-
User Guide for the Cisco Application Networking Manager 1.2
-
Preface
-
Overview
-
Adding and Managing Devices
-
Configuring Virtual Contexts
-
Configuring Virtual Servers
-
Configuring Real Servers and Server Farms
-
Configuring Sticky Groups
-
Configuring Parameter Maps
-
Configuring SSL
-
Configuring Network Access
-
Configuring ANM High Availability
-
Configuring Traffic Policies
-
Configuring Application Acceleration and Optimization
-
Using Configuration Building Blocks
-
Monitoring Your Network
-
Administering the Cisco Application Networking Manager
-
Troubleshooting the Cisco Application Networking Manager
-
Application Networking Manager Ports Reference
-
Glossary
-
Index
-
Table Of Contents
Numerics - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W - X -
Index
Numerics
6500 series devices
adding to ANM 2-7
7600 series router
adding to ANM 2-7
adding VLANs 2-31
configuration options 2-20
configuring
access ports 2-25
interfaces 2-24
primary attributes 2-22
routed ports 2-29
switch virtual interfaces 2-28
trunk ports 2-26
enabling SSH access 2-4
license file name 15-56
managing 2-47
synchronizing configurations 2-47
viewing
all modules 2-55
ports 2-30
VLAN
managing 2-30
modifying 2-33
viewing 2-32
A
acceleration
configuring 4-35
configuring globally on ACE appliances 12-16
FlashForward 12-1
traffic policies 12-2
typical configuration flow 12-2
access control, configuring on VLAN interfaces 9-7
access credentials, configuring 2-14
access ports, configuring 2-25
account password 1-4
accounts
user, managing 15-38
ACE
changing passwords 2-53
class map
configuring 11-6
match conditions 11-8
configuration options 3-8
definition GL-1
license
ANM license requirements 3-26
copying 3-27
details 3-31
installing 3-28
managing 3-26
removing 3-29
updating 3-30
viewing 3-27
notation in device tree 3-2
parameter maps 7-1
policy map
configuring 11-31
rules and actions 11-32
traffic policies 11-2
viewing license details 3-31
virtual server protocols 4-7
ACE 1.0 module
class maps 11-6
Config Status display 3-64
configuration building block 13-4
parameter maps 7-1
policy maps 11-31
synchronizing configurations 3-64
traffic policies 11-2
virtual server protocols 4-7
ACE 2.0 module
action list configuration options 12-3
class map
match conditions 11-8
types 11-6
configuration building block 13-4
parameter map
generic 7-7
RTSP 7-17
SIP 7-18
Skinny 7-20
parameter maps 7-1
policy maps 11-31
sticky types 6-2
traffic policies 11-2
virtual server protocols 4-7
ACE appliance
action list
configuration options 12-6
configuring 12-6
class maps 11-6
configuration building block 13-4
configuring 2-19
enabling SSH and HTTPS 2-5
license file name 15-56
licenses
configuration 3-31
statistics 3-31
optimization parameter map 7-10
parameter maps 7-1
policy maps 11-31
synchronizing configurations 2-47
traffic policies 11-2
virtual server protocols 4-7
ACE license
and required ANM licenses 3-26
copying for importing 3-27
details 3-31
installing 3-28
managing 3-26
removing 3-29
updating 3-30
viewing 3-27
ACE module
adding to ANM 2-10
configuring 2-19
configuring access credentials 2-14
discovery
enabling SSH access 2-14
process 2-17
enabling SSH and HTTPS 2-5
license file name 15-56
monitoring discovery status 2-18
synchronizing configurations 2-48
viewing
by 7600 series router 2-55
by chassis 2-55
ACE modules
OK/Pass state requirement 2-10
ACL
configuration overview 3-42
configuring
EtherType attributes 3-49
extended ACL attributes 3-45
for VLANs 9-7
object groups 3-51
creating 3-43
deleting 3-59
managing 3-59
objects
ICMP service parameters 3-56
IP addresses 3-52
protocols 3-54
subnet objects 3-53
TCP/UDP service parameters 3-54
resequencing 3-49
viewing by context 3-59
ACL object group
configuring 3-51
network objects
IP addresses 3-52
subnet objects 3-53
service objects
ICMP service parameters 3-56
protocols 3-54
TCP/UDP service parameters 3-54
