Application Control Engine Module Command Reference (Software Version A1(2))
Probe Configuration Mode Commands
Download this chapter
Probe Configuration Mode CommandsProbe Configuration Mode Commands
Download the complete book
Cisco Application Control Engine Module Command Reference Book-Length PDF (Software Version A1(2))Cisco Application Control Engine Module Command Reference Book-Length PDF (Software Version A1(2)) (PDF - 13 MB)
give_us_feedback

Table Of Contents

Probe Configuration Mode Commands

(config-probe-probe_type) connection term

(config-probe-probe_type) credentials

(config-probe-probe_type) description

(config-probe-probe_type) domain

(config-probe-probe_type) expect address

(config-probe-probe_type) expect regex

(config-probe-probe_type) expect status

(config-probe-probe_type) faildetect

(config-probe-probe_type) hash

(config-probe-probe_type) header

(config-probe-probe_type) interval

(config-probe-probe_type) ip address

(config-probe-probe_type) nas ip address

(config-probe-probe_type) open

(config-probe-probe_type) passdetect

(config-probe-probe_type) port

(config-probe-probe_type) receive

(config-probe-probe_type) request method

(config-probe-probe_type) request method get | head

(config-probe-probe_type) script

(config-probe-probe_type) send-data

(config-probe-probe_type) ssl cipher

(config-probe-probe_type) ssl version


Probe Configuration Mode Commands

Probe configuration mode commands allow you to configure health monitoring on the ACE to track the state of a server by sending out probes. Also referred as out-of-band health monitoring, the ACE verifies the server response or checks for any network problems that can prevent a client to reach a server. Based on the server response, the ACE can place the server in or out of service, and can make reliable load balancing decisions. You can also use health monitoring to detect failures for a gateway or host in high availability configurations. The ACE identifies the health of a server in the following categories:

Passed—The server returns a valid response.

Failed—The server fails to provide a valid response to the ACE is unable to reach a server for a specified number of retries.

The ACE supports 4096 unique probe configurations. The ACE also allows the opening of 1000 sockets simultaneously. The ACE limits the number of scripted probe instances that are simultaneously executed to 200.

You can associate the same probe with multiple real servers or server farms. Each time that you use the same probe again, the ACE counts it as another probe instance. You can allocate a maximum of 16 K probe instances.

To configure probes and access probe configuration mode for that probe type, use the probe command in configuration mode. The CLI prompt changes to (config-probe-probe_type). For information about the commands in all probe configuration mode, see the commands in this section. See the Command Modes section for each command to find out to which probe-type configuration mode applies.

Use the no form of this command to remove a probe from the configuration.

probe probe_type probe_name

no probe probe_type probe_name

Syntax Description

probe_type

The type of probe to configure. The probe type determines what the probe sends to the server. Enter one of the following types:

 

dns—Sends a request to a DNS server giving it a configured domain (by default, the domain is www.cisco.com). To determine if the server is up, the ACE must receive one of the configured IP addresses for that domain.

 

echo {tcp | udp}—Sends a specified string to the server and compares the response with the original string. You must configure the string that needs to be echoed. If the response string matches the original string, the server is marked as passed. If you do not configure a string, the probe behaves like a TCP or UDP probe, respectively.

If the probe uses a TCP connection, use the tcp keyword to configure TCP attributes.

If the probe uses a UDP connection, use the udp keyword to configure UDP attributes.

 

finger—Uses a Finger query to a server for an expected response string. The ACE searches the the response for the configured string. If the ACE finds the expected response string, the server is marked as passed. If you do not configure an expected response string, the ACE ignores the server response.

 

ftp —Establishes a TCP connection to the server and then issues a quit command.

 

http—Establishes a TCP connection and issues an HTTP request to the server for an expected string and status code. The ACE can compare the received response with configured codes, looking for a configured string in the received HTTP page, or verifying hash for the HTTP page. If any of these checks fail, the server is marked as failed.

