time field, enter the time (in seconds) to specify the length of time that a receiver is to keep the CDP packets. The range is 10 to 255 seconds. The default is 180 seconds.

Step 6 In the Packet Send Rate field, enter a value (in seconds) for the interval between CDP advertisements. The range is 5 to 254 seconds. The default is 60 seconds.

Step 7 To save the settings, click Submit.

To configure CDP in the CLI, use the following global configuration command:

cdp {enable | holdtime seconds | timer seconds}

To enable CDP on a particular interface, use the following global configuration command:

interface interface slot/port cdp enable

Enabling RCP Services on the Content Engine

Remote Copy Protocol (RCP) lets you download, upload, and copy configuration files between remote hosts and a switch. Unlike TFTP, which uses User Datagram Protocol (UDP), a connectionless protocol, RCP uses TCP, which is connection oriented.

RCP is a subset of the UNIX rshell service, which allows UNIX users to execute shell commands on remote UNIX systems. It is a UNIX built-in service. This service uses TCP as the transport protocol and listens for requests on TCP port 514. RCP service can be enabled on Content Engines that use ACNS software. Inetd (an Internet daemon) is a program that listens for connection requests or messages for certain ports and starts server programs to perform the services associated with those ports. RCP copies files between devices.

To enable RCP services on the Content Engine, follow these steps:

Step 1 From the Content Distribution Manager GUI, choose Devices > Devices. The Devices window appears, listing all the device types configured in the ACNS network.

Step 2 Click the Edit icon next to the Content Engine for which you want to enable RCP services. The Device Home for Content Engine window appears.

Step 3 In the Contents pane, choose General Settings > Services > Inetd RCP. The Inetd RCP Settings for Content Engine window appears.

Step 4 To enable the RCP service on the Content Engine, check the Inetd Rcp Enable check box.

Note The Inetd daemon listens for FTP, RCP, and TFTP services. For Inetd to listen to RCP requests, it must be explicitly enabled for RCP service.

Step 5 To save the settings, click Submit. A "Click Submit to Save" message appears in red next to the Current Settings line when there are pending changes to be saved after you have applied default or device group settings. You can also revert to the previously configured settings by clicking the Reset button. The Reset button is visible only when you have applied default or group settings to change the current device settings but you have not yet submitted the changes.

If you try to leave this window without saving the modified settings, a warning dialog box prompts you to submit the changes. This dialog box only appears if you are using the Internet Explorer browser.

To enable RCP services on the Content Engine from the CLI, use the inetd enable rcp global configuration command.

Configuring the Content Router for Interoperability with a Layer 4 Switch

When a request for content is made, the Layer 4 Cisco Content Services Switch uses owner and content rules to translate the virtual IP address of the owner to the IP address of the service where the content resides. Depending on the content rules configured, the Content Services Switch checks for services that match the content rules and determines the service that can best serve the content request.

Note A Cisco Content Services Switch enables you to configure owners and content rules to direct requests for content to a specific destination service (for example, a server or a port on a server). By configuring services, owners, and content rules, you optimize and control how the Content Services Switch handles each request for specific content.

A service is a destination location where a piece of content physically resides (such as, a local or remote server and port).

An owner is generally the person or company who contracts the web hosting service to host their web content and allocate bandwidth as required.

A content rule is a hierarchical rule set containing individual rules that describe which content (for example, .html files) is accessible by visitors to the web site, how the content is mirrored, on which server the content resides, and how the Content Services Switch should process requests for the content. Each rule set must have an owner.

If you have a Content Services Switch deployed in your ACNS network for load balancing, this feature of redirection of requests with the origin server name allows you to access the content using Content Router redirection without advertising a separate Content Router Fully Qualified Domain Name (FQDN).

To configure and enable Layer 4 switch interoperability, follow these steps:

Step 1 From the Content Distribution Manager GUI, choose Devices > Devices. The Devices window appears.

Step 2 Click the Edit icon next to the name of the Content Router that you want to view. The Modifying Content Router window appears.

Step 3 In the Contents pane, choose General Settings > Network > L4 Switch. The Layer 4 Switch Settings for Content Router window appears. (See Figure 20-3.)

Figure 20-3 Layer 4 Switch Settings for Content Router Window

Step 4 To enable Layer 4 switch redirection interoperability using HTTP, check the Enable HTTP l4-switch check box.