action, setting for policy maps 11-32
action list
ACE appliance configuration options 12-6
configuration options 4-37
configuring 12-3
for ACE 2.0 modules 12-3
for ACE appliances 12-6
pattern replacements 12-10
pattern replacements 12-10
activate, definition GL-1
activating
real servers 5-6
virtual servers 4-49
adding
6500 series devices 2-7
7600 series routers 2-7
ACE appliances 2-7
ACE modules 2-10
CSM 2-12
CSS 2-7
devices to ANM 2-6
domains 2-44
resource classes 3-35
SSL
CSR parameters 8-18
parameter map cipher info 8-15
user-defined groups 2-49
Admin context, first virtual context 3-1
administrative distance, definition GL-1
admin password 15-35
advanced editing mode 1-13
advanced image type, configuration options 4-44
AES, definition GL-1
alarms
configuring for notification 14-21
viewing 14-25
all-match policy map 11-31
ANM interface
features 1-1
logging in 1-3
overview 1-5
password, changing
account 1-4
login 1-4
table
conventions 1-11
customizing 1-11
terminology 1-15
ANM server
configuring
attributes 15-62
license file name 15-56
polling, enabling 15-62
statistics 15-61
application acceleration
action lists 12-3
configuring 4-35
action lists 4-37
globally on ACE appliances 12-16
monitoring 14-17
overview 12-1
traffic policies 12-2
typical configuration flow 12-2
virtual server, additional configuration options 4-40
applying configuration building blocks 13-8
Appscope, configuration options 4-43
ARP
configuring static ARP 9-8
definition GL-1
attributes
BVI interfaces 9-12
DNS probes 5-27
Echo-TCP probes 5-27
Echo-UDP probes 5-27
Finger probes 5-28
for sticky group types 6-9
FTP probes 5-28
health monitoring 5-24
high availability 10-5
HTTP content sticky group 6-10
HTTP cookie sticky group 6-11
HTTP header sticky group 6-11
HTTP probes 5-28
HTTPS probes 5-30
IMAP probes 5-32
IP netmask sticky group 6-12
Layer 4 payload sticky group 6-12
new device 2-7
parameter map
connection 7-2
generic 7-7
HTTP 7-8
optimization 7-11
RTSP 7-17
SIP 7-18
Skinny 7-20
POP probes 5-32
predictor method 5-14
RADIUS
sticky groups 6-13
RADIUS probes 5-33
resource class 3-34
resource classes 3-34
RTSP
header sticky groups 6-14
probes 5-33
scripted probes 5-34
SIP-TCP probes 5-35
SIP-UDP probes 5-35
SMTP probes 5-35
SNMP 3-19
SNMP probes 5-36
SSL
certificate export 8-11
certificate import 8-5
CSR parameters 8-18
for virtual servers 4-12
key export 8-13
key pair import 8-8
parameter map cipher info 8-15
sticky group 6-8
TCP probes 5-36
Telnet probes 5-37
UDP probes 5-37
virtual servers 4-5
VLAN interfaces 9-3
audience, intended ix
auditing
building block configuration 3-60
resource classes 3-37
auth group certificate, configuring for SSL 8-22
B
backing up data 16-7
bandwidth optimization, configuring 4-35
building block
applying 13-8
configuration
audit 3-60
changes and version numbers 13-4
options 13-1
primary attributes 13-6
configuring 13-6
creating 13-4
extracting from virtual contexts 13-5
overview 13-1
primary attributes 13-6
types 13-4
using 13-1
versions 13-4
viewing use 13-9
buttons
descriptions 1-9
BVI, definition GL-1
BVI interfaces
attributes 9-12
configuring 9-11
viewing by context 9-13
C
caching, dynamic 12-2
caution, logging in as root user 16-7, 16-8
certificate
exporting for SSL 8-11
importing for SSL 8-5
SSL 8-4
certificate chain, definition GL-2
certificate signing request, definition GL-2
chain group certificate, configuring for SSL 8-17
chain group parameters, configuring for SSL 8-16
changing
account password 1-4
admin password 15-35
domain information 2-44
login password 1-4
role rules 2-42
user passwords 15-35
chassis
adding VLANs 2-31
changing passwords 2-52
configurations options 2-20
configuring 2-19
access credentials 2-14
access ports 2-25
interfaces 2-24
primary attributes 2-22
routed ports 2-29
switch virtual interfaces 2-28
trunk ports 2-26
discovery process 2-17
managing 2-47
monitoring