For example, if you configure an expected string and status code and the ACE finds them both in the server response, the server is marked as passed. However, if the ACE does not receive either the server response string or the expected status code, it marks the server as failed.

If you do not configure a status code, any response code from the server is marked as failed.

 

https—Similar to an HTTP probe except it uses SSL to generate encrypted data.

 

icmp—Sends an ICMP echo request and listens for a response. If a server returns a response, the ACE marks the server as passed. If the server does not send a response causing the probe to time out, or the server sends an unexpected ICMP echo response type, the ACE marks the probe as failed.

 

imap—Makes a server connection and sends user credential (login, password, and mailbox) information. The ACE can send a configured command. Based on the server response, the ACE marks the probe as passed or failed.

 

pop—Initiates a session and sends the configured credentials. The ACE can send a configured command. Based on the server response, the ACE marks the probe as passed or failed.

 

radius—Sends a query using a configured username, password and shared secret to a RADIUS server. If the server is up, it is marked as passed. If you configure a Network Access Server (NAS) address, the ACE uses it in the outgoing packet. Otherwise, the ACE uses the IP address associated with the outgoing interface as the NAS address.

 

scripted—Allows you to run a script to execute the probe that you created for health monitoring. In this way, you can author specific scripts with features not present in standard health probes.

 

smtp—Initiates an SMTP session by logging into the server, sends a HELO message, and then disconnects from the server.

 

tcp—Initiates a TCP 3-way handshake (SYN, SYN-ACK, ACK) and expects the server to send a response. By default, a successful response causes the probe to mark the server as passed. Then the probe sends a FIN to end the session. If the response is not valid or if there is no response, the probe marks the server as failed.

 

telnet—Establishes a connection to the server and verifies that a greeting from the application was received.

 

udp—Sends a UDP packet to a server and marks the server as failed only if the server returns an ICMP Port Unreachable message. If the ACE does not receive any ICMP errors for the UDP request that was sent, the probe is marked as passed. Optionally, you can configure this probe to send specific data and expect a specific response to mark the server as passed.

If the IP interface of the server is down or disconnected, the UDP probe by itself would not know that the UDP application is not reachable.

name

The identifier for the probe. You will use the probe name to associate the probe to the server. Enter an unquoted text string with no spaces and a maximum of 64 characters.


Command Modes

Configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

This command requires the probe feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.

Examples

To define a TCP probe named PROBE, and access its mode, enter: 

host1/Admin(config)# probe tcp PROBE1

host1/Admin(config-probe-tcp)#

To delete the TCP probe named PROBE1 for TCP and access its mode, enter: 

host1/Admin(config)# probe tcp PROBE1

Related Commands

clear stats
show probe
show running-config
show stats

(config-probe-probe_type) connection term

By default, the ACE terminates a TCP connection gracefully by sending a FIN to the server. To configure the ACE to terminate a TCP connection by sending a RST, use the connection term command. Use the no form of this command to reset the default behavior of graceful termination.

connection term forced

no connection term forced

Syntax Description

This command has no keywords or arguments.

Command Modes

ECHO TCP, Finger, FTP, HTTP, HTTPS, IMAP, POP, SMTP, TCP, and Telnet probe configuration modes

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

This command applies only to TCP-based probes.

Examples

To terminate a TCP connection by sending a RST for a TCP probe, enter: 

host1/Admin(config-probe-tcp)# connection term forced

To reset the method to terminate a connection gracefully, enter: 

host1/Admin(config-probe-tcp)# no connection term forced

Related Commands

show probe

(config-probe-probe_type) credentials

To configure the credentials for username and password authentication of a probe to access a server, use the credentials command. For a RADIUS probe, a shared secret may also be required. For an IMAP probe, you can provide a mailbox username. Use the no form of this command to remove the credentials from the configuration.