Step 5 To enable Layer 4 switch redirection interoperability using RTSP, check the Enable RTSP l4-switch check box.

Step 6 To save the configured settings, click Submit.

Configuring Date and Time Settings

This section explains how to configure date and time settings for your ACNS network devices.

Configuring NTP Settings

Cisco ACNS 5.x software allows you to configure the Content Engine time and date settings using an NTP (Network Time Protocol) host on your network. NTP allows the synchronization of time and date settings for the different geographical locations of the Content Engines on your ACNS network.

To configure Content Engine or device group NTP settings, follow these steps:

Step 1 From the Content Distribution Manager GUI, choose Devices > Devices.

Step 2 Click the Edit icon next to the name of the Content Engine that you want to configure. The Contents pane appears on the left.

Step 3 From the Contents pane, choose General Settings > Services > Date/Time > NTP. (See Figure 20-4.)

Figure 20-4 NTP Settings Window

Step 4 To enable NTP settings, check the Enable check box.

Step 5 In the NTP Server field, enter a host name or IP address.

Step 6 To save the settings, click Submit.

Configuring Device Clock and Time Zone Settings

If you have an outside source on your network that provides time services (such as a Network Time Protocol [NTP] server), you do not need to set the system clock manually. When manually setting the clock, enter the local time. The Content Engine calculates Coordinated Universal Time (UTC) based on the time zone set by the clock timezone global configuration command. Customized summer time settings configured from the Content Distribution Manager GUI correspond to the clock summertime global configuration command.

Note Two clocks exist in the system: the software clock and the hardware clock. The software uses the software clock. The hardware clock is used only at startup to initialize the software clock. The clock set EXEC command sets the software clock.

To configure the time zone for proper system configuration and to set summer time (daylight savings time) on the Content Engine, follow these steps:

Step 1 Choose Devices > Devices. The Devices window appears, listing all the device types configured in the ACNS network.

Step 2 Click the Edit icon next to the Content Engine for which you want to configure the time zone. The Device Home for Content Engine window appears.

Step 3 In the Contents pane, choose General Settings > Services > Date/Time > Time Zone. The Time Zone Settings for Content Engine window appears.

Step 4 To configure a standard time zone on the Content Engine, follow these steps:

a. Under the Time Zone Settings section, click the Standard Time Zone radio button. The default is UTC (offset = 0) with no summer time configured. When you configure a standard time zone, the system is automatically adjusted for the UTC offset, and the UTC offset need not be specified.

The standard convention for time zones uses a Location/Area format in which Location is a continent or a geographic region of the world and Area is a time zone region within that location. For a list of standard time zones that can be configured and their UTC offsets, see Table 20-2.

b. From the drop-down list, choose a location for the time zone. The window refreshes, displaying all area time zones for the chosen location in the second drop-down list.

c. Choose an area for the time zone. The UTC offset (hours and minutes ahead or behind UTC) for the corresponding time zone is displayed next to the second drop-down list. During summer time savings, the offset may be different and will be displayed accordingly.

Note Some of the standard time zones (mostly time zones within the United States) have daylight savings time zones configured automatically.

Step 5 To configure a customized time zone on the Content Engine, follow these steps:

a. Under the Time Zone Settings section, click the Customized Time Zone radio button.

b. In the Customized Time Zone field, specify the name of the time zone. The time zone entry is case-sensitive and can contain up to 40 characters including spaces. If you specify any of the standard time zone names, an error message is displayed when you click Submit.

c. For UTC Offset, choose the + or - sign from the first drop-down list to specify whether the configured time zone is ahead or behind UTC. Also, choose the number of hours (0-23) and minutes (0-59) offset from UTC for the customized time zone. The range for the UTC offset is from -23:59 to 23:59, and the default is 0:0.

Step 6 To configure customized summer time, follow these steps under the Customized Summer Time Savings section.

Note Customized summer time can be specified for both standard and customized time zones.

a. To configure absolute summer time, click the Absolute Dates radio button.

The start date and end date for summer time can be configured in two ways: absolute dates or recurring dates. Absolute date settings apply only once and must be set every year. Recurring dates apply repeatedly for many years.

b. In the Start Date and End Date fields, specify the month (January through December), day (1-31), and year (1993-2032) on which summer time must start and end in mm/dd/yyyy format. Make sure that the end date is always later than the start date.