discovery status 2-18
running discovery 2-17
synchronizing configurations 2-47
viewing
all modules 2-55
ports 2-30
VLAN
managing 2-30
modifying 2-33
viewing 2-32
checking status of the Cisco ANM server 15-53
Cisco IOS software, definition GL-2
class map
configuring 11-6
definition GL-2
match conditions
generic server load balancing 11-22
Layer 3/4 management traffic 11-12
Layer 3/4 network traffic 11-9
Layer 7 FTP command inspection 11-21
Layer 7 HTTP deep packet inspection 11-15
Layer 7 server load balancing 11-13
Layer 7 SIP deep packet inspection 11-28
RADIUS server load balancing 11-23
RTSP server load balancing 11-25
SIP server load balancing 11-27
setting match conditions 11-8
use with real servers 5-3
command inspection, FTP commands 11-21
config status, virtual contexts 3-62
configuration attributes
advanced image type 4-44
Appscope 4-43
delta optimization 4-40
device VLAN 2-31
extended ACL 3-45
FlashConnect 4-43
health monitoring 5-24
high availability 10-5
HTTP return code maps 5-19
parameter map
connection 7-2
generic 7-7
HTTP 7-8
optimization 7-11
RTSP 7-17
SIP 7-18
Skinny 7-20
predictor method 5-14
probe
DNS 5-27
Echo-TCP 5-27
Echo-UDP 5-27
Finger 5-28
FTP 5-28
HTTP 5-28
HTTPS 5-30
IMAP 5-32
POP 5-32
RADIUS 5-33
RTSP 5-33
scripted 5-34
SIP-TCP 5-35
SIP-UDP 5-35
SMTP 5-35
SNMP 5-36
TCP 5-36
Telnet 5-37
UDP 5-37
resource class 3-34
SNMP users 3-21
SSL 4-12
sticky group 6-8
sticky type 4-31
syslog 3-12
trunk ports 2-26
virtual context 3-3
virtual server 4-5
XSLT merge 4-43
configuration building block
applying 13-8
configuring 13-6
creating 13-4
options 13-1
overview 13-1
using 13-1
versions 13-4
configuration options
7600 series routers 2-20
ACE appliance action lists 12-6
building blocks 13-1
by ACE device type 3-8
chassis 2-20
URL mapping 12-9
virtual contexts 3-6
configurations
synchronizing
for ACE modules 2-48
for devices 2-47
for high availability 10-18
for virtual contexts 3-64
configuration screen conventions 3-5
configuration synchronization 10-22
configuration template. See building block.
configuration values, changing 16-1
configuring
access ports 2-25
interfaces 2-24
switch virtual interfaces 2-28
trunk ports 2-26
acceleration 4-35
access credentials 2-14
access ports 2-25
ACE passwords 2-53
EtherType 3-49
extended 3-45
object groups 3-51
resequencing 3-49
action list pattern replacements 12-10
for ACE 2.0 modules 12-3
for ACE appliances 12-6
application acceleration action lists 4-37
bandwidth optimization 4-35
building block primary attributes 13-6
building blocks 13-6
BVI interfaces 9-11
access ports 2-25
interfaces 2-24
trunk ports 2-26
chassis passwords 2-52
class map match conditions
generic server load balancing 11-22
Layer 3/4 management traffic 11-12
Layer 3/4 network traffic 11-9
Layer 7 FTP command inspection 11-21
Layer 7 HTTP deep packet inspection 11-15
Layer 7 server load balancing 11-13
Layer 7 SIP deep packet inspection 11-28
RADIUS server load balancing 11-23
RTSP server load balancing 11-25
SIP server load balancing 11-27
class maps 11-6
devices 2-19
DHCP relay 9-11
DNS probe expect address 5-37
gigabit Ethernet interfaces 9-16
global
application acceleration on ACE appliances 12-16
optimization on ACE appliances 12-16
health monitoring general attributes 5-24
high availability
host tracking 10-13
interface tracking 10-12
peer host probes 10-16
peers 10-5
synchronization 10-22
tracking and failure detection 10-12
host probes for high availability 10-14
HTTP probe headers 5-38
HTTP retcode maps 5-18
HTTPS probe headers 5-38
latency optimization 4-35
Layer 2 VLANs 2-32
Layer 3 VLANs 2-33
Layer 7 default load balancing 4-33
load balancing
real servers 5-4
server farms 5-10
sticky groups 6-7
virtual servers 4-24
object groups
ICMP service parameters 3-56
IP addresses 3-52
protocols 3-54
subnet objects 3-53
TCP/UDP service parameters 3-54
OID for SNMP probes 5-40
