Italic text indicates the first occurrence of a new term, book title, and emphasized text. In this command summary, items presented in italics represent user-specified information.

Items within angle brackets ("<>") are required information.

Items within square brackets ("[]") are optional information.

Items separated by a vertical bar ("|") are options. You can choose any of them.

Note Though a command string may be displayed on multiple lines in this guide, it must be entered on a single line with not returns except at the end of the complete command.

Editing and Completion Features

You can use individual keys and control-key combinations to help you work with the Command Line Interface (CLI). Table C-2 describes the key and key combination functions.

Table C-2: Key Reference

Key(s)	Function

TAB	Completes the current word
?	Shows possible command completions
CTRL+A	Moves cursor to the beginning of the command line
CTRL+B	Moves cursor to the previous character
CTRL+C	Exits the QuickStart wizard at any point; the configuration is not saved
CTRL+D	When editing a command, deletes the character to the right of the cursor; otherwise, exits current configuration level or exits the configuration manager if at the Top Level
CTRL+E	Moves cursor to the end of the command line
CTRL+F	Moves cursor to the next character
CTRL+K	Erases characters from the cursor to the end of the line
CTRL+L	Clears the screen
CTRL+N	Displays the next command in the command history
CTRL+P	Displays the previous command in the command history
CTRL+U	Erases characters from the cursor to the beginning of the line
CTRL+W	Erases the previous word
CTRL+Z	Leaves current mode and returns to Top Level mode
LEFT ARROW	Moves the cursor to the previous character
RIGHT ARROW	Moves the cursor to the next character
HOME	Moves cursor to the beginning of the command (not available in Solaris)
END	Moves cursor to the end of the command (not available in Solaris)

Note Due to differences in operating systems, client software, and user preferences, some keys (such as ARROW, HOME, and END keys may not work as expected. Please use the key combinations listed in the Table C-2.

Most configuration commands require completing all fields in the command. For commands that have several possible completers, the TAB or ? keys display all options.

SCA> show [TAB]
access-list	ip	route
arp	keep-alive monitor	running-configuration
copyrights	memory	snmp
cpu	messages	ssl
device	netstat	syslog
dns	processes	system-resources
group	profile	terminal
history	remote-management	version
interface	rip

The TAB key can also be used to finish a command if the command is uniquely identified by user input.

SCA> show cop[TAB]

results in

SCA> show copyrights

Additionally, commands may be abbreviated as long as the partial commands are unique. The following text:

SCA> sho dev lis

is an acceptable abbreviation for

SCA> show device list

Note Device, certificate, certificate group, key, security policy, and server names are case-sensitive.

Command Hierarchy

The CLI configuration manager allows you to control hardware and SSL portions of the appliance through a discreet mode and submode system. The commands for the Secure Content Accelerator device fit into the logical hierarchy show in Figure C-1.

Figure C-1: Command Hierarchy

To configure items in a submode, activate the submode by entering a command in the mode above it. For example, to set the network interface speed or duplex you must first enter enable, configure, then interface network. To return to the higher Configuration mode, simply enter end or exit or press CTRL+D. The finished command returns to the Top Level from any mode. Appendix C lists all commands for SSL devices.

Configuration Security

Cisco Secure Content Accelerator devices allow easy, flexible configuration without compromising the security of your network or their own configuration.

Passwords

Cisco Secure Content Accelerator devices use two levels of password protection: access- and enable-level. Access-level passwords control who can attach the remote configuration manager or access the device via telnet and serial connections. Enable-level passwords control who can view the same data available with access-level passwords as well as view sensitive data and configure the device.

SSL devices are shipped without passwords. Setting passwords is important because the device can be administered over a network. For more information about passwords, see the commands password access and password enable in Appendix C.

Methods to Manage the Device

You can configure the Cisco Secure Content Accelerator using one of four methods, three of which use the CLI configuration manager.

Serial connection, configuration manager
- An IP address need not have been assigned for appliance management.
- A device can be set to single-port mode via serial connection.
- A device must be managed while physically connected via a serial cable.
- The FailSafe password can be used as a factory reset.
Telnet connection, configuration manager
- An IP address must have been assigned to the appliance.
- A device cannot be set to single-port mode via telnet.
- Only one device can be managed at a time.
Remote network connection, configuration manager application
- An IP address need not have been assigned for appliance management.
- A device cannot be set to single-port mode via the remote connection.
- Multiple devices can be attached.
Remote network connection, GUI
- In IP address must have been assigned to the appliance for management.
- A device cannot be set to single-port mode via the GUI.
- Only one device can be managed at a single time.

Additionally, the behaviors of some commands vary depending upon the management method. The configuration information for the commands ip name-server, rdate-server, and ip domain-name can be set remotely, but the configuration information is used only through a serial or telnet connection. The results of the ping and traceroute commands also are dependent upon the management method. When used with the remote management application, these commands are executed and results returned based upon the configuring computer's hardware information. When used with serial or telnet management, the results are based upon the SSL appliance's hardware information.

Serial and telnet management commands can use symbolic hostnames in URL identifiers if the ip domain-name has been set.

File name formats differ depending on the management method. When using remote management, you can specify the file name as it appears in the configuring computer's file system. A path must be included, if necessary. When using serial or telnet management, the file name must be entered in any of the following formats:

[<http://   | ftp:// | https:// | tftp:// >] URL

In situations where a file is written, anonymous write access must be configured on the system with these caveats:

http: — The server must be configured to accept PUT commands
https: — The server must be configured to accept PUT commands
ftp: — If anonymous write access is not allowed, use this format:
ftp://username:password@hostname/directory/filename
tftp: — Use this format:
tftp://hostname/filename
where the hostname may be either a URL or IP address

Additionally, we provide a guided QuickStart wizard configuration method, available from both the configuration manager and GUI. To use this method for configuration, see Chapter 4. Brief instructions are also included for initiating a management session using the configuration manager.

For instructions on using any of the CLI configuration managers, see Chapter 5 for instructions on using the GUI, see Chapter 6.

Initiating a Management Session

Use the appropriate instructions below to initiate a management session with the Secure Content Accelerator.

Serial Management and IP Address Assignment

Follow these steps to initiate a management session via a serial connection and set an IP address for the device.

Note The default terminal settings on the SSL devices and modules is 80 columns by 25 lines. To ensure the best display and reduce the chance of graphic anomalies, please use the same settings with the serial terminal software. The device terminal settings can be changed, if necessary. Use the standard ANSI setting on the serial terminal software.

1. Attach the included null modem cable to the appliance port marked "CONSOLE". Attach the other end of the null modem cable to a serial port on the configuring computer.

2. Launch any terminal emulation application that communicates with the serial port connected to the appliance. Use these settings: 9,600 baud, 8 data bits, no parity, 1 stop bit, no flow control.

3. Press Return. Initial information is displayed followed by an SCA> prompt.

4. Enter Privileged and Configuration modes and set the IP address using the following commands. Replace the IP address in the example with the appropriate one.

SCA> enable
SCA# configure
(config[SCA])# ip address 10.1.2.5
(config[SCA])#

Note When prompted to supply a file name during serial management, you must supply it as a URL in the form of HOST/PATH/FILENAME using the http://, https://, ftp://, or tftp:// prefix.

Telnet

After you have assigned an IP address to the Cisco Secure Content Accelerator using the serial connection or remote configuration manager, you can connect to the appliance via telnet.

1. Initiate a telnet session with the IP address previously assigned to the appliance.

2. An SCA> prompt is displayed.

Note When prompted to supply a file name during a telnet management session, you must supply it as a URL in the form of HOST/PATH/FILENAME using the http://, https://, ftp://, or tftp:// prefix.

Running the Remote Configuration Manager

Use the appropriate instructions below to run the CLI configuration manager.

Linux

Enter csacfg at a Linux shell prompt.

Solaris

Enter csacfg at a Unix shell prompt.

Windows NT and Windows 2000 Software

To start the configuration manager, use the Start menu and point to Programs>Cisco Systems and click Cisco Secure Content Acc. Manager, or double-click the shortcut on the desktop.

Using the Remote Configuration Manager

Enter show device list to display a list of all Cisco Secure Content Accelerators in the same broadcast domain as the configuring computer and those found using the discover port command. Devices are listed in the following format:

Type     Key     Name     Version     MacAddr     IPaddr

Cisco Secure Content Accelerator devices are listed with the "CSS-SCA" device type. Note the MAC address of the device you wish to configure. It is used with the "CS-" prefix to identify a specific device when giving commands in the format CS-macaddress, where macaddress is the MAC address of the device.

Note Identify an unnamed device as a specific appliance, match the last six digits of the serial number with the MAC address shown.

Specifying Devices

If only one device is listed, you can configure it by simply entering commands as listed. If multiple devices are listed, you must specify the device your commands should address. In these instances you must use the on prefix.

For example, entering show device list returns the following list of unattached devices:

CSS-SCA	Ru	sslDev1	...
CSS-SCA	Ru	sslDev2	...
CSS-SCA	Ru	sslDev3	...
CSS-SCA	Ru	sslDev4	...

To attach the configuration manager to the device sslDev3, enter this command:

on sslDev3 attach

The auto completer function can assist data entry. See "Editing and Completion Features" in Appendix C for details for using editing and auto completer features.

Working with Device Groups

The remote configuration manager allows you to create groups of devices for single management sessions. Most Top Level commands can target a group just as they would a single device. Using the device list above, the commands below create a device group named myGroup, add three devices, and display the group contents.

csacfg> group myGroup create
(group[myGroup])> device sslDev1
(group[myGroup])> device sslDev2
(group[myGroup])> device sslDev4
(group[myGroup])> info
group name: myGroup
number of devices: 3
	device: sslDev1
	device: sslDev2
	device: sslDev4
(group[myGroup])>

To remove a device from the group, use the no form of the command:

(group[myGroup])> no device sslDev2

Enter end to leave Group configuration mode. To send commands to every device in the group, use the on prefix.

on myGroup attach

You can simplify command entry for this group further by setting the on command to address the group myGroup by default.

set on-prefix myGroup

After entering this command, you do not need to use the on prefix when addressing the default target. For example, the on myGroup attach command becomes attach. You can still address another group instead of the default; simply specify its name following the on prefix. Change the on prefix target by re-entering the command, identifying the new group. View the on prefix target by entering show profile.

Note Individual devices can also be set as the on prefix default target. Any command without the on prefix defaults to the group or device specified by the set on-prefix command.

For more information about Group Configuration commands, see "Group Configuration Command Set" in Appendix C.

Remote Configuration Caching

The remote configuration manager caches some management session information. Some changes made during a configuration session may not be displayed. Additionally, configuration changes from multiple concurrent configuration sessions may not be reflected in status and configuration displays. To obtain the most current configuration data, exit the configuration manager, and launch the application again or use the refresh command in the Privileged Command set.

Top Level Command Set

The Top Level command set consists of Non-Privileged and Privileged commands. These commands are used to view and clear statistics and device status, set terminal configuration, enter configuration modes, manage hardware, and exit the configuration manager.

Non-Privileged Command Set

The Non-Privileged command set consists of the lowest level commands having the least impact on configuration and security of the devices.

attach

Attaches or detaches the configuration manager from one or more devices.

attach
no attach

on <devname|groupname|all> attach
on <devname|groupname|all> no attach

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of a user-defined group of devices.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote

Use the simple attach form of the command to attach to a single found device. Use the no form of the command to detach the configuration manager from a single attached device. If an access-level password has been defined, you must enter it when prompted before the configuration manager will attach to the device(s). If a shared secret passphrase has been assigned as part of remote management encryption, you are prompted for it. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Note If you have forgotten the device's access password, see "Factor y Default Reset Password".

Related Commands

attach ip (Non-Privileged Command Set)
enable (Non-Privileged Command Set)
remote-management enable (Configuration Command Set)
remote-management port (Configuration Command Set)

attach ip

Attaches or detaches the configuration manager from one or more devices using an alternate remote management port.

attach ip <ipaddr> [port <portid>]
no attach ip <ipaddr>

Syntax Description

ipaddr	The IP address of the Secure Content Accelerator.
portid	The TCP service port number.

Usage Guidelines

Availability: Remote

Use the port option to specify a TCP/UDP service port to use for attaching to the device. The remote-management port command must have been used on the device to change the management port from the default. If a shared secret passphrase has been assigned as part of remote management encryption, you are prompted for it. Use the no form of the command to detach the configuration manager from the specified device. If an access-level password has been defined, you must enter it when prompted before the configuration manager can attach to the device.

Note If you have forgotten the device's access password, see "Factor y Default Reset Password".

Related Commands

attach (Non-Privileged Command Set)
enable (Non-Privileged Command Set)
remote-management enable (Configuration Command Set)
remote-management port (Configuration Command Set)

clear screen

Clears the display, leaving only one prompt line.

clear screen

Usage Guidelines

Availability: Remote, Serial, Telnet

cls

Clears the display, leaving only one prompt line.

cls

Usage Guidelines

Availability: Remote, Serial, Telnet

discover

Checks the network for new remote devices on the default or, optionally, on the specified TCP service port when using an alternate remote management port.

discover [port <portid>]

Syntax Description

portid

The port number.

Usage Guidelines

Availability: Remote

Use the port option to specify a TCP service port to search for devices when using an alternate remote management port.

Related Commands

remote-management port (Configuration Command Set)

enable

Enters or leaves Privileged Mode for one or more attached device.

enable
no enable

on <devname|groupname|all> enable
on <devname|groupname|all> no enable

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of a user-defined group of devices.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

If an enable-level password has been defined, you must enter it when prompted. When using remote management, enters Privileged mode for a single, attached device. Using the no form of this command leaves Privileged mode. When using remote configuration, use the on form of the command to specify the target(s) of the command when more than one device is appropriate.

Note If you have forgotten the device's enable password, see "Factor y Default Reset Password".

Related Commands

attach (Non-Privileged Command Set)
attach ip (Non-Privileged Command Set)

See the section "Privileged Command Set".

exit

Quits the configuration manager.

exit

Usage Guidelines

Availability: Remote, Serial, Telnet

When executed from the remote configuration manager, closes the configuration manager. When executed from a serial connection, the connection is not closed. If an access password has been configured, you are prompted for it. When executed from telnet, the telnet connection is closed.

Related Commands

quit (Non-Privileged Command Set)

group

Creates or configures the specified user-defined device group.

group <groupname> [create]
no group <groupname>

Syntax Description

groupname	The name of a user-defined group of devices.
create	Creates a new device group named groupname and enters Group Configuration Mode for that device group.

Usage Guidelines

Availability: Remote

Use the create flag to create the specified group and enter Group Configuration mode for it. Use the no form of the command to remove the specified group.

Related Commands

help

Displays help information for the specified command.

help [command]

Syntax Description

command

The name of the command.

Usage Guidelines

Availability: Remote, Serial, Telnet

If no command is specified, help information is displayed for all Non-Privileged commands. When using remote configuration, help information is displayed for all Top Level commands.

monitor

Displays the results of the specified show command at one second intervals.

monitor <command>

Syntax Description

command

The name of the command.

