Table Of Contents
(config) alarm overload-detect
(config) policy-engine application classifier
(config) policy-engine application map adaptor EPM
(config) policy-engine application map adaptor WAFS accept
(config) policy-engine application map adaptor WAFS transport
(config) policy-engine application map basic delete
(config) policy-engine application map basic disable
(config) policy-engine application map basic insert
(config) policy-engine application map basic list
(config) policy-engine application map basic move
(config) policy-engine application map basic name
(config) policy-engine application map other optimize DRE
(config) policy-engine application map other optimize full
(config) policy-engine application map other pass-through
(config) policy-engine application name
(config) snmp-server access-list
(config) snmp-server community
(config) snmp-server enable traps
(config) snmp-server notify inform
(config) tfo tcp optimized-mss
(config) tfo tcp optimized-receive-buffer
(config) tfo tcp optimized-send-buffer
(config) tfo tcp original-receive-buffer
(config) tfo tcp original-send-buffer
Configuration Mode Commands
Use global configuration mode for setting, viewing, and testing configuration of WAAS software features for the entire device. To enter this mode, enter the configure command from privileged EXEC mode. The prompt for global configuration mode consists of the hostname of the WAE followed by (config) and the pound sign (#). You must be in global configuration mode to enter global configuration commands.
WAE# configureWAE(config)#Commands entered in global configuration mode update the running configuration file as soon as they are entered. These changes are not saved into the startup configuration file until you enter the copy running-config startup-config EXEC mode command. Once the configuration is saved, it is maintained across WAE reboots.
You also can use global configuration mode to enter specific configuration modes. From global configuration mode you can enter the interface configuration mode, standard ACL configuration mode, or the extended ACL configuration mode.
To exit global configuration mode and return to privileged-level EXEC mode, use either the exit or end global configuration command:
WAE(config)# exitWAE#(config) aaa accounting
To configure AAA accounting on a WAAS device, use the aaa accounting command in global configuration mode.
aaa accounting {commands {0 | 15} default {start-stop | stop-only | wait-start} tacacs | exec default {start-stop | stop-only | wait-start} tacacs | system default {start-stop | stop-only} tacacs}
Syntax Description
Defaults
AAA accounting is disabled by default.
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Usage Guidelines
The AAA accounting feature enables you to track the activities of an administrative user, services that users access, and the amount of network resources they consume (for example, connection time or the bytes transferred). You can use the AAA accounting feature to track user activity for billing, auditing, reporting, or security purposes. WAAS uses TACACS+ to implement AAA accounting; RADIUS is not currently supported. When AAA accounting is enabled, the WAAS device reports user activity to the TACACS+ security server in the form of accounting records. This data can then be analyzed for network management, client billing, and auditing.
You can activate accounting for the following types of events:
•
EXEC—EXEC shell accounting is used to report the events of an administrator logging in and out of the EXEC shell through Telnet, FTP, or SSH (SSH Version 1 or Version 2). This type of accounting records information about user EXEC terminal sessions (user shells) on the WAAS device, including username, date, start and stop times for each session, time zone, and IP address of the system used to access the WAAS device. The EXEC shell accounting information can be accessed through the accounting log file on the TACACS+ server. This log file uses the following report format for this type of accounting information:
WeekDay#Month#Day#Time#Year#CEaddress#username#terminal#RemoteHost#Event#EventTime#TaskId#Timezone#Service•
WeekDay#Month#Day#Time#Year#CEaddress#username#terminal#RemoteHost#Event#EventTime#TaskId#Timezone#Service#PrivilegeLevel#CLICommand•
WeekDay#Month#Day#Time#Year#CEaddress#username#terminal#RemoteHost#Event#EventTime#TaskId#Timezone#SystemService#SystemAccountingEvent#EventReasonWAAS software supports only the default accounting list.
Caution
The WAAS software displays the following warning message if the wait-start option is configured:
Warning: The device may become non-responsive if it cannot contact a configured TACACS+ server.
The administrator is asked to confirm the configuration in an indefinite loop until the administrator enters "yes" to the following prompt:
Are you sure you want to proceed? [yes]
Examples
The following example configures TACACS+ on the WAAS device and also specifies that a start accounting notice should be sent at the beginning of the process and a stop accounting notice at the end of the process, and the requested user process should begin regardless of whether the start accounting notice was received by the accounting server:
WAE(config)# tacacs key abcWAE(config)# tacacs server 192.168.50.1 primaryWAE(config)# aaa accounting system default start-stop tacacsWAE# show aaa accountingAccounting Type Record event(s) Protocol----------------------------------------------------------------Exec shell unknown unknownCommand level 0 unknown unknownCommand level 15 unknown unknownSystem start-stop TACACS+In the following example, the WAAS device is set to record all user EXEC sessions. The command also specifies that a stop accounting notice should be sent to the TACACS+ server at the end of the session.
WAE(config)# aaa accounting exec default stop-only tacacsIn the following example, the WAAS device is set to record all CLI commands executed by a normal user. The command also specifies that a stop accounting notice should be sent to the TACACS+ server at the end of each CLI command executed by a normal user.
WAE(config)# aaa accounting commands 0 default stop-only tacacsIn the following example, the WAAS device is set to record all CLI commands executed by an administrative user. The command also specifies that a start accounting notice should be sent to the TACACS+ server at the beginning of the process and a stop accounting notice at the end of the process. The CLI command executed by the administrative user does not proceed until the start accounting notice has been acknowledged.
WAE(config)# aaa accounting commands 15 default wait-start tacacsThe following are some examples of the EXEC shell accounting report that is available on the TACACS+ server:
Wed Apr 14 11:19:19 2004 172.16.0.0 super10 pts/0 172.31.0.0 startstart_time=1081919558 task_id=3028 timezone=PST service=shellWed Apr 14 11:19:23 2004 172.16.0.0 super10 pts/0 172.31.0.0stop stop_time=1081919562 task_id=3028 timezone=PST service=shellWed Apr 14 11:22:13 2004 172.16.0.0 normal20 pts/0 via5.abc.com startstart_time=1081919732 task_id=3048 timezone=PST service=shellWed Apr 14 11:22:16 2004 172.16.0.0 normal20 pts/0 via5.abc.com stopstop_time=1081919735 task_id=3048 timezone=PST service=shellWed Apr 14 11:25:29 2004 172.16.0.0 admin ftp via5.abc.com start start_time=1081919928task_id=3069 timezone=PST service=shellWed Apr 14 11:25:33 2004 172.16.0.0 admin ftp via5.abc.com stop stop_time=1081919931task_id=3069 timezone=PST service=shellThe following are some examples of the system accounting report that is available on the TACACS+ server:
Wed Apr 14 08:37:14 2004 172.16.0.0 unknown unknown 0.0.0.0 start start_time=1081909831task_id=2725 timezone=PST service=system event=sys_acct reason=reloadWed Apr 14 10:19:18 2004 172.16.0.0 admin ttyS0 0.0.0.0 stop stop_time=1081915955task_id=5358 timezone=PST service=system event=sys_acct reason=shutdownThe following are some examples of the command accounting report that is available on the TACACS+ server:
Wed Apr 14 12:35:38 2004 172.16.0.0 admin ttyS0 0.0.0.0 start start_time=1081924137task_id=3511 timezone=PST service=shell -lvl=0 cmd=logging console enableWed Apr 14 12:35:39 2004 172.16.0.0 admin ttyS0 0.0.0.0 stop stop_time=1081924137task_id=3511 timezone=PST service=shell priv-lvl=0 cmd=logging console enableIn addition to command accounting, the WAAS device records any executed CLI command in the system log (syslog.txt). The message format is as follows:
ce_syslog(LOG_INFO, CESM_PARSER, PARSER_ALL, CESM_350232,"CLI_LOG %s: %s \n", __FUNCTION__, pd->command_line);Related Commands
(config) alarm overload-detect
To detect alarm overload situations, use the alarm overload-detect global configuration command.
alarm overload-detect {clear 1-999 [raise 10-1000] | enable | raise 10-1000 [clear 1-999]}
Syntax Description
Defaults
clear: 1 alarm per second
raise: 10 alarms per second
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Usage Guidelines
When multiple applications running on a WAAS device experience problems at the same time, numerous alarms are set off simultaneously, and the WAAS device may stop responding. You can use the alarm overload-detect global configuration command to set an overload limit for the incoming alarms from the node health manager. If the number of alarms exceeds the maximum number of alarms allowed, the WAAS device enters an alarm overload state until the number of alarms drops down to the number defined in the clear option.
When the WAAS device is in the alarm overload state, the following events occur:
•
•
•
•
Note
Examples
The following example enables detection of alarm overload:
WAE(config)# alarm overload-detect enableThe following example sets the threshold for triggering the alarm overload at 100 alarms per second:
WAE(config)# alarm overload-detect raise 100The following example sets the level for clearing the alarm overload at 10 alarms per second:
WAE(config)# alarm overload-detect clear 10Related Commands
(config) asset
To set the tag name for the asset tag string, use the asset global configuration command. To remove the asset tag name, use the no form of this command.
asset tag name
Syntax Description
Defaults
No default behaviors or values
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Examples
The following example shows how to configure a tag name for the asset tag string on a WAAS device:
WAE(config)# asset tag entitymib(config) authentication
To specify administrative login authentication and authorization methods for a WAAS device, use the authentication global configuration mode command. Use the no form of this command to selectively disable options.
authentication {configuration {local | radius | tacacs | windows-domain} enable [primary | secondary | tertiary | quaternary] | fail-over server-unreachable | login {local | radius | tacacs | windows-domain} enable [primary | secondary | tertiary| quaternary] | content-request windows-domain disconnected-mode enable}
Syntax Description
Defaults
The local authentication method is enabled by default.
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Usage Guidelines
Authentication, also referred to as login, is the act of verifying usernames and passwords. Authorization, or configuration, refers to the setting of privileges for authenticated users in a network. Generally, authentication precedes authorization in a network.
The authentication command configures both the authentication and authorization methods that govern login and configuration access to the WAAS device. Login and configuration privileges can be maintained in three different databases in the WAAS software: the local database, TACACS+ database, and RADIUS database. If all databases are enabled, then all databases are queried. If the user data cannot be found in the first database queried, then the second, and third databases are queried.
When defining or modifying the authentication configuration method for a WAAS device, follow these guidelines:
•
•
–
–
–
–
•
–
–
•
•
•
Note
To use the WAAS CLI to configure administrative login authentication and authorization for a single WAAS device, you must complete the following tasks:
1.
2.
3.
4.
–
–
–
For example, specify which authentication database the WAAS device should check to process an administrative login request.
Caution
You can enable or disable the local and the remote databases (TACACS+, RADIUS, and Windows domain) through the WAAS Central Manager GUI or the WAAS CLI. The WAAS device verifies whether all databases are disabled and, if so, sets the system to the default state (see the table in the "Default Administrative Login Authentication and Authorization Configuration" section). If you have configured the WAAS device to use one or more of the external third-party databases (TACACS+, RADIUS, or Windows domain authentication) for administrative authentication and authorization, make sure that you have also enabled the local authentication and authorization method on the WAAS device, and that the local method is specified as the last option; otherwise, the WAAS device will not go to the local authentication and authorization method by default if the specified external third-party databases are not reachable.
By default, local login authentication is enabled first. Local authentication and authorization uses locally configured login and passwords to authenticate administrative login attempts. The login and passwords are local to each WAAS device and are not mapped to individual usernames. When local authentication is disabled, if you disable all other authentication methods, local authentication is reenabled automatically.
You can disable local login authentication only after enabling one or more of the other administrative login authentication methods. However, when local login authentication is disabled, if you disable all other administrative login authentication methods, local login authentication is reenabled automatically. You cannot specify different administrative login authentication methods for console and Telnet connections.
We strongly recommend that you set the administrative login authentication and authorization methods in the same order. For example, configure the WAAS device to use RADIUS as the primary login method, TACACS+ as the secondary login method, Windows as the tertiary method, and the local method as the quaternary method for both administrative login authentication and authorization.
Note
We strongly recommend that you specify the local method as the last method in your prioritized list of login authentication and authorization methods. By adhering to this practice, if the specified external third-party servers (TACACS+, RADIUS, or Windows domain servers) are not reachable, a WAAS administrator can still log in to a WAAS device through the local authentication and authorization method.
The authentication login command determines whether the user has any level of permission to access the WAAS device. The authentication configuration command authorizes the user with privileged access (configuration access) to the WAAS device.
The authentication login local and the authentication configuration local commands use a local database for authentication and authorization.
The authentication login tacacs and authentication configuration tacacs commands use a remote TACACS+ server to determine the level of user access.
The TACACS+ database validates users before they gain access to a WAAS device. TACACS+ is derived from the United States Department of Defense (RFC 1492) and is used by Cisco Systems as an additional control of nonprivileged and privileged mode access. WAAS software supports only TACACS+ and not TACACS or Extended TACACS.
To configure TACACS+, use the authentication and tacacs commands. To enable TACACS+, use the tacacs enable command. For more information on TACACS+ authentication, see the "(config) tacacs"command.
The authentication login radius and authentication configuration radius commands use a remote RADIUS server to determine the level of user access.
By default, the local method is enabled, with TACACS+ and RADIUS both disabled for login and configuration. Whenever TACACS+ and RADIUS are disabled, local is automatically enabled. TACACS+, RADIUS, and local methods can be enabled at the same time.
The primary option specifies the first method to attempt for both login and configuration; the secondary option specifies the method to use if the primary method fails. The tertiary option specifies the method to use if both primary and secondary methods fail. The quaternary option specifies the method to use if the primary, secondary, and tertiary methods fail. If all methods of an authentication login or authentication configuration command are configured as primary, or all as secondary or tertiary, local is attempted first, then TACACS+, and then RADIUS.
