Catalyst 6500 Series Switch Content Switching Module with SSL (CSM-S) Installation and Configuration Note
Index

Table Of Contents

A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W -

Index

A

access

lists 11

rules 10

access rules

policies 2

ACLs

access control lists 11

active CSM 10

address

VIP 12

Address Resolution Protocol

See also ARP

aliased IP addresses 3

application

UDP 6

arguments

handle 7

host 7

port 7

UDP commands 7

ARP

resolution for servers

server ARP resolution 18

See also Address Resolution Protocol

assigning a certificate to a proxy service 32

associating probes with server farms 2

attach

sticky 2

to clients 2

audience 13

auto-enrollment and auto-renewal of certificates 36

B

back-end 1

back-end server 17

backing up keys and certificates 30

bind_id 25

maximum number for SASP 25

BOOTP server 15

bridged mode

single subnet 1

bridge mode

See also single subnet

single subnet 12

single subnet configuration 3

C

CA

See certificate authority

caching peer certificates 37

certificate authority

enrollment, three-tier example 9

obtaining the certificate 8

pool 41

root 5

subordinate 5

certificate expiration warning 38

certificate revocation list

See CRL

certificates

auto-enrollment and auto-renewal 36

backing up 30

caching 37

deleting 32

renewing 33

sharing 27

verifying 27

viewing 32

Certificate Security Attribute-Based Access Control feature 52, 19

chassis slot

specifying 6

Cisco-CSM identifier 25

Cisco IOS

interface 5

client

groups 10

VLAN 5

client certificate authentication 41

client NAT, configuring 23

client-side

VLAN 12

collecting crash information 28

command

modes

Cisco IOS 5

probe type 3

command-line interface 5

configuration

fault-tolerant 12

HSRP 5

probe type commands 3

secure (router) mode 12

single and multiple CSM 6

single subnet (bridge) 12

virtual server 1

writing and restoring 6

configuration, saving 29

configuration examples 1

configuration synchronization 11

configuring

certificate expiration warning 38

client and server VLAN 5

client certificate authentication 41

client NAT 23

client proxy services 20

default routes for server 4

DFP 6

DNS probe 7

fault-tolerance 1

FTP probe 7

health monitor probes 2

HSRP 5

HSRP gateway 6

HSRP VLAN 7

HTTP header insertion 13, 15

HTTP probe 4

ICMP probe 5

keys and certificates

importing key pairs and certificates 19

overview illustration 4

using manual certificate enrollment 11

using SCEP, declaring a trustpoint 7

using SCEP, example 9

using SCEP, generating RSA keys 5

using SCEP, obtaining the certificate authority certificate 8

using SCEP, requesting a certificate 8

maps 8

NAT pools 7

PKI 1

policies 10

primary CSM 3

probes for health monitoring 1

real servers 3

RHI for virtual servers 7

secondary CSM 4

secure (router) mode 1

server certificate authentication 43

server default routes 3

server farms 1

server load balancing 4

server NAT 7, 22

server proxy services 18

single subnet (bridge) mode 3

SMTP probe 7

SSL policy 10

SSL proxy services 18

TACACS 23

TCP parameters 4

TCP policy 11

TCP probe 6

Telnet probe 7

URL rewrite 16

VLANs 1

VLANs on different subnets 1

connection

multiple 2

redundant paths 1

connector

RJ-45 8, 9

Content Switching Module with SSL 14

See also CSM-S

cookie

dynamic learning 2

insert 2

maps 8

sticky offset and length 4

value 2

cookies 2, 5

CRL

configuring options 48

deleting 51

displaying information 51

downloading 47

entering manually 50

entering X.500 CDP information 49

requesting 49

cryptographics self-test, enabling 25

CSM

client and server traffic flow 13

configuring

primary and secondary 2

front panel description 8

identifier 25

single and multiple configurations 6

specifying slot locations 6

CSM-S 14

RJ-45 connector 8

D

data flow

SSL 15

datagram

UDP 7

daughter card 14

ROMMON 15

debugging

TCL scripts 13

decryption 1

default

policy 1

routes 3

configuring 4

deleting certificates 32

deleting keys 31

device tracking 8

DFP

agent 24

dynamic feedback protocol 6

manager 26

displaying