Alternatively, click the Calendar icon next to the Start Date and End Date fields to display the Date Time Picker popup window. By default the current date is highlighted in yellow. In the Date Time Picker popup window, use the left or right arrow icons to choose the previous or following years, if required. Choose a month from the drop-down list. Click a day of the month. The chosen date is highlighted in blue. Click Apply. Alternatively, click Set Today to revert to the current day. The chosen date will be displayed in the Start Date and End Date fields.

c. To configure recurring summer time, click the Recurring Dates radio button.

d. From the Start Day drop-down list, choose a day of the week (Monday-Sunday) to start.

e. From the Start Week drop-down list, choose an option (first, 2nd, 3rd, or last) to set the starting week. For example, choose first to configure summer time to recur beginning the first week of the month or last to configure summer time to recur beginning the last week of the month.

f. From the Start Month drop-down list, choose a month (January-December) to start.

g. From the End Day drop-down list, choose a day of the week (Monday-Sunday) to end.

h. From the End Week drop-down list, choose an option (first, 2nd, 3rd, or last) to set the ending week. For example, choose first to configure summer time to end beginning the first week of the month or last to configure summer time to stop beginning the last week of the month.

i. From the End Month drop-down list, choose a month (January-December) to end.

Step 7 From the Start Time drop-down lists, choose the hour (0-23) and minute (0-59) at which daylight saving time should start. From the End Time drop-down lists, choose the hour (0-23) and minute (0-59) at which daylight saving time should end.

Start Time and End Time fields for summer time are the times of the day when the clock is changed to reflect summer time. By default, both start and end times are set at 00:00.

Step 8 In the Offset field, specify the minutes offset from UTC (0-1439). (See Table 20-2.)

The summer time offset specifies that the number of minutes that the system clock moves forward at the specified start time and backward at the end time.

Step 9 To not specify a summer or daylight saving time for the corresponding time zone, click the No Customized Summer Time Configured radio button.

Step 10 To save the settings, click Submit. A "Click Submit to Save" message appears in red next to the Current Settings line when there are pending changes to be saved after you have applied default or device group settings. You can also revert to the previously configured settings by clicking the Reset button. The Reset button is visible only when you have applied default or group settings to change the current device settings but have not yet submitted the changes.

If you attempt to leave this window without saving the modified settings, a warning dialog box prompts you to submit the changes. This dialog box only appears if you are using the Internet Explorer browser.

Table 20-2 Timezone—Offset from UTC 

Time Zone
Offset from UTC (in hours)