optimization 4-35
action lists 4-37
traffic policies 12-13
organization passwords 15-32
parameter maps
connection 7-2
generic 7-7
HTTP 7-8
RTSP 7-17
SIP 7-18
Skinny 7-20
PAT 9-9
pattern replacements 12-10
policy map rules and actions 11-32
generic server load balancing 11-33
Layer 3/4 management traffic 11-36
Layer 3/4 network traffic 11-37
Layer 7 FTP command inspection 11-43
Layer 7 HTTP deep packet inspection 11-45
Layer 7 HTTP optimization 11-51
Layer 7 server load balancing 11-54
Layer 7 SIP deep packet inspection 11-60
Layer 7 Skinny deep packet inspection 11-62
RADIUS server load balancing 11-63
RDP server load balancing 11-65
RTSP server load balancing 11-66
SIP server load balancing 11-69
policy maps 11-30
port channel interfaces 9-19
probe attributes 5-26
probe expect status 5-39
protocol inspection 4-13
real servers 5-8
resource classes
global 3-35
local 3-40
routed ports 2-29
server farm predictor method 5-14
shared objects 4-6
SNMP 3-19
communities 3-19
credentials 2-15
notification 3-24
on virtual contexts 3-18
trap destination hosts 3-22
version 3 users 3-20
SSL
chain group parameters 8-16
CSR parameters 8-17
for virtual servers 4-12
parameter map 8-14
parameter map cipher 8-15
proxy service 8-20
static ARP for VLANs 9-8
sticky statics 6-14
switch virtual interfaces 2-28
syslog
logging 3-11
log hosts 3-15
log messages 3-16
log rate limits 3-17
Telnet
credentials 2-15
on chassis 2-4
traffic policies 11-1
trunk ports 2-26
URL mappings 12-9
virtual context 3-1, 3-5, 3-64
class maps 11-6
global policies 3-25
policy maps 11-30
primary attributes 3-11
resource classes 3-40
system attributes 3-10
virtual server
configuration overview 4-2
default load balancing 4-33
Layer 7 load balancing 4-24
NAT 4-45
optimization 12-16
properties 4-8
protocol inspection 4-13
shared objects 4-6
SSL termination service 4-12
VLAN
interface access control 9-7
interface options 9-6
interface policy maps 9-6
interfaces 9-2
Layer 2 2-32
Layer 3 2-33
VLAN groups 2-34
connection parameter map
attributes 7-2
configuring 7-2
TCP options 7-6
connectivity, testing between devices 14-28
Content Switching Module devices
adding to ANM 2-7
context
config status 3-62
configuration options 3-6
configuring 3-5
application acceleration 12-1
BVI interfaces 9-11
global policies 3-25
load balancing 4-1
optimization 12-1
primary attributes 3-11
resource classes 3-40
static routes 9-13
traffic policies 11-1
virtual servers 4-1
VLAN interfaces 9-2
creating 3-2
definition GL-7
deleting 3-65
editing 3-64
extracting configurations for building blocks 13-5
modifying 3-64
polling
restarting 3-67
viewing status 3-63
protocols 3-4
synchronizing configurations 3-64
upgrading 3-66
using for configuration building blocks 13-5
controlling access to CiscoANM 15-3
conventions in ANM
dropdown lists 3-5
for configuration screens 3-5
radio buttons 3-2
table 1-11
conventions in this guide x
cookie
client 6-3
sticky client identification 6-3
creating
ACLs 3-43
building blocks 13-4
domains 15-50
user accounts 15-39
user roles 15-46
virtual contexts 3-2
credentials
modifying 2-16
SNMP 2-15
Telnet 2-15
CSM
adding to ANM 2-12
configuring 2-19
license file name 15-56
primary attributes 2-20
viewing by chassis 2-55
CSR
configuring parameters 8-17
definition GL-2
generating for SSL 8-19
CSS
configuring 2-19
license file name 15-56
primary attributes 2-21
synchronizing configurations 2-47
customizing
tables 1-11
D
data
backing up 16-7
restoring 16-8
deep packet inspection
HTTP
class map match conditions 11-15
policy map rules and actions 11-45
SIP
class map match conditions 11-28
policy map rules and actions 11-60
Skinny policy map rules and actions 11-62
default distance values 2-23
deleting
ACLs 3-59
class map in use 11-6
device RBAC user accounts 2-38
high availability groups 10-11
host probes for high availability 10-15
organizations 15-37
peer host probes 10-17
role rules 2-42