For HTTP, HTTPS, and POP probes:

credentials username [password]

For RADIUS probes:

credentials username password [secret shared_secret]

For IMAP probes:

credentials {username password} | {mailbox name}

For HTTP, HTTPS, IMAP, POP, and RADIUS probes:

no credentials

For IMAP probes:

no credentials username | mailbox

Syntax Description

username

The user identifier used for authentication. Enter an unquoted text string with a maximum of 64 characters.

password

(Optional except for RADIUS and IMAP probes) The password used for authentication. Enter an unquoted text string with a maximum of 64 characters.

mailbox name

(IMAP probe) Specifies the user mailbox name from which to retrieve e-mail for an IMAP probe. Enter an unquoted text string with a maximum of 64 characters.

secret secret

(RADIUS probe) Specifies the password used for the MD5 hash encryption algorithm. Enter an unquoted text string with a maximum of 64 characters.


Command Modes

HTTP, HTTPS, IMAP, POP, and RADIUS probe configuration modes

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

This command has no usage guidelines.

Examples

To configure the username ENG1 and a password TEST for an HTTP probe, enter: 

host1/Admin(config-probe-http)# credentials ENG1 TEST

To delete the credentials for a probe, enter: 

host1/Admin(config-probe-http)# no credentials

Related Commands

show probe

(config-probe-probe_type) description

To provide a description for a probe, use the description command. Use the no form of this command to remove the description for the probe.

description text

no description

Syntax Description

text

Description for the probe. Enter a text string with a maximum of 240 characters.


Command Modes

All probe-type configuration modes

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

This command has no usage guidelines.

Examples

To configure a description THIS PROBE IS FOR TCP SERVERS for a TCP probe, enter: 

host1/Admin(config-probe-tcp)# description THIS PROBE IS FOR TCP SERVERS

To remove the description THIS PROBE IS FOR TCP SERVERS for a TCP probe, enter: 

host1/Admin(config-probe-tcp)# no description

Related Commands

show probe

(config-probe-probe_type) domain

To configure the domain name that the probe sends to the server to resolve, use the domain command. Use the no form of this command to remove the domain.

domain name

no domain

Syntax Description

name

The domain that the probe sends to the DNS server. Enter an unquoted text string with a maximum of 255 characters.


Command Modes

DNS probe configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

The DNS probe sends a domain name for the DNS server to resolve. By default, the probe uses the www.cisco.com domain.

Examples

To configure the domain name of MARKET, enter: 

host1/Admin(config-probe-dns)# domain MARKET

To remove the domain from the configuration, enter: 

host1/Admin(config-probe-dns)# no domain

Related Commands

show probe

(config-probe-probe_type) expect address

To configure one or more IP addresses that the ACE expects as a server response to an DNS request, use the expect address command. The probe matches the received IP address with the configured addresses. Use the no form of this command to remove the expected IP address from the configuration.

expect address ip_address

no expect address ip_address

Syntax Description

ip_address

The IP address expected from the DNS server in response to the DNS probe request for a domain. Enter a unique IPv4 address in dotted-decimal notation (for example, 192.168.12.15).


Command Modes

DNS probe configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

A DNS probe sends a request for a domain to a DNS server. The ACE uses the IP address specified in the expect address command to decide whether to pass or fail the DNS probe for the server based on the server response.

Examples

To configure an expected IP address of 192.168.12.15, enter: 

host1/Admin(config-probe-dns)# expect address 192.168.12.15

To remove an IP address, enter: 

host1/Admin(config-probe-dns)# no expect address 192.168.12.15

Related Commands

show probe

(config-probe-probe_type) expect regex

To configure what the ACE expects as a response from the probe destination server, use the expect regex command. Use the no form of this command to remove the expectation of a response expression.

expect regex string [offset number]

For TCP and UDP probes:

no expect

For Finger, HTTP, and HTTPS probes:

no expect regex

Syntax Description

string

The expected response string from the probe destination. Enter an unquoted text string with no spaces. If the string includes spaces, enclose the string in quotes. The string can be a maximum of 255 characters.

offset number

(Optional) Sets the number of characters into the received message or buffer where to start searching for the defined expression. Enter a number from 1 to 4000.