Default Administrative Login Authentication and Authorization Configuration
By default, the WAAS device uses the local database to obtain login authentication and authorization privileges for administrative users.
Note
By default, a WAAS device uses the local database to obtain login authentication and authorization privileges for administrative users.
The following table lists the default configuration for administrative login authentication and authorization.
Note
You can change these defaults on a WAE on a per device basis through the WAAS CLI.
Enforcing Authentication with the Primary Method
The authentication fail-over server-unreachable global configuration command allows you to specify that failover to the secondary authentication method should occur only if the primary authentication server is unreachable. This feature ensures that users gain access to the WAAS device using the local database only when remote authentication servers (TACACS+ or RADIUS) are unreachable. For example, when a TACACS+ server is enabled for authentication with user authentication failover configured and the user tries to log in to the WAAS device using an account defined in the local database, login fails. Login succeeds only when the TACACS+ server is unreachable.
Server Redundancy
Authentication servers can be specified with the corresponding authentication server (NTLM, LDAP, or RADIUS) host command options. In the case of TACACS+ servers, the server hostname command option is used to configure additional servers. These additional servers provide authentication redundancy and improved throughput, especially when WAAS device load-balancing schemes distribute the requests evenly between the servers. If the WAAS device cannot connect to any of the authentication servers, no authentication takes place and users who have not been previously authenticated are denied access.
Login Authentication and Authorization Through the Local Database
Local authentication and authorization uses locally configured login and passwords to authenticate administrative login attempts. The login and passwords are local to each WAAS device and are not mapped to individual usernames.
By default, local login authentication is enabled first. You can disable local login authentication only after enabling one or more of the other administrative login authentication methods. However, when local login authentication is disabled, if you disable all other administrative login authentication methods, local login authentication is reenabled automatically.
Specifying RADIUS Authentication and Authorization Settings
RADIUS authentication clients reside on the WAAS device running WAAS software. When enabled, these clients send authentication requests to a central (remote) RADIUS server, which contains login authentication and network service access information.
To configure RADIUS authentication on a WAAS device, you must configure a set of RADIUS authentication server settings on the WAAS device. You can use the WAAS Manager GUI or the CLI to configure this set of RADIUS authentication server settings for a WAAS device.
RADIUS authentication usually occurs when an administrator first logs in to the WAAS device to configure the device for monitoring, configuration, or troubleshooting purposes. RADIUS authentication is disabled by default. You can enable RADIUS authentication and other authentication methods on a WAAS device at the same time. You can also specify which method to use first.
The following table describes the RADIUS settings for a WAAS device.
After configuring these RADIUS authentication settings on the WAAS device, you can enable RADIUS login authentication and authorization on the WAAS device:
Specifying TACACS+ Authentication and Authorization Settings
TACACS+ controls access to network devices by exchanging NAS information between a network device and a centralized database to determine the identity of a user or an entity. TACACS+ is an enhanced version of TACACS, a UDP-based access-control protocol specified by RFC 1492. TACACS+ uses TCP to ensure reliable delivery and encrypt all traffic between the TACACS+ server and the TACACS+ daemon on a network device.
TACACS+ works with many authentication types, including fixed password, one-time password, and challenge-response authentication.
When a user requests restricted services, TACACS+ encrypts the user password information using the MD5 encryption algorithm and adds a TACACS+ packet header. This header information identifies the packet type being sent (for example, an authentication packet), the packet sequence number, the encryption type used, and the total packet length. The TACACS+ protocol then forwards the packet to the TACACS+ server.
A TACACS+ server can provide authentication, authorization, and accounting functions. These services, while all part of TACACS+, are independent of one another, so a given TACACS+ configuration can use any or all of the three services.
When the TACACS+ server receives a packet, it does the following:
•
•
You can configure a TACACS+ key on the client and server. If you configure a key on the WAAS device, it must be the same as the one configured on the TACACS+ servers. The TACACS+ clients and servers use the key to encrypt all TACACS+ packets transmitted. If you do not configure a TACACS+ key, packets are not encrypted.
TACACS+ authentication is disabled by default. You can enable TACACS+ authentication and local authentication at the same time.
To configure TACACS+ authentication on WAAS devices, you must configure a set of TACACS+ authentication settings on the WAAS device. You can use the WAE CLI or GUI to configure this set of TACACS+ authentication settings for a WAAS device.
The following table describes the TACACS+ authentication settings.
Note
TACACS+ Enable Password Attribute
The WAAS software CLI EXEC mode is used for setting, viewing, and testing system operations. It is divided into two access levels, user and privileged. To access privileged-level EXEC mode, enter the enable EXEC command at the user access level prompt and specify a privileged EXEC password (superuser or admin-equivalent password) when prompted for a password.
In TACACS+ there is an "enable password" feature that allows an administrator to define a different enable password per administrative-level user. If an administrative-level user logs in to the WAAS device with a normal-level user account (privilege level of 0) instead of an administrator or administrator-equivalent user account (privilege level of 15), that user must enter the administrator password to access privileged-level EXEC mode.
WAE> enablePassword:
This caveat applies even if these WAAS users are using TACACS+ for login authentication.
Examples
To query the secondary authentication database if the primary authentication server is unreachable, enter the following command. This feature is referred to as the fail-over server-unreachable feature.
WAE(config)# authentication fail-over server-unreachableIf you enable the fail-over server-unreachable feature on the WAAS device, only two login authentication scheme (a primary and secondary scheme) can be configured on the WAAS device. The WAAS device fails over from the primary authentication scheme to the secondary authentication scheme only if the specified authentication server is unreachable.
To enable authentication privileges using the local, TACACS+, RADIUS, or Windows databases, and to specify the order of the administrative login authentication use the authentication login global configuration command. In the following example, RADIUS is specified as the primary method, TACACS+ as the secondary method, Windows as the third method, and the local database as the fourth method. In this example, four login authentication methods are specified because the fail-over server-unreachable feature is not enabled on the WAAS device.
WAE(config)# authentication login radius enable primaryWAE(config)# authentication login tacacs enable secondaryWAE(config)# authentication login windows-domain enable tertiaryWAE(config)# authentication login local enable quaternary
Note
To enable authorization privileges using the local, TACACS+, RADIUS, or Windows databases, and to specify the order of the administrative login authorization (configuration), use the authentication configuration global configuration command.
Note
We strongly recommend that you set the administrative login authentication and authorization methods in the same order. For example, configure the WAAS device to use RADIUS as the primary login method, TACACS+ as the secondary login method, Windows as the tertiary method, and the local method as the quaternary method for both administrative login authentication and authorization.In the following example, RADIUS is specified as the primary method, TACACS+ as the secondary method, Windows as the third method, and the local database as the fourth method. In this example, four login authorization (configuration) methods are specified because the fail-over server-unreachable feature is not enabled on the WAAS device.
WAE(config)# authentication configuration radius enable primaryWAE(config)# authentication configuration tacacs enable secondaryWAE(config)# authentication configuration windows-domain enable tertiaryWAE(config)# authentication configuration local enable quaternary
Note
The following example shows the resulting output of the show authentication command:
WAE# show authentication userLogin Authentication: Console/Telnet/Ftp/SSH Session----------------------------- ------------------------------local enabled (primary)Windows domain enabledRadius disabledTacacs+ disabledConfiguration Authentication: Console/Telnet/Ftp/SSH Session----------------------------- ------------------------------local enabled (primary)Radius disabledTacacs+ disabled
Note
Related Commands
(config) auto-register
To enable discovery of a Fast Ethernet or Gigabit Ethernet WAE and its automatic registration with the WAAS Central Manager through Dynamic Host Configuration Protocol (DHCP), use the auto-register global configuration command. To disable the authoregisration feature on a WAE, use the no form of this command.
auto-register enable [FastEthernet slot/port | GigabitEthernet slot/port]
Syntax Description
Defaults
Automatic registration using DHCP is enabled on a WAE by default.
Command Modes
global configuration
Device Modesapplication-accelerator
Usage Guidelines
Autoregistration automatically configures network settings and registers WAEs with the WAAS Central Manager. On bootup, devices running WAAS software (with the exception of the WAAS Central Manager itself) automatically discover the WAAS Central Manager and register with it. The administrator does not have to do any manual configuration on the device. Once the WAE is registered, the administrator approves the device and configures it remotely using the WAAS Central Manager GUI.
The auto-register enable command allows a Fast Ethernet or Gigabit Ethernet WAE to discover the hostname of the WAAS Central Manager through DHCP and to automatically register the device with the WAAS Central Manager. Discovery and registration occur at bootup.
To assign a static IP address using the interface GigabitEthernet slot/port command, the automatic registration of devices through DHCP must be disabled by using the no auto-register enable command, because automatic registration through DHCP is enabled by default.
For autoregistration to work, you must have a DHCP server that is configured with the hostname of the WAAS Central Manager and that is capable of handling vendor class option 43.
Note
The DHCP server needs to send the vendor class option (option 43) information to the WAAS device in the format for encapsulated vendor-specific options as provided in RFC 2132. The relevant section of RFC 2132, Section 8.4, is reproduced here as follows:
You should encode the encapsulated vendor-specific options field as a sequence of code/length/value fields of syntax identical to that of the DHCP options field with the following exceptions:
1.
2.
3.
In accordance with the RFC standard, the DHCP server needs to send the WAAS Central Manager hostname information in code/length/value format. (Code and length are single octets.) The code for the WAAS Central Manager hostname is 0x01. DHCP server management and configuration are not within the scope of the autoregistration feature.
The WAAS device sends CISCOCDN as the vendor class identifier in option 60 to facilitate device groupings by customers.
Autoregistration DHCP also requires that the following options be present in the DHCP server's offer to be considered valid:
•
•
•
•
•
Interface-level DHCP requires only subnet-mask (option 1) and routers (option 3) for an offer to be considered valid; domain-name (option 15), domain-name-servers (option 6), and host-name (option 12) are optional. All of the above options, with the exception of domain-name-servers (option 6), replace the existing configuration on the system. The domain-name-servers option is added to the existing list of name servers with the restriction of a maximum of eight name servers.
Autoregistration is enabled by default on the first interface of the device. The first interface depends on the WAE model as follows:
•
If you do not have a DHCP server, the device is unable to complete autoregistration and eventually times out. You can disable autoregistration at any time after the device has booted and proceed with manual setup and registration.
Examples
The following example enables autoregistration on GigabitEthernet port 2/0:
WAE(config)# auto-register enable GigabitEthernet 2/0The following example disables autoregistration on all configured interfaces on the WAE:
WAE(config)# no auto-register enableRelated Commands
(config) autosense
To enable autosense on an interface, use the autosense interface configuration command. To disable this function, use the no form of this command.
autosense
Syntax Description
This command has no arguments or keywords.
Defaults
Autosense is enabled by default.
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Usage Guidelines
Cisco router Ethernet interfaces do not negotiate duplex settings. If the WAAS device is connected to a router directly with a crossover cable, the WAAS device interface must be manually set to match the router interface settings. Disable autosense before configuring an Ethernet interface. When autosense is on, manual configurations are overridden. You must reboot the WAAS device to start autosensing.
Examples
The following example disables autosense on Gigabit Ethernet port 1/0:
WAE(config)# interface GigabitEthernet 1/0WAE(config-if)# no autosenseThe following example reenables autosense on Gigabit Ethernet port 1/0:
WAE(config)# interface GigabitEthernet 1/0WAE(config-if)# autosenseWAE(config-if)# exitWAE(config)# exitWAE# reloadRelated Commands
(config) bypass
To configure static bypass lists on a WAE, use the bypass global configuration command. To disable the bypass feature (clear the static bypass lists), use the no form of this command.
bypass static {clientip | any-client} {serverip | any-server}
Syntax Description
Defaults
No default behaviors or values
Command Modes
global configuration
Device Modesapplication-accelerator
Usage Guidelines
Using a static bypass allows traffic flows between a configurable set of clients and file servers to bypass handling by the WAE. By configuring static bypass entries on the Edge WAE, you can control traffic interception without modifying the router configuration. Separately, if so desired, IP access lists may be configured on the router to bypass traffic without first redirecting it to the Edge WAE. Typically, the WCCP accept list defines the group of file servers that are cached (and the file servers that are not). Static bypass can be used in rare cases when you want to prevent WAAS from caching a connection from a certain client to a certain file server (or from a certain client to all file servers).
The bypass static command permits traffic from specified sources to bypass the WAE. Wildcards in either the client or server IP addresses are not supported.
Note
Examples
The following example forces traffic from a specified client to a specified server to bypass the WAE:
WAE(config)# bypass static 10.1.17.1 172.16.7.52The following example forces all traffic destined to a specified server to bypass the WAE:
WAE(config)# bypass static any-client 172.16.7.52The following example forces all traffic from a specified client to any file server to bypass the WAE:
WAE(config)# bypass static 10.1.17.1 any-serverA static list of source and destination addresses helps to isolate instances of problem-causing clients and servers. To display static configuration list items, use the show bypass list command as follows:
WAE# show bypass listClient Server Entry type------ ------ ----------10.1.17.1:0 172.16.7.52:0 static-configany-client:0 172.16.7.52:0 static-config10.1.17.2:0 any-server:0 static-configRelated Commands
(config) cdp
To configure the Cisco Discovery Protocol (CDP) options globally on all WAAS device interfaces, use the cdp command in global configuration mode.
cdp {enable | holdtime seconds | timer seconds}
Syntax Description
Defaults
holdtime: 180 seconds
timer: 60 seconds
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Usage Guidelines
When enabled with the cdp enable command, CDP obtains protocol addresses of neighboring devices and discovers the platform of those devices. It also shows information about the interfaces used by your device. CDP is media- and protocol-independent and runs on Cisco-manufactured equipment.