Usage Guidelines

Availability: Remote, Serial, Telnet

The interval between refreshes is set using the set monitor-interval command.

Related Commands

set monitor-interval (Non-Privileged Command Set)
show profile (Non-Privileged Command Set)

paws

Pauses the configuration manager for a specified time or until a key is pressed.

paws

Usage Guidelines

Availability: Remote, Serial, Telnet

ping

Sends ICMP packets to the specified IP address.

ping <ipaddr|name>

Syntax Description

ipaddr	The specified destination IP address.
name	The name of the host to ping (serial or telnet only).

Usage Guidelines

Availability: Remote, Serial, Telnet

The host name can be used remotely if a domain name has been assigned for the device. When issued from a serial or telnet connection, the command returns information based upon the hardware of the Secure Content Accelerator. When issued from a remote management connection, the command returns information based upon the configuring computer.

Related Commands

ip name-server (Configuration Command Set)

quit

Quits the configuration manager.

quit

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

exit (Non-Privileged Command Set)

set monitor-interval

Sets the number of seconds between monitor-prefixed command refreshes.

set monitor-interval <value>
no set monitor-interval

Syntax Description

value

The number of seconds between refreshes

Usage Guidelines

Availability: Remote, Serial, Telnet

Use the no form of the command to return the monitor interval to default value.

Related Commands

monitor (Non-Privileged Command Set)
show profile (Non-Privileged Command Set)

set on-prefix

Sets the entity to address as default when using the on prefix.

set on-prefix <devname|groupname|all>
no set on-prefix

Syntax Description

devname	The name of the Secure Content Accelerator to target
groupname	The name of the user-defined device group to target

Usage Guidelines

Availability: Remote

Use the no form of the command to clear the default entity.

Related Commands

group (Non-Privileged Command Set)
show profile (Non-Privileged Command Set)

show arp

Displays the ARP cache on the specified device.

show arp

on <devname|groupname|all> show arp

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

show copyrights

Displays copyright information for software and hardware products.

show copyrights

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

show version (Non-Privileged Command Set)

show cpu

Displays CPU utilization information for one or more devices.

show cpu [continuous] [interval <value>]

on <devname|groupname|all> show cpu [continuous] [interval <value>]

Syntax Description

continuous	Displays statistics continuously updated at one-second intervals.
interval	Specifies an interval for display updates.
value	The interval in seconds.
devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

Use the continuous option to have statistics displayed continuously, updated at one-second intervals. Use the interval option to specify an interval for display updates. Press any key to stop displaying statistics. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

show date

Displays current date and time settings on the device.

show date

Usage Guidelines

Availability: Serial, Telnet

Related Commands

rdate-server (Configuration Command Set)

show device

Displays information about the specified device(s).

show device
on <devname|groupname|all> show device

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

show device list

Displays summary information for all Secure Content Accelerators in the same broadcast domain as the configuring computer or found by the configuration manager after launching the configuration manager and using the discover command.

show device list

Usage Guidelines

Availability: Remote

Devices are listed in the following format:

Type     Key     Name     Version     MacAddr     IPaddr

Note the MAC address of the device you wish to configure. It is used with the "CS-" prefix to identify a specific device when giving commands.

Related Commands

discover (Non-Privileged Command Set)

show dns

Displays DNS configuration information for one or more devices.

show dns

on <devname|groupname|all> show dns

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

ip domain-name (Configuration Command Set)
show ip domain-name (Non-Privileged Command Set)
show ip name-server (Non-Privileged Command Set)

show flow

Displays IP connection information for one or more devices.

show flow

on <devname|groupname|all> show flow

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

show group

Displays group summary information for the specified group.

show group [groupname]

Syntax Description

groupname

The name of the user-defined device group.

Usage Guidelines

Availability: Remote

If a group is not specified, information is displayed for all groups.

Related Commands

group (Non-Privileged Command Set)

See the section "Group Configuration Command Set".

show history

Displays the last commands executed.

show history

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

show terminal (Top Level Command Set)
terminal history (Top Level Command Set)

show interface

Displays information for the specified Ethernet interface on one or more devices.

show interface [network | server]

on <devname|groupname|all> show interface [network | server]

Syntax Description

network	Displays information for the "Network" interface.
server	Displays information for the "Server" interface.
devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

The information includes connection, duplex, speed, and autonegotiation settings. If a single interface is not specified, information is displayed for all interfaces on the device(s). When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

show interface errors (Non-Privileged Command Set)
show interface statistics (Non-Privileged Command Set)
interface (Configuration Command Set)

See the section "Interface Configuration Command Set".

show interface errors

Displays error information for the specified Ethernet interface on one or more devices.

show interface errors [network | server] [continuous] [interval <value>]

on <devname|groupname|all> show interface errors [network | server] [continuous] [interval <value>]

Syntax Description

network	Displays information for the "Network" interface.
server	Displays information for the "Server" interface.
continuous	Displays errors continuously.
interval	Specifies an interval for display updates.
value	The interval in seconds.
devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

If a single interface is not specified, errors are displayed for both interfaces. If continuous is specified, error statistics are updated every second. Use the interval option to specify an interval for display updates. Press any key to stop displaying errors. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

show interface (Non-Privileged Command Set)
show interface statistics (Non-Privileged Command Set)
interface (Configuration Command Set)

See the section "Interface Configuration Command Set".

show interface statistics

Displays interface statistics for one or more devices.

show interface statistics [network | server] [continuous] [interval <value>]

on <devname|groupname|all> show interface statistics [network | server] [continuous] [interval <value>]

Syntax Description

network	Displays information for the "Network" interface.
server	Displays information for the "Server" interface.
continuous	Displays statistics continuously.
interval	Specifies an interval for display updates.
value	The interval in seconds.
devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

If a single interface is not specified, statistics are displayed for both interfaces. If continuous is specified, statistics are updated every second. Use the interval option to specify an interval for display updates. Press any key to stop displaying statistics. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

show interface (Non-Privileged Command Set)
show interface errors (Non-Privileged Command Set)
interface (Configuration Command Set)

See the section "Interface Configuration Command Set".

show ip domain-name

Displays DNS configuration information for one or more devices.

show ip domain-name

on <devname|groupname|all> show ip domain-name

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

ip domain-name (Configuration Command Set)
show dns (Non-Privileged Command Set)
show ip name-server (Non-Privileged Command Set)

show ip name-server

Displays DNS configuration information for one or more devices.

show ip name-server

on <devname|groupname|all> show ip name-server

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command when more than one device is appropriate.

Related Commands

ip domain-name (Configuration Command Set)
show dns (Non-Privileged Command Set)
show ip domain-name (Non-Privileged Command Set)

show ip routes

Displays the routing table stored in one or more devices.

show ip routes

on <devname|groupname|all> show ip routes

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

show route (Non-Privileged Command Set)

show ip statistics

Displays diagnostic IP, ICMP, TCP, and UDP statistics for one or more devices.

show ip statistics

on <devname|groupname|all> show ip statistics

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

show keepalive-monitor

Displays a list of keepalive-monitor IP addresses for one or more devices.

show keepalive-monitor

on <devname|groupname|all> show keepalive-monitor

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

SSL errors from IP addresses specified with the keepalive-monitor command are ignored. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

keepalive-monitor (Configuration Command Set)

show memory

Displays memory usage on one or more devices.

show memory [zones]

on <devname|groupname|all> show memory [zones]

Syntax Description

zones	Specifies memory information for each zone is to be displayed.
devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

The zones flag is used to display information for each memory zone. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

show messages

Displays the diagnostic message buffer for one or more devices.

show messages

on <devname|groupname|all> show messages

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

clear messages (Non-Privileged Command Set)
write messages (Privileged Command Set)

show netstat

Displays the current state of the IP connection for one or more devices.

show netstat

on <devname|groupname|all> show netstat

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

show processes

Displays information, by thread, about processes running on one or more devices.

show processes

on <devname|groupname|all> show processes

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

show profile

Displays the monitor-interval and on-prefix settings of the if they have been changed from the default settings.

show profile [all]

Syntax Description

all

Displays current settings for both monitor-interval and on-prefix.

Usage Guidelines

Availability: Remote

Use the all keyword to display the current configuration of both the monitor-interval and on-prefix.

Related Commands

monitor (Non-Privileged Command Set)
set monitor-interval (Non-Privileged Command Set)
set on-prefix (Non-Privileged Command Set)

show rdate-server

Displays the IP address of the RDATE protocol server configuration for one or more devices.

show rdate-server

on <devname|groupname|all> show rdate-server

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

show remote-management

Displays remote management information for one or more devices.

show remote-management

on <devname|groupname|all> show remote-management

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

remote-management access-list (Configuration Command Set)
remote-management enable (Configuration Command Set)
remote-management encryption (Configuration Command Set)
remote-management port (Configuration Command Set)
remote-management shared-secret (Configuration Command Set)
show telnet (Non-Privileged Command Set)
show web-management (Non-Privileged Command Set)

show rip

Displays the RIP status of one or more devices.

show rip

on <devname|groupname|all> show rip

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

rip (Configuration Command Set)

show route

Displays the routing table stored in one or more devices.

show route

on <devname|groupname|all> show route

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

show ip routes (Top Level Command Set)

show sessions

Displays current remote configuration manager, serial, and telnet management connections to the device.

show sessions

Usage Guidelines

Availability: Serial, Telnet

Related Commands

clear line (Privileged Command Set)

show sntp-server

Displays SNTP-server information for one or more devices. The SNTP server is used for date and time information.

show sntp-server

on <devname|groupname|all> show sntp-server

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

sntp-server (Configuration Command Set)

show ssl

Displays SSL summary data for one or more devices.

show ssl

on <devname|groupname|all> show ssl

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

show ssl cert (Non-Privileged Command Set)
show ssl certgroup (Non-Privileged Command Set)
show ssl errors (Non-Privileged Command Set)
show ssl key (Non-Privileged Command Set)
show ssl secpolicy (Non-Privileged Command Set)
show ssl server (Non-Privileged Command Set)
show ssl statistics (Non-Privileged Command Set)
ssl (Configuration Command Set)

See the section "SSL Configuration Command Set".

show ssl cert

Displays summary data for the specified certificate entity loaded on one or more devices.

show ssl cert [certname]

on <devname|groupname|all> show ssl cert [certname]

Syntax Description

certname	The name of the certificate.
devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not specify a certificate name, all certificate entity information is displayed When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

show ssl (Non-Privileged Command Set)
show ssl certgroup (Non-Privileged Command Set)
show ssl errors (Non-Privileged Command Set)
show ssl errors all (Non-Privileged Command Set)
show ssl key (Non-Privileged Command Set)
show ssl secpolicy (Non-Privileged Command Set)
show ssl server (Non-Privileged Command Set)
show ssl statistics (Non-Privileged Command Set)
show ssl statistics all (Non-Privileged Command Set)
ssl (Configuration Command Set)

See the sections "SSL Configuration Command Set", "Certificate Configuration Command Set", and "Certificate Group Configuration Command Set".

show ssl certgroup

Displays summary data for the specified certificate group loaded on one or more devices.

show ssl certgroup [certgroupname]

on <devname|groupname|all> show ssl certgroup [certgroupname]

Syntax Description

certgroupname	The name of the certificate group.
devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not specify a certificate group, all certificate group information is displayed. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

show ssl (Non-Privileged Command Set)
show ssl cert (Non-Privileged Command Set)
show ssl errors (Non-Privileged Command Set)
show ssl key (Non-Privileged Command Set)
show ssl secpolicy (Non-Privileged Command Set)
show ssl server (Non-Privileged Command Set)
show ssl statistics (Non-Privileged Command Set)
ssl (Configuration Command Set)

See the sections "SSL Configuration Command Set", "Certificate Configuration Command Set", and "Certificate Group Configuration Command Set".

show ssl errors

Displays SSL errors reported on one or more devices.

show ssl errors [continuous] [interval <value>]

on <devname|groupname|all> show ssl errors [continuous] [interval <value>]

Syntax Description

continuous	Displays errors continuously.
interval	Specifies an interval for display updates.
value	The interval in seconds.
devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

(This command must be given on one line.) Displays SSL errors reported on a single device or module. Use the continuous keyword to update the statistics every second. Use the interval keyword to specify an interval for display updates, where value is the interval in seconds. Press any key to stop displaying errors. When using remote configuration, use the on form of the command to specify the target(s) of the command, where devname is the name of a single device or module, groupname is the name of a user-defined device group, and all represents all appropriate devices and modules. The errors displayed when using the continuous or interval keywords are:

Error	Description
ACPT	SSL Accept Errors
SSLW	SSL System Write Errors to Client
SSLWBC	SSL System Write Broken Connection Errors to Client
SSLR	SSL System Read Errors from Client
SSLRBC	SSL System Read Broken Connection Errors from Client
SVRW	System Write Errors to Remote Server
SVRWBC	Broken Connection Write Errors to Remote Server
SVRR	System Read Errors from Remote Server
SVRRBC	Broken Connection Read Errors from Remote Server

Related Commands

keepalive-monitor (Configuration Command Set)
show keepalive-monitor (Non-Privileged Command Set)
show ssl (Non-Privileged Command Set)
show ssl cert (Non-Privileged Command Set)
show ssl certgroup (Non-Privileged Command Set)
show ssl key (Non-Privileged Command Set)
show ssl secpolicy (Non-Privileged Command Set)
show ssl server (Non-Privileged Command Set)
show ssl statistics (Non-Privileged Command Set)
ssl (Configuration Command Set)

See the section "SSL Configuration Command Set".

show ssl key

Displays summary data for the specified private key loaded on one or more devices.

show ssl key [keyname]

on <devname|groupname|all> show ssl key [keyname]

Syntax Description

keyname	The name of the public/private key pair.
devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not specify a key name, all key information is displayed. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

show ssl (Non-Privileged Command Set)
show ssl cert (Non-Privileged Command Set)
show ssl certgroup (Non-Privileged Command Set)
show ssl errors (Non-Privileged Command Set)
show ssl secpolicy (Non-Privileged Command Set)
show ssl server (Non-Privileged Command Set)
show ssl statistics (Non-Privileged Command Set)
ssl (Configuration Command Set)

See the sections "SSL Configuration Command Set" and "Key Configuration Command Set".

show ssl secpolicy

Displays summary data for the specified security policy on one or more devices.

show ssl secpolicy [polname]

on <devname|groupname|all> show ssl secpolicy [polname]

Syntax Description

polname	The name of the security policy.
devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not specify a security policy name, all security policy information is displayed. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

show ssl (Non-Privileged Command Set)
show ssl cert (Non-Privileged Command Set)
show ssl certgroup (Non-Privileged Command Set)
show ssl errors (Non-Privileged Command Set)
show ssl key (Non-Privileged Command Set)
show ssl server (Non-Privileged Command Set)
show ssl statistics (Non-Privileged Command Set)
ssl (Configuration Command Set)