Africa/Algiers

+1

Africa/Cairo

+2

Africa/Casablanca

0

Africa/Harare

+2

Africa/Johannesburg

+2

Africa/Nairobi

+3

America/Buenos_Aires

-3

America/Caracas

-4

America/Mexico_City

-6

America/Lima

-5

America/Santiago

-4

Atlantic/Azores

-1

Atlantic/Cape_Verde

-1

Asia/Almaty

+6

Asia/Baghdad

+3

Asia/Baku

+4

Asia/Bangkok

+7

Asia/Colombo

+6

Asia/Dacca

+6

Asia/Hong_Kong

+8

Asia/Irkutsk

+8

Asia/Jerusalem

+2

Asia/Kabul

+4.30

Asia/Karachi

+5

Asia/Katmandu

+5.45

Asia/Krasnoyarsk

+7

Asia/Magadan

+11

Asia/Muscat

+4

Asia/New Delhi

+5.30

Asia/Rangoon

+6.30

Asia/Riyadh

+3

Asia/Seoul

+9

Asia/Singapore

+8

Asia/Taipei

+8

Asia/Tehran

+3.30

Asia/Vladivostok

+10

Asia/Yekaterinburg

+5

Asia/Yakutsk

+9

Australia/Adelaide

+9.30

Australia/Brisbane

+10

Australia/Darwin

+9.30

Australia/Hobart

+10

Australia/Perth

+8

Australia/Sydney

+10

Canada/Atlantic

-4

Canada/Newfoundland

-3.30

Canada/Saskatchewan

-6

Europe/Athens

+2

Europe/Berlin

+1

Europe/Bucharest

+2

Europe/Helsinki

+2

Europe/London

0

Europe/Moscow

+3

Europe/Paris

+1

Europe/Prague

+1

Europe/Warsaw

+1

Japan

+9

Pacific/Auckland

+12

Pacific/Fiji

+12

Pacific/Guam

+10

Pacific/Kwajalein

-12

Pacific/Samoa

-11

US/Alaska

-9

US/Central

-6

US/Eastern

-5

US/East-Indiana

-5

US/Hawaii

-10

US/Mountain

-7

US/Pacific

-8


UTC was formerly known as Greenwich mean time (GMT). The offset time (number of hours ahead or behind UTC) as displayed in the table is in effect during winter time. During summer time or daylight savings time, the offset may be different from the values in the table and is calculated and displayed accordingly by the system clock.

Configuring System-Wide Distribution QoS Settings Based on Channel Priority

Cisco ACNS software allows you to configure system-wide QoS settings based on channel priority for proper bandwidth usage. You can create a mapping between the channel priority and the QoS settings for unicast content distribution. You can choose the corresponding QoS settings for unicast replication traffic for each channel priority group (low, medium, and high).

Note When a single URL is associated with more than one channel, the Web content is distributed only one time to all of the Content Engines subscribed to each channel. When different QoS settings are configured for different channels that contain the same content, the channel priority setting determines which QoS settings are applied to the content distribution. The channel with the higher priority dictates which QoS settings are used.

To configure system-wide QoS settings based on channel priority, follow these steps:

Step 1 From the Content Distribution Manager GUI, choose System > Configuration. The Config Priorities window appears.

Step 2 In the Contents pane, click Distribution QoS. The Distribution QoS Settings window appears. (See Figure 20-5.)

Figure 20-5 Distribution QoS Settings Window

Step 3 To enable QoS settings for unicast data based on channel priority, check the Set QoS for unicast data check box.

Step 4 To set the QoS value for a channel with low priority, choose a Differentiated Service Code Point (DSCP) value from the QoS value for channel with low priority drop-down list. Alternatively enter a decimal value in the corresponding field.

Note See the next section, "Setting DSCP Values for QoS Packets." You can override the system-wide settings for unicast data by configuring QoS settings on a per-channel basis from the Creating a New Channel window. (See the "Creating a Channel" section on page 5-11.)

Step 5 To set the QoS value for a channel with medium priority, choose a DSCP value from the QoS value for channel with medium priority drop-down list. Alternatively enter a decimal value in the corresponding field.

Step 6 To set the QoS value for a channel with high priority, choose a DSCP value from the QoS value for channel with high priority drop-down list. Alternatively enter a decimal value in the corresponding field.

Step 7 To enable QoS settings for metadata replication traffic, check the Set QoS value for metadata replication check box.

Step 8 To set the QoS value for metadata replication traffic, choose a DSCP value from the QoS value for metadata replication drop-down list.

Step 9 To save the settings, click Submit.

Setting DSCP Values for QoS Packets

Cisco ACNS software allows you to set Differentiated Services Code Point (DSCP) values for Unicast QoS packets. DSCP values define relative priority levels for the packets. You can either choose a DSCP keyword from the drop-down list or enter a value in the corresponding field. (See Table 20-3.)

Table 20-3 DSCP Values 

Keyword
Description and Value

af11

Sets packets with AF11 DSCP (001010).

Note The number in parentheses denotes the DSCP value for each per-hop behavior keyword.

af12

Sets packets with AF12 DSCP (001100).

af13

Sets packets with AF13 DSCP (001110).

af21

Sets packets with AF21 DSCP (010010).

af22

Sets packets with AF22 DSCP (010100).

af23

Sets packets with AF23 DSCP (010110).

af31

Sets packets with AF31 DSCP (011010).

af32

Sets packets with AF32 DSCP (011100).

af33

Sets packets with AF33 DSCP (011110).

af41

Sets packets with AF41 DSCP (100010).

af42

Sets packets with AF42 DSCP (100100).

af43

Sets packets with AF43 DSCP (100110).

cs1

Sets packets with CS1 (precedence 1) DSCP (001000).

cs2

Sets packets with CS2 (precedence 2) DSCP (010000).

cs3

Sets packets with CS3 (precedence 3) DSCP (011000).

cs4

Sets packets with CS4 (precedence 4) DSCP (100000).

cs5

Sets packets with CS5 (precedence 5) DSCP (101000).

cs6

Sets packets with CS6 (precedence 6) DSCP (110000).

cs7

Sets packets with CS7 (precedence 7) DSCP (111000).

default

Sets packets with the default DSCP (000000).

ef

Sets packets with EF DSCP (101110).


