Catalyst 6500 Series Switch Content Switching Module with SSL (CSM-S) Installation and Configuration Note - Index [Cisco Services Modules]

Table Of Contents

A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W -

Index

A

access

lists6-11

rules6-10

access rules

policies1-2

ACLs

access control lists6-11

active CSM9-9

address

VIP1-12

Address Resolution Protocol

See also ARP

aliased IP addresses9-2

application

UDP11-6

arguments

handle12-7

host12-7

port12-7

UDP commands12-7

ARP

resolution for servers

server ARP resolution1-18

See also Address Resolution Protocol

assigning a certificate to a proxy service8-32

associating probes with server farms11-2

attach

sticky1-2

to clients1-2

audiencexiii

auto-enrollment and auto-renewal of certificates8-36

B

back-end10-1

back-end server1-17

backing up keys and certificates8-30

bind_id10-26

maximum number for SASP10-26

BOOTP server1-15

bridged mode

single subnet2-1

bridge mode

See also single subnet

single subnet1-12

single subnet configuration2-1

C

CA

See certificate authority

caching peer certificates8-37

certificate authority

enrollment, three-tier example8-9

obtaining the certificate8-8

pool8-41

root8-5

subordinate8-5

certificate expiration warning8-38

certificate revocation list

See CRL

certificates

auto-enrollment and auto-renewal8-36

backing up8-30

caching8-37

deleting8-32

renewing8-34

sharing8-27

verifying8-27

viewing8-32

Certificate Security Attribute-Based Access Control feature8-51, B-19

chassis slot

specifying3-6

Cisco-CSM identifier10-26

Cisco IOS

interface3-5

client

groups6-10

VLAN9-5

client certificate authentication8-41

client NAT, configuring7-23

client-side

VLAN1-12

collecting crash information7-28

command

modes

Cisco IOS3-5

probe type11-3

command-line interface3-5

configuration

fault-tolerant1-12

HSRP9-5

probe type commands11-3

secure (router) mode1-12

single and multiple CSM3-7

single subnet (bridge)1-12

virtual server6-1

writing and restoring3-6

configuration, saving8-29

configuration examplesA-1

configuration synchronization9-11

configuring

certificate expiration warning8-38

client and server VLAN9-5

client certificate authentication8-41

client NAT7-23

client proxy services7-20

default routes for server2-3

DFP5-5

DNS probe11-7

fault-tolerance9-1

FTP probe11-6

health monitor probes9-2

HSRP9-5

HSRP gateway9-6

HSRP VLAN9-7

HTTP header insertion7-13, 7-15

HTTP probe11-4

ICMP probe11-5

keys and certificates

importing key pairs and certificates8-19

overview illustration8-4

using manual certificate enrollment8-11

using SCEP, declaring a trustpoint8-7

using SCEP, example8-9

using SCEP, generating RSA keys8-5

using SCEP, obtaining the certificate authority certificate8-8

using SCEP, requesting a certificate8-8

maps6-8

NAT pools5-6

PKI8-1

policies6-10

primary CSM9-3

probes for health monitoring11-1

real servers5-3

RHI for virtual servers10-7

secondary CSM9-4

secure (router) mode2-3

server certificate authentication8-43

server default routes2-4

server farms5-1

server load balancing3-4

server NAT5-7, 7-22

server proxy services7-18

single subnet (bridge) mode2-1

SMTP probe11-6

SSL policy7-10

SSL proxy services7-18

TACACS7-23

TCP parameters6-4

TCP policy7-11

TCP probe11-6

Telnet probe11-6

URL rewrite7-16

VLANs4-1

VLANs on different subnets2-3

connection

multiple1-2

redundant paths9-1

connector

RJ-451-8, 1-9

Content Switching Module with SSL1-14

See also CSM-S

cookie

dynamic learning10-2

insert10-2

maps6-8

sticky offset and length10-4

value10-2