Use of SNMP with the CDP MIB allows network management applications to learn the device type and the SNMP agent address of neighboring devices and to send SNMP queries to those devices. Cisco Discovery Protocol uses the CISCO-CDP-MIB.
Each device configured for CDP sends periodic messages, known as advertisements, to a multicast address. The cdp timer seconds command specifies the rate at which CDP packets are sent. Each device advertises at least one address at which it can receive SNMP messages. The advertisements also contain Time-To-Live or hold-time information. To set the hold time, use the cdp holdtime seconds command to specify the period of time in seconds that a receiver is to keep CDP packets. Each device also listens to the periodic CDP messages sent by others to learn about neighboring devices.
Examples
In the following example, CDP is first enabled, the hold time is set to 10 seconds for keeping CDP packets, and then the rate at which CDP packets are sent (15 seconds) is set:
WAE(config)# cdp enableWAE(config)# cdp holdtime 10WAE(config)# cdp timer 15Related Commands
(config) central-manager
To specify the WAAS Central Manager's role and port number, use the central-manager global configuration command in central-manager device mode. To specify the IP address or hostname of the WAAS Central Manager with which a WAE is to register, use the central-manager global configuration command in application-accelerator device mode. To negate these actions, use the no form of this command.
central-manager {address {hostname | ip-address} | role {primary | standby} | ui port port-num}
Syntax Description
Note
Defaults
The WAAS Central Manager GUI is preconfigured to use port 8443.
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Usage Guidelines
The central-manager address global configuration command associates a WAE device with the WAAS Central Manager so that the device can be approved as a part of the WAAS network. After the device is configured with the WAAS Central Manager IP address, it presents a self-signed security certificate and other essential information, such as its IP address or hostname, disk space allocation, and so forth, to the WAAS Central Manager.
If you change the WAAS Central Manager GUI port number, the Centralized Management System (CMS) service is automatically restarted on the WAAS Central Manager if the cms service has been enabled on the WAAS Central Manager by entering the cms enable global configuration command on the WAAS Central Manager.
Configuring Devices Inside a NAT
In a WAAS network, there are two methods for a WAAS device that is registered with the WAAS Central Manager (WAEs or a standby WAAS Central Manager) to obtain configuration information from the primary WAAS Central Manager. The primary method is for the device to periodically poll the primary WAAS Central Manager on port 443 to request a configuration update. You cannot configure this port number. The backup method is when the WAAS Central Manager pushes configuration updates to a registered device as soon as possible by issuing a notification to the registered device on port 443. This method allows changes to take effect in a timelier manner. You cannot configure this port number even when the backup method is being used. WAAS networks do not work reliably if devices registered with the WAAS Central Manager are unable to poll the WAAS Central Manager for configuration updates.
All of the above methods become complex in the presence of Network Address Translation (NAT) firewalls. When a WAAS device (WAEs at the edge of the network and the primary or standby WAAS Central Managers) is inside a NAT firewall, those devices that are inside the same NAT use one IP address (the inside local IP address) to access the device, and those devices that are outside the NAT use a different IP address (the inside global IP address) to access the device. A centrally managed device advertises only its inside local IP address to the WAAS Central Manager. All other devices inside the NAT use the inside local IP address to contact the centrally managed device that resides inside the NAT. A device that is not inside the same NAT as the centrally managed device is not able to contact it without special configuration.
If the primary WAAS Central Manager is inside a NAT, you can allow a device outside the NAT to poll it for getUpdate requests by configuring a static translation (inside global IP address) for the WAAS Central Manager's inside local IP address on its NAT, and using this address, rather than the WAAS Central Manager's inside local IP address, in the central-manager address ip-address global configuration command when you register the device to the WAAS Central Manager. If a WAAS device is inside a NAT and the WAAS Central Manager is outside the NAT, you can allow the WAAS device to poll for getUpdate requests by configuring a static translation (inside global IP address) for the WAAS device's inside local address on its NAT and specifying this address in the Use IP Address field under the NAT Configuration heading in the Device Activation window.
Note
Standby WAAS Central Managers
The Cisco WAAS software implements a standby WAAS Central Manager. This process allows you to maintain a copy of the WAAS network configuration. If the primary WAAS Central Manager fails, the standby can be used to replace the primary.
For interoperability, when a standby WAAS Central Manager is used, it must be at the same software version as the primary WAAS Central Manager to maintain the full WAAS Central Manager configuration. Otherwise, the standby WAAS Central Manager detects this status and does not process any configuration updates that it receives from the primary WAAS Central Manager until the problem is corrected.
Note
Switching a WAAS Central Manager from Warm Standby to Primary
If your primary WAAS Central Manager becomes inoperable, you can manually reconfigure one of your warm standby WAAS Central Managers to be the primary WAAS Central Manager. Configure the new role by using the global configuration central-manager role primary command as follows:
WAE# configureWAE(config)# central-manager role primaryThis command changes the role from standby to primary and restarts the management service to recognize the change.
Note
If you switch a warm standby WAAS Central Manager to primary while your primary WAAS Central Manager is still online and active, both WAAS Central Managers detect each other, automatically shut themselves down, and disable management services. The WAAS Central Managers are switched to halted, which is automatically saved in flash memory.
For more information about how to return halted WAAS Central Managers to an online status, see the Cisco Wide Area Application Services Configuration Guide.
Examples
The following example specifies that the WAAS device named waas-cm is to function as the primary WAAS Central Manager for the WAAS network:
waas-cm(config)# central-manager role primaryThe following example specifies the WAE should register with the WAAS Central Manager that has an IP address of 10.1.1.1. This command associates the WAE with the primary WAAS Central Manager so that the WAE can be approved as a part of the WAAS network.
WAE(config)# central-manager address 10.1.1.1The following example configures a new GUI port to access the WAAS Central Manager GUI:
WAE(config)# central-manager ui port 8550The following example configures the WAAS Central Manager as the standby WAAS Central Manager:
WAE(config)# central-manager role standbySwitching CDM to standby will cause all configuration settings made on this CDM to be lost.Please confirm you want to continue [no]?yesRestarting CMS services(config) clock
To set the summer daylight savings time and time zone for display purposes, use the clock global configuration command. To disable this function, use the no form of this command.
clock {summertime timezone {date startday startmonth startyear starthour endday endmonth endyear offset | recurring {1-4 startweekday startmonth starthour endweekday endmonth endhour offset | first startweekday startmonth starthour endweekday endmonth endhour
offset | last startweekday startmonth starthour endweekday endmonth endhour offset}} | timezone {timezone hoursoffset minutesoffset}}Syntax Description
summertime
Configures the summer or daylight savings time.
timezone
Name of the summer time zone.
date
Configures the absolute summer time.
startday
Date (1-31) to start.
startmonth
Month (January through December) to start.
startyear
Year (1993-2032) to start.
starthour
Hour (0-23) to start in hour:minute (hh:mm) format.
endday
Date (1-31) to end.
endmonth
Month (January through December) to end.
endyear
Year (1993-2032) to end.
endhour
Hour (0-23) to end in hour:minute (hh:mm) format.
offset
Minutes offset (see the table below in the "" section) from UTC (0-59).
recurring
Configures the recurring summer time.
1-4
Configures the starting week number 1-4.
first
Configures the summer time to recur beginning the first week of the month.
last
Configures the summer time to recur beginning the last week of the month.
startweekday
Day of the week (Monday-Friday) to start.
startmonth
Month (January-December) to start.
starthour
Hour (0-23) to start in hour:minute (hh:mm) format.
endweekday
Weekday (Monday-Friday) to end.
endmonth
Month (January-December) to end.
endhour
Hour (0-23) to end in hour:minute (hh:mm) format.
offset
Minutes offset (see the table below in the "" section) from UTC (0-59).
timezone
Configures the standard time zone.
timezone
Name of the time zone. (see the table below in the "" section.)
hoursoffset
Hours offset (see the table below in the "" section) from UTC (-23 to +23).
minutesoffset
Minutes offset (see the table below in the "" section) from UTC (0-59).
Defaults
No default behavior or values
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Usage Guidelines
To set and display the local and UTC current time of day without an NTP server, use the clock timezone command with the clock set command. The clock timezone parameter specifies the difference between UTC and local time, which is set with the clock set EXEC command. The UTC and local time are displayed with the show clock detail EXEC command.
Use the clock timezone offset command to specify a time zone, where timezone is the desired time zone entry listed in the table below and 0 0 is the offset (ahead or behind) UTC is in hours and minutes. (UTC was formerly known as Greenwich mean time [GMT]).
WAE(config)# clock timezone timezone 0 0
Note
Examples
The following example specifies the local time zone as Pacific Standard Time with an offset of 8 hours behind UTC:
WAE(config)# clock timezone US/Pacific -8 0The following example negates the time zone setting on the WAAS device:
WAE(config)# no clock timezoneThe following example configures daylight saving time:
WAE(config)# clock summertime US/Pacific date 10 October 2005 23:59 29 April 2006 23:59 60Related Commands
(config) cms
To schedule maintenance and enable the Centralized Management System (CMS) on a WAAS device, use the cms global configuration command. To negate these actions, use the no form of this command.
cms {database maintenance {full {enable | schedule weekday at time} | regular {enable | schedule weekday at time}} | enable | rpc timeout {connection 5-1800 | incoming-wait 10-600 | transfer 10-7200}}
Syntax Description
Defaults
database maintenance regular: enabled
database maintenance full: enabled
connection: 30 seconds for WAAS Central Manager; 180 seconds for a WAE
incoming wait: 30 seconds
transfer: 300 seconds
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Usage Guidelines
Use the cms database maintenance global configuration command to schedule routine full maintenance cleaning (vacuuming) or a regular maintenance reindexing of the embedded database. The full maintenance routine runs only when the disk is more than 90 percent full and only runs once a week. Cleaning the tables returns reusable space to the database system.
The cms enable global configuration command automatically registers the node in the database management tables and enables the CMS process. The no cms enable global configuration command only stops the management services on the WAAS device. Use the cms deregister EXEC command to de-register (remove) a WAAS device from the WAAS network.
Examples
The following example schedules a regular (reindexing) maintenance routine to start every Friday at 11:00 p.m on the WAAS device:
WAE(config)# cms database maintenance regular schedule Fri at 23:00The following example shows how to enable the CMS process on a WAAS device:
WAE(config)# cms enableGenerating new RPC certificate/key pairRestarting RPC servicesCreating database backup file emerg-debug-db-01-25-2006-15-31.dumpRegistering Wide Area Central Manager...Registration complete.Please preserve running configuration using 'copy running-config startup-config'.Otherwise management service will not be started on reload and node will be shown'offline' in Wide Area Central Manager UI.management services enabledRelated Commands
(config) device mode
To configure the device mode for the WAAS device, use the device mode global configuration command. To reset the mode of operation on your WAAS device, use the no form of this command.
device mode {application-accelerator | central-manager}
Syntax Description
Defaults
The default device operation mode is application-accelerator.
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Usage Guidelines
You must deploy the WAAS Central Manager on a dedicated appliance. In the WAAS 4.0 software release, the device mode feature was added, which allows you to deploy a WAAS device as either a WAAS Central Manager or a WAE. Because you must deploy a WAAS Central Manager on a dedicated appliance, a WAAS device can operate in one device mode only: either in central-manager mode or application-accelerator mode.
Note
By default, a WAAS device uses the application-accelerator mode, which makes it operate as a WAE.
To support the new device mode feature, the device mode global configuration command and the show device mode EXEC commands were added in the WAAS 4.0 software release.
The set of WAAS CLI commands that are available vary based on the device mode of the WAAS device.
To enable WAAS network-related applications and services, use the cms enable global configuration command. Use the no form of this command to disable the WAAS network.
By default, a WAAS device uses the application-accelerator mode, which makes it operate as a Wide Area Application Engine (WAE). Before configuring network settings for your WAAS Central Managers using the WAAS CLI, you must change the device mode to the proper device mode.
Examples
To specify central manager as the device mode of a WAAS device, enter the following command from global configuration mode:
WAE(config)# device mode central-managerTo specify application accelerator as the device mode of a WAAS device, enter the following command from global configuration mode:
WAE(config)# device mode application-accelerator
Related Commands
(config) disk
To configure how disk errors are handled and to define a disk error-handling threshold on a WAAS device, use the disk global configuration command. Use the no form of this command to return to the default error-handling threshold.
disk error-handling {reload | remap | threshold number}
Syntax Description
Defaults
error-handling threshold number: 10
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Usage Guidelines
If you have a two-drive system, the RAID software protects the SYSFS from single-drive failures and prevents applications from seeing I/O errors. With this configuration, error handling need not be specified. For all other configurations, error handling should be specified.
To operate properly, the WAAS device must have a disk drive named disk00. The WAAS device must also contain a disk drive that contains the first SYSFS (system file system) partition. The SYSFS partition is used to store log files, including system logs and internal debugging logs. It may also be used to store image files and configuration files on a WAAS device. Disk00 always contains the SYSFS partition. When software RAID is applied, the SYSFS partitions are contained on both disk00 and disk01. In either case, the disk00 disk and the disk that contains the first SYSFS partition are called critical drives and are required for proper operation of the WAAS device.
When a WAE is booted and a critical disk drive is not detected at system startup time, the WAAS device runs at a degraded state. If one of the critical disk drives becomes inoperable at run time, the WAAS device can exhibit symptoms such as the applications malfunctioning or failing, or the WAAS device can stop responding. You must monitor the critical disk drives on a WAAS device and report any disk drive errors to Cisco TAC.
