Table Of Contents
Cisco CSS-to-ACE Conversion Tool User Guide
Accessing the CSS-to-ACE Conversion Tool
Using the CSS-to-ACE Conversion Tool
Verifying and Modifying the Converted Configuration
Copying and Pasting the Converted Configuration File to the ACE
Example of a Copied Configuration File for Use By the ACE
Obtaining Documentation, Obtaining Support, and Security Guidelines
Cisco CSS-to-ACE Conversion Tool User Guide
This document describes how to use the CSS-to-ACE conversion tool to migrate Cisco Content Services Switches (CSS) running-configuration or startup-configuration files to the Cisco 4700 Series Application Control Engine (ACE) appliance. It describes how to access the conversion tool, use the tool to convert a CSS configuration to an ACE configuration, and copy the converted configuration to the ACE. This document also includes a summary of the CSS commands that are not supported by the conversion tool.
This document contains the following sections:
•
Accessing the CSS-to-ACE Conversion Tool
•
Using the CSS-to-ACE Conversion Tool
•
Verifying and Modifying the Converted Configuration
•
Copying and Pasting the Converted Configuration File to the ACE
•
Obtaining Documentation, Obtaining Support, and Security Guidelines
Accessing the CSS-to-ACE Conversion Tool
The conversion tool is included as part of the ACE software image and is accessible from the Cisco ACE Appliance web page using HTTP. To access the conversion tool, perform the following steps:
Step 1
Log in to your default ACE admin account.
Step 2
Create a Layer 3 and Layer 4 management policy. Ensure that, at a minimum, you permit HTTP traffic in the management policy to enable remote access to the Cisco ACE Appliance web page. The following configuration example shows how to enable web access to the ACE to access the ACE web page. For details on enabling remote access to the ACE, see the Cisco 4700 Series Application Control Engine Appliance Administration Guide.
class-map type management match-any L4_REMOTE-ACCESS_CLASSdescription Enable remote access traffic to the ACE and the Cisco ACE Appliance web page2 match protocol xml-https any4 match protocol icmp any5 match protocol telnet any6 match protocol ssh any7 match protocol http any8 match protocol https anypolicy-map type management first-match L4_REMOTE-ACCESS_MATCHclass L4_REMOTE-ACCESS_CLASSpermitinterface vlan 10ip address 192.168.215.134 255.255.255.0service-policy input L4_REMOTE-ACCESS_MATCHno shutdownip route 0.0.0.0 0.0.0.0 192.168.215.1Step 3
Open your preferred Internet web browser application, such as Microsoft Internet Explorer or Netscape Navigator.
Step 4
Specify the HTTP address of your ACE in the address field:
http://ace_ip_addressThe Login dialog box appears.
Step 5
Enter your ACE default admin username and password in the fields provided, then click OK. The ACE web page appears (Figure 1).
Figure 1 Cisco ACE Appliance Web Page
![]()
Step 6
Click the CSS2ACE conversion tool link in the Tools section of the ACE web page. The CSS-to-ACE conversion tool appears (Figure 2). Proceed to the "Using the CSS-to-ACE Conversion Tool" section.
Figure 2 CSS-to-ACE Conversion Tool
![]()
Using the CSS-to-ACE Conversion Tool
You can convert a CSS startup- or running-config to an equivalent ACE startup- or running-config by using one of the following methods:
•
Copying and pasting the contents from a saved CSS configuration file or from the CSS show running-config or show startup-config command output to the conversion tool `
•
Uploading a saved CSS configuration file to the conversion tool
To use the conversion tool to convert a CSS configuration, perform the following steps:
Step 1
By default, the Admin context is always assumed as the target virtual context on the ACE. To migrate a CSS configuration to a different virtual context (for example, C1), specify a different virtual context name in the User Context Name: text box (see Figure 3). The conversion tool generates the corresponding ACE configuration for the Admin context to create the requested virtual context.
Step 2
Add the contents from a saved CSS configuration file or from the CSS show running-config or show startup-config command output by copying and pasting the complete configuration into the text area of the Paste CSS Commands: section of the conversion tool (Figure 3). Proceed to Step 4.