Modifying System Default Properties

You can modify the following system properties:

cdm.session.timeoutLength of a Content Distribution Manager session (in minutes).

DeviceGroup.overlapContent Engine feature overlapping (enable or disable).

System.CmsUnsProgramSync.IntervalInterval by which CMS synchronizes program import UNS objects (in minutes). The default is 1440 minutes.

System.datafeed.pollRatePoll rate between the Content Engine or the Content Router and the Content Distribution Manager (in seconds).

System.device.recovery.keyDevice identity recovery key. This property enables a device to be replaced by another node in the ACNS network.

System.guiServer.fqdnScheme to use (IP address or FQDN) to launch the Content Engine Cache GUI.

System.healthmonitor.collectRate—Sets the collect and send rate in seconds for the CMS device health (or status) monitor. If the rate is set to 0, the health monitor is disabled.

System.lcm.enableLocal and central management feature (enable or disable). This property allows settings that are configured using the local device CLI or the central Content Distribution Manager GUI to be stored as part of the ACNS network configuration data.

System.monitoring.collectRateRate at which the Content Engine collects and sends the monitoring report to the Content Distribution Manager (in seconds). The default is 300 seconds.

System.monitoring.dailyConsolidationHourHour at which the Content Distribution Manager consolidates hourly and daily monitoring records.

System.monitoring.enableContent Engine statistics monitoring (enable or disable).

System.monitoring.monthlyConsolidationFrequency—Frequency (in days) with which the Content Distribution Manager consolidates daily monitoring records into monthly records.

System.monitoring.recordLimitDays—Maximum number of days of monitoring data to maintain in the system.

System.repstatus.updateEnabled—Replication status periodic calculations on a Content Engine (enable or disable).

System.repstatus.updateRate—Rate of replication status periodic updates calculated on a Content Engine (in minutes).

System.repstatus.updateRateSec—Rate of replication status periodic updates calculated on a Content Engine (in seconds). The default is 600 seconds. Setting this rate will override the update rate set in minutes.

System.repstatus.updateSyncEnabled—Sending summary replication status with requested detailed status (enable or disable).

The Config Properties window displays information about existing system configuration properties and their current values. To modify the value of a system property, follow these steps:

Step 1 From the Content Distribution Manager GUI, choose System > Configuration. The Config Properties window appears. (See Figure 20-6.)

Figure 20-6 Config Properties Window—Page 1

Step 2 To see the second page of this window, click Page 2. (See Figure 20-7.)

Figure 20-7 Config Properties Window—Page 2

Step 3 Next to the system property that you want to change, click the Edit icon. The Modifying Config Property window appears.

Step 4 From a drop-down list, enter a new value or choose a new parameter, depending on the system property that you want to change.

Step 5 To save the setting, click Submit.

Configuring Faster Detection of Offline Content Engines

You can detect offline Content Engines more quickly if you enable the fast detection of offline Content Engines. A Content Engine is declared as offline when it has failed to contact the Content Distribution Manager for a getUpdate (get configuration poll) request for at least two polling periods. (See "About Faster Detection of Offline Content Engines" section for more information about this feature.)

To configure fast detection of offline Content Engines, follow these steps:

Step 1 From the Content Distribution Manager GUI, choose System > Configuration. The Config Properties window appears.

Step 2 In the Contents pane, choose Fast CE Offline Detection. The Configure Fast CE Offline Detection window appears.

Note The fast detection offline Content Engines feature is in effect only when the Content Distribution Manager receives the first UDP heartbeat packet and a getUpdate request from a Content Engine.

Step 3 To enable the Content Distribution Manager detect the offline status of Content Engines quickly, check the Enable check box.

This check box is unchecked by default so that if UDP traffic between Content Engines and the Content Distribution Manager is blocked, then all Content Engines using ACNS 5.1 software or earlier are not declared offline when they are upgraded to ACNS 5.2 software.