With a WAAS device, a disk device error is defined as any of the following events:
•
•
•
The disk status is recorded in Flash memory (nonvolatile storage). When an error occurs on the disk drive of a WAAS device, a message is written to the system log (syslog) if the SYSFS partition is still intact, and an SNMP trap is generated if SNMP is configured on the WAAS device.
Specifying the Disk Error-Handling Threshold
You can define a disk device error-handling threshold on the WAAS device. If the number of disk device errors reaches the specified threshold, the corresponding disk device is automatically marked as bad. By default, this threshold is set to 10. The device does not stop using the bad disk device immediately; it stops using the bad disk drive after the next reboot.
To change the default threshold, use the disk error-handling threshold global configuration command. Specify 0 if you never want the disk drive to be marked as bad.
If the specified threshold is exceeded, the WAAS device either records this event or reboots. If the bad disk drive is a critical disk drive, and the automatic reload feature (disk error-handling reload command) is enabled, then the WAAS software marks the disk drive as bad, and the WAAS device is automatically reloaded. After the WAAS device is reloaded, a syslog message and an SNMP trap are generated.
By default, the automatic reload feature is disabled on a WAAS device. To enable the automatic reload feature, use the disk error-handling reload global configuration command. After enabling the automatic reload feature, use the no disk error-handling reload global configuration command to disable it.
Examples
In the following example, an administrator configures five disk drive errors for a particular disk drive (for example, disk00) as the maximum number of errors allowed before the disk drive is automatically marked as bad:
WAE(config)# disk error-handling threshold 5Related Commands
(config) end
To exit global configuration mode, use the end global configuration command.
end
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Usage Guidelines
Use the end command to exit global configuration mode after completing any changes to the running configuration. To save new configurations to NVRAM, use the write command.
The Ctrl-Z command also exits global configuration mode.
Examples
The following example shows how to exit global configuration mode on a WAAS device:
WAE(config)# endWAE#Related Commands
(config) exec-timeout
To configure the length of time that an inactive Telnet or SSH session remains open on a WAAS device, use the exec-timeout global configuration command. To revert to the default value, use the no form of this command.
exec-timeout timeout
Syntax Description
Defaults
The default is 15 minutes.
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Usage Guidelines
A Telnet session or Secure Shell (SSH) session with the WAAS device can remain open and inactive for the interval of time specified by the exec-timeout command. When the exec-timeout interval elapses, the WAAS device automatically closes the Telnet or SSH session.
Examples
The following example configures a timeout of 100 minutes:
WAE(config)# exec-timeout 100The following example negates the configured timeout of 100 minutes and reverts to the default value of 15 minutes:
WAE(config)# no exec-timeoutRelated Commands
(config) exit
To terminate global configuration mode and return to the privileged-level EXEC mode, use the exit command.
exit
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
All modes
Device Modesapplication-accelerator
central-manager
Usage Guidelines
This command is equivalent to the Ctrl-Z or the end command.
Examples
The following example terminates global configuration mode and returns to the privileged-level EXEC mode:
WAE(config)# exitWAE#Related Commands
(config) help
To obtain online help for the command-line interface, use the help global configuration command.
help
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC and global configuration
Device Modesapplication-accelerator
central-manager
Usage Guidelines
You can obtain help at any point in a command by entering a question mark (?). If nothing matches, the help list will be empty, and you must back up until entering a ? shows the available options.
Two styles of help are provided:
•
•
Examples
The following example shows the output of the help global configuration command:
WAE# configureWAE(config)# helpHelp may be requested at any point in a command by entering a question mark '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.Two styles of help are provided:1. Full help is available when you are ready to enter a command argument.2. Partial help is provided when an abbreviated argument is entered.The following example shows how to use full help to see what WCCP command arguments are available:
WAE# configureWAE(config)# wccp ?access-list Configure an IP access-list for inbound WCCP encapsulattrafficcifs-cache CIFS cachingflow-redirect Redirect moved flowsrouter-list Router List for use in WCCP servicesshutdown Wccp Shutdown parametersslow-start accept load in slow-start modetcp-promiscuous TCP promiscuous mode serviceversion WCCP Version NumberThe following example shows how to use partial help to determine the syntax of a WCCP argument:
WAE(config)# wccp tcp ?mask Specify mask used for CE assignmentrouter-list-num Router list number(config) hostname
To configure the network hostname on a WAAS device, use the hostname global configuration command. To reset the hostname to the default setting, use the no form of this command.
hostname name
Syntax Description
name
New hostname for the WAAS device; the name is case sensitive. The name may be from 1 to 30 alphanumeric characters.
Defaults
The default hostname is the model number of the WAAS device (for example WAE-511, WAE-611, or WAE-7326).
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Usage Guidelines
Use this command to configure the hostname for the WAAS device. The hostname is used for the command prompts and default configuration filenames. This name is also used for routing, so it conforms to the following rules:
•
•
•
Examples
The following example changes the hostname of the WAAS device to sandbox.
WAE-511(config)# hostname sandboxSandbox(config)#The following example removes the hostname.
Sandbox(config)# no hostnameWAE-511(config)#Related Commands
(config) inetd
To enable FTP and RCP services on a WAAS device, use the inetd enable global configuration command. To disable these same services, use the no form of this command.
inetd enable {ftp | rcp }
Syntax Description
Defaults
FTP is enabled; RCP is disabled.
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Usage Guidelines
Inetd (an Internet daemon pronounced eye net dee) is a program that listens for connection requests or messages for certain ports and starts server programs to perform the services associated with those ports. Use the inetd enable command with the ftp and rcp keywords to enable and disable services on the WAAS device. To disable the service, enter the no form of the inetd enable command. Use the show inetd EXEC command to see whether current inetd sessions are enabled or disabled.
Examples
The following example enables an FTP service session on the WAAS device:
WAE(config)# inetd enable ftpThe following example disables FTP services:
WAE(config)# no inetd enable ftpRelated Commands
(config) interface
To configure a Fibre Channel, Gigabit Ethernet, port-channel, or standby interface, use the interface global configuration command. To disable selected options, restore default values, or enable a shut down interface, use the no form of this command.
interface FibreChannel slot/port [description text | mode {autosense | direct-attached | switched} | speed {1 | 2 | autosense}]
interface GigabitEthernet slot/port [autosense | bandwidth {10 | 100 | 1000} | cdp enable | channel-group {1 | 2} | description text | fullduplex | halfduplex | ip {access-group {acl-num | acl_name} {in | out} | address {ip_address netmask [secondary] | dhcp [client-id id hostname name | hostname name client-id id]}} | mtu mtusize | shutdown | standby grpnumber [priority priority]]
interface PortChannel {1 | 2} [description text | ip {access-group {acl-num | acl_name} {in | out} | address ip-address netmask} | shutdown]
interface Standby grpnumber {description text | errors max-error-number | ip ip_address | no {description text | errors max-error-number | ip ip_address | shutdown}| shutdown}
Syntax Description
FibreChannel
Selects the Fibre Channel interface to configure on the WAAS device.
slot/port
Slot and port number for the selected interface. The slot range is 0-0; the port range is 0-3. The slot number and port number are separated with a forward slash character (/).
description
(Optional) Sets the description for the specified interface.
text
Description for the specified interface. The maximum length of the description text is 240 characters.
mode
(Optional) Sets the Fibre Channel interface operation mode. For more information, see the "(config-if) mode" command.
autosense
Sets the operation mode of the FibreChannel interface to autosense.
direct-attached
Sets the operation mode when the WAAS device is directly connected to a storage array.
switched
Sets the operation mode when the WAAS device is connected to a switch.
speed
(Optional) Sets the Fibre Channel interface speed.
1
Sets the Fibre Channel interface speed to 1 gigabit per second (Gbps).
2
Sets the Fibre Channel interface speed to 2 Gbps.
autosense
(Optional) Sets the Fibre Channel to automatically sense the interface speed.
GigabitEthernet
Selects a Gigabit Ethernet interface to configure.
autosense
(Optional) Sets the GigabitEthernet interface to automatically sense the interface speed.
bandwidth
(Optional) Sets the bandwidth of the specified interface.
10
Sets the bandwidth of the interface to 10 megabits per second (Mbps).
100
Sets the bandwidth of the interface to 100 Mbps.
1000
Sets the bandwidth of the interface to 1000 Mbps. This option is not available on all ports and is the same as autosense.
cdp enable
(Optional) Enables Cisco Discovery Protocol (CDP) on the specified interface.
channel-group
(Optional) Configures the EtherChannel group.
1
Assigns the interface's EtherChannel to group 1.
2
Assigns the interface's EtherChannel to group 2.
fullduplex
(Optional) Sets the interface to full-duplex operation.
halfduplex
(Optional) Sets the interface to half-duplex operation.
dhcp
(Optional) Sets the IP address to that negotiated over Dynamic Host Configuration Protocol (DHCP).
client-id
(Optional) Specifies the client identifier.
id
Client identifier.
hostname
(Optional) Specifies the hostname.
name
Hostname.
mtu
(Optional) Sets the interface Maximum Transmission Unit (MTU) size.
mtusize
MTU size in bytes (68-1500).
standby
(Optional) Sets standby interface configuration commands.
grpnumber
Standby group number (1-4).
priority
(Optional) Sets the priority of an interface for the standby group.
priority
Interface priority for the standby group (0-4294967295).
slot/port
Slot and port number for the selected interface. The slot range is 0-2; the port range is 0-3. The slot number and port number are separated with a forward slash character (/).
PortChannel
Selects the EtherChannel of interfaces to configure.
1
Sets the port-channel interface number to 1.
2
Sets the port-channel interface number to 2.
ip
(Optional) Enables IP configuration commands for the interface.
access-group
Configures access control for IP packets on this interface using access control list (ACL).
acl_num
Numeric identifier that identifies the ACL to apply to the current interface. For standard ACLs, the valid range is 1-99; for extended ACLs, the valid range is 100-199.
acl_name
Alphanumeric identifier of up to 30 characters, beginning with a letter that identifies the ACL to apply to the current interface.
in
Applies the specified ACL to inbound packets on the current interface.
out
Applies the specified ACL to outbound packets on the current interface.
address
Sets the interface IP address.
ip-address
IP address of this interface.
netmask
Netmask of this interface.
secondary
(Optional) Specifies that the configured address is a secondary IP address. If this keyword is omitted, the configured address is the primary IP address.
shutdown
(Optional) Shuts down this interface.
errors max-error-number
Specifies the maximum error number.
ip ip_address
Specifies the IP address of the interface.
Defaults
No default behavior or values
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Usage Guidelines
To configure an interface bandwidth on a WAAS device, use the bandwidth interface configuration command. The bandwidth is specified in megabits per second (Mbps). The 1000 Mbps option is not available on all ports. Using this option automatically enables autosense on the interface. You cannot change the interface speed on a WAE-7320 model that has an optical Gigabit Ethernet interface. Gigabit Ethernet interfaces only run at 1000 Mbps for a WAE-7320. For newer models of the WAAS device (for example, the WAE-611 or WAE-7326) that have a Gigabit Ethernet interface over copper, this restriction does not apply; you can configure these Gigabit Ethernet interfaces to run at 10, 100, or 1000 Mbps. On newer WAAS models, the 1000-Mbps setting implies autosense. For example, you cannot configure the Gigabit Ethernet interface to run at 1000 Mbps and half duplex.
Using the cdp enable command in global configuration mode enables CDP globally on all the interfaces. If you want to control CDP behavior per interface, then use the cdp enable command in interface configuration mode. The interface level control overrides the global control.
To display the interface identifiers (for example, interface GigabitEthernet 1/0), use the show running-config or show startup-config commands. The autosense, bandwidth, fullduplex, halfduplex, ip, and shutdown commands are listed separately in this command reference.
Configuring Multiple Secondary IP Addresses on a Single Physical Interface
Use the interface secondary global configuration command to configure more than one IP address on the same interface. By configuring multiple IP addresses on a single interface, the WAAS device can be present in more than one subnet. This configuration allows you to optimize the response time because the content goes directly from the WAAS device to the requesting client without being redirected through a router. The WAAS device becomes visible to the client because both are configured on the same subnet.
Up to four secondary addresses can be assigned to an interface. These addresses become active only after the primary address is configured. No two interfaces can have the same IP address in the same subnetwork. To set these secondary IP addresses, use the ip address command.
If a WAAS device has one physical interface that has multiple secondary IP addresses assigned to it, the egress traffic uses the source IP address that is chosen by IP routing. If the secondary IP addresses of a WAAS device in the same subnet as the primary IP address, then the egress traffic uses the primary IP address only. In contrast, if the secondary IP addresses are in a different subnet than the primary IP address, then the destination IP address determines which IP address on the WAAS device is used for the egress traffic.
Configuring Interfaces for DHCP
During the initial configuration of a WAAS device, you have the option of configuring a static IP address for the WAAS device or using interface-level DHCP to dynamically assign IP addresses to the interfaces on the WAAS device.
If you do not enable interface-level DHCP on the WAAS device, you must manually specify a static IP address and network mask for the WAAS device. If the WAAS device moves to another location in another part of the network, you must manually enter a new static IP address and network mask for this WAAS device.
An interface can be enabled for DHCP by using the ip address dhcp [client_id | hostname] interface configuration command. The client identifier is an ASCII value. The WAAS device sends its configured client identifier and hostname to the DHCP server when requesting network information. DHCP servers can be configured to identify the client identifier information and the hostname information that the WAAS device is sending and then send back the specific network settings that are assigned to the WAAS device.
