Table Of Contents
Obtaining Technical Assistance
Cisco Technical Support Website
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Preface
This preface describes who should read the Catalyst 6500 Series Switch Content Switching Module with SSL Installation and Configuration Note, how it is organized, and its document conventions.
Note Except where specifically differentiated, the term Catalyst 6500 series switches includes both Catalyst 6500 series and Catalyst 6000 series switches.
Note The term SSL daughter card is a Secure Socket Layer (SSL) termination daughter card for the CSM-S that accelerates SSL transactions.
This publication does not contain the instructions to install the Catalyst 6500 series switch chassis. For information on installing the switch chassis, refer to the Catalyst 6500 Series Switch Installation Guide.
Note For translations of the warnings in this publication, see the "Safety Overview" section.
Audience
Only trained and qualified service personnel (as defined in IEC 60950 and AS/NZS3260) should install, replace, or service the equipment described in this publication.
Organization
This publication is organized as follows:
Chapter Title DescriptionChapter 1
Presents an overview of the Catalyst 6500 Series Content Switching Module with SSL (CSM-S).
Chapter 2
Describes how the supported hardware and software for the CSM-S operates on a network.
Chapter 3
Provides quick start guide to content switching on the supported hardware and software for the CSM-S.
Chapter 4
Describes how to set up client and server VLANs for the CSM-S.
Chapter 5
Describes how to configure load balancing on the CSM-S.
Chapter 6
Describes how to configure health monitoring on the CSM-S.
Chapter 7
Describes how to set up the SSL services for the CSM-S.
Chapter 8
Describes how to configure services including keys on the CSM-S.
Chapter 9
Describes how to configure fault tolerance, HSRP, connection redundancy, and hitless upgrades.
Chapter 10
Describes how to configure sticky groups and route health injection (RHI), Global Server Load Balancing (GSLB), and network management.
Chapter 11
Describes how to configure and monitor the health of servers and server farms.
Chapter 12
Describes how to use Toolkit Command Language (TCL) scripts to configure the CSM-S.
Chapter 13
Describes firewalls in a load-balancing configuration with the CSM-S.
Appendix A
Lists sample CSM-S configurations.
Appendix B
Lists SSL configurations for the CSM-S.
Appendix C
Provides troubleshooting information and lists system messages.
Appendix D
Lists CSM-S error messages with explanations about why they occurred and actions required to correct the problem.
Conventions
This publication uses the following conventions:
Notes use the following conventions:
Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the publication.
Tips use the following conventions:
Tip Means the following information will help you solve a problem. The tips information might not be troubleshooting or even an action, but it could be useful information, similar to a Timesaver.
Cautions use the following conventions:
Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data.
Safety Overview
Safety warnings appear throughout this publication in procedures that, if performed incorrectly, may harm you. A warning symbol precedes each warning statement.
Related Documentation
For more detailed installation and configuration information for the Content Switching Module with SSL, refer to the following publications:
•Release Notes for the Catalyst 6500 Series Switch Content Switching Module with SSL
•Catalyst 6500 Series Switch Content Switching Module with SSL Installation Note
•Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference
•Regulatory Compliance and Safety Information for the Catalyst 6500 Series Switches
For more detailed installation and configuration information for SSL services, refer to the following publications:
•Release Notes for Catalyst 6500 Series SSL Services Module Software Release 2.x
•Catalyst 6500 Series Switch SSL Services Module Installation and Verification Note
•Catalyst 6500 Series Switch SSL Services Module Command Reference
•Catalyst 6500 Series Switch SSL Services Module System Messages
For more detailed installation and configuration information, refer to the following publications:
•Catalyst 6500 Series Switch Installation Guide
•Catalyst 6500 Series Switch Quick Software Configuration Guide
•Catalyst 6500 Series Switch Module Installation Guide
•Catalyst 6500 Series Switch Software Configuration Guide
•Catalyst 6500 Series Switch Command Reference
•Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide
•Catalyst 6500 Series Switch Cisco IOS Command Reference
•ATM Software Configuration and Command Reference—Catalyst 5000 Family and Catalyst 6500 Series Switches
•System Message Guide—Catalyst 6500 Series Switches
•For information about MIBs, refer to this URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
•Release Notes for Catalyst 6500 Series Switches and Cisco 7600 Series Router for Cisco IOS Release 12.1(8a)E3
Cisco IOS Configuration Guides and Command References—Use these publications to help you configure the Cisco IOS software that runs on the MSFC and on the MSM and ATM modules.
Obtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/cisco/web/psa/default.html?mode=prod
You can access the Cisco website at this URL:
You can access international Cisco websites at this URL:
http://www.cisco.com/web/siteassets/locator/index.html
Ordering Documentation
You can find instructions for ordering documentation at this URL:
http://www.cisco.com/en/US/ordering/index.shtml
You can order Cisco documentation in these ways:
•Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Ordering tool:
http://www.cisco.com/en/US/ordering/index.shtml
•Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).