cookies1-2, 10-5

CRL

configuring options8-48

deleting8-51

displaying information8-51

downloading8-47

entering manually8-50

entering X.500 CDP information8-49

requesting8-49

cryptographics self-test, enabling7-25

CSM

client and server traffic flow1-13

configuring

primary and secondary9-1

front panel description1-8

identifier10-26

single and multiple configurations3-7

specifying slot locations3-6

CSM-S1-14

RJ-45 connector1-8

D

data flow

SSL1-15

datagram

UDP12-7

daughter card1-14

ROMMON1-15

debugging

TCL scripts12-13

decryption1-1

default

policy6-1

routes2-4

configuring2-3

deleting certificates8-32

deleting keys8-31

device tracking9-8

DFP

agent10-25

dynamic feedback protocol5-5

manager10-27

displaying

script status12-16

displaying key and certificate history8-37

DNS

probe11-6, 11-7

documentation

conventionxv

organizationxiv

relatedxxi

dynamic cookie learning10-2, 10-4

Dynamic Feedback Protocol (DFP)5-5

E

enabling cryptographics self-test7-25

enabling key and certificate history8-37

enabling VTS debugging7-30

error code checking11-9

EtherChannel9-5

examples

associating servers to farmsA-16

backup server farmsA-19

bridge mode, no NATB-1, B-7

certificate security attribute-based access controlB-19

configurationA-1

configuringA-1

bridged modeA-4

direct access to serversA-10

probesA-5

route health injectionA-14

server load balancingA-12

session persistenceA-9

source NATA-7

configuring stickinessA-9

HTTP header insertionB-21

HTTP redirect messagesA-29

integrated secure content-switching serviceB-16

Layer 7 load balancingA-27

source IP address balancingA-24

URL rewriteB-26

EXIT_MSG

TCL scripts

TCL

EXIT_MSG 1

exit code

script12-8

exit codes12-10

exporting a PKCS12 file8-20

exporting PEM files8-21

F

failed probe message12-10

fail state

probe12-5

FAQ

TCL scripts12-17

fault-tolerance

redundant connection paths9-1

fault-tolerant

configuration9-1

configuring modes9-1

mode1-12

features

front panel1-8

feature sets1-2

filename specifications6-8

Finite State Machine6-4

firewall

load balancing13-1

firewall reassignment

stateful connection remapping13-26

flags

registering with GWM10-26

flash memory3-13

front panel description1-8

FTP

probe11-6

G

gateway

HSRP9-6

generic TCL script12-15

Get Weights message10-26

GSLB

probes11-7

GWM

flags10-26

registering with10-26

H

hardware

overview1-1

health monitor

configuring probles11-1

probes9-2

health probes1-18

hops

servers1-12

host-route10-6

Hot Standby Router Protocol (HSRP)9-5

HSRP

configuring VLAN9-7

creating a gateway9-6

hot standby router protocol9-5

tracking9-5

HTTP

cookie header10-5

mapping6-6

probe11-4, 11-7

redirect message configuration exampleA-29

See also Hypertext Transfer Protocol

HTTP header insertion7-13, 7-15

Hypertext Transfer Protocol

See also HTTP

I

ICMP

probe11-5, 11-7

identifier

Cisco-CSM10-26

images

upgrading software3-12

importing a PKCS12 file8-20

importing PEM files8-21

initialization sequence

status LED1-8

installation

switch chassisxiii

interface tracking9-8

Internet Control Management Protocol (ICMP)6-4

Internet Control Message Protocol

See ICMP

IP address

aliased9-2

K

KAL-AP

probe11-7

keepalive interval10-26

keys

backing up8-30

deleting8-31

viewing8-32

L

LED

status1-8

length

cookie sticky10-4

load-balanced devices

server farms1-1

load balancing

firewall13-1

Layer 7 exampleA-27

source IP addressA-24

load-balancing

algorithm1-2

M

maps

configuring6-8

cookie6-8

HTTP6-6

URL6-8

memory

flash3-13

memory test1-15