Note
Defining Interface Descriptions
You can specify a one-line description for a specific interface on a WAAS device. Use the description text interface configuration command to enter the description for the specific interface. The maximum length of the description text is 240 characters. This feature is supported for the Gigabit Ethernet, Fibre Channel, port-channel, and Standby interfaces.
Note
After you define the description for an interface, use the show EXEC commands to display the defined interface descriptions. Enter the show interface interface type slot/port EXEC command to display the defined description for a specific interface on the WAE.
Fibre Channel Interface
The WAAS software supports Fibre Channel interfaces. Fibre Channel is the chosen technology for interconnecting storage devices and servers in a storage area network (SAN). In a SAN, the storage does not need to be directly attached to the server, and data transfer occurs over a high-throughput, high-availability network. Fibre Channel can operate at speeds of 1 gigabit per second (Gbps) and 2 Gbps.
To detect the presence of Fibre Channel storage, the storage array must be configured to assign storage space for the WAAS device, and the WAAS device must be reloaded before it can detect the storage assignment. To confirm whether or not the WAAS device has detected the storage assignment, use the show disks and the show disks details EXEC commands.
To configure the Fibre Channel interface on the WAAS device, use the interface FibreChannel slot/port command in interface configuration mode.
Port-Channel (EtherChannel) Interface
EtherChannel for the WAAS software supports the grouping of up to four same-speed network interfaces into one virtual interface. This grouping allows the setting or removing of a virtual interface that consists of two, three, or two Gigabit Ethernet interfaces. EtherChannel also provides interoperability with Cisco routers, switches, and other networking devices or hosts supporting EtherChannel, load balancing, and automatic failure detection and recovery based on each interface's current link status.
You can use either the Gigabit Ethernet ports to form an EtherChannel; however, an EtherChannel cannot contain both Gigabit Ethernet interfaces. A physical interface can be added to an EtherChannel subject to the device configuration.
Examples
The following example configures an attribute of an interface with a single CLI command:
WAE(config)# interface GigabitEthernet 1/0 half-duplexThe following example shows that an interface can be configured in a sequence of CLI commands:
WAE(config)# interface GigabitEthernet 1/0WAE(config-if)# half-duplexWAE(config-if)# exitWAE(config)#The following example enables a shut down interface:
WAE(config)# no interface GigabitEthernet 1/0 shutdownThe following example creates an EtherChannel. The port channel is port channel 2 and is assigned an IP address of 10.10.10.10 and a netmask of 255.0.0.0:
WAE# configureWAE(config)# interface PortChannel 2WAE(config-if)# ip address 10.10.10.10 255.0.0.0WAE(config-if)# exitThe following example removes an EtherChannel:
WAE(config)# interface PortChannel 2WAE(config-if)# no ip address 10.10.10.10 255.0.0.0WAE(config-if)# exitWAE(config)# no interface PortChannel 2The following example adds an interface to a channel group:
WAE# configureWAE(config)# interface GigabitEthernet 1/0WAE(config-if)# channel-group 2WAE(config-if)# exitThe following example removes an interface from a channel group:
WAE(config)# interface GigabitEthernet 1/0WAE(config-if)# no channel-group 2WAE(config-if)# exitThe following example assigns a secondary IP address on a Gigabit Ethernet interface on a WAAS device using the ip address configuration interface command:
WAE# configureWAE(config)# interface GigabitEthernet 1/0WAE(config-if)# ip address 10.10.10.10 255.0.0.0 secondaryThe following example configures a description for a Gigabit Ethernet interface:
WAE(config)# interface GigabitEthernet 1/0WAE(config-if)# description This is a GigabitEthernet interface.The following example shows a sample output of the show running-config EXEC command:
WAE# show running-config...interface GigabitEthernet 1/0description This is an interface to the WANip address dhcpip address 192.168.1.200 255.255.255.0no autosensebandwidth 100full-duplexexit...The following example shows the sample output of the show interface command:
WAE# show interface GigabitEthernet 1/0Description: This is the interface to the labtype: Ethernet...Related Commands
(config) ip
To change initial network device configuration settings, use the ip global configuration command. The dscp option allows you to set the global Type of Service (ToS) or differentiated services code point (DSCP) values in IP packets. To delete or disable these settings, use the no form of this command.
ip default-gateway ip-address
ip domain-name name1 name2 name3
ip dscp {client {cache-hit {match-server | set-dscp dscp-packets | set-tos tos-packets} | cache-miss {match-server | set-dscp dscp-packets | set-tos tos-packets}} | server {match-client | set-dscp dscp-packets | set-tos tos-packets}}
ip name-server ip-addresses
ip path-mtu-discovery enable
ip route dest_addrs net_addrs gateway_addrs
Syntax Description
default-gateway
Specifies the default gateway (if not routing IP).
ip-address
IP address of the default gateway.
domain-name
Specifies domain names.
name1 through name3
Domain name (up to three can be specified).
dscp
Configures IP differentiated services code point (DSCP) and Type of Service (ToS) fields.
client
Configures DSCP for responses to the client.
cache-hit
Configures the cache hit responses to the client.
cache-miss
Configures the cache miss responses to the client.
match-server
Uses the original ToS/DSCP value of the server.
set-dscp
Configures differentiated services code point (DSCP) values.
dscp-packets
DSCP values; see the table of DSCP packet values listed in the "Differentiated Services" section for valid values.
set-tos
Configures Type of Service (ToS).
tos-packets
ToS value; see the table of TOS packet values listed in the "How the IP Precedence Bits Are Used to Classify Packets" section for valid values.
server
Configures DSCP for outgoing requests.
match-client
Uses the original ToS/DSP value of the client.
name-server
Specifies the address of the name server.
ip-addresses
IP addresses of the name servers (up to a maximum of eight).
path-mtu-discovery
Configures RFC 1191 Path Maximum Transmission Unit (MTU) discovery.
enable
Enables Path MTU discovery.
route
Specifies the net route.
dest_addrs
Destination route address.
net_addrs
Netmask address.
gateway_addrs
Gateway address.
Defaults
No default behavior or values
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Usage Guidelines
To define a default gateway, use the ip default-gateway command. Only one default gateway can be configured. To remove the IP default gateway, use the no form of this command. The WAAS device uses the default gateway to route IP packets when there is no specific route found to the destination.
To define a default domain name, use the ip domain-name command. To remove the IP default domain name, use the no form of this command. Up to three domain names can be entered. If a request arrives without a domain name appended in its hostname, the proxy tries to resolve the hostname by appending name1, name2, and name3 in that order until one of these names succeeds.
The WAAS device appends the configured domain name to any IP hostname that does not contain a domain name. The appended name is resolved by the DNS server and then added to the host table. The WAAS device must have at least one domain name server specified for hostname resolution to work correctly.
To specify the address of one or more name servers to use for name and address resolution, use the ip name-server ip-addresses command. To disable IP name servers, use the no form of this command. For proper resolution of the hostname to the IP address or the IP address to the hostname, the WAAS device uses DNS servers. Use the ip name-server command to point the WAAS device to a specific DNS server. You can configure up to eight servers.
Path MTU autodiscovery discovers the MTU and automatically sets the correct value. Use the ip path-mtu-discovery enable command to start this autodiscovery utility. By default, this feature is enabled. When this feature is disabled, the sending device uses a packet size that is smaller than 576 bytes and the next hop MTU. Existing connections are not affected when this feature is turned on or off.
The WAAS software supports IP Path MTU Discovery, as defined in RFC 1191. When enabled, Path MTU Discovery discovers the largest IP packet size allowable between the various links along the forwarding path and automatically sets the correct value for the packet size. By using the largest MTU that the links will bear, the sending device can minimize the number of packets that it must send.
Note
IP Path MTU Discovery is initiated by the sending device. If a server does not support IP Path MTU Discovery, the receiving device will have no mechanism available to avoid fragmenting datagrams generated by the server.
Use the ip route command to add a specific static route for a network or host. Any IP packet designated for the specified destination uses the configured route.
To configure static IP routing, use the ip route command. To remove the route, use the no form of this command. Do not use the ip route 0.0.0.0 0.0.0.0 command to configure the default gateway; use the ip default-gateway command instead.
In the WAAS network, you can configure WAAS device for the type of service (ToS) or differentiated services code point (DSCP) using the ip dscp command.
Differentiated Services
The differentiated services (DiffServ) architecture is based on a simple model where traffic entering a network is classified and possibly conditioned at the boundaries of the network. The class of traffic is then identified with a differentiated services (DS) code point or bit marking in the IP header. Within the core of the network, packets are forwarded according to the per-hop behavior associated with the DS code point.
To set the global ToS or DSCP values for the IP header from the CLI, use the ip dscp command.
DiffServ describes a set of end-to-end QoS (quality of service) capabilities. End-to-end QoS is the ability of the network to deliver service required by specific network traffic from one end of the network to another. QoS in the WAAS software supports differentiated services.
With differentiated services, the network tries to deliver a particular kind of service based on the QoS specified by each packet. This specification can occur in different ways, for example, using the 6-bit DSCP setting in IP packets or source and destination addresses. The network uses the QoS specification to classify, mark, shape, and police traffic, and to perform intelligent queueing.
Differentiated services is used for several mission-critical applications and for providing end-to-end QoS. Typically, differentiated services is appropriate for aggregate flows because it performs a relatively coarse level of traffic classification.
Use the ip dscp {client | server} {cache-hit | cache-miss} set-dscp dscp-packets command to set the DSCP values for the IP header. Valid values for dscp-packets are listed in the following table.
0-63
Sets DSCP values.
af11
Sets packets with AF11 DSCP (001010).
af12
Sets packets with AF12 DSCP (001100).
af13
Sets packets with AF13 DSCP (001110).
af21
Sets packets with AF21 DSCP (010010).
af22
Sets packets with AF22 DSCP (010100).
af23
Sets packets with AF23 DSCP (010110).
af31
Sets packets with AF31 DSCP (011010).
af32
Sets packets with AF32 DSCP (011100).
af33
Sets packets with AF33 DSCP (011110).
af41
Sets packets with AF41 DSCP (100010).
af42
Sets packets with AF42 DSCP (100100).
af43
Sets packets with AF43 DSCP (100110).
cs1
Sets packets with CS1 (precedence 1) DSCP (001000).
cs2
Sets packets with CS2 (precedence 2) DSCP (010000).
cs3
Sets packets with CS3 (precedence 3) DSCP (011000).
cs4
Sets packets with CS4 (precedence 4) DSCP (100000).
cs5
Sets packets with CS5 (precedence 5) DSCP (101000).
cs6
Sets packets with CS6 (precedence 6) DSCP (110000).
cs7
Sets packets with CS7 (precedence 7) DSCP (111000).
default
Sets packets with the default DSCP (000000).
ef
Sets packets with EF DSCP (101110).
1 The number in parentheses denotes the DSCP value for each per-hop behavior keyword.
DS Field Definition
A replacement header field, called the DS field, is defined by differentiated services. The DS field supersedes the existing definitions of the IPv4 ToS octet (RFC 791) and the IPv6 traffic class octet. Six bits of the DS field are used as the DSCP to select the Per Hop Behavior (PHB) at each interface. A currently unused (CU) 2-bit field is reserved for explicit congestion notification (ECN). The value of the CU bits is ignored by DS-compliant interfaces when determining the PHB to apply to a received packet.
Per-Hop Behaviors
RFC 2475 defines PHB as the externally observable forwarding behavior applied at a DiffServ-compliant node to a DiffServ Behavior Aggregate (BA).
With the ability of the system to mark packets according to the DSCP setting, collections of packets that have the same DSCP setting and that are sent in a particular direction can be grouped into a BA. Packets from multiple sources or applications can belong to the same BA.
A PHB refers to the packet scheduling, queueing, policing, or shaping behavior of a node on any given packet belonging to a BA, as configured by a service level agreement (SLA) or a policy map.
There are four available standard PHBs as follows:
•
•
•
•
The following sections describe the PHBs.
Default PHB
The default PHB specifies that a packet marked with a DSCP value of 000000 (recommended) receives the traditional best-effort service from a DS-compliant node (a network node that complies with all of the core DiffServ requirements). Also, if a packet arrives at a DS-compliant node, and the DSCP value is not mapped to any other PHB, the packet gets mapped to the default PHB.
Class-Selector PHB
To preserve backward compatibility with any IP precedence scheme currently in use on the network, DiffServ has defined a DSCP value in the form xxx000, where x is either 0 or 1. These DSCP values are called Class-Selector Code Points. (The DSCP value for a packet with default PHB 000000 is also called the Class-Selector Code Point.)
The PHB associated with a Class-Selector Code Point is a Class-Selector PHB. These Class-Selector PHBs retain most of the forwarding behavior as nodes that implement IP precedence-based classification and forwarding.
For example, packets with a DSCP value of 110000 (the equivalent of the IP precedence-based value of 110) have preferential forwarding treatment (for scheduling, queueing, and so on), as compared to packets with a DSCP value of 100000 (the equivalent of the IP precedence-based value of 100). These Class-Selector PHBs ensure that DS-compliant nodes can coexist with IP precedence-based nodes.
Assured Forwarding PHB
Assured Forwarding PHB is nearly equivalent to Controlled Load Service, which is available in the integrated services model. AFny PHB defines a method by which BAs can be given different forwarding assurances.
For example, network traffic can be divided into the following classes:
•
•
•
The AFny PHB defines four AF classes: AF1, AF2, AF3, and AF4. Each class is assigned a specific amount of buffer space and interface bandwidth according to the SLA with the service provider or policy map.
Within each AF class, you can specify three drop precedence (dP) values: 1, 2, and 3. Assured Forwarding PHB can be expressed as shown in the following example: AFny. In this example, n represents the AF class number (1, 2, or 3) and y represents the dP value (1, 2, or 3) within the AFn class.