Figure 3 Pasting the Content of a CSS Configuration into the CSS-to-ACE Conversion Tool
![]()
Step 3
Click Browse to select a CSS configuration file to upload to the conversion tool. Navigate to the CSS configuration file that you want to convert, then click Open. The CSS configuration file appears in the Upload CSS Command File: section of the conversion tool (Figure 4). Proceed to Step 4.
Figure 4 Uploading a CSS Configuration File
![]()
Step 4
Click Get ACE Commands to convert the CSS commands. The tool converts the CSS startup- or running-config to an equivalent ACE startup- or running-config (Figure 5).
Figure 5 Converted CSS Commands to ACE Commands Example
![]()
In addition, the conversion tool lists the CSS commands from the original configuration file (Figure 6).
Figure 6 Summary of Converted CSS Commands Example
![]()
The conversion tool also includes a list of any unsupported CSS commands (Figure 7). The Notes section provides additional information, as necessary. Proceed to the "Verifying and Modifying the Converted Configuration" section.
Figure 7 Unsupported CSS Commands
![]()
Verifying and Modifying the Converted Configuration
Before you copy and paste the converted CSS configuration to the ACE CLI, we recommend that you first carefully review the converted configuration in a text file and make the appropriate content changes based on your network topology and deployment. This step helps you to avoid potential issues or conflicts before you copy the converted CSS configuration text file to the ACE CLI prompt.
Follow these configuration guidelines when verifying and modifying the converted CSS configuration:
•
The CSS does not display default values in the running configuration or startup configuration file even if you manually enter those values. The CSS default settings for probes (keepalives), such as retryperiod, frequency and expect status, are automatically converted by the conversion tool to the ACE configuration. However, you must review, edit, and test the other the areas in the converted configuration to ensure any additional CSS defaults are properly ported to the ACE configuration before deployment.
•
For the purpose of applying the Network Address Translation (NAT)-related CSS configurations, the least numbered VLAN is assumed to be the client-side VLAN and the next higher numbered VLAN is assumed to be the server-side VLAN. If you want to apply the NAT configurations to a different interface VLAN, manually make this change in the configuration. See the Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide for background details.
•
The keepalive hash command of the service configuration mode uses a default hash value if the hash string provided is not equal to 32 bits.
•
The keepalive type script command of the service configuration mode is currently not supported. You must manually configure each of these scripted keepalives using the Toolkit Command Language (TCL) scripts on the ACE. See the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide for background details.
•
Service policies are added to only a single interface VLAN. If you want to apply the service policy to a different interface VLAN, manually make this change in the configuration. See the Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide for background details.
•
All SSL certificates must be imported into the associated context on the ACE before you apply the SSL-related configurations. See the Cisco 4700 Series Application Control Engine Appliance SSL Configuration Guide for background details.
•
The conversion tool does not convert the range option of the ip address command in service configuration mode; only the first IP address is converted. You must create individual real servers for each of the remaining IP addresses specified in the range option, and then add these real servers to the appropriate server farm. See the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide for background details.
•
The conversion tool creates default interface gigabitEthernet configurations in the output and adds the VLAN numbers from the CSS configuration. Manually modify these configurations to suit your network topology or deployment. See the Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide for background details.
•
The conversion tool creates separate Layer 7 policy maps for each CSS content rule. The Layer 7 policy maps are created separately even when multiple content rules share the same VIP, which results in only one of the policy maps taking effect. Manually combine these Layer 7 policy maps in order to share the same VIP. See the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide for background details.
See the"Unsupported CSS Commands" section for a list of the CSS CLI commands that are not supported during the conversion.
To verify the converted output configuration, perform the following steps:
Step 1
Copy the complete converted configuration listed in the ACE Commands: section of the conversion tool (see Figure 5) to a text file. Save this text file as an appropriately named configuration file.
Step 2
Review the output configuration in the text file and make the appropriate changes in this text file based on your network topology and deployment.