See the sections "SSL Configuration Command Set" and "Security Policy Configuration Command Set".

show ssl server

Displays information for the specified configured logical secure server of type server, reverse-proxy server, or backend server on one or more devices.

show ssl server [servname]
on <devname|groupname|all> show ssl server [servname]

Syntax Description

servname	The name of the server.
devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not specify a secure server name, all secure server information is displayed. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

show ssl (Non-Privileged Command Set)
show ssl cert (Non-Privileged Command Set)
show ssl certgroup (Non-Privileged Command Set)
show ssl errors (Non-Privileged Command Set)
show ssl key (Non-Privileged Command Set)
show ssl secpolicy (Non-Privileged Command Set)
show ssl statistics (Non-Privileged Command Set)
ssl (Configuration Command Set)

See the sections "SSL Configuration Command Set" and "Server Configuration Command Set".

show ssl session-stats

Displays SSL session statistics summed over all secure logical servers on one or more devices.

show ssl session-stats [continuous] [interval <value>]

on <devname|groupname|all> show ssl session-stats [continuous] [interval <value>]

Syntax Description

continuous	Displays statistics continuously.
interval	Specifies an interval for display updates.
value	The interval in seconds.
devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

Use the continuous keyword to update the statistics every second. Use the interval keyword to specify an interval for display updates. Press any key to stop displaying information. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

show ssl (Non-Privileged Command Set)
show ssl cert (Non-Privileged Command Set)
show ssl certgroup (Non-Privileged Command Set)
show ssl errors (Non-Privileged Command Set)
show ssl key (Non-Privileged Command Set)
show ssl secpolicy (Non-Privileged Command Set)
show ssl server (Non-Privileged Command Set)
show ssl statistics (Non-Privileged Command Set)
ssl (Configuration Command Set)

See the section "SSL Configuration Command Set".

show ssl statistics

Displays SSL statistics summed over all secure logical servers on one or more devices.

show ssl statistics [continuous] [interval <value>]

on <devname|groupname|all> show ssl statistics [continuous] [interval <value>]

Syntax Description

continuous	Displays statistics continuously.
interval	Specifies an interval for display updates.
value	The interval in seconds.
devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

Error	Description
AC	Active Client Connections, Active Server Connections
AS	Active Sockets
SNE	SSL Negotiation Errors
TSE	Total Socket Errors
CES	Connection Errors to Remote Server
TCBE	Total Connection Block Errors
TSCR	Total SSL Connections Refused, Total SSL Connections Rejected
TCA	Total Connections Accepted
TROH	Total RSA Operations in Hardware
TSNS	Total SSL Negotiations Succeeded

Note Values for Active Server Connections and Total SSL Connections Refused are not shown when using the continuous keyword.

Related Commands

show ssl (Non-Privileged Command Set)
show ssl cert (Non-Privileged Command Set)
show ssl certgroup (Non-Privileged Command Set)
show ssl errors (Non-Privileged Command Set)
show ssl key (Non-Privileged Command Set)
show ssl secpolicy (Non-Privileged Command Set)
show ssl server (Non-Privileged Command Set)
show ssl session-stats (Non-Privileged Command Set)
ssl (Configuration Command Set)

See the section "SSL Configuration Command Set".

show syslog

Displays the list of hosts to which diagnostic messages from one or more devices are sent.

show syslog

on <devname|groupname|all> show syslog

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

syslog (Configuration Command Set)

show system-resources

Displays system memory and CPU usage for one or more devices.

show system-resources [continuous] [interval <value>]

on <devname|groupname|all> show system-resources [continuous] [interval <value>]

Syntax Description

continuous	Displays statistics continuously.
interval	Specifies an interval for display updates.
value	The interval in seconds.
devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

Use the continuous option to update the information every second. Use the interval option to specify an interval for display updates. Press any key to stop displaying information. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

show telnet

Displays telnet management information for one or more devices.

show telnet

on <devname|groupname|all> show telnet

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

telnet access-list (Configuration Command Set)
telnet enable (Configuration Command Set)
telnet port (Configuration Command Set)
show remote-management (Non-Privileged Command Set)
show web-management (Non-Privileged Command Set)

show terminal

Displays terminal setting information.

show terminal

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

show history (Non-Privileged Command Set)
terminal baud (Non-Privileged Command Set)
terminal history (Non-Privileged Command Set)
terminal length (Non-Privileged Command Set)
terminal pager (Non-Privileged Command Set)
terminal reset (Non-Privileged Command Set)
terminal width (Non-Privileged Command Set)

show version

Displays configuration manager version information.

show version

Usage Guidelines

Availability: Remote, Serial, Telnet

show web-management

Displays Web-based GUI management information for one or more devices.

show web-management

on <devname|groupname|all> show web-management

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

web-mgmt access-list (Configuration Command Set)
web-mgmt enable (Configuration Command Set)
web-mgmt port (Configuration Command Set)
show remote-management (Non-Privileged Command Set)
show telnet (Non-Privileged Command Set)

terminal baud

Sets the baud for communicating with the Secure Content Accelerator.

terminal baud <1200|2400|4800|9600|19200|38400|115200>

Syntax Description

1200	Sets the baud to 1200.
2400	Sets the baud to 2400.
4800	Sets the baud to 4800.
9600	Sets the baud to 9600.
19200	Sets the baud to 19,200.
38400	Sets the baud to 38,400.
115200	Sets the baud to 115,200.

Usage Guidelines

Availability: Serial

Related Commands

show terminal (Non-Privileged Command Set)
terminal history (Non-Privileged Command Set)
terminal length (Non-Privileged Command Set)
terminal pager (Non-Privileged Command Set)
terminal reset (Non-Privileged Command Set)
terminal width (Non-Privileged Command Set)

terminal history

Sets the number of commands saved in the history buffer. Use the no form of the command to disable the history list.

terminal history <length>
no terminal history

Syntax Description

length

The number of commands to store in the history buffer.

Usage Guidelines

Availability: Remote, Serial, Telnet

The default is 25.

Related Commands

show history (Non-Privileged Command Set)
show terminal (Non-Privileged Command Set)
terminal baud (Non-Privileged Command Set)
terminal length (Non-Privileged Command Set)
terminal pager (Non-Privileged Command Set)
terminal reset (Non-Privileged Command Set)
terminal width (Non-Privileged Command Set)

terminal length

Sets the number of lines in a terminal window.

terminal length

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

show terminal (Non-Privileged Command Set)
terminal baud (Non-Privileged Command Set)
terminal history (Non-Privileged Command Set)
terminal pager (Non-Privileged Command Set)
terminal reset (Non-Privileged Command Set)
terminal width (Non-Privileged Command Set)

terminal pager

Enables the terminal pager. Using the no form of the command disables the pager.

terminal pager
no terminal pager

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

show terminal (Non-Privileged Command Set)
terminal baud (Non-Privileged Command Set)
terminal history (Non-Privileged Command Set)
terminal length (Non-Privileged Command Set)
terminal reset (Non-Privileged Command Set)
terminal width (Non-Privileged Command Set)

terminal reset

Resets the internal state of the terminal.

terminal reset

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

show terminal (Non-Privileged Command Set)
terminal baud (Non-Privileged Command Set)
terminal history (Non-Privileged Command Set)
terminal length (Non-Privileged Command Set)
terminal pager (Non-Privileged Command Set)
terminal width (Non-Privileged Command Set)

terminal width

Sets the width of the terminal window.

terminal width <width>

Syntax Description

width

The desired width of the terminal window.

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

show terminal (Non-Privileged Command Set)
terminal baud (Non-Privileged Command Set)
terminal history (Non-Privileged Command Set)
terminal length (Non-Privileged Command Set)
terminal pager (Non-Privileged Command Set)
terminal reset (Non-Privileged Command Set)

traceroute

Displays the router hops to the specified destination.

traceroute <ipaddr|name>

Syntax Description

ipaddr	The destination IP address.
name	The name of the destination host (serial or telnet only).

Usage Guidelines

Availability: Remote, Serial, Telnet

When issued from a serial or telnet connection, the command returns information based upon the device's hardware. When issued from the remote configuration manager, the command returns information based upon the configuring computer.

Privileged Command Set

Use Privileged mode commands to view and edit device-specific configuration information. Enter Privileged mode for a device by using the enable command in Non-Privileged mode. All Non-Privileged commands are also available.

clear interface statistics

Resets all interface statistics for one or more devices.

clear interface statistics

on <devname|groupname|all> clear interface statistics

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

show interface (Non-Privileged Command Set)
show interface errors (Non-Privileged Command Set)
show interface statistics (Non-Privileged Command Set)
interface (Configuration Command Set)

See "Interface Configuration Command Set".

clear ip routes

Clears the IP routing table on one or more devices.

clear ip routes

on <devname|groupname|all> clear ip routes

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

show ip routes (Non-Privileged Command Set)
show routes (Non-Privileged Command Set)
ip route (Configuration Command Set)

clear ip statistics

Resets all IP statistics on one or more devices.

clear ip statistics

on <devname|groupname|all> clear ip statistics

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

show ip statistics (Non-Privileged Command Set)

clear line

Closes a specified management session.

clear line <sessionId>

Syntax Description

sessionId

The session identifier

Usage Guidelines

Availability: Serial

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate. Use the show sessions command to display the open management sessions.

Related Commands

show sessions (Non-Privileged Command Set)

clear messages

Empties the diagnostic message buffer on one or more devices.

clear messages

on <devname|groupname|all> clear messages

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

show messages (Non-Privileged Command Set)
write messages (Privileged Command Set)

clear ssl session-stats

Resets all SSL session statistics for one or more devices.

clear ssl session-stats

on <devname|groupname|all> clear ssl session-stats

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

show ssl errors (Non-Privileged Command Set)
show ssl statistics (Non-Privileged Command Set)

clear ssl statistics

Resets all SSL statistics for one or more devices.

clear ssl statistics

on <devname|groupname|all> clear ssl statistics

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

show ssl errors (Non-Privileged Command Set)
show ssl statistics (Non-Privileged Command Set)

configure

Enters Configuration mode for a device in Privileged mode.

configure

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

See the section "Configuration Command Set".

copy running-configuration

Writes the running-configuration of a device to a file.

copy running-configuration [filename|url]

on <devname> copy running-configuration [filename]

Syntax Description

filename	The name of the file, including its path.
url	The URL of the file (serial and telnet only).
devname	The name of the Secure Content Accelerator.

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not specify a file name or URL, you are prompted for it. When using remote configuration, use the on form of the command to specify the target of the command if more than one device is appropriate.

Related Commands

copy running-configuration startup-configuration (Privileged Command Set)
copy startup-configuration (Privileged Command Set)
copy startup-configuration running configuration (Privileged Command Set)
copy to running-configuration (Privileged Command Set)
copy to startup-configuration (Privileged Command Set)

copy running-configuration startup-configuration

Writes the running-configuration of a device to its startup-configuration.

copy running-configuration startup-configuration

Usage Guidelines

Availability: Serial, Telnet

Related Commands

copy running-configuration (Privileged Command Set)
copy startup-configuration (Privileged Command Set)
copy startup-configuration running configuration (Privileged Command Set)
copy to running-configuration (Privileged Command Set)
copy to startup-configuration (Privileged Command Set)

copy startup-configuration

Writes the startup-configuration of a device to a file.

copy startup-configuration <url>

Syntax Description

url

The URL of the file.

Usage Guidelines

Availability: Serial, Telnet

Related Commands

copy running-configuration (Privileged Command Set)
copy running-configuration startup-configuration (Privileged Command Set)
copy startup-configuration running configuration (Privileged Command Set)
copy to running-configuration (Privileged Command Set)
copy to startup-configuration (Privileged Command Set)

copy startup-configuration running-configuration

Writes the startup-configuration of a device to its running-configuration.

copy startup-configuration running-configuration

Usage Guidelines

Availability: Serial, Telnet

Related Commands

copy running-configuration (Privileged Command Set)
copy running-configuration startup-configuration (Privileged Command Set)
copy startup-configuration (Privileged Command Set)
copy to running-configuration (Privileged Command Set)
copy to startup-configuration (Privileged Command Set)

copy to flash

Uploads a Cisco Secure Content Accelerator image file to the device flash.

copy to flash [filename|url]

on <devname> copy to flash [filename]

Syntax Description

filename	The name of the file, including its path.
url	The URL of the file (serial and telnet only).
devname	The name of the Secure Content Accelerator.

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not specify a file name or URL, you are prompted for it. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

copy running-configuration (Privileged Command Set)
copy running-configuration startup-configuration (Privileged Command Set)
copy startup-configuration (Privileged Command Set)
copy startup-configuration running-configuration (Privileged Command Set)
copy to running-configuration (Privileged Command Set)
copy to startup-configuration (Privileged Command Set)

copy to running-configuration

Uploads a saved configuration file and merges it to the running-configuration of a device.

copy to running-configuration [filename|url]

on <devname> copy to running-configuration [filename]

Syntax Description

filename	The name of the file, including its path.
url	The URL of the file (serial and telnet only).
devname	The name of the Secure Content Accelerator.

Usage Guidelines

Availability: Remote

Related Commands

copy running-configuration (Privileged Command Set)
copy running-configuration startup-configuration (Privileged Command Set)
copy startup-configuration (Privileged Command Set)
copy startup-configuration running-configuration (Privileged Command Set)
copy to startup-configuration (Privileged Command Set)

copy to startup-configuration

Uploads a saved configuration file and merges it to the startup-configuration of a device.

copy to startup-configuration [url]

Syntax Description

url

The URL of the file.

Usage Guidelines

Availability: Serial, Telnet

If you do not specify a URL, you are prompted for it.

Related Commands

copy running-configuration (Privileged Command Set)
copy running-configuration startup-configuration (Privileged Command Set)
copy startup-configuration (Privileged Command Set)
copy startup-configuration running-configuration (Privileged Command Set)
copy to running-configuration (Privileged Command Set)

disable

Exits Privileged mode for one or more devices.

disable

on <devname|groupname|all> disable

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

enable (Non-Privileged Command Set)

erase running-configuration

Erases the running-configuration on one or more devices.

erase running-configuration

on <devname|groupname|all> erase running-configuration

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

copy running-configuration (Privileged Command Set)
copy to running-configuration (Privileged Command Set)
erase startup-configuration (Privileged Command Set)

erase startup-configuration

Erases the startup-configuration on one or more devices.

erase startup-configuration

on <devname|groupname|all> erase startup-configuration

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

copy running-configuration (Privileged Command Set)
copy to running-configuration (Privileged Command Set)
erase running-configuration (Privileged Command Set)

quick-start

Runs the QuickStart wizard for a device.

quick-start

on <devname> quick-start

Syntax Description

devname

The name of the Secure Content Accelerator.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

refresh

Updates device information in the configuration manager.

refresh

Usage Guidelines

Availability: Remote, Serial, Telnet

reload

Reboots one or more devices.

reload

on <devname|groupname|all> reload

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

The device resumes operation using the startup-configuration stored in the flash memory. You are prompted to confirm restarting the device. When using remote configuration, use the on form of the command to specify the target(s) of the command.