In instances of network traffic congestion, if packets in a particular AF class (for example, AF1) need to be dropped, packets in the AF1 class will be dropped according to the following guideline:
dP(AFny) >= dP(AFnz) >= dP(AFnx)
where dP (AFny) is the probability that packets of the AFny class will be dropped and y denotes the dP within an AFn class.
In the following example, packets in the AF13 class will be dropped before packets in the AF12 class, which in turn will be dropped before packets in the AF11 class:
dP(AF13) >= dP (AF12) >= dP(AF11)
The dP method penalizes traffic flows within a particular BA that exceed the assigned bandwidth. Packets on these offending flows could be re-marked by a policy to a higher drop precedence.
An AFx class can be denoted by the DSCP value, xyzab0, where xyz can be 001, 010, 011, or 100, and ab represents the dP value.
The following lists the DSCP value and corresponding dP value for each AF PHB class.
.
Low drop precedence
001010
010010
011010
100010
Medium drop precedence
001100
010100
011100
100100
High drop precedence
001110
010110
011110
100110
Expedited Forwarding PHB
Resource Reservation Protocol (RSVP), a component of the integrated services model, provides a guaranteed bandwidth service. Applications, such as Voice over IP (VoIP), video, and online trading programs, require this type of service. The EF PHB, a key ingredient of DiffServ, supplies this kind of service by providing low loss, low latency, low jitter, and assured bandwidth service.
You can implement EF by using priority queueing (PQ) and rate limiting on the class (or BA). When implemented in a DiffServ network, EF PHB provides a virtual leased line or premium service. For optimal efficiency, however, you should reserve EF PHB for only the most critical applications because, in instances of traffic congestion, it is not feasible to treat all or most traffic as high priority.
EF PHB is suited for applications such as VoIP that require low bandwidth, guaranteed bandwidth, low delay, and low jitter.
IP Precedence for ToS
IP precedence allows you to specify the class of service (CoS) for a packet. You use the three precedence bits in the IPv4 header's type of service (ToS) field for this purpose.
Using the ToS bits, you can define up to six classes of service. Other features configured throughout the network can then use these bits to determine how to treat the packet. These other QoS features can assign appropriate traffic-handling policies including congestion management strategy and bandwidth allocation. For example, although IP precedence is not a queueing method, queueing methods such as weighted fair queueing (WFQ) and Weighted Random Early Detection (WRED) can use the IP precedence setting of the packet to prioritize traffic.
By setting precedence levels on incoming traffic and using them with the WAAS software QoS queueing features, you can create differentiated service. You can use features, such as policy-based routing (PBR) and Committed Access Rate (CAR), to set the precedence based on an extended access list classification. For example, you can assign the precedence based on the application or user or by destination and source subnetwork.
So that each subsequent network element can provide service based on the determined policy, IP precedence is usually deployed as close to the edge of the network or the administrative domain as possible. IP precedence is an edge function that allows core or backbone QoS features, such as WRED, to forward traffic based on CoS. You can also set IP precedence in the host or network client, but this setting can be overridden by the service provisioning policy of the domain within the network.
The following QoS features can use the IP precedence field to determine how traffic is treated:
•
•
•
How the IP Precedence Bits Are Used to Classify Packets
You use the three IP precedence bits in the ToS field of the IP header to specify a CoS assignment for each packet. You can partition traffic into up to six classes—the remaining two classes are reserved for internal network use—and then use policy maps and extended ACLs to define network policies in terms of congestion handling and bandwidth allocation for each class.
Each precedence corresponds to a name. These names, which continue to evolve, are defined in RFC 791. The numbers and their corresponding names, are listed from least to most important.
IP precedence allows you to define your own classification mechanism. For example, you might want to assign the precedence based on an application or an access router. IP precedence bit settings 96 and 112 are reserved for network control information, such as routing updates.
The IP precedence field occupies the three most significant bits of the ToS byte. Only the three IP precedence bits reflect the priority or importance of the packet, not the full value of the ToS byte.
Use the ip dscp {client | server} {cache-hit | cache-miss} set-tos tos-packets command to specify either of the two arguments—IP precedence or ToS byte value—to set the same ToS. You may specify either the ToS byte value or IP precedence; one is required. IP precedence uses the three precedence bits in the ToS field of the IPv4 header to specify the class of service for each packet. The ToS byte in the IP header defines the three high-order bits as IP precedence bits and the five low-order bits as ToS bits. The ToS byte value is written to the five low-order bits (bits 0 to 4) of the ToS byte in the IP header of a packet. The IP precedence value is written to the three high-order bits (bits 5 to 7) of the ToS byte in the IP header of a packet.
The following is a list of precedence names:
•
•
•
•
•
•
•
•
The following is a list of ToS names:
•
•
•
•
•
Valid values for tos-packets are listed in the following table.
0-127
Sets the ToS value.
critical
Sets packets with critical precedence (80).
flash
Sets packets with flash precedence (48).
flash-override
Sets packets with flash override precedence (64).
immediate
Sets packets with immediate precedence (32).
internet
Sets packets with internetwork control precedence (96).
max-reliability
Sets packets with maximum reliable ToS (2).
max-throughput
Sets packets with maximum throughput ToS (4).
min-delay
Sets packets with minimum delay ToS (8).
min-monetary-cost
Sets packets with minimum monetary cost ToS (1).
network
Sets packets with network control precedence (112).
normal
Sets packets with normal ToS (0).
priority
Sets packets with priority precedence (16).
1 The number in parentheses denotes the ToS value for each IP precedence or ToS name setting.
Examples
The following example configures a default gateway for the WAAS device:
WAE(config)# ip default-gateway 192.168.7.18The following example disables the default gateway:
WAE(config)# no ip default-gatewayThe following example configures a static IP route for the WAAS device:
WAE(config)# ip route 172.16.227.128 255.255.255.0 172.16.227.250The following example negates the static IP route:
WAE(config)# no ip route 172.16.227.128 255.255.255.0 172.16.227.250The following example configures a default domain name for the WAAS device:
WAE(config)# ip domain-name cisco.comThe following example negates the default domain name for the WAAS device:
WAE(config)# no ip domain-nameThe following example configures a name server for the WAAS device:
WAE(config)# ip name-server 10.11.12.13The following example disables the name server for the WAAS device:
WAE(config)# no ip name-server 10.11.12.13Related Commands
(config) ip access-list
To create and modify access lists on a WAAS device for controlling access to interfaces or applications, use the ip access-list global configuration commands. To disable an access list, use the no form of the command.
ip access-list {standard | extended} {acl-name | acl-num}
Syntax Description
standard
Enables standard ACL configuration mode. The CLI enters the standard ACL configuration mode in which all subsequent commands apply to the current standard access list. The (config-std-nacl) prompt appears:
WAE(config-std-nacl)#
Refer to the "Standard ACL Configuration Mode Commands" section for details about working with entries in a standard access list and the commands available from the standard ACL configuration mode (config-std-nacl)#.
extended
Enables extended ACL configuration mode. The CLI enters the extended ACL configuration mode in which all subsequent commands apply to the current extended access list. The (config-ext-nacl) prompt appears:
WAE(config-ext-nacl)#Refer to the "Extended ACL Configuration Mode Commands" secttion for details about working with entries in an extended access list and the commands available from the extended ACL configuration mode (config-ext-nacl)#.
acl-name
Access list to which all commands entered from ACL configuration mode apply, using an alphanumeric string of up to 30 characters, beginning with a letter.
acl-num
Access list to which all commands entered from access list configuration mode apply, using a numeric identifier. For standard access lists, the valid range is 1 to 99; for extended access lists, the valid range is 100 to 199.
Defaults
An access list drops all packets unless you configure at least one permit entry.
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Usage Guidelines
Use access lists to control access to specific applications or interfaces on a WAAS device. An access control list consists of one or more condition entries that specify the kind of packets that the WAAS device will drop or accept for further processing. The WAAS device applies each entry in the order in which it occurs in the access list, which by default is the order in which you configured the entry.
The following list contains examples of how IP ACLs can be used in environments that use WAAS devices:
•
•
•
•
Note
Within ACL configuration mode, you can use the editing commands (list, delete, and move) to display the current condition entries, to delete a specific entry, or to change the order in which the entries will be evaluated. To return to global configuration mode, enter exit at the ACL configuration mode prompt.
To create an entry, use a deny or permit keyword and specify the type of packets that you want the WAAS device to drop or to accept for further processing. By default, an access list denies everything because the list is terminated by an implicit deny any entry. Therefore, you must include at least one permit entry to create a valid access list.
After creating an access list, you can include the access list in an access group using the access-group command, which determines how the access list is applied. You can also apply the access list to a specific application using the appropriate command. A reference to an access list that does not exist is the equivalent of a permit any condition statement.
To work with access lists, enter either the ip access-list standard or ip access-list extended global configuration command. Identify the new or existing access list with a name up to 30 characters long beginning with a letter, or with a number. If you use a number to identify a standard access list, it must be between 1 and 99; for an extended access list, use a number from 100 to 199. You must use a standard access list for providing access to the SNMP server or to the TFTP gateway/server. However, you can use either a standard access list or an extended access list for providing access to the WCCP application.
After you identify the access list, the CLI enters the appropriate configuration mode and all subsequent commands apply to the specified access list. The prompt for each configuration mode is shown in the following examples.
WAE(config)# ip access-list standard testWAE(config-std-nacl)# exitWAE(config)# ip access-list extended test2WAE(config-ext-nacl)#Examples
The following commands create an access list on the WAAS device. You create this access list to allow the WAAS device to accept all web traffic that is redirected to it, but limits host administrative access using SSH:
WAE(config)# ip access-list extended exampleWAE(config-ext-nacl)# permit tcp any any eq wwwWAE(config-ext-nacl)# permit tcp host 10.1.1.5 any eq sshWAE(config-ext-nacl)# exitThe following commands activate the access list for an interface:
WAE(config)# interface gigabitethernet 1/0WAE(config-if)# ip access-group example inWAE(config-if)# exitThe following example shows how this configuration appears when you enter the show running-configuration command:
...!interface GigabitEthernet 1/0ip address 10.1.1.50 255.255.0.0ip access-group example inexit. . .ip access-list extended examplepermit tcp any any eq wwwpermit tcp host 10.1.1.5 any eq sshexit. . .Related Commands
(config) kerberos
To authenticate a user that is defined in the Kerberos database, use the kerberos global configuration command. To disable authentication, use the no form of the command.
kerberos {local-realm kerberos-realm | realm {dns-domain | host} kerberos-realm | server kerberos-realm {hostname | ip-address} [port-number]}
Note
Syntax Description
Defaults
kerberos-realm: NULL string
port-number: 88
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Usage Guidelines
All Windows 2000 domains are also Kerberos realms. Because the Windows 2000 domain name is also a DNS domain name, the Kerberos realm name for the Windows 2000 domain name is always in uppercase letters. This capitalization follows the recommendation for using DNS names as realm names in the Kerberos Version 5 protocol document (RFC-1510) and affects only interoperability with other Kerberos-based environments.
The KDC server and all hosts with Kerberos authentication configured must interact within a 5-minute window or authentication will fail. All hosts, especially the KDC, should be running NTP. For information about configuring NTP, see the "(config) ntp" command.
The KDC server and Admin server must have the same IP address. The default port number for both servers is port 88.
The kerberos command modifies the krb5.conf file.
Examples
The following example shows how to configure the WAAS device to authenticate with a specified KDC in a specified Kerberos realm. The configuration is then verified.
WAE(config)# kerberos ?local-realm Set local realm namerealm Add domain to realm mappingserver Add realm to host mappingWAE(config)# kerberos local-realm WAE.ABC.COMWAE(config)# kerberos realm wae.abc.com WAE.ABC.COMWAE(config)# kerberos server wae.abc.com 10.10.192.50WAE(config)# exitWAE# show kerberosKerberos Configuration:-----------------------Local Realm: WAE.ABC.COMDNS suffix: wae.abc.comRealm for DNS suffix: WAE.ABC.COMName of host running KDC for realm:Master KDC: 10.10.192.50Port: 88Related Commands
(config) kernel
To enable access to the kernel debugger (kdb), use the kernel kdb global configuration command. Once enabled, kdb is automatically activated if kernel problems occur, or you can manually activate it from the local console for the WAAS device by pressing the required key sequence. To disable access to the kernel debugger, use the no form of the command.
kernel kdb
Syntax Description
This command has no arguments or keywords.
Defaults
The kernel debugger is disabled by default.
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Usage Guidelines
Once enabled, kdb is automatically activated when kernel problems occur. Once activated, all normal functioning of the WAAS device is suspended until kdb is manually deactivated. The kdb prompt looks like this:
[0]kdb>To deactivate kdb, enter go at the kdb prompt. If kdb was automatically activated because of kernel problems, the system generates a core dump and restarts. If you activated kdb manually for diagnostic purposes, the system resumes normal functioning in whatever state it was when you activated kdb. In either case, if you enter reboot, the system restarts and normal operation resumes.
kdb is disabled by default and you must enter the kernel kdb command in global configuration mode to enable it. If kdb has been previously enabled, you can enter the no kernel kdb global configuration command to disable it. When kdb is enabled, you can activate it manually from the local console by pressing Ctrl-_ followed by Ctrl-B.
The rationale for disabling the kernel debugger is as follows: the WAAS device is often unattended at many sites, and it is desirable for the WAAS device to automatically reboot after generating a core dump instead of requiring user intervention. Disabling the kernel debugger allows automatic recovery.