Documentation Feedback
You can send comments about technical documentation to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Obtaining Technical Assistance
For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, Cisco Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service contract, contact your reseller.
Cisco Technical Support Website
The Cisco Technical Support Website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, 365 days a year at this URL:
http://www.cisco.com/cisco/web/support/index.html
Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:
http://tools.cisco.com/RPF/register/register.do
Submitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool automatically provides recommended solutions. If your issue is not resolved using the recommended resources, your service request will be assigned to a Cisco TAC engineer. The TAC Service Request Tool is located at this URL:
https://tools.cisco.com/RPF/register/register.do
For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
To open a service request by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553 2447For a complete list of Cisco TAC contacts, go to this URL:
http://www.cisco.com/en/US/support/tsd_contact_technical_support.html
Definitions of Service Request Severity
To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.
Severity 1 (S1)—Your network is "down," or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:
http://www.cisco.com/go/marketplace/
•The Cisco Product Catalog describes the networking products offered by Cisco Systems, as well as ordering and customer support services. Access the Cisco Product Catalog at this URL:
http://www.cisco.com/en/US/ordering/index.shtml
•Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:
•Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:
http://www.cisco.com/web/about/ac123/ac114/about_cisco_packet_magazine.html
•iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions.
•Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:
http://www.cisco.com/web/about/ac123/ac147/about_cisco_the_internet_protocol_journal.html
•World-class networking training is available from Cisco. You can view current offerings at this URL:
http://www.cisco.com/web/learning/index.html
Licenses
This section contains information about software licenses.
Software License Agreement
THIS AGREEMENT IS AVAILABLE IN LANGUAGES OTHER THAN ENGLISH; PLEASE SEE YOUR CISCO SYSTEMS, INC. ("CISCO") RESELLER OR VISIT OUR WEBSITE AT WWW.CISCO.COM. PLEASE READ THIS SOFTWARE LICENSE AGREEMENT CAREFULLY BEFORE DOWNLOADING, INSTALLING OR USING CISCO OR CISCO-SUPPLIED SOFTWARE. BY DOWNLOADING OR INSTALLING THE SOFTWARE, OR USING THE EQUIPMENT THAT CONTAINS THIS SOFTWARE, YOU ARE CONSENTING TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, THEN (A) DO NOT DOWNLOAD, INSTALL OR USE THE SOFTWARE, AND (B) YOU MAY RETURN THE SOFTWARE FOR A FULL REFUND, OR, IF THE SOFTWARE IS SUPPLIED AS PART OF ANOTHER PRODUCT, YOU MAY RETURN THE ENTIRE PRODUCT FOR A FULL REFUND. YOUR RIGHT TO RETURN AND REFUND EXPIRES 30 DAYS AFTER PURCHASE FROM CISCO OR AN AUTHORIZED CISCO RESELLER, AND APPLIES ONLY IF YOU ARE THE ORIGINAL PURCHASER.
The following terms govern your use of the Software except to the extent a particular program (a) is the subject of a separate written agreement with Cisco or (b) includes a separate "click-on" license agreement as part of the installation process.
License. Subject to the terms and conditions of and except as otherwise provided in this Agreement, Cisco Systems, Inc. ("Cisco") and its suppliers grant to Customer ("Customer") a nonexclusive and nontransferable license to use the specific Cisco program modules, feature set(s) or feature(s) for which Customer has paid the required license fees (the "Software"), in object code form only. In addition, the foregoing license shall also be subject to each of the following limitations:
•Unless otherwise expressly provided in the documentation, Customer shall use the Software solely as embedded in, for execution on, or (where the applicable documentation permits installation on non-Cisco equipment) for communication with Cisco equipment owned or leased by Customer;
•Customer's use of the Software shall be limited to use on a single hardware chassis, on a single central processing unit, as applicable, or use on such greater number of chassis or central processing units as Customer may have paid Cisco the required license fee; and
•Customer's use of the Software shall also be limited as applicable to the number of issued and outstanding IP addresses, central processing unit performance, number of ports, and any other restrictions set forth in Cisco's product catalog for the Software.
NOTE: For evaluation or beta copies for which Cisco does not charge a license fee, the above requirement to pay a license fee does not apply.
General Limitations. Except as otherwise expressly provided under this Agreement, Customer shall have no right, and Customer specifically agrees not to: (i) transfer, assign or sublicense its license rights to any other person, or use the Software on unauthorized or secondhand Cisco equipment, and any such attempted transfer, assignment or sublicense shall be void; (ii) make error corrections to or otherwise modify or adapt the Software or create derivative works based upon the Software, or to permit third parties to do the same; or (iii) decompile, decrypt, reverse engineer, disassemble or otherwise reduce the Software to human-readable form to gain access to trade secrets or confidential information in the Software. To the extent required by law, at Customer's request, Cisco shall provide Customer with the interface information needed to achieve interoperability between the Software and another independently created program, on payment of Cisco's applicable fee. Customer shall observe strict obligations of confidentiality with respect to such information.