Note You are not prompted to reload devices on a device-by-device basis.

show access-list

Displays the specified access list for one or more devices.

show access-list [listid]

on <devname|groupname|all> show access-list [listid]

Syntax Description

listid	The access list identifier.
devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not specify an access list id, information for all access lists is displayed. When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

access-list (Configuration Command Set)
remote-management access-list (Configuration Command Set)
snmp access-list (Configuration Command Set)
telnet access-list (Configuration Command Set)
web-mgmt access-list (Configuration Command Set)

show running-configuration

Displays the running-configuration on one or more devices.

show running-configuration

on <devname|groupname|all> show running-configuration

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

copy running-configuration (Privileged Command Set)
copy running-configuration startup-configuration (Privileged Command Set)
copy startup-configuration running-configuration (Privileged Command Set)
copy to running-configuration (Privileged Command Set)
erase running-configuration (Privileged Command Set)
show startup-configuration (Privileged Command Set)
write file (Privileged Command Set)

show snmp

Displays SNMP configuration information for one or more devices.

show snmp

on <devname|groupname|all> show snmp

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

no snmp (Configuration Command Set)
snmp access-list (Configuration Command Set)
snmp contact (Configuration Command Set)
snmp default community (Configuration Command Set)
snmp enable (Configuration Command Set)
snmp location (Configuration Command Set)
snmp trap-host (Configuration Command Set)
snmp trap-type enterprise (Configuration Command Set)
snmp trap-type generic (Configuration Command Set)

show startup-configuration

Displays the startup-configuration on a device.

show startup-configuration

Usage Guidelines

Availability: Serial, Telnet

Related Commands

copy running-configuration startup-configuration (Privileged Command Set)
copy startup-configuration (Privileged Command Set)
copy startup-configuration running-configuration (Privileged Command Set)
copy to flash (Privileged Command Set)
erase start-up-configuration (Privileged Command Set)
show running-configuration (Privileged Command Set)
write flash (Privileged Command Set)

write file

Writes the running-configuration of a device to a file on the file system of the configuring computer.

write file [filename]

on <devname> write file [filename]

Syntax Description

filename	The name of the file, including the path.
devname	The name of the Secure Content Accelerator.

Usage Guidelines

Availability: Remote

If you do not supply a file name, you are prompted for it. When using remote configuration, use the on form of the command to specify the target of the command if more than one device is appropriate.

Related Commands

copy running-configuration (Privileged Command Set)
copy running-configuration startup-configuration (Privileged Command Set)
copy startup-configuration running-configuration (Privileged Command Set)
copy to running-configuration (Privileged Command Set)
erase running-configuration (Privileged Command Set)
show running-configuration (Privileged Command Set)
write memory (Privileged Command Set)

write flash

Writes the running-configuration to flash memory on one or more devices.

write flash

on <devname|groupname|all> write flash

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.
all	A virtual group name targeting all appropriate devices.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Related Commands

copy running-configuration (Privileged Command Set)
copy running-configuration startup-configuration (Privileged Command Set)
copy startup-configuration running-configuration (Privileged Command Set)
copy to running-configuration (Privileged Command Set)
erase running-configuration (Privileged Command Set)
show running-configuration (Privileged Command Set)
write memory (Privileged Command Set)

write memory

Writes the running-configuration to flash memory on a device.

write memory

Usage Guidelines

Availability: Serial, Telnet

Related Commands

copy running-configuration startup-configuration (Privileged Command Set)
copy startup-configuration (Privileged Command Set)
copy startup-configuration running-configuration (Privileged Command Set)
copy to flash (Privileged Command Set)
erase startup-configuration (Privileged Command Set)
show running-configuration (Privileged Command Set)
write file (Privileged Command Set)

write messages

Writes the diagnostic messages for one or more devices to a file.

write messages [filename]

on <devname> write messages [filename]

Syntax Description

filename	The name of the file, including the path.
devname	The name of the Secure Content Accelerator.

Usage Guidelines

Availability: Remote

If you do not supply a file name, you are prompted for it. When using remote configuration, use the on form of the command to specify the target of the command if more than one device is appropriate.

Related Commands

show messages (Non-Privileged Command Set)

write network

Writes the running-configuration to a file on a remote host.

write network [url]

Syntax Description

url

The URL of the file.

Usage Guidelines

Availability: Serial, Telnet

If you do not supply URL information, you are prompted for it.

Related Commands

copy running-configuration startup-configuration (Privileged Command Set)
copy startup-configuration running-configuration (Privileged Command Set)
copy to running-configuration (Privileged Command Set)
erase running-configuration (Privileged Command Set)
show running-configuration (Privileged Command Set)

write terminal

Displays the running-configuration of one or more devices.

write terminal

on <devname|groupname|all> write terminal

Syntax Description

devname	The name of the Secure Content Accelerator.
groupname	The name of the user-defined device group.

Usage Guidelines

Availability: Remote, Serial, Telnet

When using remote configuration, use the on form of the command to specify the target(s) of the command if more than one device is appropriate.

Group Configuration Command Set

Use Group Configuration commands to manage session-specific groups. Enter Group Configuration mode by using the group command in Top Level mode.

device

Adds the specified device to the group list.

device <devname>
no device <devname>

Syntax Description

devname

The name of the Secure Content Accelerator.

Usage Guidelines

Availability: Remote

Use the no form of the command to remove the specified device from the group list.

end

Leaves Group Configuration Mode.

end

Usage Guidelines

Availability: Remote

exit

Leaves Group Configuration Mode.

exit

Usage Guidelines

Availability: Remote

finished

Exits Group Configuration Mode and returns to Top Level mode.

finished

Usage Guidelines

Availability: Remote

help

Displays information for a specific command.

help [command]

Syntax Description

command

The name of the command.

Usage Guidelines

Availability: Remote

If no command is specified, help information is displayed for all Group Configuration commands.

info

Displays current information about the device group being created or edited.

info

Usage Guidelines

Availability: Remote

Configuration Command Set

Use Configuration mode commands to configure the Ethernet interface and SSL functions of the Secure Content Accelerator. Enter Configuration mode using the enable command in Non-Privileged mode and the configure command in Privileged mode. The prompt changes to <config[devicename]>.

access-list

Adds an access list entry to the end of the specified access list. Use the no form of the command to delete the entire specified access list.

access-list <id> <permit | deny> <ipaddr> <mask>
no access-list <id>

Syntax Description

id	The access list identifier.
permit	Allows access from the addresses specified in the list.
deny	Locks access from the addresses specified in the list.
ipaddr	The IP address to add to the specified list.
mask	The netmask appropriate to the IP address being added to the specified list.

Usage Guidelines

Availability: Remote, Serial, Telnet

To activate the access list, you must also use the remote-management access-list, snmp access-list, telnet access-list, or web-mgmt access-list commands. A device can have up to 999 configured access lists.

Note Configuring an access list automatically sets up an implied access denial. For example, if you have set up an access list containing the IP addresses of remote hosts allowed to access the appliance, all other IP addresses have access denied. If you configure a single access list denying access from IP addresses in that list, all other IP addresses are denied access as well.

Examples

The following example specifies the host with the IP address 10.1.2.3 to be the only remote host to configure the Secure Content Accelerator.

access-list 2 permit 100.1.2.3 0.0.0.0

The following example specifies only remote hosts on the identified subnet can configure the Secure Content Accelerator.

access-list 1 permit 100.128.0.0 0.0.255.255

Related Commands

show access-list (Privileged Command Set)
remote-management access-list (Configuration Command Set)
snmp access-list (Configuration Command Set)
telnet access-list (Configuration Command Set)
web-mgmt access-list (Configuration Command Set)

end

Leaves Configuration Mode and returns to Privileged Mode.

end

Usage Guidelines

Availability: Remote, Serial, Telnet

exit

Leaves Configuration Mode and returns to Privileged Mode.

exit

Usage Guidelines

Availability: Remote, Serial, Telnet

finished

Leaves Configuration Mode and returns to Top Level mode.

finished

Usage Guidelines

Availability: Remote, Serial, Telnet

help

Displays help information for the specified command.

help [command]

Syntax Description

command

The name of the command.

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not specify a command, help information is displayed for all Configuration commands

hostname

Sets the identification name for the current Secure Content Accelerator.

hostname <devname>
no hostname

Syntax Description

devname

The name to assign to the current device.

Usage Guidelines

Availability: Remote, Serial, Telnet

Use the no form of the command to clear the hostname of the current device.

Note The command prompt reflects the new name the next time Configuration mode is entered.

interface

Enters Interface Configuration mode for the specified Ethernet interface of the current device.

interface <network|server>

Syntax Description

network	Enters Interface Configuration Mode for the "Network" interface.
server	Enters Interface Configuration Mode for the "Server" interface.

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

show interface (Non-Privileged Command Set)
show interface errors (Non-Privileged Command Set)
show interface statistics (Non-Privileged Command Set)

See also "Interface Configuration Command Set".

ip address

Sets the IP address for the current Secure Content Accelerator.

ip address <<ipaddr> [netmask <netmask>]>|<ipaddr/netabbr>>
no ip address

Syntax Description

ipaddr	The IP address to assign to the device.
netmask <netmask>	The netmask for the device.
netabbr	The netmake abbreviation.

Usage Guidelines

Availability: Remote, Serial, Telnet

If the netmask is not specified, a default value calculated from the user-provided IP address is used. Use the no form of the command to clear the IP address for the current device.

Related Commands

ip route default (Configuration Command Set)

ip domain-name

Sets the default domain name for the device.

ip domain-name <name>

Syntax Description

name

The domain name.

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

show ip domain-name (Non-Privileged Command Set)
show ip name-server (Non-Privileged Command Set)
ip name-server (Configuration Command Set)

ip name-server

Sets the one or more name servers to use with the device.

ip name-server <ipaddr>

Syntax Description

ipaddr

The IP address of the Domain Name Server.

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

show ip domain-name (Non-Privileged Command Set)
show ip name-server (Non-Privileged Command Set)
ip domain-name (Configuration Command Set)

ip route

Adds a static route entry for the specified destination IP address to the device routing table.

ip route <destip> <mask> <gatewayip> [metric <hops>]
no ip route <destip>

Syntax Description

destip	The destination IP address.
mask	The netmask appropriate to the destination IP address.
gatewayip	The next-hop router address for the destination IP address.
metric	Specifies the total number of hops to the destination IP address
hops	The number of hops to the destination IP address.

Usage Guidelines

Availability: Remote, Serial, Telnet

Use the no form of the command to delete the specified static route entry from the device's routing table.

Related Commands

show ip routes (Non-Privileged Command Set)
show route (Non-Privileged Command Set)

ip route default

Sets the default route for the current device.

ip route default <ipaddr>
no ip route default

Syntax Description

ipaddr

The IP address of the default router to use.

Usage Guidelines

Availability: Remote, Serial, Telnet

Use the no form of the command to clear the IP address for the default router.

Related Commands

ip address (Configuration Command Set)

keepalive-monitor

Indicates that SSL errors from the specified IP address are to be ignored.

keepalive-monitor <ipaddr>
no keepalive-monitor <ipaddr>

Syntax Description

ipaddr

The source IP address from which SSL errors are to be ignored.

Usage Guidelines

Availability: Remote, Serial, Telnet

Up to two IP addresses, set individually, are allowed.

Related Commands

show keepalive-monitor (Non-Privileged Command Set)

mode one-port

Enables secure and non-secure traffic to pass through the single "Network" Ethernet port. Use the no form of the command to return the device to dual-port mode.

mode one-port
no mode one-port

Usage Guidelines

Availability: Serial

Use the no form of the command to clear the IP address.

Note Though completers and help information are available in all management options, the command is only valid via serial management.

mode pass-thru

Enables pass through of non-SSL traffic. This is the default configuration.

mode pass-thru
no mode pass-thru

Usage Guidelines

Availability: Remote, Serial, Telnet

Use the no form of the command to block non-SSL traffic pass through.

password

Sets the access- or enable-level password for the current Secure Content Accelerator.

password <access|enable>
no password <access|enable>

Syntax Description

access	Sets or clears the device attach-level password.
enable	Sets or clears the device enable-level password.
passphrase	The password.

Usage Guidelines

Availability: Remote, Serial, Telnet

The access password is used when attaching to the device during a remote management session.You are prompted to enter and verify the password. Use the no form of the command to clear the access- or enable-level password for the current device.

rdate-server

Specifies and RDATE-protocol server to be used for date and time information on the device.

rdate-server <ipaddr>
no rdate-server

Syntax Description

ipaddr

The IP address of the RDATE server.

Usage Guidelines

Availability: Remote, Serial, Telnet

Use the no form of the command to clear the server assignment.

Related Commands

show date (Non-Privileged Command Set)

registration-code

Stores the registration code of the device.

registration-code <code>

Syntax Description

code

The registration code of the device.

Usage Guidelines

Availability: Remote, Serial, Telnet

remote-management access-list

Assigns the specified IP access list to the remote management subsystem.

remote-management access-list <id>
no remote-management access-list

Syntax Description

id	The identifier corresponding to an access list configured on the current device.

Usage Guidelines

Availability: Remote, Serial, Telnet

Use the no form of the command to clear the IP access list assignment in the remote management subsystem. The access list still exists but is no longer used by the remote management subsystem.

Related Commands

access-list (Configuration Command Set)
remote-management enable (Configuration Command Set)
remote-management encryption (Configuration Command Set)
remote-management port (Configuration Command Set)
remote-management shared-secret (Configuration Command Set)
show access-list (Top Level Command Set)
show remote-management (Non-Privileged Command Set)
telnet access-list (Configuration Command Set)
web-mgmt access-list (Configuration Command Set)

remote-management enable

Enables remote management for the current device.

remote-management enable
no remote-management enable

Usage Guidelines

Availability: Remote, Serial, Telnet

Use the no form of the command to disable remote management of the current device.

Note Remote management is enabled by default.

Related Commands

access-list (Configuration Command Set)
remote-management access-list (Configuration Command Set)
remote-management encryption (Configuration Command Set)
remote-management port (Configuration Command Set)
remote-management shared-secret (Configuration Command Set)
show remote-management (Non-Privileged Command Set)
telnet enable (Configuration Command Set)
web-mgmt enable (Configuration Command Set)

remote-management encryption

Sets the encryption method for remote management sessions.

remote-management encryption <ARC4|AES|DES>

Syntax Description

ARC4	Sets the remote management encryption method to ARC4 (compatible with RC4™ RSA Data Security).
AES	Sets remote management encryption method to AES.
DES	Sets remote management encryption method to DES.

Usage Guidelines

Availability: Remote, Serial, Telnet

Use this command after setting a passphrase using the remote-management shared-secret command. Encryption begins the next time the configuration manager accesses the Secure Content Accelerator.