Examples
The following example enables, and then disables, access to the kernel debugger:
WAE(config)# kernel kdbWAE(config)# no kernel kdb(config) line
To specify terminal line settings, use the line global configuration command. To configure the WAAS device to not check for the carrier detect signal, use the no form of the command.
line console carrier-detect
Syntax Description
console
Configures the console terminal line settings.
carrier-detect
Sets the device to check the carrier detect signal before writing to the console.
Defaults
No default behavior or values
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Examples
The following example sets the WAAS device to check for the carrier detect signal:
WAE(config)# line console carrier-detect(config) logging
To configure system logging, use the logging global configuration command. To disable logging functions, use the no form of this command.
logging {console {enable | priority loglevel} | disk {enable | filename filename | priority loglevel | recycle size} | facility facility | host {hostname | ip-address} [port port_num | priority loglevel | rate-limit message_rate]}
Syntax Description
Defaults
Logging: on
Priority of message for console: warning
Priority of message for disk log file: debug
Priority of message for a host: warning
Log file: /local1/syslog.txt
Log file recycle size: 10,000,000 bytes
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Usage Guidelines
Use the logging command to set specific parameters of the system log file. System logging is always enabled internally. By default, system logging is enabled on a WAAS device. The system log file is located on the SYSFS partition at /local1/syslog.txt. This file contains authentication entries, privilege levels, and administrative details.
WAAS supports filtering multiple syslog messages for a single failed section on SCSI disks and SATA disks.
To configure the WAAS device to send varying levels of event messages to an external syslog host, use the logging host option. Logging can be configured to send various levels of messages to the console using the logging console priority option.
The no logging disk recycle size command sets the file size to the default value. Whenever the current log file size surpasses the recycle size, the log file is rotated. The log file cycles through at most five rotations, and they are saved as [log file name].[1-5] under the same directory as the original log. The rotated log file is the one configured using the logging disk filename command.
Configuring System Logging to Remote Syslog Hosts
You can configure a WAAS device to send varying levels of messages to up to four remote syslog hosts. Use the logging host hostname global configuration command as follows:
WAE(config)# [no] logging host hostname [priority priority-code | port port |rate-limit limit]where:
•
•
Note
•
•
Examples
In the following example, the WAAS device is configured to send messages that have a priority code of "error" (level 3) to the console:
WAE(config)# logging console priority errorIn the following example, the WAAS device is configured to disable sending of messages that have a priority code of "error" (level 3) to the console:
WAE(config)# no logging console errorIn the following example, the WAAS device is configured to send messages that have a priority code of "error" (level 3) to the remote syslog host that has an IP address of 172.31.2.160:
WAE(config)# logging host 172.31.2.160 priority errorRelated Commands
(config) no
To undo a global configuration command or set its defaults, use the no form of a global configuration command.
no command
Syntax Description
Defaults
No default behavior or values
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Usage Guidelines
Use the no command to disable functions or negate a command. If you need to negate a specific argument in a command, such as the default gateway IP address, you must include the specific string in your command, such as no ip default-gateway ip-address.
Examples
The following example the Telnet service is disabled on the WAAS device:
WAE(config)# no telnet enable(config) ntp
To configure the NTP server and to allow the system clock to be synchronized by a time server, use the ntp global configuration command. To disable this function, use the no form of this command.
ntp server {ip-address | hostname} [ip-addresses | hostnames]
Syntax Description
Defaults
The default NTP version number is 3.
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Usage Guidelines
Use this command to synchronize the clock on the WAAS device with the specified NTP server. The ntp server command enables NTP servers for timekeeping purposes and is the only way to synchronize the system clock with a time server in WAAS software.
Examples
The following example specifies the NTP server IP address as the time source for a WAAS device. It also removes this configuration.
WAE(config)# ntp 172.16.22.44WAE(config)# no ntp 172.16.22.44Related Commands
(config) policy-engine application classifier
To create or edit an existing application classifier on a WAE, use the policy-engine application classifier global configuration command. You can use this command to add or modify rules, also known as match conditions, to identify specific types of traffic. You can also use this command to list the classifier's match conditions.
Note
We strongly recommend that you use the WAAS Central Manager GUI to centrally configure application policies for your WAEs. For more information, see the Cisco Wide Area Application Services Configuration Guide.To delete an application classifier or a condition, use the no form of this command.
policy-engine application classifier classifier-name [list |
match {all | dst {host hostname | ip ip_address | port {eq port | range port1 port2}} |
src {host hostname | ip ip_address | port {eq port | range port1 port2}}}]Syntax Description
Command Modes
global configuration
Device Modesapplication-accelerator
Usage Guidelines
Deleting a classifier fails if there are policies using it. When creating a new application classifier or adding an existing application classifier, the WAAS CLI enters into an appropriate submode allowing you to specify one or more conditions. However, if the condition specified matches an already existing condition in the classifier's conditions list, no action is taken. A condition can be deleted by using the no form of this command. When creating a new classifier, you must add at least one condition.
The WAAS software comes with over 150 default application policies that help your WAAS system classify and optimize some of the most common traffic on your network.
For a list of the default applications and classifiers that WAAS will either optimize or pass through based on the policies that come bundled with the system, see the Cisco Wide Area Application Services Configuration Guide.
Before you create a new application policy, we recommend that you review the default policies and modify them as appropriate. It is usually easier to modify an existing policy than to create a new one.
WAAS takes the following actions based on the type of traffic it encounters:
•
•
•
Related Commands
(config) policy-engine application map adaptor EPM
(config) policy-engine application map adaptor WAFS accept
(config) policy-engine application map adaptor WAFS transport
(config) policy-engine application map basic delete
(config) policy-engine application map basic disable
(config) policy-engine application map basic insert
(config) policy-engine application map basic list
(config) policy-engine application map basic move
(config) policy-engine application map basic name
(config) policy-engine application map other optimize DRE
(config) policy-engine application map other optimize full
(config) policy-engine application map other pass-through
(config) policy-engine application name
(config) policy-engine application map adaptor EPM
To configure the application policy with advanced policy map lists of the EndPoint Mapper (EPM) service on a WAE, use the policy-engine application map adaptor EPM global configuration command. To disable the EPM service in the application policy configuration, use the no form of this command.
Note
policy-engine application map adaptor EPM epm-map &{delete line-number |
disable line-number |
insert {first | last | pos line-number} name app-name {All | classifier classifier-name}
{action {optimize {DRE {yes | no} compression {LZ | none}}| full} | pass-through} | disable action {optimize {DRE {yes | no} compression {LZ | none} | full} | pass-through}|
list [from line-number [to line-number] | to line-number [from line-number]] |
move from line-number to line-number |
name app-name {All | classifier classifier-name} {action {optimize {DRE {yes | no} compression {LZ | none}}| full} | pass-through} | disable action {optimize {DRE {yes | no} compression {LZ | none} | full} | pass-through}}Syntax Description
Command Modes
global configuration
Device Modesapplication-accelerator
Usage Guidelines
EndPoint Mapper (EPM) is a service that dynamically allocates server ports to certain applications. Unlike most applications that always use the same port, applications that rely on the EPM service can be assigned a different port at every request.
The WAAS software comes with over 150 default application policies that help your WAAS system classify and optimize some of the most common traffic on your network.
For a list of the default applications and classifiers that WAAS will either optimize or pass through based on the policies that come bundled with the system, see the Cisco Wide Area Application Services Configuration Guide.
Before you create a new application policy, we recommend that you review the default policies and modify them as appropriate. It is usually easier to modify an existing policy than to create a new one.
WAAS takes the following actions based on the type of traffic it encounters:
•
•
•
Related Commands
(config) policy-engine application classifier
(config) policy-engine application map adaptor WAFS accept
(config) policy-engine application map adaptor WAFS transport
(config) policy-engine application map basic delete
(config) policy-engine application map basic disable
(config) policy-engine application map basic insert
(config) policy-engine application map basic list
(config) policy-engine application map basic move
(config) policy-engine application map basic name
(config) policy-engine application map other optimize DRE
(config) policy-engine application map other optimize full
(config) policy-engine application map adaptor WAFS accept
Use the policy-engine application map adaptor WAFS accept global configuration command to configure application policies with the Wide Area File Services (WAFS) accept option. This option allows you to change the default behavior so the Edge WAE takes another action (such as optimize) for accepted CIFS traffic. To disable the WAFS accept option, use the no form of this command.
policy-engine application map adaptor WAFS accept {delete line-number | disable line-number |
insert {{first | last} name app-name | pos line-number} | list [from line-number |
to line-number] | move from line-number | name app-name
Note
We strongly recommend that you use the WAAS Central Manager GUI to centrally configure application policies for your WAEs. For more information, see the Cisco Wide Area Application Services Configuration Guide.Syntax Description
Command Modes
global configuration
Device Modesapplication-accelerator
Usage Guidelines
The WAAS software comes with over 150 default application policies that help your WAAS system classify and optimize some of the most common traffic on your network.
For a list of the default applications and classifiers that WAAS will either optimize or pass through based on the policies that come bundled with the system, see the Cisco Wide Area Application Services Configuration Guide.
Before you create a new application policy, we recommend that you review the default policies and modify them as appropriate. It is usually easier to modify an existing policy than to create a new one.
WAAS takes the following actions based on the type of traffic it encounters:
•
•
•
Related Commands
(config) policy-engine application classifier
(config) policy-engine application map adaptor EPM
(config) policy-engine application map adaptor WAFS transport
(config) policy-engine application map basic delete
(config) policy-engine application map basic disable
(config) policy-engine application map basic insert
(config) policy-engine application map basic list
(config) policy-engine application map basic move
(config) policy-engine application map basic name
(config) policy-engine application map other optimize DRE
(config) policy-engine application map other optimize full
(config) policy-engine application map other pass-through
(config) policy-engine application name
(config) policy-engine application map adaptor WAFS transport
To configure application policies with the Wide Area File Services (WAFS) transport option, use the policy-engine application map adaptor WAFS transport global configuration command. To disable the WAFS transport policy map in the application policy configuration, use the no form of this command.
policy-engine application map adaptor WAFS transport {delete line-number | disable line-number | insert {{first | last} name app-name | pos line-number} | list [from line-number | to line-number] | move from line-number | name app-name}
Note
Syntax Description
Command Modes
global configuration
Device Modesapplication-accelerator
Usage Guidelines
By default, when you enable WAFS, all CIFS traffic going between an Edge WAE and a core cluster is accelerated. Use this command to specify another action (such as optimize) for CIFS traffic traveling between edge and core devices.
The WAAS software comes with over 150 default application policies that help your WAAS system classify and optimize some of the most common traffic on your network.
For a list of the default applications and classifiers that WAAS will either optimize or pass through based on the policies that come bundled with the system, see the Cisco Wide Area Application Services Configuration Guide.
Before you create a new application policy, we recommend that you review the default policies and modify them as appropriate. It is usually easier to modify an existing policy than to create a new one.
WAAS takes the following actions based on the type of traffic it encounters:
•
•
•
Related Commands
(config) policy-engine application classifier
(config) policy-engine application map adaptor EPM
(config) policy-engine application map adaptor WAFS accept
(config) policy-engine application map basic delete
(config) policy-engine application map basic disable
(config) policy-engine application map basic insert
(config) policy-engine application map basic list
(config) policy-engine application map basic move
(config) policy-engine application map basic name
(config) policy-engine application map other optimize DRE
(config) policy-engine application map other optimize full
(config) policy-engine application map other pass-through
(config) policy-engine application name
(config) policy-engine application map basic delete
To delete a specific basic (static) application policy map from the list of application policy maps on a WAE, use the policy-engine application map basic delete global configuration command.
policy-engine application map basic delete pos
Note
We strongly recommend that you use the WAAS Central Manager GUI to centrally configure application policies for your WAEs. For more information, see the Cisco Wide Area Application Services Configuration Guide.Syntax Description
Command Modes
global configuration
Device Modesapplication-accelerator
Usage Guidelines
This command is ignored if the line number specified does not represent a current policy map.
The WAAS software comes with over 150 default application policies that help your WAAS system classify and optimize some of the most common traffic on your network.
For a list of the default applications and classifiers that WAAS will either optimize or pass through based on the policies that come bundled with the system, see the Cisco Wide Area Application Services Configuration Guide.
Before you create a new application policy, we recommend that you review the default policies and modify them as appropriate. It is usually easier to modify an existing policy than to create a new one.
WAAS takes the following actions based on the type of traffic it encounters:
•
•
•
Related Commands
(config) policy-engine application classifier
(config) policy-engine application map adaptor EPM
(config) policy-engine application map adaptor WAFS accept
(config) policy-engine application map adaptor WAFS transport
(config) policy-engine application map basic disable
(config) policy-engine application map basic insert
(config) policy-engine application map basic list
(config) policy-engine application map basic move
(config) policy-engine application map basic name
(config) policy-engine application map other optimize DRE
(config) policy-engine application map other optimize full
(config) policy-engine application map other pass-through
(config) policy-engine application name
(config) policy-engine application map basic disable
To disable a specific basic (static) application policy map from the list of application policy maps on a WAE, use the policy-engine application map basic disable global configuration command.
policy-engine application map basic disable pos
Note
Syntax Description
Command Modes
global configuration
Device Modesapplication-accelerator
Usage Guidelines
This command is ignored if the line number specified does not represent a current policy map.
The WAAS software comes with over 150 default application policies that help your WAAS system classify and optimize some of the most common traffic on your network.
For a list of the default applications and classifiers that WAAS will either optimize or pass through based on the policies that come bundled with the system, see the Cisco Wide Area Application Services Configuration Guide.
Before you create a new application policy, we recommend that you review the default policies and modify them as appropriate. It is usually easier to modify an existing policy than to create a new one.