Step 4 In the Heartbeat Rate (Seconds) field, specify how often Content Engines should transmit a UDP heartbeat packet to the Content Distribution Manager.

Step 5 In the Heartbeat Fail Count field, specify the number of UDP heartbeat packets that can be dropped during transmission from Content Engines to the Content Distribution Manager before a Content Engine is declared offline.

Step 6 In the Heartbeat UDP Port field, specify the port number using which Content Engines will send UDP heartbeat packets to the primary Content Distribution Manager.

The Maximum Offline Detection Time field displays the product of the failed heartbeat count and heartbeat rate.

Maximum Offline Detection Time = Failed heartbeat count * Heartbeat rate

If you have not enabled the fast detection of offline Content Engines feature, then the Content Distribution Manager waits for at least two polling periods to be contacted by the Content Engine for a getUpdate request before declaring the Content Engine to be offline. However, if you enable the fast detection of offline Content Engines feature, then the Content Distribution Manager waits until the value displayed in the Maximum Offline Detection Time field is exceeded.

If the Content Distribution Manager receives the Cisco Discovery Protocol (CDP) from a Content Engine, then the Content Distribution Manager displays the Content Engine as offline after a time period of 2* (heartbeat rate) * (failed heartbeat count).

Step 7 To save the settings, click Submit.

About Faster Detection of Offline Content Engines

Communication between the Content Engine and Content Distribution Manager using User Datagram Protocol (UDP) allows faster detection of Content Engines that have gone offline. UDP heartbeat packets are sent at a specified interval from each Content Engine to the primary Content Distribution Manager in an ACNS network. The primary Content Distribution Manager tracks the last time that it received a UDP heartbeat packet from each Content Engine. If the Content Distribution Manager has not received the specified number of UDP packets, it displays the status of the nonresponsive Content Engines as offline. Because UDP heartbeats require less processing than a getUpdate request, they can be transmitted more frequently, and the Content Distribution Manager can detect offline Content Engines much faster.

You can enable or disable this feature, specify the interval between two UDP packets, and configure the failed heartbeat count. Heartbeat packet rate is defined as the interval between two UDP packets. Using the specified heartbeat packet rate and failed heartbeat count values, the Content Distribution Manager GUI displays the resulting offline detection time as a product of heartbeat rate and failed heartbeat count. If the fast detection of offline Content Engines is enabled, the Content Distribution Manager detects Content Engines that are in network segments that do not support UDP and uses getUpdate (get configuration poll) request to detect offline Content Engines.

By default, the feature to detect offline Content Engines more quickly is not enabled. Content Engines using releases earlier than ACNS 5.2 software might not allow UDP traffic from Content Engines to the Content Distribution Manager, so when this feature is enabled, erroneous offline status reporting might occur because these Content Engines might be in network segments that do not support UDP, and UDP heartbeat packets might not be sent at the specified interval to the primary Content Distribution Manager. If you disable the fast detection of offline Content Engines, all Content Engines can be upgraded without any error in their status being displayed in the Content Distribution Manager GUI.

However, because the UDP packets are sent as clear text, they can be spoofed by a hacker, causing the Content Distribution Manager to incorrectly report the status of a Content Engine as online even when it is actually offline. This problem can be avoided by forcing the Content Distribution Manager to display a Content Engine as offline when the Content Distribution Manager does not receive the specified small number of secure getUpdate requests from the Content Engine.

In ACNS networks with heavy traffic, dropped UDP packets can cause the Content Distribution Manager to incorrectly report the status of Content Engines as offline. To avoid this problem, configure a higher value for dropped UDP heartbeat packets.

Printing ACNS Network Data

Using the features of the Content Distribution Manager, you can print any tabular data about your ACNS network, including lists of content providers, websites, and locations, or any of the resources of your ACNS network, such as Content Engines, channels, and so on.

To print data from the Content Distribution Manager, follow these steps:

Step 1 From the Content Distribution Manager GUI, locate the information that you wish to print.

For example, if you wanted to print data about the locations defined for your ACNS network, you would choose Network > Locations.

Step 2 To print your ACNS network data by using the default printer on your operating system, click the Printer icon.