Related Commands

remote-management access-list (Configuration Command Set)
remote-management enable (Configuration Command Set)
remote-management port (Configuration Command Set)
remote-management shared-secret (Configuration Command Set)
show remote-management (Non-Privileged Command Set)

remote-management port

Sets the TCP service port used for remote management to the current device. Use the no form of the command to clear the port specification and return to the default communication port.

remote-management port <portid>
no remote-management port

Syntax Description

portid

The TCP service port to be used to remotely manage the current device.

Usage Guidelines

Availability: Remote, Serial, Telnet

This port is used at the next attach. You must enter a reload command to activate the new remote management port.

Related Commands

discover (Non-Privileged Command Set)
remote-management access-list (Configuration Command Set)
remote-management enable (Configuration Command Set)
remote-management encryption (Configuration Command Set)
remote-management shared-secret (Configuration Command Set)
show remote-management (Non-Privileged Command Set)

remote-management shared-secret

Sets the secret passphrase used for encryption. Use the no form of the command to clear the passphrase.

remote-management shared-secret <passphrase>
no remote-management shared-secret

Syntax Description

passphrase

The passphrase used with encrypted management.

Usage Guidelines

Availability: Serial

You are prompted for this passphrase the next time a management connection with the device is requested.

Related Commands

remote-management access-list (Configuration Command Set)
remote-management enable (Configuration Command Set)
remote-management encryption (Configuration Command Set)
remote-management port (Configuration Command Set)
show remote-management (Non-Privileged Command Set)

rip

Enables Routing Interface Protocol (RIP) for the current device.

rip [v1|v2]
no rip [v1|v2]

Syntax Description

v1	Specifies RIP v1.
v2	Specifies RIP v2.

Usage Guidelines

Availability: Remote, Serial, Telnet

If a single RIP version is not specified, both versions are enabled. Using the no form of the command disables RIP completely if you do not specify a version to disable.

Examples

The following example activates RIP version 1. The first command enables both RIP versions. The second command disables on RIP v2. This has the same result as using the command rip v1.

rip
no rip v2

Related Commands

show rip (Non-Privileged Command Set)

no snmp

Disables SNMP and clears all SNMP data.

no snmp

Note The device must be rebooted (reloaded) before this command takes effect.

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

show snmp (Non-Privileged Command Set)
snmp access-list (Non-Privileged Command Set)
snmp contact (Configuration Command Set)
snmp default community (Configuration Command Set)
snmp enable (Configuration Command Set)
snmp location (Configuration Command Set)
snmp trap-host (Configuration Command Set)
snmp trap-type enterprise (Configuration Command Set)
snmp trap-type generic (Configuration Command Set)

snmp access-list

Assigns an existing access list to be used with the SNMP subsystem.

snmp access-list <id>
no snmp access-list <id>

Syntax Description

id	The identifier corresponding to an access list configured on the current device.

Usage Guidelines

Availability: Remote, Serial, Telnet

Use the no form of the command to remove the specified access list. The access list still exists but is no longer used by the SNMP subsystem.

Related Commands

access-list (Configuration Command Set)
no snmp (Configuration Command Set)
remote-management access-list (Configuration Command Set)
show access-list (Non-Privileged Command Set)
show snmp (Non-Privileged Command Set)
snmp contact (Configuration Command Set)
snmp default community (Configuration Command Set)
snmp enable (Configuration Command Set)
snmp location (Configuration Command Set)
snmp trap-host (Configuration Command Set)
snmp trap-type enterprise (Configuration Command Set)
snmp trap-type generic (Configuration Command Set)
telnet access-list (Configuration Command Set)
web-mgmt access-list (Configuration Command Set)

snmp contact

Assigns contact information for the SNMP subsystem. Use the no form of the command to remove the contact information.

snmp contact <contactInfo>
no snmp contact

Syntax Description

contactInfo

The string containing the contact information. Contact information must be entered within quotes.

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

no snmp (Configuration Command Set)
show snmp (Non-Privileged Command Set)
snmp access-list (Configuration Command Set)
snmp default community (Configuration Command Set)
snmp enable (Configuration Command Set)
snmp location (Configuration Command Set)
snmp trap-host (Configuration Command Set)
snmp trap-type enterprise (Configuration Command Set)
snmp trap-type generic (Configuration Command Set)

snmp default community

Assigns a default community for the SNMP subsystem to use when sending trapping information.

snmp default community <comName>
no snmp default community

Syntax Description

comName

The string containing the community name. The string may contain up to 60 characters with no spaces. This information is not entered within quotes.

Usage Guidelines

Availability: Remote, Serial, Telnet

Use the no form of the command to clear the community name.

Related Commands

no snmp (Configuration Command Set)
show snmp (Non-Privileged Command Set)
snmp access-list (Configuration Command Set)
snmp contact (Configuration Command Set)
snmp enable (Configuration Command Set)
snmp location (Configuration Command Set)
snmp trap-host (Configuration Command Set)
snmp trap-type enterprise (Configuration Command Set)
snmp trap-type generic (Configuration Command Set)

snmp enable

Enables SNMP using the current SNMP configuration.

snmp enable
no snmp enable

Usage Guidelines

Availability: Remote, Serial, Telnet

Use the no form of the command to disable SNMP without clearing SNMP data.

Note The device must be rebooted (reloaded) before this command takes effect.

Related Commands

show snmp (Non-Privileged Command Set)
snmp access-list (Configuration Command Set)
snmp contact (Configuration Command Set)
snmp default community (Configuration Command Set)
snmp location (Configuration Command Set)
snmp trap-host (Configuration Command Set)
snmp trap-type enterprise (Configuration Command Set)
snmp trap-type generic (Configuration Command Set)

snmp location

Assigns location information for the SNMP subsystem.

snmp location <locInfo>
no snmp location

Syntax Description

locInfo

The string containing the location information. This information is entered within quotes.

Usage Guidelines

Availability: Remote, Serial, Telnet

Use the no form of the command to clear the location information.

Related Commands

no snmp (Configuration Command Set)
show snmp (Non-Privileged Command Set)
snmp access-list (Configuration Command Set)
snmp contact (Configuration Command Set)
snmp default community (Configuration Command Set)
snmp enable (Configuration Command Set)
snmp trap-host (Configuration Command Set)
snmp trap-type enterprise (Configuration Command Set)
snmp trap-type generic (Configuration Command Set)

snmp trap-host

Assigns a destination for SNMP trap messages.

snmp trap-host <v1|v2c> <ipaddr> [community]
no snmp trap-host <v1|v2c> <ipaddr> [community]

Syntax Description

v1	Specifies SNMP version 1.
v2c	Specifies SNMP version 2c.
ipaddr	The IP address of the computer receiving the messages.
community	The SNMP community. If a community is specified with the snmp default community command, you do not need to specify a community with this command. If you wish trap messages to be sent to a community other than the default community, you must specify a community when giving this command.

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

no snmp (Configuration Command Set)
show snmp (Non-Privileged Command Set)
snmp access-list (Configuration Command Set)
snmp contact (Configuration Command Set)
snmp default community (Configuration Command Set)
snmp enable (Configuration Command Set)
snmp location (Configuration Command Set)
snmp trap-type enterprise (Configuration Command Set)
snmp trap-type generic (Configuration Command Set)

snmp trap-type enterprise

Enables device event trap messages to be sent for a specific trap-type event and event filter.

Syntax Description

config-changed	Specifies trapping for device configuration changes.
cpu-utilization	Specifies trapping for CPU utilization levels.
ssl-cert-expire	Specifies trapping for errors caused by expired certificates.
ssl-cert-invalid	Specifies trapping for errors caused by invalid certificates.
ssl-certify-fail	Specifies trapping for certificate authorization failures.
ssl-neg-failure	Specifies trapping for SSL negotiation failures.
ssl-total-connections	Specifies trapping for total SSL connection levels.
ssl-tps	Specifies trapping for SSL transactions per second levels.
threshold <value1> [<value2>]	Specifies the threshold option to specify one or more threshold levels, where appropriate. (Threshold values are inappropriate for the config-changed option.) Threshold value1 is the low level and optional threshold value2 is the high level. Values must be entered as integers and are inclusive. A device is considered to be at a low level until the high level value (value2) is exceeded; a device is considered to be at a high level until it reaches or exceeds the low level value (value1). If no threshold values are specified, the default values are used. If only one threshold value is specified, it is used as both the high and low level value; otherwise, two-level thresholding behavior occurs using the default or user-specified levels for each value.

Usage Guidelines

Availability: Remote, Serial, Telnet

(This command must be entered on one line.) Use the no form of the command to disable the specified event trap-type. The table below shows trap-type minimum, maximum, and default levels for each value argument. Except in the case of cpu-utilization, the levels indicate actual values; cpu-utilization levels indicate percentage of use.

Trap-Type	Value1 Min	Value1 Max	Value1 Default	Value2 Min	Value2 Max	Value2 Default
cpu-utilization	1	99	75	1	99	90
ssl-tps	1	2500	170	1	2500	190
ssl-total-connections	1	10000	600	1	10000	800

Related Commands

no snmp (Configuration Command Set)
show snmp (Top Level Command Set)
snmp access-list (Configuration Command Set)
snmp contact (Configuration Command Set)
snmp default community (Configuration Command Set)
snmp enable (Configuration Command Set)
snmp location (Configuration Command Set)
snmp trap-host (Configuration Command Set)
snmp trap-type generic (Configuration Command Set)

snmp trap-type generic

Enables generic SNMP traps.

snmp trap-type generic
no snmp trap-type generic

Usage Guidelines

Availability: Remote, Serial, Telnet

Use the no form of the command to disable generic SNMP traps.

Related Commands

no snmp (Configuration Command Set)
show snmp (Non-Privileged Command Set)
snmp access-list (Configuration Command Set)
snmp contact (Configuration Command Set)
snmp default community (Configuration Command Set)
snmp enable (Configuration Command Set)
snmp location (Configuration Command Set)
snmp trap-host (Configuration Command Set)
snmp trap-type enterprise (Configuration Command Set)

sntp-server

Assigns an SNTP server.

sntp-server <ipaddr>
no sntp-server

Syntax Description

ipaddr

The IP address of the SNTP server.

Usage Guidelines

Availability: Remote, Serial, Telnet

Use the no form of the command to remove the SNTP server information.

Related Commands

show sntp-server (Non-Privileged Command Set)

ssl

Enters SSL Configuration mode for the current device.

ssl

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

show ssl (Non-Privileged Command Set)
show ssl cert (Non-Privileged Command Set)
show ssl certgroup (Non-Privileged Command Set)
show ssl cert (Non-Privileged Command Set)
show ssl errors (Non-Privileged Command Set)
show ssl key (Non-Privileged Command Set)
show ssl secpolicy (Non-Privileged Command Set)
show ssl server (Non-Privileged Command Set)
show ssl statistics (Non-Privileged Command Set)

See the section "SSL Configuration Command Set".

syslog

Adds the specified IP address to the syslog list for the device.

syslog <ipaddr>
no syslog <ipaddr>

Syntax Description

ipaddr

The IP address of the device to receive syslog messages.

Usage Guidelines

Availability: Remote, Serial, Telnet

Using the no form of the command removes the specified IP address from the syslog list of the current device. Up to four IP addresses can be specified. Syslog messages are sent to all hosts at the IP addresses in this list.

Related Commands

show syslog (Non-Privileged Command Set)

telnet access-list

Assigns an existing access list to be used with telnet management requests.

telnet access-list <id>
no telnet access-list <id>

Syntax Description

id	The identifier corresponding to an access list configured on the current device.

Usage Guidelines

Availability: Remote, Serial, Telnet

Use the no form of the command to remove the specified access list. The access list still exists but is no longer used by the telnet subsystem.

Related Commands

access-list (Configuration Command Set)
remote-management access-list (Configuration Command Set)
show telnet (Non-Privileged Command Set)
telnet enable (Configuration Command Set)
telnet port (Configuration Command Set)
web-mgmt access-list (Configuration Command Set)

telnet enable

Allows telnet management sessions for the device. Use the no form of the command to disable telnet management access.

telnet enable
no telnet enable

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

show telnet (Non-Privileged Command Set)
telnet access-list (Configuration Command Set)
telnet port (Configuration Command Set)

telnet port

Specifies the TCP service port to use for telnet management sessions.

telnet port <portid>
no telnet port <portid>

Syntax Description

portid

The TCP service port to be used to manage the current device via a telnet session.

Usage Guidelines ;

Availability: Remote, Serial, Telnet

Use the no form of the command to return the telnet management port to the default setting. The port assignment is used at the next attach.

Related Commands

show telnet (Non-Privileged Command Set)
telnet access-list (Configuration Command Set)
telnet enable (Configuration Command Set)

timezone

Specifies the time zone of the device's location.

timezone <zone>

Syntax Description

zone

The time zone identifier.

Usage Guidelines

Availability: Serial, Telnet

The zone is entered in the form of Standard Time Zone identifier|GMT offset (integer)|Daylight Savings Time Zone identifier. For example, MST7MDT is used for Mountain Standard/Daylight Savings Time. The alphabetic strings are used for display; the integer is used for date and time computation. The alphabetic strings are optional; the GMT offset integer is not.

Related Commands

show date (Non-Privileged Command Set)

web-mgmt access-list

Assigns an existing access list to be used with web browser-based management requests.

web-mgmt access-list <id>
no web-mgmt access-list <id>

Syntax Description

id	The identifier corresponding to an access list configured on the current device.

Usage Guidelines

Availability: Remote, Serial, Telnet

Use the no form of the command to remove the specified access list. The access-list still exists but is no longer used by the Web management subsystem.

Related Commands

access-list (Configuration Command Set)
remote-management access-list (Configuration Command Set)
show web-management (Non-Privileged Command Set)
telnet access-list (Configuration Command Set)
web-mgmt enable (Configuration Command Set)
web-mgmt port (Configuration Command Set)

web-mgmt enable

Allows web browser-based management sessions for the device. Use the no form of the command to diable web browser-based management access.

web-mgmt enable
no web-mgmt enable

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

show web-management (Non-Privileged Command Set)
web-mgmt access-list (Configuration Command Set)
web-mgmt port (Configuration Command Set)

web-mgmt port

Specifies the TCP service port used for management with the Web-based GUI.

web-mgmt port <portid>
no web-mgmt port <portid>

Syntax Description

portid

The TCP service port to be used to manage the current device via the GUI.

Usage Guidelines

Availability: Remote, Serial, Telnet

Use the no form of the command to return the GUI management port to the default setting. The port assignment is used at the next attach.