message

probe failed12-10

set cookie10-4

mode

bridged2-1

probe script12-1

routerA-10

secure2-1

verbose12-13

modes

configuring fault-tolerance9-1

fault-tolerant1-12

operation1-12

secure (router)2-3

secure (router) mode1-12

single subnet1-12

single subnet (bridge)2-1

mode standalone script12-1

MSFC

RHI configuration10-6

multiple

CSM configurations3-7

probes11-2

N

NAT

network address translation5-6

server5-7

Network Address Translation (NAT)5-6

O

offset

cookie sticky10-4

operation

modes1-12

organization, documentxiv

P

password recovery3-14

PCMCIA card3-13

persistence

specifying cookies10-4

sticky10-4

PKI

configuring8-2

overview8-1

policies

access rules1-2

policy

configuring6-10

default6-1

port

channel VLAN9-8

number

configuring probes11-2

preempt9-8

primary CSM9-1

probe

configuration11-1

DNS11-6, 11-7

failed message12-10

fail state12-5

frequency11-7

FTP11-6

GSLB11-7

HTTP11-4

ICMP11-5

retries11-7

script12-8

script exit code12-8

script mode12-1

stopping scripts12-12

TCP11-6

Telnet11-6

types11-3

UDP responses to CSM11-5

probes

configuring for health monitoring11-1

health1-18

health monitor9-2

product number1-1

propagation of VIP availability

RHI10-7

proxy

SSL1-18

proxy services

client7-20

server7-18

Public Key Infrastructure

See PKI

R

real servers

configuring5-3

configuring probes11-2

displaying probe information12-13

health monitoring11-1

recovering a lost password3-14

redirect virtual servers6-6

redundant connection paths9-1

related documentationxxi

renewing a certificate8-34

restoring

configurations3-6

return error code checking11-9

RHI

configuringA-14

route health injection10-5

RJ-45 connector1-9

ROMMON

daughter card1-15

route health injection (RHI)10-5

router

configuring direct accessA-10

mode1-12

secure mode2-1

router modeA-10

See also secure mode

routing

RHI10-6

S

safety

overviewxvi

SASP10-25

bind_id10-26

maximum number of bind_ids10-26

weight scaling10-27

saving the configuration8-29

SCEP, configuring keys and certificates8-2

script

debugging12-13

displaying the status12-16

exit code12-8

FAQ12-17

loading and running12-16

stopping12-12, 12-16

to rerun12-16

script modes

probe12-1

standalone12-1

secondary CSM9-1

secure (router) mode2-3

secure mode

router mode2-1

See also router mode

Secure Socket Layer

See also SSL

secure socket layer

See SSL

See also secure socket layer

Secure Socket Layer Services Module

See SSLSM

server

association to server farmsA-16

back end1-17

back-up farmsA-19

configuring default routes2-3, 2-4

farm6-1, 11-2

configuring5-1

health probes1-18

hops1-12

load-balancing exampleA-12

real1-18

SSLproxy1-18

VLAN9-5

server, virtual1-1

Server Application State Protocol10-25

server certificate authentication8-43

server farms

load-balanced devices1-1

Server Load Balancing

See SLB

server NAT, configuring7-22

server-side

VLAN1-12

server-side VLAN9-2

session1-15

ID matching10-5

persistenceA-9

set-cookie field10-4

shared data-base10-1

sharing keys and certificates8-27

Simple Certificate Enrollment Protocol

see SCEP

single

CSM configurations3-7

probes11-2

single subnet

bridged mode2-1

single subnet (bridge) mode2-1

SLB

See Server Load Balancing

slots

specifying3-6

SMTP

configuring probe11-6

probe11-6

socket12-8

opening in TCL12-11

UDP12-7

software

upgrading3-12

source

IP address load balancingA-24

specification

UNIX filenames6-8

SSL

console po

	Catalyst 6500 Series Switch Content Switching Module with SSL (CSM-S) Installation and Configuration Note