Command Modes

Finger, HTTP, HTTPS, TCP, and UDP probe configuration modes

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

When you configure a probe to expect a string from a server, it searches the response for a configured string. If the ACE finds the expected string, the server is marked as passed. If you do not configure an expected string, the ACE ignores the server response.

If you configure the expect regex command for TCP probes, you must configure the send-data command. Otherwise, the probe performs a connection open and close without checking the response from the server.

Examples

To configure a TCP probe to expect a response of ack, enter: 

host1/Admin(config-probe-tcp)# expect regex ack

To remove the expectation of a response expression for a TCP probe, enter: 

host1/Admin(config-probe-tcp)# no expect

To remove the expectation of a response expression for an HTTP probe, enter: 

host1/Admin(config-probe-http)# no expect regex

Related Commands

show probe

(config-probe-probe_type) expect status

To configure a single or range of code responses that the ACE expects from the probe destination, use the expect status command. You can specify multiple status code ranges with this command by entering the command with different ranges separately. Use the no form of this command to remove the expected status code or codes from the configuration.

expect status min_number max_number

no expect status min_number max_number

Syntax Description

min_number

A single status code or the lower limit of a range of status codes. Enter an integer from 0 to 999.

max_number

The upper limit of a range of status codes. Enter an integer from 0 to 999. When configuring a single code, reenter the min_number value.


Command Modes

FTP, HTTP, HTTPS, and SMTP probe configuration modes

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

You can specify multiple status code ranges with this command by entering the command with different ranges one at a time. Both the min_number and the max_number values can be any integer between 0 and 999 provided that the max_number is greater than or equal to the min-number. When the min_number and max_number values are the same, the ACE uses a single status code number.

When the ACE receives a response from the server, it expects a status code to mark a server as passed. By default, there are no status codes configured on the ACE. If you do not configure a status code, any response code from the server is marked as failed.

Examples

To configure an expected status code of 200 that indicates that the HTTP request was successful, enter: 

host1/Admin(config-probe-http)# expect status 200 200

To configure a range of expected status codes from 200 to 202, enter: 

host1/Admin(config-probe-http)# expect status 200 202

To configure multiple ranges of expected status codes from 200 to 202 and 204 to 205, configure each range separately. Enter: 

host1/Admin(config-probe-http)# expect status 200 202

host1/Admin(config-probe-http)# expect status 204 205

To remove a single expected status code of 200, enter: 

host1/Admin(config-probe-http)# no expect status 200 200

To remove a range of expected status codes, enter the range of 200 to 202, enter: 

host1/Admin(config-probe-http)# no expect status 200 202

To remove multiple ranges of expected status codes, you must remove each range separately. If you have set two different ranges (200 to 202 and 204 to 205), enter: 

host1/Admin(config-probe-http)# no expect status 200 202

host1/Admin(config-probe-http)# no expect status 204 205

Related Commands

show probe

(config-probe-probe_type) faildetect

Before the ACE marks a server as failed, it must detect that probes have failed a consecutive number of times. By default, when three consecutive probes have failed, the ACE marks the server as failed. To configure this number of failed probes, use the faildetect command. Use the no form of this command o reset the number of probe retries to the default value.

faildetect retry-count

no faildetect

Syntax Description

retry_count

The consecutive number of failed probes before marking the server as failed. Enter a number from 1 to 65535. The default is 3.


Command Modes

All probe-type configuration modes

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

This command has no usage guidelines.

Examples

To configure the number of failed probes at 5 before declaring the server as failed for a TCP probe, enter: 

host1/Admin(config-probe-tcp)# faildetect 5

To reset the number of probe failures to the default setting of 3, enter: 

host1/Admin(config-probe-tcp)# no faildetect

Related Commands

show probe

(config-probe-probe_type) hash

To configure the ACE to dynamically generate the MD5 hash value or manually configure the value, use the hash command. By default, no hash value is configured on the ACE. Use the no form of this command to configure the ACE to no longer compare the referenced hash value to the computed hash value.

hash [value]

no hash

Syntax Description

value

(Optional) The MD5 hash value that you want to manually configure. Enter the MD5 hash value as a hexadecimal string with exactly 32 characters (16 bytes).