Related Commands

access-list (Configuration Command Set)
show web-management (Non-Privileged Command Set)
web-mgmt access-list (Configuration Command Set)
web-mgmt enable (Configuration Command Set)

Interface Configuration Command Set

Use these commands to manage the speed and duplex settings of the specified Ethernet interface on the current Secure Content Accelerator. Enter Interface Configuration mode by using the enable command in Non-Privileged mode and the configure command in Privileged mode. Specify an Ethernet interface to configure using the interface command in Configuration mode. The prompt changes to <config-if[interfacename]>>.

auto

Sets the current Ethernet interface to autonegotiation, canceling any existing forced duplex or speed setting.

auto

Usage Guidelines

Availability: Remote, Serial, Telnet

duplex

Forces the current Ethernet interface to full or half duplex.

duplex <full|half>

Syntax Description

full	Sets the current interface to full duplex.
half	Sets the current interface to half duplex.

Usage Guidelines

Availability: Remote, Serial, Telnet

end

Exits Interface Configuration mode and returns to Configuration mode.

end

finished

Leaves Interface Configuration Mode and returns to Top Level mode.

finished

Usage Guidelines

Availability: Remote, Serial, Telnet

help

Displays help information for the specified command.

help [command]

Syntax Description

command

The name of the command.

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not specify a command, help information is displayed for all Interface Commands

speed

Forces the speed of the current Ethernet interface to 10 Mbps or 100 Mbps.

speed <10|100>

Syntax Description

10	Sets the current interface speed to 10 Mbps.
100	Sets the current interface speed to 100 Mbps.

Usage Guidelines

Availability: Remote, Serial, Telnet

SSL Configuration Command Set

Use these commands to set up and manage the SSL configuration for the current Secure Content Accelerator. Enter the SSL Configuration mode by using the enable command in the Non-Privileged Mode, configure command in the Privileged Mode, and the ssl command in Configuration Mode. The prompt changes to <config-ssl[devicename]>>.

backend-server

Creates and/or configures the specified backend server and enters Backend Server Configuration mode for that server.

backend-server <servname> [create]
no backend-server <servname>

Syntax Description

servname	The name of the backend server.
create	Creates a new backend server named servname and enters Backend Server Configuration mode for that object.

Usage Guidelines

Availability: Remote, Serial, Telnet

The no form of the command is used to remove the specified backend server. A device can have a total of 255 servers in any combination of backend, reverse-proxy, or standard secure servers. When a backend server has been specified for removal, all connections are allowed to finish before the backend server is actually removed. Backend server names can consist of Arabic numerals and upper- and lowercase alphabetic, underscore (_), hyphen (-), and period (.) characters. Backend server names must begin wih an alphabetic character or underscore and have a limit of 15 characters.

Related Commands

show ssl (Non-Privileged Command Set)
show ssl server (Non-Privileged Command Set)

See the section "Backend Server Configuration Command Set".

cert

Creates and/or configures the specified certificate object and enters Certificate configuration mode for that object.

cert <certname> [create]
no cert <certname>

Syntax Description

certname	The name of the certificate object.
create	Creates a new certificate object named certname and enters Certificate Configuration mode for that object.

Usage Guidelines

Availability: Remote, Serial, Telnet

The no form of the command is used to remove the specified certificate object. You cannot remove a certificate referenced by a server. A device can have up to 511 certificate objects. Certificate names can consist of Arabic numerals and upper- and lowercase alphabetic, underscore (_), hyphen (-), and period (.) characters. Certificate names must begin wih an alphabetic character or underscore and have a limit of 127 characters.

Examples

The following example creates a certificate object named myCert and enters Certificate Configuration mode for the certificate object myCert.

cert myCert create

Related Commands

show ssl cert (Non-Privileged Command Set)

See the section "Certificate Configuration Command Set".

certgroup

Creates and/or configures the specified certificate group and enters Certificate Group Configuration mode for the certificate group.

certgroup <certgroupname> [create]
no certgroup <certgroupname>

Syntax Description

certgroupname	The name of the certificate group.
create	Creates a new certificate group named certgroupname and enters Certificate Group Configuration mode for that object.

Usage Guidelines

Availability: Remote, Serial, Telnet

The no form of the command is used to remove the specified certificate group. You cannot remove a certificate group referenced by a server. A device can have up to 63 certificate groups. Certificate group names can consist of Arabic numerals and upper- and lowercase alphabetic, underscore (_), hyphen (-), and period (.) characters. Certificate group names must begin wih an alphabetic character or underscore and have a limit of 15 characters.

Examples

The following example creates a certificate object named myCertGroup and enters Certificate Group Configuration mode for certificate group myCertGroup.

cert myCertGroup create

Related Commands

show ssl certgroup (Top Level Command Set)

See the section "Certificate Group Configuration Command Set".

end

Exits SSL Configuration mode and returns to Configuration mode.

end

Usage Guidelines

Availability: Remote, Serial, Telnet

finished

Leaves SSL Configuration Mode and returns to Top Level mode.

finished

Usage Guidelines

Availability: Remote, Serial, Telnet

gencsr

Generates a certificate signing request and/or self-signed certificate.

gencsr <key <keyname>> [newhdr] [digest md5|sha1] [output <filename|url>]

Syntax Description

keyname	The name of the key generated.
newhdr	Inserts the word "NEW" into the CSR header. This is required by some older CAs.
digest	Displays a digest form of the certificate.
md5	Displays a digest form of the certificate in MD5 format.
sha1	Displays a digest form of the certificate in SHA1 format.
output	Outputs the certificate file for backup purposes.
filename	The name of the certificate file.
url	The location of the certiicate file (serial and telnet only).

Usage Guidelines

Availability: Remote, Serial, Telnet

A device can up to 255 key objects.

Examples

The following example uses a key object named myGenKey, displays the certificate digest in MD5 format, and saves the certificate file named myCertFile.

gencsr key myGenKey digest md5 output myCertFile

Related Commands

See the section "Key Configuration Command Set".

help

Displays help information for the specified command.

help [command]

Syntax Description

command

The name of the command.

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not specify a command, help information is displayed for all SSL Commands

import pkcs12

Imports and processes a PKCS#12 file to create certificate and key objects.

import pkcs12 <name> [filename|url]

Syntax Description

name	The user-defined name for the certificate and key objects.
filename	The path and name of the file on the local file system.
url	The location of the file (serial and telnet only).

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not specify a file name or URL, you are prompted for it.

Related Commands

import pkcs7 (SSL Command Set)
show ssl cert (Non-Privileged Command Set)
show ssl key (Non-Privileged Command Set)

import pkcs7

Imports and processes a PKCS#7 file to create a certificate objects and a certificate group.

import pkcs7 <name> <der|pem> [prefix <prefixText>] [filename]|url]

Syntax Description

name	The user-defined name of the certificate group object.
der	Indicates the file is DER-encoded.
pem	Indicates the file is PEM-encoded.
prefix	Indicates a prefix should be used when naming certificate objects.
prefixText	The prefix used for the certificate names in the chain.
filename	The path and name of the file on the local file system.
url	The location of the file (serial and telnet only).

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not specify a file name or URL, you are prompted for it.

Related Commands

import pkcs12 (SSL Command Set)
show ssl cert (Non-Privileged Command Set)
show ssl certgroup (Non-Privileged Command Set)

key

Creates and/or configures the specified key object.

key <keyname> [create]
no key <keyname>

Syntax Description

keyname	The name of the key.
create	Creates a new key association named keyname and enters Key Configuration mode for that object.

Usage Guidelines

Availability: Remote, Serial, Telnet

The no form of the command is used to remove a key. You cannot delete a key referenced by a server. A device can have up to 255 key objects. Key names can consist of Arabic numerals and upper- and lowercase alphabetic, underscore (_), hyphen (-), and period (.) characters. Key names must begin wih an alphabetic character or underscore and have a limit of 15 characters.

Examples

The following example creates a key association named mykey and enters Key Configuration mode for the key association mykey.

key mykey create

Related Commands

show ssl key (Non-Privileged Command Set)

See the section "Key Configuration Command Set".

reverse-proxy-server

Creates and/or configures the specified reverse-proxy server and enters Reverse-Proxy Server Configuration mode for that server.

reverse-proxy-server <servname> [create]
no reverse-proxy-server <servname>

Syntax Description

servname	The name of the reverse-proxy server.
create	Creates a new reverse-proxy server named servname and enters Reverse-Proxy Server Configuration mode for that object.

Usage Guidelines

Availability: Remote, Serial, Telnet

The no form of the command is used to remove the specified reverse-proxy server. A device can have a total of 255 servers in any combination of backend, reverse-proxy, or standard secure servers. When a reverse-proxy server has been specified for removal, all connections are allowed to finish before the reverse-proxy server is actually removed. Reverse-proxy server names can consist of Arabic numerals and upper- and lowercase alphabetic, underscore (_), hyphen (-), and period (.) characters. Reverse-proxy server names must begin wih an alphabetic character or underscore and have a limit of 15 characters.

Related Commands

show ssl (Non-Privileged Command Set)
show ssl server (Non-Privileged Command Set)

See the section "Reverse-Proxy Server Configuration Command Set".

secpolicy

Creates and/or configures the specified security policy and enters Security Policy Configuration mode for the security policy.

secpolicy <polname> [create]
no secpolicy <polname>

Syntax Description

polname	The name of the security policy.
create	Creates a new security policy named polname and enters Security Policy Configuration mode for that object.

Usage Guidelines

Availability: Remote, Serial, Telnet

The no form of the command is used to remove a security policy. You cannot delete a security policy referenced by a logical secure server. Security policy names can consist of Arabic numerals and upper- and lowercase alphabetic, underscore (_), hyphen (-), and period (.) characters. Security policy names must begin wih an alphabetic character or underscore and have a limit of 15 characters.

Examples

The following example creates a security policy named mypolicy and enters Security Policy Configuration mode for the security policy mypolicy.

secpolicy mypolicy create

Related Commands

show ssl secpolicy (Non-Privileged Command Set)

See the section "Security Policy Configuration Command Set".

server

Creates and/or configures the specified standard secure server and enters Server Configuration mode for that server.

server <servname> [create]
no server <servname>

Syntax Description

servname	The name of the logical secure server.
create	Creates a new logical secure server named polname and enters Server Configuration mode for that server.

Usage Guidelines

Availability: Remote, Serial, Telnet

The no form of the command is used to remove a server. A device can have a total of 255 servers in any combination of backend, reverse-proxy, or standard secure servers. When a secure server has been specified for removal, all connections are finished before the server is actually removed. Server names can consist of Arabic numerals and upper- and lowercase alphabetic, underscore (_), hyphen (-), and period (.) characters. Server names must begin wih an alphabetic character or underscore and have a limit of 15 characters.

Related Commands

show ssl server (Non-Privileged Command Set)

See the section "Server Configuration Command Set".

Backend Server Configuration Command Set

Use Backend Server Configuration commands to set up and configure backend servers. Enter Backend Server Configuration mode by using the enable command in Non-Privileged mode, the configure command in Privileged mode, the ssl command in Configuration mode, and the backend-server command in SSL Configuration mode. The prompt changes to <config-ssl-backend[servername]>>.

activate

Activates the current suspended backend server if enough information has been configured.

activate

Usage Guidelines

Availability: Remote, Serial, Telnet

All backend servers are created as active servers by default.

Related Commands

suspend (Backend Server Configuration Command Set)

certgroup serverauth

Assigns a certificate group to be used for server certificate authentication.

certgroup serverauth <certgroupname>
no certgroupchain

Syntax Description

certgroupname

The name of the certificate group.

Usage Guidelines

Availability: Remote, Serial, Telnet

The no form of the command is used to disable server authentication using the certificate group. When using the no form of the command, you need not specify any certificate group name. Only one certificate group can be used.

Related Commands

certgroup (SSL Configuration Command Set)
show ssl certgroup (Non-Privileged Command Set)

See also "Certificate Group Configuration Command Set".

end

Exits Backend Server Configuration mode, activates all changes, and returns to SSL Configuration mode.

end

Usage Guidelines

Availability: Remote, Serial, Telnet

exit

Exits Backend Server Configuration mode, activates all changes, and returns to SSL Configuration mode.

exit

Usage Guidelines

Availability: Remote, Serial, Telnet

finished

Leaves Backend Server Configuration Mode and returns to Top Level mode.

finished

Usage Guidelines

Availability: Remote, Serial, Telnet

help

Displays help information for the specified command.

help [command]

Syntax Description

command

The name of the command.

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not specify a command, help information is displayed for all Backend Server Configuration Commands.

info

Displays current information about the logical secure server being edited or created.

info

Usage Guidelines

Availability: Remote, Serial, Telnet

ip address

Sets the specified IP address for the backend server.

ip address <ipaddr> [netmask <mask>]
no ip address

Syntax Description

ipaddr	The IP address to assign to the backend server.
netmask <mask>	The netmask valid for the IP address.

Usage Guidelines

Availability: Remote, Serial, Telnet

Using the no form of the command clears the IP address for the backend server.

localport

Specifies the TCP service port through which non-secure connections are received.

localport <port|default>

Syntax Description

port	The used to transfer non-secure traffic.
default	Sets the port specification to 80.

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

remoteport (Backend Server Configuration Command Set)

log-url

Specifies a host for logging of URL requests.

log-url <ipaddr>

Syntax Description

ipaddr

The IP address of the host for the log.

Usage Guidelines

Availability: Remote, Serial, Telnet

remoteport

Specifies the TCP service port through which redirected secure connections are sent.

remoteport <port|default>

Syntax Description

port	The used to transfer secure traffic.
default	Sets the port specification to 443.

Caution Traffic sent on this TCP service port is not secured by SSL during transmission to the server. It must be secured by another means.

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

localport (Backend Server Configuration Command Set)

secpolicy

Creates an association between this server and the specified security policy.

secpolicy <polname|all|default|strong|weak>

Syntax Description

polname	The name of the configured security policy.
all	All pre-loaded security policies.
default	Default security policy set.
strong	Strong security policy set.
weak	Weak security policy set.

Usage Guidelines

Availability: Remote, Serial, Telnet

Several default security policies are preloaded into the SSL device. To see a list of all loaded default and user-defined security policies, use the show ssl secpolicy command.

Related Commands

secpolicy (SSL Configuration Command Set)
show ssl secpolicy (Non-Privileged Command Set)

See the section "Security Policy Configuration Command Set".

serverauth enable

Enables server certificate authentication.

serverauth enable
no serverauth enable

Usage Guidelines

Availability: Remote, Serial, Telnet

Using the no form of the command disables server certificate authentication.

Related Commands

certgroup serverauth (Backend Server Configuration Command Set)
serverauth ignore (Backend Server Configuration Command Set)

serverauth ignore

Specifies the server authentication errors to ignore.

Syntax Description

all	Ignore all server authentication errors.
non	Do not ignore server authentication errors.
signature-failure	Ignore certificate signature failure errors.
expired-date	Ignore certificate expiration errors.
cert-not-yet-valid	Ignore errors caused by using the certificate before it is valid.
invalid-ca	Ignore errors caused by an unrecognized CA.
domain-name	Ignore errors due to an invalid domain name.

Usage Guidelines

Availability: Remote, Serial, Telnet

Any combination of options can be used currently. Use the no form of the command to cease ignoring the specific server authentication error.