	Index
Catalyst 6500 Series Switch Content Switching Module with SSL (CSM-S) Installation and Configuration Note Book-level PDF: Catalyst 6500 Series CSM-S Installation and Configuration Note Release 2.1(x) Contents Preface Product Overiew Configuring Virtual Servers, Maps, and Policies Getting Started Configuring VLANs Configuring Real Servers and Server Farms Configuring Virtual Servers, Maps, and Policies Configuring the CSMS SSL Services Configuring the SSL Services Configuring Redundant Connections Configuring Additional Features and Options Configuring Health Monitoring Configuring CSM Scripts Configuring Firewall Load Balancing Configuration Examples Example SSL Configurations Troubleshooting and System Messages CSM XML Document Type Definition Index	Download this chapter Index Table Of Contents A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W - Index A access lists6-11 rules6-10 access rules policies1-2 ACLs access control lists6-11 active CSM9-9 address VIP1-12 Address Resolution Protocol See also ARP aliased IP addresses9-2 application UDP11-6 arguments handle12-7 host12-7 port12-7 UDP commands12-7 ARP resolution for servers server ARP resolution1-18 See also Address Resolution Protocol assigning a certificate to a proxy service8-32 associating probes with server farms11-2 attach sticky1-2 to clients1-2 audiencexiii auto-enrollment and auto-renewal of certificates8-36 B back-end10-1 back-end server1-17 backing up keys and certificates8-30 bind_id10-26 maximum number for SASP10-26 BOOTP server1-15 bridged mode single subnet2-1 bridge mode See also single subnet single subnet1-12 single subnet configuration2-1 C CA See certificate authority caching peer certificates8-37 certificate authority enrollment, three-tier example8-9 obtaining the certificate8-8 pool8-41 root8-5 subordinate8-5 certificate expiration warning8-38 certificate revocation list See CRL certificates auto-enrollment and auto-renewal8-36 backing up8-30 caching8-37 deleting8-32 renewing8-34 sharing8-27 verifying8-27 viewing8-32 Certificate Security Attribute-Based Access Control feature8-51, B-19 chassis slot specifying3-6 Cisco-CSM identifier10-26 Cisco IOS interface3-5 client groups6-10 VLAN9-5 client certificate authentication8-41 client NAT, configuring7-23 client-side VLAN1-12 collecting crash information7-28 command modes Cisco IOS3-5 probe type11-3 command-line interface3-5 configuration fault-tolerant1-12 HSRP9-5 probe type commands11-3 secure (router) mode1-12 single and multiple CSM3-7 single subnet (bridge)1-12 virtual server6-1 writing and restoring3-6 configuration, saving8-29 configuration examplesA-1 configuration synchronization9-11 configuring certificate expiration warning8-38 client and server VLAN9-5 client certificate authentication8-41 client NAT7-23 client proxy services7-20 default routes for server2-3 DFP5-5 DNS probe11-7 fault-tolerance9-1 FTP probe11-6 health monitor probes9-2 HSRP9-5 HSRP gateway9-6 HSRP VLAN9-7 HTTP header insertion7-13, 7-15 HTTP probe11-4 ICMP probe11-5 keys and certificates importing key pairs and certificates8-19 overview illustration8-4 using manual certificate enrollment8-11 using SCEP, declaring a trustpoint8-7 using SCEP, example8-9 using SCEP, generating RSA keys8-5 using SCEP, obtaining the certificate authority certificate8-8 using SCEP, requesting a certificate8-8 maps6-8 NAT pools5-6 PKI8-1 policies6-10 primary CSM9-3 probes for health monitoring11-1 real servers5-3 RHI for virtual servers10-7 secondary CSM9-4 secure (router) mode2-3 server certificate authentication8-43 server default routes2-4 