WAAS takes the following actions based on the type of traffic it encounters:
•
•
•
Related Commands
(config) policy-engine application classifier
(config) policy-engine application map adaptor EPM
(config) policy-engine application map adaptor WAFS accept
(config) policy-engine application map adaptor WAFS transport
(config) policy-engine application map basic delete
(config) policy-engine application map basic insert
To insert a new basic (static) application policy map to the list of application policy maps on a WAE, use the policy-engine application map basic insert global configuration command.
policy-engine application map basic insert {first | last | pos pos} name app-name
Note
Syntax Description
Command Modes
global configuration
Device Modesapplication-accelerator
Usage Guidelines
The WAAS software comes with over 150 default application policies that help your WAAS system classify and optimize some of the most common traffic on your network.
For a list of the default applications and classifiers that WAAS will either optimize or pass through based on the policies that come bundled with the system, see the Cisco Wide Area Application Services Configuration Guide.
Before you create a new application policy, we recommend that you review the default policies and modify them as appropriate. It is usually easier to modify an existing policy than to create a new one.
WAAS takes the following actions based on the type of traffic it encounters:
•
•
•
Related Commands
(config) policy-engine application classifier
(config) policy-engine application map adaptor EPM
(config) policy-engine application map adaptor WAFS accept
(config) policy-engine application map adaptor WAFS transport
(config) policy-engine application map basic delete
(config) policy-engine application map basic disable
(config) policy-engine application map basic list
(config) policy-engine application map basic move
(config) policy-engine application map basic name
(config) policy-engine application map other optimize DRE
(config) policy-engine application map other optimize full
(config) policy-engine application map other pass-through
(config) policy-engine application name
(config) policy-engine application map basic list
To display a list of basic (static) application policy maps on a WAE, use the policy-engine application map basic list global configuration command.
policy-engine application map basic list [from pos [to pos] | to pos]
Note
Syntax Description
from
Starts the listing from the specified position.
to
Stops the listing at the specified position.
pos
The line number indicating the exact position of a policy map in the list.
Command Modes
global configuration
Device Modesapplication-accelerator
Usage Guidelines
The WAAS software comes with over 150 default application policies that help your WAAS system classify and optimize some of the most common traffic on your network.
For a list of the default applications and classifiers that WAAS will either optimize or pass through based on the policies that come bundled with the system, see the Cisco Wide Area Application Services Configuration Guide.
Before you create a new application policy, we recommend that you review the default policies and modify them as appropriate. It is usually easier to modify an existing policy than to create a new one.
WAAS takes the following actions based on the type of traffic it encounters:
•
•
•
Related Commands
(config) policy-engine application classifier
(config) policy-engine application map adaptor EPM
(config) policy-engine application map adaptor WAFS accept
(config) policy-engine application map adaptor WAFS transport
(config) policy-engine application map basic delete
(config) policy-engine application map basic disable
(config) policy-engine application map basic insert
(config) policy-engine application map basic move
(config) policy-engine application map basic name
(config) policy-engine application map other optimize DRE
(config) policy-engine application map other optimize full
(config) policy-engine application map other pass-through
(config) policy-engine application name
(config) policy-engine application map basic move
To move the application policy with the basic policy map list based on only L3 or L4 parameters on a WAE, use the policy-engine application map basic global configuration command.
policy-engine application map basic move from pos to pos
Note
Syntax Description
from
Moves the policy at the specified line number.
to
Moves the policy to the specified line number.
pos
The line number indicating the exact position of a policy map in the list.
Command Modes
global configuration
Device Modesapplication-accelerator
Usage Guidelines
The WAAS software comes with over 150 default application policies that help your WAAS system classify and optimize some of the most common traffic on your network.
For a list of the default applications and classifiers that WAAS will either optimize or pass through based on the policies that come bundled with the system, see the Cisco Wide Area Application Services Configuration Guide.
Before you create a new application policy, we recommend that you review the default policies and modify them as appropriate. It is usually easier to modify an existing policy than to create a new one.
WAAS takes the following actions based on the type of traffic it encounters:
•
•
•
Examples
To move a policy map from line 10 to line 16:
WAE(config)# policy-engine application map basic move from 10 to 16Related Commands
(config) policy-engine application classifier
(config) policy-engine application map adaptor EPM
(config) policy-engine application map adaptor WAFS accept
(config) policy-engine application map adaptor WAFS transport
(config) policy-engine application map basic delete
(config) policy-engine application map basic disable
(config) policy-engine application map basic insert
(config) policy-engine application map basic list
(config) policy-engine application map basic name
(config) policy-engine application map other optimize DRE
(config) policy-engine application map other optimize full
(config) policy-engine application map other pass-through
(config) policy-engine application name
(config) policy-engine application map basic name
To configure the application policy with the basic policy map name, use the policy-engine application map basic name global configuration command.
policy-engine application map basic name app-name classifier classifier-name
policy-engine application map basic name app-name classifier classifier-name {
action {accelerate MS-port-mapper optimize {DRE {yes | no} compression {LZ | none} | full} | optimize {DRE {yes | no} compression {LZ | none} | full} | pass-through} |
disable action {accelerate MS-port-mapper optimize {DRE {yes | no}
compression {LZ | none} | full} | optimize {DRE {yes | no}
compression {LZ | none} | full} | pass-through}}}
Note
Syntax Description
Command Modes
global configuration
Device Modesapplication-accelerator
Usage Guidelines
The WAAS software comes with over 150 default application policies that help your WAAS system classify and optimize some of the most common traffic on your network.
For a list of the default applications and classifiers that WAAS will either optimize or pass through based on the policies that come bundled with the system, see the Cisco Wide Area Application Services Configuration Guide.
Before you create a new application policy, we recommend that you review the default policies and modify them as appropriate. It is usually easier to modify an existing policy than to create a new one.
WAAS takes the following actions based on the type of traffic it encounters:
•
•
•
Related Commands
(config) policy-engine application classifier
(config) policy-engine application map adaptor EPM
(config) policy-engine application map adaptor WAFS accept
(config) policy-engine application map adaptor WAFS transport
(config) policy-engine application map basic delete
(config) policy-engine application map basic disable
(config) policy-engine application map basic insert
(config) policy-engine application map basic list
(config) policy-engine application map basic move
(config) policy-engine application map other optimize DRE
(config) policy-engine application map other optimize full
(config) policy-engine application map other pass-through
(config) policy-engine application name
(config) policy-engine application map other optimize DRE
To configure the optimize DRE action on non-classified traffic on a WAE, use the policy-engine application map other optimize DRE global configuration command.
policy-engine application map other optimize DRE {yes | no} compression {LZ | none}
Note
Syntax Description
Command Modes
global configuration
Device Modesapplication-accelerator
Usage Guidelines
The WAAS software comes with over 150 default application policies that help your WAAS system classify and optimize some of the most common traffic on your network.
For a list of the default applications and classifiers that WAAS will either optimize or pass through based on the policies that come bundled with the system, see the Cisco Wide Area Application Services Configuration Guide.
Before you create a new application policy, we recommend that you review the default policies and modify them as appropriate. It is usually easier to modify an existing policy than to create a new one.
WAAS takes the following actions based on the type of traffic it encounters:
•
•
•
Examples
To configure the optimize DRE action on non-classified traffic with no compression:
WAE(config)# policy-engine application map other optimize DRE yes compression noneRelated Commands
(config) policy-engine application classifier
(config) policy-engine application map adaptor EPM
(config) policy-engine application map adaptor WAFS accept
(config) policy-engine application map adaptor WAFS transport
(config) policy-engine application map basic delete
(config) policy-engine application map basic disable
(config) policy-engine application map basic insert
(config) policy-engine application map basic list
(config) policy-engine application map basic move
(config) policy-engine application map basic name
(config) policy-engine application map other optimize full
(config) policy-engine application map other pass-through
(config) policy-engine application name
(config) policy-engine application map other optimize full
To configure the application policy on non-classified traffic with the optimize full action, use the policy-engine application map other optimize full global configuration command.
policy-engine application map other optimize full
Note
Command Modes
global configuration
Device Modesapplication-accelerator
Usage Guidelines
The WAAS software comes with over 150 default application policies that help your WAAS system classify and optimize some of the most common traffic on your network.
For a list of the default applications and classifiers that WAAS will either optimize or pass through based on the policies that come bundled with the system, see the Cisco Wide Area Application Services Configuration Guide.
Before you create a new application policy, we recommend that you review the default policies and modify them as appropriate. It is usually easier to modify an existing policy than to create a new one.
WAAS takes the following actions based on the type of traffic it encounters:
•
•
•
Related Commands
(config) policy-engine application classifier
(config) policy-engine application map adaptor EPM
(config) policy-engine application map adaptor WAFS accept
(config) policy-engine application map adaptor WAFS transport
(config) policy-engine application map basic delete
(config) policy-engine application map other optimize DRE
(config) policy-engine application map other pass-through
(config) policy-engine application name
(config) policy-engine application map other pass-through
To configure the application policy on non-classified traffic with the pass-through action on a WAE, use the policy-engine application map other pass-through global configuration command.
policy-engine application map other pass-through
Note
Command Modes
global configuration
Device Modesapplication-accelerator
Usage Guidelines
The WAAS software comes with over 150 default application policies that help your WAAS system classify and optimize some of the most common traffic on your network.
For a list of the default applications and classifiers that WAAS will either optimize or pass through based on the policies that come bundled with the system, see the Cisco Wide Area Application Services Configuration Guide.
Before you create a new application policy, we recommend that you review the default policies and modify them as appropriate. It is usually easier to modify an existing policy than to create a new one.
WAAS takes the following actions based on the type of traffic it encounters:
•
•
•
Related Commands
(config) policy-engine application map basic delete
(config) policy-engine application map basic disable
(config) policy-engine application map basic insert
(config) policy-engine application map basic list
(config) policy-engine application map basic move
(config) policy-engine application map basic name
(config) policy-engine application map basic name
(config) policy-engine application map other optimize full
(config) policy-engine application name
To create a new application definition that specifies general information about an application on a WAE, use the policy-engine application name global configuration command. To delete the application definition, use the no form of this command.
policy-engine application name app-name
Note
Syntax Description
app-name
The application name (up to 30 characters). The name cannot contain spaces or special characters.
Command Modes
global configuration
Device Modesapplication-accelerator
Usage Guidelines
This command allows you to create a new application name that can be used later to gather statistics about an application. Deleting an application name fails if there are policies using this name. Successful deletion clears all statistics that were once associated with this application.
Note
The WAAS software comes with over 150 default application policies that help your WAAS system classify and optimize some of the most common traffic on your network.
For a list of the default applications and classifiers that WAAS will either optimize or pass through based on the policies that come bundled with the system, see the Cisco Wide Area Application Services Configuration Guide.
Before you create a new application policy, we recommend that you review the default policies and modify them as appropriate. It is usually easier to modify an existing policy than to create a new one.
WAAS takes the following actions based on the type of traffic it encounters:
•
•
•
Examples
To create an application definition for the Payroll application, enter this command:
WAE(config)# policy-engine application name PayrollRelated Commands
(config) policy-engine application classifier
(config) policy-engine application map adaptor EPM
(config) policy-engine application map adaptor WAFS accept
(config) policy-engine application map adaptor WAFS transport
(config) policy-engine application map basic delete
(config) policy-engine application map basic disable
(config) policy-engine application map basic insert
(config) policy-engine application map basic list
(config) policy-engine application map basic move
(config) policy-engine application map basic name
(config) policy-engine application map basic name
(config) policy-engine application map other optimize DRE
(config) policy-engine application map other optimize full
(config) policy-engine application map other pass-through
(config) policy-engine config
To replace application policy configurations with factory defaults (including the application names, classifiers, and policy maps) on a WAE, use the policy-engine config restore-predefined global configuration command. To remove the application policy configurations all together and reset other changed configuration, use the policy-engine config remove-all global configuration command. This action includes but is not limited to the following:
•
•
•
•
policy-engine config restore-predefined
policy-engine config remove-all
Note
Command Modes
global configuration
Device Modesapplication-accelerator
Usage Guidelines
The WAAS software comes with over 150 default application policies that help your WAAS system classify and optimize some of the most common traffic on your network.
For a list of the default applications and classifiers that WAAS will either optimize or pass through based on the policies that come bundled with the system, see the Cisco Wide Area Application Services Configuration Guide.
Before you create a new application policy, we recommend that you review the default policies and modify them as appropriate. It is usually easier to modify an existing policy than to create a new one.
WAAS takes the following actions based on the type of traffic it encounters:
•
•
•
Related Commands
(config) port-channel
To configure the port channel load-balancing options on a WAAS device, use the port-channel global configuration command. Use the no form of this command to set load balancing on the port channel to its default method.
port-channel load-balance {dst-ip | dst-mac | round-robin}
Syntax Description
Defaults
Round-robin is the default load-balancing method.
Command Modes
global configuration
Device Modesapplication-accelerator
central-manager
Usage Guidelines
The port-channel load-balance command configures one of three load-balancing algorithms and provides flexibility in choosing interfaces when an Ethernet frame is sent. The round-robin option allows evenly balanced usage of identical network interfaces in a channel group. Because this command takes effect globally, if two channel groups are configured, they must use the same load-balancing option.
Examples
The following example configures destination IP load balancing on a port channel and then disables it:
WAE(config)# port-channel load-balance dst-ipWAE(config)# no port-channel load-balance(config) primary-interface
To configure the primary interface for a WAAS device, use the primary-interface command in global configuration mode. Use the no form of the command to remove the configured primary interface.
primary-interface {GigabitEthernet 1-2/port | PortChannel 1-2 | Standby group_num}
Syntax Description