Related Commands

certgroup serverauth (Backend Server Configuration Command Set)
serverauth enable (Backend Server Configuration Command Set)

session-cache enable

Enables session caching.

session-cache enable
no session-cache enable

Usage Guidelines

Availability: Remote, Serial, Telnet

Use the no form of the command to disable session caching.

Related Commands

session-cache size (Backend Server Configuration Mode)
session-cache timeout (Backend Server Configuration Mode)

session-cache size

Specifies the size of the session cache.

session-cache size <cachesize>

Syntax Description

cachesize

The number of sessions to be cached. The default is 1024. The acceptable range is 1 to 76,800.

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

session-cache enable (Backend Server Configuration Mode)
session-cache timeout (Backend Server Configuration Mode)

session-cache timeout

Specifies the session cache length before being timed out.

session-cache timeout <seconds>

Syntax Description

seconds

Specifies the number of seconds before the cache times out.

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

session-cache enable (Backend Server Configuration Mode)
session-cache size (Backend Server Configuration Mode)

suspend

Suspends the function of the backend server.

suspend [now]

Syntax Description

now

Suspends actions of the backend server immediately.

Usage Guidelines

Availability: Remote, Serial, Telnet

This command behaves in three ways:

If you are creating a new backend server and you use the suspend command, the server is created in the suspended state. No connections are accepted until the activate command is used.
If you are editing an existing backend server and you use the suspend command alone, the all open connections on the server are finished, and no new connections are accepted. No connections are accepted until the activate command is used.
If you are editing an existing backend server and you use the suspend now command, all connections are suspended. When the end command is entered, the current backend server is removed, and a new suspended backend server is created.

Related Commands

activate (Backend Server Configuration Mode)

transparent

Enables the backend server to function as a transparent proxy (default).

transparent
no transparent

Usage Guidelines

Availability: Remote, Serial, Telnet

When transparent proxy behavior is disabled, the device accepts connections on the IP address of the Secure Content Accelerator rather than on the server address. The no form of the command is used to disable this behavior.

Certificate Configuration Command Set

Use Certificate Configuration commands to set up and manage certificate objects. Enter Certificate Configuration mode by using the enable command in Non-Privileged mode, the configure command in Privileged Mode, the ssl command in Configuration mode, and the cert command in SSL Configuration mode. The prompt changes to <config-ssl-cert[certname]>>.

binhex

Pastes a binary hex-encoded X509 certificate into the configuration manager.

binhex [value]

Syntax Description

value

The certificate that has been copied into the cut buffer.

Usage Guidelines

Availability: Remote, Serial, Telnet

After the command is entered, you are prompted to paste the certificate from the cut buffer. You can use a text editor to copy the certificate from a file. After the certificate is pasted, you must press Enter twice to complete the command.

der

Loads a DER-encoded X509 certificate file into the current object.

der [certfilename|url]

Syntax Description

certfilename	The name of the DER-encoded certificate file.
url	The location of the file (serial and telnet only).

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not enter the file name or URL, you are prompted for it.

end

Exits Certificate Configuration mode, activates all valid changes, and returns to SSL Configuration mode.

end

Usage Guidelines

Availability: Remote, Serial, Telnet

exit

Exits Certificate Configuration mode, activates all valid changes, and returns to SSL Configuration mode.

exit

Usage Guidelines

Availability: Remote, Serial, Telnet

finished

Leaves Certificate Configuration Mode and returns to Top Level mode.

finished

Usage Guidelines

Availability: Remote, Serial, Telnet

help

Displays help information for the specified command.

help [command]

Syntax Description

command

The name of the command.

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not specify a command, help information is displayed for all Certificate Configuration Commands

Usage Guidelines

Availability: Remote, Serial, Telnet

info

Displays current information about the certificate object being created or edited.

info

pem

Loads a PEM-encoded X509 certificate into the current certificate object.

pem [certfilename|url]

Syntax Description

certfilename	The name of the PEM-encoded certificate file.
url	The location of the file (serial and telnet only).

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not enter the file name or URL, you are prompted for it.

Related Commands

pem-paste (Certificate Configuration Command Set)

pem-paste

Allows a PEM-encoded X.509 certificate to be pasted into the configuration manager.

pem-paste

Usage Guidelines

Availability: Remote, Serial, Telnet

After the command is entered, you are prompted to paste a certificate from the cut buffer. You can use a text editor to copy the certificate from a file. After the certificate is pasted, you must press Enter twice to complete the command.

Related Commands

pem (Certificate Configuration Command Set)

Certificate Group Configuration Command Set

Use Certificate Group Configuration commands to set up and manage certificate groups utilized for certificate chains and server and client certificate authentication. Enter Certificate Group Configuration mode by using the enable command in Non-Privileged mode, the configure command in Privileged mode, the ssl command in Configuration mode, and the certgroup command in SSL Configuration mode. The prompt changes to <config-ssl-certgroup[certgroupname]>>.

cert

Adds the specified, existing certificate object into the current certificate group.

cert <certObject>
no cert <certObject>

Syntax Description

certObject

The name of the certificate object.

Usage Guidelines

Availability: Remote, Serial, Telnet

Up to 64 certificate objects are allowed per certificate group. Use the no form of the command to remove the specified certificate from the certificate group.

Related Commands

cert (SSL Configuration Command Set)

See the section "Certificate Configuration Command Set".

end

Exits Certificate Group Configuration mode, activates all changes, and returns to SSL Configuration mode.

end

Usage Guidelines

Availability: Remote, Serial, Telnet

exit

Exits Certificate Group Configuration mode, activates all changes, and returns to SSL Configuration mode.

exit

Usage Guidelines

Availability: Remote, Serial, Telnet

finished

Leaves Certificate Group Configuration Mode and returns to Top Level mode.

finished

Usage Guidelines

Availability: Remote, Serial, Telnet

help

Displays help information for the specified command.

help [command]

Syntax Description

command

The name of the command.

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not specify a command, help information is displayed for all Certificate Group Commands

info

Displays current information about the certificate group being created or edited.

info

Usage Guidelines

Availability: Remote, Serial, Telnet

Key Configuration Command Set

Use Key Configuration commands to set up and manage keys. Enter Key Configuration mode by using the enable command in Non-Privileged mode, the configure command in Privileged mode, the ssl command in Configuration mode, and the key command in SSL Configuration mode. The prompt changes to <config-ssl-key[keyname]>>.

binhex

Allows a binary hex-encoded X.509 key to be pasted into the configuration manager.

binhex [value]

Syntax Description

value

The key that has been copied into the cut buffer.

Usage Guidelines

Availability: Remote, Serial, Telnet

After the command is entered, you are prompted to paste the key from the cut buffer. You can use a text editor to copy the key from a file. After the key is pasted, you must press Enter twice to complete the command.

der

Loads a DER-encoded X509 key file into the current key object.

der [keyfilename|url]

Syntax Description

keyfilename	The name of the DER-encoded key file.
url	The location of the file (serial and telnet only).

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not enter the file name or URL, you are prompted for it.

end

Exits Key Configuration mode, activates all changes, and returns to SSL Configuration mode.

end

Usage Guidelines

Availability: Remote, Serial, Telnet

exit

Exits Key Configuration mode, activates all changes, and returns to SSL Configuration mode.

exit

Usage Guidelines

Availability: Remote, Serial, Telnet

finished

Leaves Key Configuration Mode and returns to Top Level mode.

finished

Usage Guidelines

Availability: Remote, Serial, Telnet

genrsa

Generates an RSA key.

genrsa [bits <512|1024>] [encrypt <des|des3>] [seed <seedstring>] [output <filename|url>]

Syntax Description

bits	Specifies the key strength.
512	Specifies the key to be 512-bit strength.
1024	Specifies the key to be 1024-bit strength.
encrypt	Encrypts the generated key for display.
des	Specifies DES to be used for the encrypted key displayed.
des3	Specifies DES3 to be used for the encrypted key displayed.
seed	Specifies a seed string to be used for key generation.
seedstring	The string used to generate the key.
output	Writes the PEM-encoded key file to disk.
filename	The name of the PEM-encoded key file.
url	The location of the file (serial and telnet only).

Usage Guidelines

Availability: Remote, Serial, Telnet

If the encrypt keyword is not used, the key is not be displayed.

Examples

The following example generates a 1024-bit key using the seed string lemon. The key is displayed once using DES encryption. The resulting key is stored on the device as well as exported to a PEM-encoded file named mykey.pem.

genrsa bits 1024 encrypt des seed lemon output mykey.pem

help

Displays help information for the specified command.

help [command]

Syntax Description

command

The name of the command.

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not specify a command, help information is displayed for all Key Configuration Commands

info

Displays current information about the key being created or edited.

info

Usage Guidelines

Availability: Remote, Serial, Telnet

net-iis

Loads a private key exported from IIS 4 only into the key entity.

net-iis [keyfilename|url]

Syntax Description

key-filename	The name of the key file.
url	The location of the file (serial and telnet only).

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not enter the file name and path, you are prompted for it.

pem

Loads a PEM-encoded X.509 private key into the key entry.

pem [keyfilename|url]

Syntax Description

key-filename	The name of the PEM-encoded key file.
url	The location of the file (serial and telnet only).

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not enter the file name and path, you are prompted for it.

Related Commands

pem-paste (Key Configuration Command Set)

pem-paste

Allows a PEM-encoded X.509 key to be pasted into the configuration manager.

pem-paste

Usage Guidelines

Availability: Remote, Serial, Telnet

After the command is entered, you are prompted to paste a key from the cut buffer. You can use a text editor to copy the key from a file. After the key is pasted, you must press Enter twice to complete the command.

Reverse-Proxy Server Configuration Command Set

Use Reverse-Proxy Server Configuration commands to set up and configure reverse-proxy servers. Enter Reverse-Proxy Server Configuration mode by using the enable command in Non-Privileged mode, the configure command in Privileged mode, the ssl command in Configuration mode, and the reverse-proxy-server command in SSL Configuration mode. The prompt changes to <config-ssl-rproxy[servername]>.

activate

Activates the current suspended reverse-proxy server if enough information has been configured.

activate

Usage Guidelines

Availability: Remote, Serial, Telnet

All reverse-proxy servers are created as active servers by default.

Related Commands

suspend (Reverse-Proxy Server Configuration Command Set)

certgroup serverauth

Assigns a certificate group to be used for server certificate authentication.

certgroup serverauth <certgroupname>
no certgroupchain

Syntax Description

certgroupname

The name of the certificate group.

Usage Guidelines

Availability: Remote, Serial, Telnet

The no form of the command is used to disable server authentication using the certificate group. When using the no flag, you need not specify any certificate group name. Only one certificate group can be used.

Related Commands

certgroup (SSL Configuration Command Set)
show ssl certgroup (Non-Privileged Command Set)

See also "Certificate Group Configuration Command Set".

end

Exits Reverse-Proxy Server Configuration mode, activates all changes, and returns to SSL Configuration mode.

end

Usage Guidelines

Availability: Remote, Serial, Telnet

exit

Exits Reverse-Proxy Server Configuration mode, activates all changes, and returns to SSL Configuration mode.

exit

Usage Guidelines

Availability: Remote, Serial, Telnet

finished

Leaves Reverse-Proxy Server Configuration Mode and returns to Top Level mode.

finished

Usage Guidelines

Availability: Remote, Serial, Telnet

help

Displays help information for the specified command.

help [<command>]

Syntax Description

command

The name of the command.

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not specify a command, help information is displayed for all Reverse-Proxy Server Configuration Commands

info

Displays current information about the reverse-proxy server being edited or created.

info

Usage Guidelines

Availability: Remote, Serial, Telnet

localport

Specifies the TCP service port through which non-secure connections are received.

localport <port|default>

Syntax Description

port	The used to transfer non-secure traffic.
default	Sets the port specification to 80.

Usage Guidelines

Availability: Remote, Serial, Telnet

log-url

Specifies a host for logging of URL requests.

log-url <ipaddr>

Syntax Description

ipaddr

The IP address of the host for the log.

Usage Guidelines

Availability: Remote, Serial, Telnet

secpolicy

Creates an association between this server and the specified security policy.

secpolicy <polname|all|default|strong|weak>

Syntax Description

polname	The name of the configured security policy.
all	All pre-loaded security policies.
default	Default security policy set.
strong	Strong security policy set.
weak	Weak security policy set.

Usage Guidelines

Availability: Remote, Serial, Telnet

Several default security policies are preloaded into the SSL device. To see a list of all loaded default and user-defined security policies, use the show ssl secpolicy command.

Related Commands

secpolicy (SSL Configuration Command Set)
show ssl secpolicy (Non-Privileged Command Set)

See the section "Security Policy Configuration Command Set".

serverauth enable

Enables server certificate authentication.

serverauth enable
no serverauth enable

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

certgroup serverauth (Reverse-Proxy Configuration Command Set)
serverauth ignore (Reverse-Proxy Server Configuration Command Set)

serverauth ignore

Specifies the server authentication errors to ignore.

Syntax Description

all	Ignore all server authentication errors.
non	Do not ignore server authentication errors.
signature-failure	Ignore certificate signature failure errors.
expired-date	Ignore certificate expiration errors.
cert-not-yet-valid	Ignore errors caused by using the certificate before it is valid.
invalid-ca	Ignore errors caused by an unrecognized CA.
domain-name	Ignore errors due to an invalid domain name.

Usage Guidelines

Availability: Remote, Serial, Telnet

Any combination of options can be used currently. Use the no form of the command to cease ignoring the specific server authentication error.

Related Commands

certgroup serverauth (Reverse-Proxy Server Configuration Command Set)
serverauth enable (Reverse-Proxy Server Configuration Command Set)

session-cache enable

Enables session caching.

session-cache enable
no session-cache enable

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

session-cache size (Reverse-Proxy Server Configuration Mode)
session-cache timeout (Reverse-Proxy Server Configuration Mode)

session-cache size

Specifies the size of the session cache.

session-cache size <cachesize>

Syntax Description

cachesize

The number of cached sessions. The default is 1024. The acceptable range is 1 to 76,800.

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

session-cache enable (Reverse-Proxy Server Configuration Mode)
session-cache timeout (Reverse-Proxy Server Configuration Mode)

session-cache timeout

Specifies the session cache length before being timed out.

session-cache timeout <seconds>

Syntax Description

seconds

Specifies the number of seconds before the cache times out.

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

session-cache enable (Reverse-Proxy Server Configuration Mode)
session-cache size (Reverse-Proxy Server Configuration Mode)

suspend

Suspends the function of the backend server.

suspend [now]

Syntax Description

now

Suspends actions of the backend server immediately.

Usage Guidelines

Availability: Remote, Serial, Telnet

This command behaves in three ways:

If you are creating a new reverse-proxy server and you use the suspend command, the server is created in the suspended state. No connections are accepted until the activate command is used.
If you are editing an existing reverse-proxy server and you use the suspend command alone, the all open connections on the server are finished, and no new connections are accepted. No connections are accepted until the activate command is used.
If you are editing an existing reverse-proxy server and you use the suspend now command, all connections are suspended. When the end command is entered, the current reverse-proxy server is removed, and a new suspended reverse-proxy server is created.