Step 3
Save your modifications in the configuration text file.
Step 4
Copy the contents of the modified configuration text file directly to the ACE CLI prompt as described in the "Copying and Pasting the Converted Configuration File to the ACE" section.
Copying and Pasting the Converted Configuration File to the ACE
To copy and paste the converted configuration directly to the ACE CLI prompt, perform the following steps:
Step 1
Log in to the ACE by entering the login username and password at the following prompt:
switch login: xxxxxxPassword: yyyyyyBy default, both the username and password are admin.
The prompt changes as follows:
switch/Admin#Step 2
Access configuration mode as follows:
switch/Admin# configure
Enter configuration commands, one per line. End with CNTL/ZThe prompt changes as follows:
switch/Admin(config)#Step 3
Copy the complete contents of the Admin Context: section of the converted configuration (as illustrated in Figure 5). Paste the copied Admin Context: content at the configuration mode prompt of the ACE CLI. If you are operating in multiple contexts, this step automatically creates the new virtual context identified in the User Context Name: text box of the conversion tool.
For example, enter:
switch/Admin(config)# resource-class RC1switch/Admin(config-resource)# limit-resource sticky minimum 10 maximum unlimitedswitch/Admin(config-resource)# context C1switch/Admin(config-context)# member RC1switch/Admin(config-context)#Step 4
If you are operating in multiple contexts, observe the CLI prompt to verify that you are operating in the desired context. If necessary, change to the correct context by using the changeto command in Exec mode.
switch/Admin(config-context)# exitswitch/Admin(config)#switch/Admin(config)# exitswitch/Admin# changeto C1switch/C1# configureEnter configuration commands, one per line. End with CNTL/Zswitch/C1(config)#Step 5
Copy the complete contents of the Configuration Commands for xx Context: section of the converted configuration (as illustrated in Figure 5). Paste the copied Configuration Commands for xx Context: content at the configuration mode prompt of the ACE CLI.
For example, to copy the converted configuration to the C1 context, enter:
switch/C1(config)# probe http Server1_PROBEswitch/C1(config-probe-http)# request method head url "/"switch/C1(config-probe-http)# probe http Server2_PROBEswitch/C1(config-probe-http)# request method head url "/"switch/C1(config-probe-http)# probe http Server3_PROBEswitch/C1(config-probe-http)# request method head url "/"switch/C1(config-probe-http)#switch/C1(config-probe-http)# rserver host Server1switch/C1(config-rserver-host)# inserviceswitch/C1(config-rserver-host)# ip address 10.1.1.1switch/C1(config-rserver-host)# probe Server1_PROBEswitch/C1(config-rserver-host)# rserver host Server2switch/C1(config-rserver-host)# inserviceswitch/C1(config-rserver-host)# ip address 10.1.1.2switch/C1(config-rserver-host)# probe Server2_PROBEswitch/C1(config-rserver-host)# rserver host Server3switch/C1(config-rserver-host)# ip address 10.1.1.3switch/C1(config-rserver-host)# probe Server3_PROBEswitch/C1(config-rserver-host)# weight 5switch/C1(config-rserver-host)#switch/C1(config-rserver-host)# serverfarm host L3_LeastConnectionsswitch/C1(config-sfarm-host)# predictor leastconnsswitch/C1(config-sfarm-host)# rserver Server1switch/C1(config-sfarm-host-rs)# rserver Server2switch/C1(config-sfarm-host-rs)# rserver Server3switch/C1(config-sfarm-host-rs)# serverfarm host L3_RoundRobinswitch/C1(config-sfarm-host)# rserver Server1switch/C1(config-sfarm-host-rs)# rserver Server2switch/C1(config-sfarm-host-rs)# rserver Server3switch/C1(config-sfarm-host-rs)# inserviceswitch/C1(config-sfarm-host-rs)# serverfarm host L5_ACA.Step 6
(Optional) Save the updated contents of the running- or startup-configuration file as follows:
•
To merge the contents of the startup-config file into the running-config file, use the copy startup-config running-config command.