Creating Proxy Error Messages

The configurable proxy error messages feature allows you to download default error message files from an FTP server or an HTTP server to the Content Engine. When these default error message files are downloaded to the Content Engine, they are stored in the /ruby/errmsg directory. The naming convention for these files is ERR_error_reason. These files are statically mapped to response error codes. The Content Engine sends a user the appropriate error message based on the mapping between the response error code and the message file. These static error files can serve as templates for creating custom proxy error messages.

After you have downloaded the error message files, you can use the upload feature to upload the file to an FTP server in your network for editing and customizing. Custom error messages are stored in the Content Engine /local/local1/ directory with the file naming convention CUSTOM_ERR_error_reason.

Configuring Proxy Error Message Download Settings for the Content Engine

You can download default error message files from a list of filenames that have been previously configured. The list of proxy error message files is fixed. The protocols that can be used for downloading default error files are FTP, HTTP, and HTTPS. You cannot download two error messages with the same name and different URLs.

To download the error message files to the Content Engine, follow these steps:

Step 1 Choose Devices > Devices. The Devices listing window appears.

Step 2 Click the Edit icon next to the Content Engine to which you want to download the error message file. The Content Engine Device Home window appears with the Contents pane on the left.

Step 3 In the Contents pane, choose Applications > Web > Proxy Error Messages > Download. The Proxy Error Message Download for Content Engine window appears, listing the proxy error messages and their download URLs.

Step 4 In Aggregate Settings, the Yes radio button is chosen by default. This specifies that the proxy error message configurations for the Content Engine and the device groups with which the Content Engine is associated are displayed. They cannot be modified or deleted. You can only view the proxy error messages created for device groups. Alternatively, click the No radio button to apply the proxy error message configurations for only the Content Engine.

Step 5 In the taskbar, click the Create New Proxy Error Messages icon. The Creating New Proxy Error Message for Content Engine window appears.

Step 6 From the Proxy Error Message drop-down list, choose a proxy error message that you wish to download to the Content Engine. (See Table 20-4 for a description of the proxy error messages that can be downloaded.)

Step 7 In the Download URL field, enter the host name or IP address of the server from which the proxy error message is to be downloaded to the Content Engine.

Step 8 To save the settings, click Submit.

Table 20-4 Proxy Error Messages 

Proxy Error Message Name
Description

blocked-dueto-filter-error

Error response when a request is blocked because of a filter

cache-read-error

Error response when a cache file system (cfs) read fails

cache-write-error

Error response when a cfs write fails

cdn-not-found-error

Error response when an ACNS network is not found

client-access-denied-msg

Error response when client access is denied

client-connection-broken-error

Error response when a client connection is lost

cr-domain-not-found-err

Error response when a Content Router could not be found

cr-general-error

Error response when a Content Router is not operational

cr-not-in-cz-error

Error response when a Content Router is not found in a coverage zone

cr-unavailable-error

Error response when a Content Router is not available

dns-not-available-error

Error response when DNS is unavailable for resolution

error-signature

Signature that will be appended to the error messages

expect-failed-error

Error response when the Expect specifier in the HTTP request header cannot be met