script status 16

displaying key and certificate history 36

DNS

probe 6, 7, 8

documentation

convention 15

organization 14

related 21

dynamic cookie learning 2, 4

Dynamic Feedback Protocol (DFP) 6

E

enabling cryptographics self-test 25

enabling key and certificate history 36

enabling VTS debugging 30

error code checking 10

EtherChannel 5

examples

associating servers to farms 16

backup server farms 19

bridge mode, no NAT 1, 7

certificate security attribute-based access control 19

configuration 1

configuring 1

bridged mode 4

direct access to servers 10

probes 5

route health injection 14

server load balancing 12

session persistence 9

source NAT 7

configuring stickiness 9

HTTP header insertion 21

HTTP redirect messages 29

integrated secure content-switching service 16

Layer 7 load balancing 27

source IP address balancing 24

URL rewrite 26

EXIT_MSG

TCL scripts

TCL

EXIT_MSG     1

exit code

script 8

exit codes 10

exporting a PKCS12 file 20

exporting PEM files 21

F

failed probe message 10

fail state

probe 5

FAQ

TCL scripts 17

fault-tolerance

redundant connection paths 1

fault-tolerant

configuration 1

configuring modes 1

mode 12

features

front panel 8

feature sets 2

filename specifications 8

Finite State Machine 4

firewall

load balancing 1

firewall reassignment

stateful connection remapping 26

flags

registering with GWM 25

flash memory 13

front panel description 8

FTP

probe 7

G

gateway

HSRP 6

generic TCL script 15

Get Weights message 25

GSLB

probes 8

GWM

flags 25

registering with 25

H

hardware

overview 1

health monitor

configuring probles 1

probes 2

health probes 18

hops

servers 12

host-route 6

Hot Standby Router Protocol (HSRP) 5

HSRP

configuring VLAN 7

creating a gateway 6

hot standby router protocol 5

tracking 5

HTTP

cookie header 5

mapping 7

probe 4, 8

redirect message configuration example 29

See also Hypertext Transfer Protocol

HTTP header insertion 13, 15

Hypertext Transfer Protocol

See also HTTP

I

ICMP

probe 5, 8

identifier

Cisco-CSM 25

images

upgrading software 12

importing a PKCS12 file 20

importing PEM files 21

initialization sequence

status LED 8

installation

switch chassis 13

interface tracking 8

Internet Control Management Protocol (ICMP) 4

Internet Control Message Protocol

See ICMP

IP address

aliased 3

K

KAL-AP

probe 8

keepalive interval 25

keys

backing up 30

deleting 31

viewing 32

L

LED

status 8

length

cookie sticky 4

load-balanced devices

server farms 1

load balancing

firewall 1

Layer 7 example 27

source IP address 24

load-balancing

algorithm 2

M

maps

configuring 8

cookie 8

HTTP 7

URL 8

memory

flash 13

memory test 15

message

probe failed 10

set cookie 4

mode

bridged 1

probe script 1

router 10

secure 1

verbose 13

modes

configuring fault-tolerance 1

fault-tolerant 12

operation 12

secure (router) 1

secure (router) mode 12

single subnet 12

single subnet (bridge) 3

mode standalone script 1

MSFC

RHI configuration 6

multiple

CSM configurations 6

probes 2

N

NAT

network address translation 7

server 7

Network Address Translation (NAT) 7

O

offset

cookie sticky 4

operation

modes 12

organization, document 14

P

password recovery 15

PCMCIA card 13

persistence

specifying cookies 4

sticky 4

PKI

configuring 2

overview 1

policies

access rules 2

policy

configuring 10

default 1

port

channel VLAN 8

number

configuring probes 2

preempt 8

primary CSM 2

probe

configuration 1

DNS 6, 7

failed message 10

fail state 5

frequency 8

FTP 7

GSLB 8

HTTP 4

ICMP 5

retries 8

script 8

script exit code 8

script mode 1

stopping scripts 12

TCP 6

Telnet 7

types 3

UDP responses to CSM 6

probes

configuring for health monitoring 1

health 18

health monitor 2

product number 1

propagation of VIP availability

RHI 7

proxy

SSL 18

proxy services

client 20

server 18

Public Key Infrastructure

See PKI

R

real servers

configuring 3

configuring probes 2

displaying probe information 13

health monitoring 1

recovering a lost password 15

redirect virtual servers 7