•
To copy the contents of the running-config file to the startup-config file in Flash memory, use the copy running-config startup-config command.
Proceed to the "Example of a Copied Configuration File for Use By the ACE" section.
Example of a Copied Configuration File for Use By the ACE
After you copy the contents of the converted CSS-to-ACE configuration to the ACE, use the following commands to view the updated content of either the running- or startup-config file:
•
To view the running-config file, use the show running-config command.
•
To view the startup-config file, use the show startup-config command.
The following example is from the show running-config command output. This example includes hypertext cross-references to the applicable chapters in the ACE documentation set that you can refer to for the configuration details. You can click the URLs located above the command output for the configuration details. Use the ACE CLI commands to make modifications to the configuration, as needed.
switch/C1# show running-configGenerating configuration....probe http Server1_PROBErequest method headprobe http Server2_PROBErequest method headprobe http Server3_PROBErequest method headrserver host Server1ip address 10.1.1.1probe Server1_PROBEinservicerserver host Server2ip address 10.1.1.2probe Server2_PROBEinservicerserver host Server3ip address 10.1.1.3probe Server3_PROBEweight 5serverfarm host L3_LeastConnectionspredictor leastconnsrserver Server1rserver Server2rserver Server3serverfarm host L3_RoundRobinrserver Server1rserver Server2rserver Server3inserviceserverfarm host L5_ACArserver Server1rserver Server2rserver Server3serverfarm host L5_WeightedRRrserver Server1rserver Server2rserver Server3class-map match-all L3_LeastConnections_CLASS2 match virtual-address 10.1.1.100 anyclass-map match-all L3_RoundRobin_CLASS2 match virtual-address 10.1.1.100 anyclass-map match-all L5_ACA_CLASS2 match port tcp eq wwwclass-map type http loadbalance match-all L5_ACA_CLASSURL2 match http url /*.htmlclass-map match-all L5_WeightedRR_CLASS2 match port tcp eq wwwclass-map type http loadbalance match-all L5_WeightedRR_CLASSURL2 match http url /*.gifclass-map type management match-any TO-CP-POLICY2 match protocol http any3 match protocol icmp any4 match protocol telnet any5 match protocol snmp any6 match protocol ssh anypolicy-map type management first-match TO-CP-POLICYclass TO-CP-POLICYpermitpolicy-map type loadbalance first-match L3_LeastConnections_POLICYclass class-defaultserverfarm L3_LeastConnectionspolicy-map type loadbalance first-match L3_RoundRobin_POLICYclass class-defaultserverfarm L3_RoundRobinpolicy-map type loadbalance first-match L5_ACA_POLICYclass L5_ACA_CLASSURLserverfarm L5_ACApolicy-map type loadbalance first-match L5_WeightedRR_POLICYclass L5_WeightedRR_CLASSURLserverfarm L5_WeightedRRpolicy-map multi-match POLICYclass L5_WeightedRR_CLASSclass L5_ACA_CLASSclass L3_LeastConnections_CLASSloadbalance vip inserviceloadbalance policy L3_LeastConnections_POLICYloadbalance vip icmp-reply activeclass L3_RoundRobin_CLASSloadbalance vip inserviceloadbalance policy L3_RoundRobin_POLICYloadbalance vip icmp-reply activeinterface vlan 10ip address 192.168.10.50 255.255.255.0service-policy input TO-CP-POLICYservice-policy input POLICYno shutdowndomain foo.comadd-object serverfarm L3_LeastConnectionsadd-object serverfarm L3_RoundRobinadd-object serverfarm L5_ACAadd-object serverfarm L5_WeightedRRadd-object rserver Server1add-object rserver Server2add-object rserver Server3Unsupported CSS Commands
The tool converts the majority of the CSS commands to comparable ACE commands. The converted output includes a list of the commands that are not supported by the tool during the conversion process (Figure 8).
Figure 8 Unsupported CSS Commands Area of the CSS-to-ACE Conversion Tool
![]()
Table 1 summarizes the CSS commands and command options that do not have an equivalent function in the ACE and are not supported by the conversion tool. The unsupported CSS commands are listed by global configuration mode.