Command Modes

HTTP and HTTPS probe configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

If you do not use this command to configure the hash value, the ACE does not calculate a hash value on the HTTP data returned by the probe.

When you enter this command with no argument, the ACE generates the hash on the HTTP data returned by the first successful probe. If subsequent HTTP server hash responses match the generated hash value, the ACE marks the server as passed. If a mismatch occurs due to changes to the HTTP data, the probe fails and the show probe ... detail command displays an MD5 mismatch error in the Last disconnect error field.

To clear the reference hash and have the ACE recalculate the hash value at the next successful probe, change the URL or method by using the request method command.

The server response must include the Content-Length header for the hash command to function. Otherwise, the probe does not attempt to parse the hash value.

You can configure the hash command on a probe using the HEAD method, however there is no data to hash and has no effect causing the probe to always succeed.

Examples

To configure the ACE to generate the hash on the HTTP data returned by the first successful probe, enter: 

host1/Admin(config-probe-http)# hash

To manually configure a hash value, enter: 

host1/Admin(config-probe-http)# hash 0123456789abcdef0123456789abcdef

To configure the ACE to no longer compare the referenced hash value to the computed hash value, enter: 

host1/Admin(config-probe-http)# no hash

Related Commands

show probe

(config-probe-probe_type) request method get | head

(config-probe-probe_type) header

To configure an HTTP header or multiple header fields for the HTTP probe, use the header command. Use the no form of this command to remove an HTTP header field from the probe configuration.

header field_name header-value value

no header field_name

Syntax Description

field_name

The identifier for a standard header field. Enter a text string with a maximum of 64 characters. If the header field includes spaces, enclose its string with quotes. You can also enter one of the following header keywords:

 

Accept—Accept request header

 

Accept-Charset—Accept-Charset request header

 

Accept-Encoding—Accept-Encoding request header

 

Accept-Language—Accept-Language request header

 

Authorization—Authorization request header

 

Cache-Control—Cache-Control general header

 

Connection—Connection general header

 

Content-MD5—Content-MD5 entity header

 

Expect—Expect request header

 

From—From request header

 

Host—Host request header

 

If-Match—If-Match request header

 

Pragma—Pragma general header

 

Referer—Referer request header

 

Transfer-Encoding—Transfer-Encoding general header

 

User-Agent—User-Agent request header

 

Via—Via general header

field-value

Specifies the value assigned to the header field. Enter a text string with a maximum of 255 characters. If the value string includes spaces, enclose the string with quotes.


Command Modes

HTTP and HTTPS probe configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

You can configure multiple header fields for each probe in your configuration.

Examples

To configure the Accept-Encoding HTTP header with a field value of identity, enter: 

host1/Admin(config-probe-http)# header Accept-Encoding header-value identity

To remove the header with the Accept-Encoding field name from the probe, enter: 

host1/Admin(config-probe-http)# no header Accept-Encoding

Related Commands

show probe

(config-probe-probe_type) interval

To change the time interval between probes, use the interval command. The time interval between probes is the frequency that the ACE sends probes to the server marked as passed. Use the no form of this command to reset the default time interval of 120 seconds.

interval seconds

no interval

Syntax Description

seconds

The time interval in seconds. Enter a number from 2 to 65535. The default is 120.


Command Modes

All probe-type configuration modes

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

This command has no usage guidelines.

Examples

To configure a time interval of 50 seconds for a TCP probe, enter: 

host1/Admin(config-probe-tcp)# interval 50

To reset the time interval to the default setting of 120 seconds, enter: 

host1/Admin(config-probe-tcp)# no interval

Related Commands

show probe

(config-probe-probe_type) ip address

To override the destination address that the probe uses, use the ip address command. By default, the probe uses the IP address from the real server or server farm configuration for the destination IP address. Use the no form of this command o reset the default behavior of the probe.

ip address ip_address [routed]

no ip address

Syntax Description

ip_address

The destination IP address. The default is the IP address from the real server or server farm configuration. Enter a unique IPv4 address in dotted-decimal notation (for example, 192.168.12.15).

routed

(Optional) Routes the address according to the ACE internal routing table.