server farms5-1 server load balancing3-4 server NAT5-7, 7-22 server proxy services7-18 single subnet (bridge) mode2-1 SMTP probe11-6 SSL policy7-10 SSL proxy services7-18 TACACS7-23 TCP parameters6-4 TCP policy7-11 TCP probe11-6 Telnet probe11-6 URL rewrite7-16 VLANs4-1 VLANs on different subnets2-3 connection multiple1-2 redundant paths9-1 connector RJ-451-8, 1-9 Content Switching Module with SSL1-14 See also CSM-S cookie dynamic learning10-2 insert10-2 maps6-8 sticky offset and length10-4 value10-2 cookies1-2, 10-5 CRL configuring options8-48 deleting8-51 displaying information8-51 downloading8-47 entering manually8-50 entering X.500 CDP information8-49 requesting8-49 cryptographics self-test, enabling7-25 CSM client and server traffic flow1-13 configuring primary and secondary9-1 front panel description1-8 identifier10-26 single and multiple configurations3-7 specifying slot locations3-6 CSM-S1-14 RJ-45 connector1-8 D data flow SSL1-15 datagram UDP12-7 daughter card1-14 ROMMON1-15 debugging TCL scripts12-13 decryption1-1 default policy6-1 routes2-4 configuring2-3 deleting certificates8-32 deleting keys8-31 device tracking9-8 DFP agent10-25 dynamic feedback protocol5-5 manager10-27 displaying script status12-16 displaying key and certificate history8-37 DNS probe11-6, 11-7 documentation conventionxv organizationxiv relatedxxi dynamic cookie learning10-2, 10-4 Dynamic Feedback Protocol (DFP)5-5 E enabling cryptographics self-test7-25 enabling key and certificate history8-37 enabling VTS debugging7-30 error code checking11-9 EtherChannel9-5 examples associating servers to farmsA-16 backup server farmsA-19 bridge mode, no NATB-1, B-7 certificate security attribute-based access controlB-19 configurationA-1 configuringA-1 bridged modeA-4 direct access to serversA-10 probesA-5 route health injectionA-14 server load balancingA-12 session persistenceA-9 source NATA-7 configuring stickinessA-9 HTTP header insertionB-21 HTTP redirect messagesA-29 integrated secure content-switching serviceB-16 Layer 7 load balancingA-27 source IP address balancingA-24 URL rewriteB-26 EXIT_MSG TCL scripts TCL EXIT_MSG 1 exit code script12-8 exit codes12-10 exporting a PKCS12 file8-20 exporting PEM files8-21 F failed probe message12-10 fail state probe12-5 FAQ TCL scripts12-17 fault-tolerance redundant connection paths9-1 fault-tolerant configuration9-1 configuring modes9-1 mode1-12 features front panel1-8 feature sets1-2 filename specifications6-8 Finite State Machine6-4 firewall load balancing13-1 firewall reassignment stateful connection remapping13-26 flags registering with GWM10-26 flash memory3-13 front panel description1-8 FTP probe11-6 G gateway HSRP9-6 generic TCL script12-15 Get Weights message10-26 GSLB probes11-7 GWM flags10-26 registering with10-26 H hardware overview1-1 health monitor configuring probles11-1 probes9-2 health probes1-18 hops servers1-12 host-route10-6 Hot Standby Router Protocol (HSRP)9-5 HSRP configuring VLAN9-7 creating a gateway9-6 hot standby router protocol9-5 tracking9-5 HTTP cookie header10-5 mapping6-6 probe11-4, 11-7 redirect message configuration exampleA-29 See also Hypertext Transfer Protocol HTTP header insertion7-13, 7-15 Hypertext Transfer Protocol See also HTTP I ICMP probe11-5, 11-7 identifier Cisco-CSM10-26 images upgrading software3-12 importing a PKCS12 file8-20 importing PEM files8-21 initialization sequence status LED1-8 installation switch chassisxiii interface tracking9-8 Internet Control Management Protocol (ICMP)6-4 Internet Control Message Protocol See ICMP IP address aliased9-2 K KAL-AP probe11-7 keepalive interval10-26 