Table 1 List of CSS Commands Not Supported in the ACE
CSS CommandGlobal Configuration Mode
bypass persistence
flow permanent port
flow persist-span-ooo
flow set-port-zero
flow-state port_number
flow-state flow-disable timeout
flow tcp-reset-on-vip-unavailable
http-method parse
http-redirect-option
persistence reset, the remap option
restrict ftp
slowstart rate
snmp trap-source
sshd, the server-keybits option
tacacs-server frequency
tcp-ip-fragment-enabled
udp-ip-fragment-enabled
Content Configuration Mode Commands
The following add commands:
•
add dns
•
add location-service
•
add sasp-agent
The following options of the advanced-balance command:
•
cookieurl
•
sip-call-id
•
ssl
•
ssl-l4-fallback
•
url
•
wap-msisdn
The following options of the application command:
•
realaudio-control
•
sip
•
ssl
The following options of the balance command:
•
aca
•
domain
•
url
dnsbalance
dns-disable-local
failover
flow-reset-reject
hotlist
load-threshold
persistent
sticky-serverdown-failover
string-prefix
url eql
url dql
url urql
vip-ping-response
Header-Field Group Configuration Mode
header-field1
Interface Configuration Mode Commands
max-idle
phy 1Gbits-FD-asym
phy 1Gbits-FD-sym
phy 1Gbits-FD-no-pause
Keepalive Configuration Mode Commands
active
suspend
Owner Configuration Mode Commands
The following owner commands:
•
address
•
billing-info
•
case
•
content
•
description
•
dns
•
dnsbalance
•
email-address
Reporter Configuration Mode Commands
All commands
RMON Alarm Configuration Mode Commands
All commands
RMON Event Configuration Mode Commands
All commands
RMON History Configuration Mode Commands
All commands
Service Configuration Mode Commands
access ftp
bypass-hosttag
cache-bypass
compress, the tcp option
ip address, the range number option
keepalive type script
protocol
publisher
string
subscriber
transparent-hosttag
The following options of the type command:
•
nci-direct-return
•
nci-info-only
•
proxy-cache
•
redundancy-up
•
rep-cache-redir
•
rep-store
•
rep-store-redir
SSL-Proxy-List Configuration Mode Commands
ssl-server number http-header
ssl-server number tcp
1 The ACE supports the majority of the field-type variables except for the following selections: custom, msisdn, and request-line. The ACE supports the conversion of the majority of the operator variables except for the not-equal, not-exist and not-contain operators.
ACE Appliance Documentation
You can access the ACE appliance documentation on www.cisco.com at:
http://www.cisco.com/en/US/products/ps7027/tsd_products_support_series_home.html
To familiarize yourself with the ACE appliance, refer to the following documentation:
•
Release Note for the Cisco 4700 Series Application Control Engine Applicance
•
Cisco 4710 Application Control Engine Appliance Hardware Installation Guide
•
Cisco 4700 Series Application Control Engine Appliance Administration Guide
•
Cisco 4700 Series Application Control Engine Appliance Application Acceleration and Optimization Configuration Guide
•
Cisco 4700 Series Application Control Engine Appliance CLI Quick Configuration Guide
•
Cisco 4700 Series Application Control Engine Appliance Command Reference
•
Cisco 4700 Series Application Control Engine Appliance Device Manager GUI Configuration Guide
•
Cisco 4700 Series Application Control Engine Appliance Device Manager GUI Quick Configuration Note
•
Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide
•
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
•
Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide
•
Cisco 4700 Series Application Control Engine Appliance SSL Configuration Guide
•
Cisco 4700 Series Application Control Engine Appliance System Message Guide
•
Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
CCDE, CCVP, Cisco Eos, Cisco StadiumVision, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn is a service mark; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0801R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
Cisco CSS-to-ACE Conversion Tool User Guide
Copyright © 2007, Cisco Systems, Inc. All rights reserved.