Command Modes

All probe-type configuration modes except scripted probe configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

This command has no usage guidelines.

Examples

To configure a TCP probe destination IP address 192.168.12.15, enter: 

host/Admin1(config-probe-tcp)# ip address 192.168.12.15

To reset the default behavior of the probe using the IP address from the real server or server farm configuration, enter: 

host1/Admin(config-probe-tcp)# no ip address

Related Commands

show probe

(config-probe-probe_type) nas ip address

To configure an Network Access Server (NAS) address, use the nas ip address command. Use the no form of this command to remove the NAS address.

nas ip address ip_address

no nas ip address

Syntax Description

ip_address

The NAS IP address. Enter a unique IPv4 address in dotted-decimal notation (for example, 192.168.12.15). By default, if a Network Access Server (NAS) address is not configured for the RADIUS probe, the ACE uses the IP address associated with the outgoing interface as the NAS address.


Command Modes

RADIUS probe configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

If a NAS address is not configured for the RADIUS probe, the ACE performs a route lookup on the RADIUS server IP address.

Examples

To configure a NAS address of 192.168.12.15, enter: 

host1/Admin(config-probe-radius)# nas ip address 192.168.12.15

To remove the NAS IP address, enter: 

host1/Admin(config-probe-radius)# no nas ip address

Related Commands

show probe

(config-probe-probe_type) open

To configure the time interval for a connection to be established through a TCP 3-way handshake, use the open command. By default, when the ACE sends a probe, it waits 10 seconds to open and establish the connection with the server. Use the no form of this command to reset the default value of 10 seconds.

open timeout

no open

Syntax Description

timeout

The time in seconds. Enter an integer from 1 to 65535. The default is 10.


Command Modes

Echo TCP, Finger, FTP, HTTP, HTTPS, IMAP, POP, scripted, SMTP, TCP, and Telnet probe configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

This command has no usage guidelines.

Examples

To configure the wait time interval to 25 seconds for a TCP probe, enter: 

host1/Admin(config-probe-tcp)# open 25

To reset the time interval to its default setting of 10 seconds, enter: 

host1/Admin(config-probe-tcp)# no open

Related Commands

show probe

(config-probe-probe_type) passdetect

To configure the time interval to send a probe to a failed server and the number of probes to mark the server as passed, use the passdetect command. Use the no form of this command to reset the default values of waiting 300 seconds before sending out a probe to a failed server and marking a server as passed if it receives 3 consecutive successful responses.

passdetect {interval seconds | count number}

no passdetect {interval | count}

Syntax Description

interval seconds

Specifies the wait time interval in seconds. Enter a number from 2 to 65535. The default is 300.

count number

Specifies the number of successful probe responses from the server. Enter a number from 1 to 65535. The default is 3.


Command Modes

All probe-type configuration modes except scripted probe configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

After the ACE marks a server as failed, it waits a period of time and then sends a probe to the failed server. When the ACE receives a number of consecutive successful probes, it marks the server as passed. By default, the ACE waits 300 seconds before sending out a probe to a failed server and marks a server as passed if it receives 3 consecutive successful responses.

Examples

To configure wait interval at 10 seconds for a TCP probe, enter: 

host1/Admin(config-probe-tcp)# passdetect interval 10

To configure 5 success probe responses from the server before declaring it as passed, enter: 

host1/Admin(config-probe-tcp)# passdetect count 5

To reset the wait interval to its default setting, enter: 

host1/Admin(config-probe-tcp)# no passdetect interval

To reset the successful probe responses to its default setting, enter: 

host1/Admin(config-probe-tcp)# no passdetect count

Related Commands

show probe

(config-probe-probe_type) port

To configure the port number that the probe uses, use the port command. Use the no form of this command to reset the port number based on the probe type.

port port-number

no port

Syntax Description

port-number

The port number for the probe. Enter an integer from 1 to 65535.