keys backing up8-30 deleting8-31 viewing8-32 L LED status1-8 length cookie sticky10-4 load-balanced devices server farms1-1 load balancing firewall13-1 Layer 7 exampleA-27 source IP addressA-24 load-balancing algorithm1-2 M maps configuring6-8 cookie6-8 HTTP6-6 URL6-8 memory flash3-13 memory test1-15 message probe failed12-10 set cookie10-4 mode bridged2-1 probe script12-1 routerA-10 secure2-1 verbose12-13 modes configuring fault-tolerance9-1 fault-tolerant1-12 operation1-12 secure (router)2-3 secure (router) mode1-12 single subnet1-12 single subnet (bridge)2-1 mode standalone script12-1 MSFC RHI configuration10-6 multiple CSM configurations3-7 probes11-2 N NAT network address translation5-6 server5-7 Network Address Translation (NAT)5-6 O offset cookie sticky10-4 operation modes1-12 organization, documentxiv P password recovery3-14 PCMCIA card3-13 persistence specifying cookies10-4 sticky10-4 PKI configuring8-2 overview8-1 policies access rules1-2 policy configuring6-10 default6-1 port channel VLAN9-8 number configuring probes11-2 preempt9-8 primary CSM9-1 probe configuration11-1 DNS11-6, 11-7 failed message12-10 fail state12-5 frequency11-7 FTP11-6 GSLB11-7 HTTP11-4 ICMP11-5 retries11-7 script12-8 script exit code12-8 script mode12-1 stopping scripts12-12 TCP11-6 Telnet11-6 types11-3 UDP responses to CSM11-5 probes configuring for health monitoring11-1 health1-18 health monitor9-2 product number1-1 propagation of VIP availability RHI10-7 proxy SSL1-18 proxy services client7-20 server7-18 Public Key Infrastructure See PKI R real servers configuring5-3 configuring probes11-2 displaying probe information12-13 health monitoring11-1 recovering a lost password3-14 redirect virtual servers6-6 redundant connection paths9-1 related documentationxxi renewing a certificate8-34 restoring configurations3-6 return error code checking11-9 RHI configuringA-14 route health injection10-5 RJ-45 connector1-9 ROMMON daughter card1-15 route health injection (RHI)10-5 router configuring direct accessA-10 mode1-12 secure mode2-1 router modeA-10 See also secure mode routing RHI10-6 S safety overviewxvi SASP10-25 bind_id10-26 maximum number of bind_ids10-26 weight scaling10-27 saving the configuration8-29 SCEP, configuring keys and certificates8-2 script debugging12-13 displaying the status12-16 exit code12-8 FAQ12-17 loading and running12-16 stopping12-12, 12-16 to rerun12-16 script modes probe12-1 standalone12-1 secondary CSM9-1 secure (router) mode2-3 secure mode router mode2-1 See also router mode Secure Socket Layer See also SSL secure socket layer See SSL See also secure socket layer Secure Socket Layer Services Module See SSLSM server association to server farmsA-16 back end1-17 back-up farmsA-19 configuring default routes2-3, 2-4 farm6-1, 11-2 configuring5-1 health probes1-18 hops1-12 load-balancing exampleA-12 real1-18 SSLproxy1-18 VLAN9-5 server, virtual1-1 Server Application State Protocol10-25 server certificate authentication8-43 server farms load-balanced devices1-1 Server Load Balancing See SLB server NAT, configuring7-22 server-side VLAN1-12 server-side VLAN9-2 session1-15 ID matching10-5 persistenceA-9 set-cookie field10-4 shared data-base10-1 sharing keys and certificates8-27 Simple Certificate Enrollment Protocol see SCEP single CSM configurations3-7 probes11-2 single subnet bridged mode2-1 single subnet (bridge) mode2-1 SLB See Server Load Balancing slots specifying3-6 SMTP configuring probe11-6 probe11-6 socket12-8 opening in TCL12-11 UDP12-7 software upgrading3-12 source IP address load balancingA-24 specification UNIX filenames6-8 SSL console po