roles or domains 2-36
SSL objects 8-2
user accounts 15-42
user-defined groups 2-51
virtual contexts 3-65
delta optimization
configuration options 4-40
description 12-1
deploying
configuration building blocks 13-8
staged virtual servers 4-46
DES, definition GL-2
device
configuring 2-19
management overview 2-1
managing 2-1
monitoring 14-3
polling
restarting 2-54
status 2-55
viewing
All Devices table 2-54
device groups, monitoring 14-3
device tree
ACE version notation 3-2
overview 1-8
DHCP relay, configuring 9-11
discovery
enabling
SSH on ACE modules 2-14
monitoring progress 2-17, 2-18
process 2-17
running 2-17
displaying
current user sessions 15-42
list of users 15-38
network domains 15-50
organizations 15-37
user roles 15-46
users who have a selected role 15-46
distinguished name, definition GL-2
DNS
configuring protocol inspection 4-14
probe
attributes 5-27
expect address 5-37
domains
deleting 2-36
duplicating
domains 15-51
organizations 15-36
user accounts 15-40
user-defined groups 2-51
user roles 15-47
dynamic caching 12-2
E
Echo-TCP probe attributes 5-27
Echo-UDP probe attributes 5-27
e-commerce
applications, sticky requirements 6-1
using stickiness 6-4
editing
role rules 2-42
Ethernet interfaces, configuring 9-16
EtherType ACL, configuring 3-49
event
definition GL-2
monitoring 14-20
event type, definition GL-3
exception, definition GL-3
expert options, for virtual contexts 3-60
exporting
SSL
certificates 8-11
key 8-13
key pair 8-12
extended ACL
configuration options 3-45
resequencing entries 3-49
F
failover 10-21
fault, definition GL-3
fault tolerance
groups 10-20
task overview 10-4
features of ANM 1-1
filtering tables 1-11
Finger probe attributes 5-28
first-match policy map 11-31
FlashConnect, configuration options 4-43
FlashForward object acceleration 12-1
FTP, configuring protocol inspection 4-14
FTP command inspection
available commands 11-21
class map match conditions 11-21
policy map rules and actions 11-43
FTP probe attributes 5-28
FTP strict, and RFP standards 11-43
FT VLAN 10-21
G
generating
ANM licenses
overview 1-5
generic parameter map
attributes 7-7
configuring 7-7
generic server load balancing
class map match conditions 11-22
policy map rules and actions 11-33
global acceleration and optimization, ACE appliances 12-16
global policies, configuring for virtual contexts 3-25
global resource class 3-33
applying to contexts 3-36
auditing 3-37
configuring 3-35
deleting 3-39
deploying 3-36
modifying 3-38
using 3-35
guidelines for managing
domains 15-49
organizations 15-32
user accounts 15-38
user roles 15-43
H
hash load-balancing methods
address 5-2
cookie 5-2
header 5-2
url 5-2
health monitoring
configuring 5-21
for real servers 5-22
general attributes 5-24
overview 5-21
probe types 5-23
TCL scripts 5-21
heartbeat packets 10-20
high availability
clearing
links between ACE appliances 10-6
pairs 10-6
configuration attributes 10-5
configuring
groups 10-7
host probes 10-14
host tracking process 10-13
interface tracking process 10-12
overview 10-19
peer host probes 10-16
peers 10-5
deleting
groups 10-11
host probes 10-15
peer host probes 10-17
failover detection 10-12
importance of synchronizing configurations 10-18
modifying groups 10-9
protocol 10-20
switching over a group 10-10
task overview 10-4
tracking status 10-12
HSRP, definition GL-3
HTTP
configuring protocol inspection 4-14
content
sticky group attributes 6-10
sticky type 6-3
cookie
sticky group attributes 6-11
sticky type 6-3
deep packet inspection
class map match conditions 11-15
policy map rules and actions 11-45
header
sticky client identification 6-4
sticky group attributes 6-11
sticky type 6-4
load balancing conditions and options 4-26
optimization policy map rules and actions 11-51
parameter map
attributes 7-8
configuring 7-8
probe
attributes 5-28
configuring headers 5-38
retcode maps 5-18
return code map configuration options 5-19