Command Modes

All probe-type configuration modes except ICMP probe configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

Table 2-3 lists the default port numbers for each probe type.

Table 2-3 Default Port Numbers for Probe Types

Probe Type
Default Port Number

DNS

53

Echo

7

Finger

79

FTP

21

HTTP

80

HTTPS

443

ICMP

Not applicable

IMAP

143

POP

110

RADIUS

1812

SMTP

25

Telnet

23

TCP

80

UDP

53


Examples

To configure a port number of 88 for an HTTP probe, enter: 

host1/Admin(config-probe-HTTP)# port 88

To reset the port number to its default value, in this case, port 80 for an HTTP probe, enter: 

host1/Admin(config-probe-HTTP)# no port

Related Commands

show probe

(config-probe-probe_type) receive

To configure the time period that the ACE expects to receive a server response to the probe, use the receive command. Use the no form of this command to reset the default value of 10 seconds.

receive seconds

no receive

Syntax Description

seconds

The time to wait in seconds. Enter an integer from 1 to 65535. The default is 10.


Command Modes

All probe-type configuration modes

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

By default, when the ACE sends a probe, it expects a response within a time period of 10 seconds. For example, for an HTTP probe, the timeout period is the number of seconds to receive an HTTP reply for a GET or HEAD request. If the server fails to respond to the probe, the ACE marks the server as failed.

Examples

To configure the timeout period for a response at 5 seconds for a TCP probe, enter: 

host1/Admin(config-probe-TCP)# receive 5

To reset the time period to receive a response from the server to its default setting of 10 seconds, enter: 

host1/Admin(config-probe-TCP)# no receive

Related Commands

show probe

(config-probe-probe_type) request method

To configure the method used by an IMAP or POP probe, use the request method command. Use the no form of this command to remove the request command from the configuration.

request method command

no request

Syntax Description

command

The request method command for the probe. Enter a text string with a maximum of 32 characters with no spaces.


Command Modes

IMAP and POP probe configuration modes

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

This command has no usage guidelines.

Examples

To configure the last method for an IMAP probe, enter: 

host1/Admin(config-probe-imap)# request method last

To remove the request method for the probe, enter: 

host1/Admin(config-probe-imap)# no request

Related Commands

show probe

(config-probe-probe_type) request method get | head

To configure the HTTP method and URL used by the probe, use the request method get | head command. By default, the HTTP request method is a GET with a URL of "/". Use the no form of this command to reset the default request method.

request method {get | head} url path

no request method {get | head}] url path

Syntax Description

get

Configures the HTTP GET request method to direct the server to get the page. This method is the default.

head

Configures the HTTP HEAD request method to direct the server to get only the header for the page.

url path

Specifies the URL string used by the probe. Enter an alphanumeric string with a maximum of 255 characters. The default path is "/".


Command Modes

HTTP and HTTPS probe configuration modes

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

If you do not configure a URL, the probe behaves as a TCP probe.

Examples

To configure the HEAD HTTP method and the /digital/media/graphics.html URL used by an HTTP probe, enter: 

host1/Admin(config-probe-http)# request method head url /digital/media/graphics.html

To reset the HTTP method for the probe of GET with a URL of "/", enter: 

host1/Admin(config-probe-http)# no request method head url /digital/media/graphics.html

Related Commands

show probe

(config-probe-probe_type) hash

(config-probe-probe_type) script

To specify the script name and the arguments to be passed to a scripted probe, use the script command. Use the no form of this command to remove the script and its arguments from the configuration.

script script_name [script_arguments]

no script

Syntax Description

script_name

The name of the script. Enter an unquoted text string with no spaces and a maximum of 255 characters.

script_arguments

(Optional) The data sent to the script. Enter a text string with a maximum of 255 characters including spaces and quotes. Separate each argument by a space. If a single argument contains spaces, enclose the argument string in quotes.