ftp-bad-login-error

Error response when an FTP login fails

ftp-bad-url-error

Error response when an FTP request receives a bad URL

ftp-disabled-error

Error response when FTP is disabled

ftp-failure-error

Error response when an FTP failure occurs

ftp-internal-error

Error response when an FTP interval is exceeded

ftp-not-found-error

Error response when an FTP reports file not found

ftp-put-created-msg

Error response when an FTP PUT operation is successful

ftp-put-error

Error response when an FTP PUT operation fails

ftp-put-modified-msg

Response when an FTP update is successful

ftp-unavailable-msg

Error response when an FTP file is unavailable

http-blocked-port-msg

Error response when an HTTP request comes through a blocked port

https-blocked-port-msg

Error response when an HTTPS request comes through a blocked port

icap-processing-error

Error response when an error has occurred in ICAP processing

invalid-port-error

Error response when an invalid port is accessed

looped-req-error

Error response when a looped request is unsuccessful

not-enough-resources-error

Error response when not enough resources are available for the request process

not-in-cache

Error response when an object is not found in the cache

offline-miss-error

Error response when a Content Engine that is offline finds a cache miss

outgoing-proxy-fail-error

Error response when all outgoing proxies fail

proxy-allow-domain-error

Error response when the domain is not allowed to authenticate in proxy mode

proxy-no-default-domain-error

Error response when no default domain is available to authenticate in proxy mode

proxy-unauthenticated-error

Error response when proxy authentication fails

radius-redirect-error

Response for a RADIUS redirect message

request-blocked-msg

Error response when a request is blocked

request-malformed-error

Error response when request headers are malformed

rev-dns-not-available-msg

Error response when DNS is not available

server-connection-broken-error

Error response when a server connection is lost

ssl-server-error

Error response when an SSL handshake with the requested server fails

unsupported-cr-method-error

Error response when an unsupported Content Router method is used

www-allow-domain-error

Error response when domain is not allowed to authenticate

www-no-default-domain-error

Error response when no default domain is available

www-unauthenticated-error

Error response when server authentication fails


To delete proxy error messages from the Content Engine, follow these steps:

Step 1 Choose Devices > Devices. The Devices window appears.

Step 2 Click the Edit icon next to the Content Engine for which you want to delete download error messages. The Content Engine Device Home window appears with the Contents pane on the left.

Step 3 In the Contents pane, choose Applications > Web > Proxy Error Messages > Download. The Proxy Error Message Download for Content Engine window appears, listing the proxy error messages and their download URLs.

Step 4 Delete the proxy error message or messages:

To delete all download proxy error messages configured for the Content Engine, click the Remove All Proxy Error Message Configurations in this CE/Device Group icon in the taskbar.

The system displays a dialog box asking you to confirm your decision. Click OK to confirm.

Note This action does not delete the error messages configured through device groups.

To delete a single proxy error message, from the Proxy Error Message Download for Content Engine window, click the Edit icon of the proxy error message that you want to delete. The Modifying Proxy Error Message window appears. In the taskbar of this window, click the Delete Proxy Error Message icon to delete the download settings for the corresponding error message.

The system displays a dialog box, asking you to confirm whether you want to permanently delete the error message configuration. To confirm, click OK.

Configuring Proxy Error Message Upload Settings for the Content Engine

Proxy error messages can be uploaded from the Content Engine to a specified FTP server from which they can be edited and customized. You can only upload those error files for which you have previously configured the download settings. All the fields in the window are disabled if no download settings have been configured.

To upload an error file from the Content Engine to the specified FTP server, follow these steps:

Step 1 Choose Devices > Devices. The Devices window appears.

Step 2 Click the Edit icon next to the desired Content Engine. The Contents pane appears on the left.

Step 3 In the Contents pane, choose Applications > Web > Proxy Error Messages > Upload. The Proxy Error Message Upload Settings for Content Engine window appears.

Step 4 From the Proxy Error Message drop-down list, choose the proxy error message to be uploaded to the FTP server. All proxy error messages for which download settings have been configured are displayed here.

Step 5 In the FTP Server Address field, enter the host name or IP address of the FTP server.

Step 6 In the FTP Server Directory field, enter the remote directory where the error message needs to be saved.

Step 7 In the FTP Server Filename field, enter the name of the custom error file.

A custom error file with the name entered here is created for each proxy error message in the directory specified in the previous field. If you specify the same filename for more than one proxy error message, the previously uploaded error message to that file will be overwritten.

Step 8 In the FTP Server Username field, enter the name of the user who needs to access the FTP server.

Step 9 In the FTP Server Password field, enter the password to authenticate the user who logs in to the server.

Step 10 In the Confirmation Password field, reenter the password entered in the previous field.

Step 11 To save the settings, click Submit.

Enabling Offline Operation of Network Devices

Cisco ACNS software allows you to configure your network devices to support offline operation when the external network links are disrupted.

To enable offline operation, follow these steps:

Step 1 From the Content Distribution Manager GUI, choose Devices > Devices.

Step 2 Click the Edit icon next to the device for which you want to enable offline operation.

Step 3 In the Contents pane, choose Applications > Web > Offline Operations. The Offline Operations Settings window appears.

Step 4 Check the Enable Offline Operation check box.

Only when this check box is checked can users continue to access preloaded and cached content if external connections are disrupted. Content objects are then delivered to users directly from the cache.

Step 5 To save the configuration, click Submit.

To enable offline operation of network devices from the CLI, use the offline-operation enable global configuration command.