Related Commands

activate (Reverse-Proxy Server Configuration Mode)

Security Policy Configuration Command Set

Use Security Policy Configuration commands to set up and manage security policies. Enter Security Policy Configuration mode by using the enable command in Non-Privileged mode, the configure command in Privileged Mode, the ssl command in Configuration mode, and secpolicy command in SSL Configuration mode. The prompt changes to <config-ssl-secpolicy[secpolicyname]>>.

crypto

Creates a customized security policy for the current SSL device.

Syntax Description

The following table shows the characteristics of each crytptographic algorithm.

Cryptographic Scheme	Encryption	Message Authentication	Key Exchange	Security Policy Assignments
ARC4-MD5	ARC4¹ (128)	MD5	RSA (1024)	strong, default, all
ARC4-SHA	ARC4¹ (128)	SHA1	RSA (1024)	strong, default, all
DES-CBC3-MD5	3DES (168)	MD5	RSA (1024)	strong, all
DES-CBC3-SHA	3DES (168)	SHA1	RSA (1024)	strong, all
DES-CBC-MD5	DES (56)	MD5	RSA (1024)	strong, all
DES-CBC-SHA	DES (56)	SHA1	RSA (1024)	strong, all
EXP-ARC2-MD5	ARC2² (40)	MD5	RSA (512)	weak, all
EXP-ARC4-MD5	ARC4¹ (40)	MD5	RSA (512)	weak, default, all
EXP-ARC4-SHA	ARC4¹ (40)	SHA1	RSA (512)	weak, default, all
EXP-DES-CBC-SHA	DES (40)	SHA1	RSA (512)	weak, all
EXP1024-ARC2-CBC-MD5	ARC2² (40)	MD5	RSA (1024)	weak, default, all
EXP1024-ARC4-MD5	ARC4¹ (40)	MD5	RSA (1024)	weak, default, all
EXP1024-ARC4-SHA	ARC4¹ (40)	SHA1	RSA (1024)	weak, default, all
EXP1024-DES-CBC-SHA	DES (40)	SHA1	RSA (1024)	weak, all
NULL-MD5	None	MD5	None	weak, default, all
NULL-SHA	None	SHA1	None	weak, default, all

¹ARC4 is compatible with RC4™ RSA Data Security.
²ARC2 is compatible with RC2™ RSA Data Security.

Usage Guidelines

Availability: Remote, Serial, Telnet

(This command must be entered on one line.) You can identify either individual ciphers or use the strong, weak, default, or all keywords to specify cipher sets. The no form of this command is used to remove a cipher or set of ciphers. You must specify which algorithm(s) to remove following the no crypto command. For example, using the commands crypto ARC4-MD5 and crypto ARC4-SHA loads both schemes into the current user-defined security policy. Additionally, you can alter the preset cryptography schemes specified for the current security policy. If you enter crypto weak and no crypto NULL-MD5 commands, the NULL-MD5 cryptography scheme is removed from the current security policy.

Note "ARC4"is compatible with RC4™ RSA Data Security. "ARC2" is compatible with RC2™ RSA Data Security. The "strong" policy includes ARC4-MD5, ARC4-SHA, DES-CBC3-MD5, DES-CBC3-SHA, DES-CBC-MD5, and DES-CBC-SHA. The "weak" policy includes all policies prefixed with "EXP-" "NULL-". These policies are considered to be export-level policies.

end

Exits Security Policy Configuration mode, activates all changes, and returns to SSL Configuration mode.

end

Usage Guidelines

Availability: Remote, Serial, Telnet

exit

Exits Security Policy Configuration mode, activates all changes, and returns to SSL Configuration mode.

exit

Usage Guidelines

Availability: Remote, Serial, Telnet

finished

Leaves Security Policy Configuration Mode and returns to Top Level mode.

finished

Usage Guidelines

Availability: Remote, Serial, Telnet

help

Displays help information for the specified command.

help [command]

Syntax Description

command

The name of the command.

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not specify a command, help information is displayed for all Security Policy Configuration Commands

info

Displays current information about the security policy being edited or created.

info

Usage Guidelines

Availability: Remote, Serial, Telnet

Server Configuration Command Set

Use Server Configuration commands to set up and configure logical secure servers. Enter Server Configuration mode by using the enable command in Non-Privileged mode, the configure command in Privileged mode, the ssl command in Configuration mode, and the server command in SSL Configuration mode. The prompt changes to <config-ssl-server[servername]>>.

activate

Activates the current logical secure server if enough information has been configured.

activate

Related Commands

suspend (Server Configuration Command Set)

cert

Sets the specified certificate for use by the server.

cert <certname | default | default-1024 | default 512>

Syntax Description

certname	The name of the certificate.
default	The pre-loaded default certificate.
default-1024	The pre-loaded 1024-bit default certificate.
default-512	The pre-loaded 512-bit default certificate.

Usage Guidelines

Availability: Remote, Serial, Telnet

Only one certificate is allowed per server. If you enter this command with a different certificate, that reference replaces the earlier one.

Related Commands

certificate (SSL Configuration Command Set)
show ssl cert (Non-Privileged Command Set)

See also "Certificate Configuration Command Set".

certgroup chain

Enables the specified certificate group to be used as a certificate chain. The no form of the command is used to disable certificate chaining.

certgroup chain certgroupname
no certgroupchain

Syntax Description

certgroupname

The name of the certificate group.

Usage Guidelines

Availability: Remote, Serial, Telnet

Use the no form of the command to remove a certificate group association. When using the no flag, you need not specify any certificate group name. Only one certificate chain is allowed.

Related Commands

certgroup (SSL Configuration Command Set)
show ssl certgroup (Non-Privileged Command Set)

See also "Certificate Group Configuration Command Set".

certgroup clientauth

Assigns a certificate group to be used as a certificate trust list for client certificate authentication.

certgroup clientauth <certgroupname>
no clientauth

Syntax Description

certgroupname

The name of the certificate group.

Usage Guidelines

Availability: Remote, Serial, Telnet

The no form of the command is used to disable client authentication using the certificate group. When using the no flag, you need not specify any certificate group name. Only one certificate chain can be used.

Related Commands

clientauth enable (Server Configuration Command Set)
clientauth error (Server Configuration Command Set)
clientauth verifydepth (Server Configuration Command Set)

clientauth enable

Enables client certificate authentication.

clientauth enable
no clientauth enable

Usage Guidelines

Availability: Remote, Serial, Telnet

Use the no form of the command to disable client certificate authentication.

Related Commands

certgroup enable (Server Configuration Command Set)
clientauth error (Server Configuration Command Set)
clientauth verifydepth (Server Configuration Command Set)

clientauth error

Specifies the client certificate authentication errors to ignore.

Syntax Description

cert-not-provided	Certificate was not provided for authentication.
cert-not-yet-valid	The certificate is not valid yet.
cert-has-expired	The certificate has expired.
cert-revoked	The certificate has been revoked.
cert-has-invalid-ca	The certificate has an invalid CA.
cert-has-signature- failure	The signature on the certificate failed.
cert-other-error	Any other certificate authentication error.
all	All certificate authentication errors, including those listed above.
fail	The client is disconnected abruptly.
failhtml	The SSL handshake is continued and the client is sent a static HTML error page listing the reason for the error. Then the SSL session is disconnected.
ignore	The server silently ignores the authentication error and continues the SSL connection.
redirect	The SSL handshake is continued and the client is redirected to another HTML page specified by the url argument. The SSL session is disconnected.
url	The location of the error page for redirection.

Usage Guidelines

Availability: Remote, Serial, Telnet

Any combination of options can be used currently. Use the no form of the command to cease ignoring the specific client authentication error.

Related Commands

certgroup clientauth (Server Configuration Command Set)
clientauth enable (Server Configuration Command Set)
clientauth verifydepth (Server Configuration Command Set)

clientauth verifydepth

Specifies the level of certificate within the certificate group to use when verifying client certificates.

clientauth verifydepth <depth>

Syntax Description

depth

The number of certificates within the certificate group to use for authentication.

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

certgroup clientauth (Server Configuration Command Set)
clientauth enable (Server Configuration Command Set)
clientauth error (Server Configuration Command Set)

end

Exits Server Configuration mode, activates all changes, and returns to SSL Configuration mode.

end

Usage Guidelines

Availability: Remote, Serial, Telnet

ephrsa

When an export browser version connects to a server using 1024-bit keys, this allows the RSA key exchange (the SSL handshake) to be negotiated using a dynamically created 512-bit key. Using ephemeral RSA ensures the device complies with United States commerce laws.

ephrsa
no ephrsa

Usage Guidelines

Availability: Remote, Serial, Telnet

The default is no ephemeral RSA. Use the no form of the command to disable ephemeral RSA.

exit

Exits Server Configuration mode, activates all changes, and returns to SSL Configuration mode.

exit

Usage Guidelines

Availability: Remote, Serial, Telnet

finished

Leaves Server Configuration Mode and returns to Top Level mode.

finished

Usage Guidelines

Availability: Remote, Serial, Telnet

help

Displays help information for the specified command.

help [command]

Syntax Description

command

The name of the command.

Usage Guidelines

Availability: Remote, Serial, Telnet

If you do not specify a command, help information is displayed for all Server Configuration Commands

httpheader

Specifies the header information to pass to backend HTTP servers.

Syntax Description

session	Adds SSL session information to the HTTP stream.
server-cert	Adds the server certificate to the HTTP stream.
client-cert	Adds the client certificate to the HTTP stream.
pre-filter	Pre-filters the client header.
prefix	Allows a prefix string to be added to the HTTP stream.
prefixString	The string to use as a header prefix.

Usage Guidelines

Availability: Remote, Serial, Telnet

(This command must be entered on one line.) Any combination of options can be used currently. Use the no form of the command to cease using the specific option.

info

Displays current information about the logical secure server being edited or created.

info

Usage Guidelines

Availability: Remote, Serial, Telnet

ip address

Sets the specified IP address for the logical secure server. Using the no form of the command clears the IP address for the logical secure server.

ip address <ipaddr> [netmask <mask>]
no ip address

Syntax Description

ipaddr	The IP address to assign to the secure server.
netmask <mask>	The netmask valid for the IP address.

Usage Guidelines

Availability: Remote, Serial, Telnet

key

Sets the specified key for use by the server.

key <keyname | default | default-1024 | default 512>

Syntax Description

keyname	The name of the key.
default	The pre-loaded default key.
default-1024	The pre-loaded 1024-bit default key.
default-512	The pre-loaded 512-bit default key.

Usage Guidelines

Availability: Remote, Serial, Telnet

Only one key is allowed per server. If you enter this command with a different key, that reference replaces the earlier one.

Related Commands

key(SSL Configuration Command Set)
show ssl key (Non-Privileged Command Set)

See also "Key Configuration Command Set".

localport

Specifies the port on which the secure server receives SSL traffic. The SSL traffic is decrypted and sent to the real server using the TCP service port previously specified with the remoteport command.

localport <port|default>

Syntax Description

port	The TCP service port through which SSL traffic is received by the current secure logical server.
default	Returns the setting to the default of 443.

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

remoteport (Server Configuration Command Set)
sslport (Server Configuration Command Set)

log-url

Specifies a host for logging of URL requests.

log-url <ipaddr>

Syntax Description

ipaddr

The IP address of the host for the log.

Usage Guidelines

Availability: Remote, Serial, Telnet

redirect

Enables server redirection.

redirect
no redirect

Usage Guidelines

Use the no form of the command to disable server redirection.

remoteport

Specifies the TCP service port through which non-secure connections is sent.

remoteport <port|default>

Syntax Description

port	The non-secure port used to send clear text traffic to the server.
default	Sets the non-secure port specification to 80.

Caution Traffic sent on this TCP service port is not secured by SSL during transmission to the server. It must be secured by another means.

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

localport (Server Configuration Command Set)
sslport (Server Configuration Command Set)

secpolicy

Creates an association between this server and the specified security policy.

secpolicy <polname|all|default|strong|weak>

Syntax Description

polname	The name of the configured security policy.
all	All pre-loaded security policies.
default	Default security policy set.
strong	Strong security policy set.
weak	Weak security policy set.

Usage Guidelines

Availability: Remote, Serial, Telnet

Several default security policies are preloaded into the SSL device. To see a list of all loaded default and user-defined security policies, use the show ssl secpolicy command.

Related Commands

secpolicy (SSL Configuration Command Set)
show ssl secpolicy (Non-Privileged Command Set)

See the section "Security Policy Configuration Command Set".

session-cache enable

Enables session caching.

session-cache enable
no session-cache enable

Usage Guidelines

Availability: Remote, Serial, Telnet

Use the no form of the command to disable session caching.

Related Commands

session-cache size (Server Configuration Mode)
session-cache timeout (Server Configuration Mode)

session-cache size

Specifies the size of the session cache.

session-cache size <cachesize>

Syntax Description

cachesize

The number of sessions. The default is 1024. The acceptable range is 1 to 76,800.

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

session-cache enable (Server Configuration Mode)
session-cache timeout (Server Configuration Mode)

session-cache timeout

Specifies the session cache length before being timed out.

session-cache timeout <seconds>

Syntax Description

seconds

Specifies the number of seconds before the cache times out.

Usage Guidelines

Availability: Remote, Serial, Telnet

Related Commands

session-cache enable (Server Configuration Mode)
session-cache size (Server Configuration Mode)

sslport

Specifies the port on which the logical secure server receives SSL traffic. The SSL traffic is decrypted and sent to the physical server using the TCP service port previously specified with the remoteport command.

sslport <port|default>

Syntax Description

port	The TCP service port through which SSL traffic is received by the current secure logical server.
default	Returns the setting to the default of 443.

Usage Guidelines

Availability: Remote, Serial, Telnet

Note This command has the same effects as the localport command and is included only for backwards compatibility.

Related Commands

localport (Server Configuration Command Set)
remoteport (Server Configuration Command Set)

suspend

Suspends the function of the server.

suspend [now]

Syntax Description

now

Suspends actions of the server immediately.

Usage Guidelines

Availability: Remote, Serial, Telnet

This command behaves in three ways:

If you are creating a new server and you use the suspend command, the server is created in the suspended state. No connections are accepted until the activate command is used.
If you are editing an existing server and you use the suspend command alone, the all open connections on the server are finished, and no new connections are accepted. No connections are accepted until the activate command is used.
If you are editing an existing server and you use the suspend now command, all connections are suspended. When the end command is entered, the current server is removed, and a new suspended server is created.

Related Commands

activate (Server Configuration Mode)

transparent

Enables to servers to function as a transparent proxy (default). The no form of the command is used to disable this behavior.

transparent
no transparent

Usage Guidelines

Availability: Remote, Serial, Telnet

When transparent proxy behavior is disabled, the device accepts connections on the IP address of the Secure Content Accelerator rather than on the server address.

Table of Contents