Command Modes

Scripted probe configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

Scripted probes run probes from a configured script to perform health probing. You can also configure arguments that are passed to the script. Before you can associate a script file with a probe, you must copy and load the script on the ACE. For information on TCL scripts, see the Cisco Application Control Engine Module Administration Guide.

Examples

To configure the script name of PROBE-SCRIPT and arguments of ??, enter: 

host1/Admin(config-probe-scrptd)# script PROBE-SCRIPT ??

To remove the script and its arguments from the configuration, enter: 

host1/Admin(config-probe-scrptd)# no script

Related Commands

show probe
show script
(config) script file

(config-probe-probe_type) send-data

To configure the ASCII data that the probe sends when the ACE connects to the server, use the send-data command. Use the no form of this command to remove the data from the configuration.

send-data expression

no send-data

Syntax Description

expression

The ASCII data that the probe sends. Enter an unquoted text string with no spaces and a maximum of 255 characters.


Command Modes

ECHO, Finger, TCP, and UDP probe configuration modes

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

If you do not configure the send-data command for a UDP probe, the probe sends one byte, 0x00.

Examples

To configure a TCP probe to send TEST as the data, enter: 

host1/Admin(config-probe-tcp)# send-data TEST

To remove the data, enter: 

host1/Admin(config-probe-tcp)# no send-data

Related Commands

show probe

(config-probe-probe_type) ssl cipher

To configure the probe to expect a specific type of RSA cipher suite from the back-end server, use the ssl cipher command. Use the no form of this command to reset the default behavior of accepting any RSA configured cipher suites.

ssl cipher RSA_ANY | cipher_suite

no ssl cipher

Syntax Description

RSA_ANY

Specifies that any of the RSA cipher suites from those allowed on the ACE is accepted from the server. This is the default setting.

cipher_suite

The RSA cipher suite that the probe expects from the back-end server. Enter one of the following keywords:

 

RSA_WITH_RC4_128_MD5

 

RSA_WITH_RC4_128_SHA

 

RSA_WITH_DES_CBC_SHA

 

RSA_WITH_3DES_EDE_CBC_SHA

 

RSA_EXPORT_WITH_RC4_40_MD5

 

RSA_EXPORT_WITH_DES40_CBC_SHA

 

RSA_EXPORT1024_WITH_RC4_56_MD5

 

RSA_EXPORT1024_WITH_DES_CBC_SHA

 

RSA_EXPORT1024_WITH_RC4_56_SHA

 

RSA_WITH_AES_128_CBC_SHA

 

RSA_WITH_AES_256_CBC_SHA


Command Modes

HTTPS probe configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

This command has no usage guidelines.

Examples

To configure the HTTPS probes with the RSA_WITH_RC4_128_SHA cipher suite, enter: 

host1/Admin(config-probe-https)# ssl cipher RSA_WITH_RC4_128_SHA

To reset the default behavior of the HTTPs probes accepting any RSA cipher suite, enter: 

host1/Admin(config-probe-https)# ssl cipher RSA_ANY

You can also use the no ssl cipher command to reset the default behavior. Enter: 

host1/Admin(config-probe-https)# no ssl cipher

Related Commands

show probe

(config-probe-probe_type) ssl version

To configure which version of SSL that the probe supports, use the ssl version command. Use the no form of this command to reset the default versions of SSL version 3.

ssl version SSLv2 | SSLv3 | TLSv1

no ssl version

Syntax Description

SSLv2

Configures the probe to support SSL version 2

SSLv3

Configures the probe to support SSL version 3 (default)

TLSv1

Configures the probe to support TLS version 1


Command Modes

HTTPS probe configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

The version in the ClientHello message sent to the server indicates the highest supported version.

Examples

To configure the SSL version 2, enter: 

host1/Admin(config-probe-https)# ssl version SSLv2

To reset the default setting of SSL version 3, enter: 

host1/Admin(config-probe-https)# no ssl version

Related Commands

show probe