redundant connection paths 1

related documentation 21

renewing a certificate 33

restoring

configurations 6

return error code checking 10

RHI

configuring 14

route health injection 5

RJ-45 connector 9

ROMMON

daughter card 15

route health injection (RHI) 5

router

configuring direct access 10

mode 12

secure mode 1

router mode 10

See also secure mode

routing

RHI 6

S

safety

overview 16

SASP 24

bind_id 25

maximum number of bind_ids 25

weight scaling 26

saving the configuration 29

SCEP, configuring keys and certificates 2

script

debugging 13

displaying the status 16

exit code 8

FAQ 17

loading and running 16

stopping 12, 16

to rerun 16

script modes

probe 1

standalone 1

secondary CSM 2

secure (router) mode 1

secure mode

router mode 1

See also router mode

Secure Socket Layer

See also SSL

secure socket layer

See SSL

See also secure socket layer

Secure Socket Layer Services Module

See SSLSM

server

association to server farms 16

back end 17

back-up farms 19

configuring default routes 3, 4

farm 1, 2

configuring 1

health probes 18

hops 12

load-balancing example 12

real 18

SSLproxy 18

VLAN 5

server, virtual 1

Server Application State Protocol 24

server certificate authentication 43

server farms

load-balanced devices 1

Server Load Balancing

See SLB

server NAT, configuring 22

server-side

VLAN 12

server-side VLAN 3

session 15

ID matching 5

persistence 9

set-cookie field 4

shared data-base 1

sharing keys and certificates 27

Simple Certificate Enrollment Protocol

see SCEP

single

CSM configurations 6

probes 2

single subnet

bridged mode 1

single subnet (bridge) mode 3

SLB

See Server Load Balancing

slots

specifying 6

SMTP

configuring probe 7

probe 7

socket 8

opening in TCL 11

UDP 7

software

upgrading 12

source

IP address load balancing 24

specification

UNIX filenames 8

SSL

console port 8

data flow 15

proxy server 18

See also Secure Socket Layer

sessions

decryption 1

encryption 1

termination 13

SSL daughter card

daughter card

SSL 13

SSL policy, configuring 10

SSL-proxy server 18

SSLSM

See Secure Socket Layer Services Module

SSLv2

See SSL v2.0 forwarding

SSL v2.0 forwarding 20

standalone

script mode 1

standalone script 15

standalone scripts 5

standby CSM 10

stateful connection remapping

firewall reassignment 26

status

displaying for a script 16

status LED 8

initialization sequence 8

sticky

connections 2

group configuration 3

session persistence 9

source IP address 1

SSL identification 1

timeout 3

sticky groups 10

subnet

single

See also bridge mode

supervisor engine

PCMCIA card 13

supported modules

modules supported 1

switch supervisor engine 15

synchronizing the configuration 11

T

TACACS 23

TCL

errors 10

script debugging 13

scripting FAQ 17

TCL scripts 1

TCP

configuring 4

probe 6

transmission control protocol 4

TCP policy, configuring 11

Telnet

probe 7

termination

SSL 13

test connector 8

tracking 8

HSRP 5

traffic

distribution across firewalls 1

flow between client and server 13

limiting 2

Transmission Control Protocol (TCP) 4

trunking 5

trustpoints, verifying 27

U

UDP

application 6

datagram 7

port 8

sockets 7

user datagram protocol 4

UNIX

filename specifications 8

upgrading software 12

URL

learn cookie sticky 4

learning 2

maps 8

URL-learn 4

URL rewrite 16

User Datagram Protocol (UDP) 4

V

verbose mode for TCL scripts 13

verifying certificates and trustpoints 27

viewing keys and certificates 32

VIP

address 12

See also virtual IP address

server-originated connections 7

VIP address

RHI 6

route health injection 6

without RHI 6

virtual

LAN configuring 1

server 1

server configuration 1

virtual IP address

See VIP

virtual server

configuring RHI 7

virtual servers

redirect 7

VLAN

bridge mode 3

client and server 5

client-side 12

configuring 1

configuring HSRP 7

configuring on different subnets 1

port channel 8

server side 3

server-side 12

subnet location 3

VTS debugging, enabling 30

W

warnings

safety overview 16

weight scaling

SASP 26

WMs 24

Workload Managers 24

writing configurations 6