Upgrades and Additional Copies. For purposes of this Agreement, "Software" shall include (and the terms and conditions of this Agreement shall apply to) any upgrades, updates, bug fixes or modified versions (collectively, "Upgrades") or backup copies of the Software licensed or provided to Customer by Cisco or an authorized distributor for which Customer has paid the applicable license fees. NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT: (1) CUSTOMER HAS NO LICENSE OR RIGHT TO USE ANY SUCH ADDITIONAL COPIES OR UPGRADES UNLESS CUSTOMER, AT THE TIME OF ACQUIRING SUCH COPY OR UPGRADE, ALREADY HOLDS A VALID LICENSE TO THE ORIGINAL SOFTWARE AND HAS PAID THE APPLICABLE FEE FOR THE UPGRADE; (2) USE OF UPGRADES IS LIMITED TO CISCO EQUIPMENT FOR WHICH CUSTOMER IS THE ORIGINAL END USER PURCHASER OR LESSEE OR WHO OTHERWISE HOLDS A VALID LICENSE TO USE THE SOFTWARE WHICH IS BEING UPGRADED; AND (3) USE OF ADDITIONAL COPIES IS LIMITED TO BACKUP PURPOSES ONLY.
Proprietary Notices. Customer agrees to maintain and reproduce all copyright and other proprietary notices on all copies, in any form, of the Software in the same form and manner that such copyright and other proprietary notices are included on the Software. Except as expressly authorized in this Agreement, Customer shall not make any copies or duplicates or any Software without the prior written permission of Cisco. Customer may make such backup copies of the Software as may be necessary for Customer's lawful use, provided Customer affixes to such copies all copyright, confidentiality, and proprietary notices that appear on the original.
Protection of Information. Customer agrees that aspects of the Software and associated documentation, including the specific design and structure of individual programs, constitute trade secrets and/or copyrighted material of Cisco. Customer shall not disclose, provide, or otherwise make available such trade secrets or copyrighted material in any form to any third party without the prior written consent of Cisco. Customer shall implement reasonable security measures to protect such trade secrets and copyrighted material. Title to Software and documentation shall remain solely with Cisco.
Limited Warranty. If Customer obtained the Software directly from Cisco, then Cisco warrants that during the Warranty Period (as defined below): (i) the media on which the Software is furnished will be free of defects in materials and workmanship under normal use; and (ii) the Software will substantially conform to its published specifications. The "Warranty Period means a period beginning on the date of Customer's receipt of the Software and ending on the later of (a) ninety (90) days from the date of initial shipment of the Software by Cisco, or (b) the end of the minimum period required by the law of the applicable jurisdiction. In addition, Cisco may provide an additional limited Year 2000 warranty for the Software; information regarding this warranty and its applicability to the Software may be found at the web site address www.cisco.com/warp/public/779/smbiz/service/y2k/y2k_comp.htm. The limited warranties extend only to Customer as the original licensee. Customer's sole and exclusive remedy and the entire liability of Cisco and its suppliers under these limited warranties will be, at Cisco or its service center's option, repair, replacement, or refund of the Software if reported (or, upon request, returned) to Cisco or its designee. Except as expressly granted in this Agreement, the Software is provided AS IS. Cisco does not warrant that the Software is error free or that Customer will be able to operate the Software without problems or interruptions. In addition, due to the continual development of new techniques for intruding upon and attacking networks, Cisco does not warrant that the Software or any equipment, system or network on which the Software is used will be free of vulnerability to intrusion or attack. This warranty does not apply if the Software (a) is licensed for beta, evaluation, testing or demonstration purposes for which Cisco does not receive a license fee, (b) has been altered, except by Cisco, (c) has not been installed, operated, repaired, or maintained in accordance with instructions supplied by Cisco, (d) has been subjected to abnormal physical or electrical stress, misuse, negligence, or accident, or (e) is used in ultrahazardous activities. If Customer obtained the Software from a Cisco reseller, the terms of any warranty shall be as provided by such distributor, and Cisco provides Customer no warranty with respect to such Software.
Disclaimer of Warranties. EXCEPT AS SPECIFIED IN THIS WARRANTY, ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, SATISFACTORY QUALITY OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE, ARE HEREBY EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW. TO THE EXTENT AN IMPLIED WARRANTY CANNOT BE EXCLUDED, SUCH WARRANTY IS LIMITED IN DURATION TO THE WARRANTY PERIOD. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM JURISDICTION TO JURISDICTION. Disclaimer of Liabilities. IN NO EVENT WILL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY LOST REVENUE, PROFIT, OR DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE THE SOFTWARE EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In no event shall Cisco's or its suppliers' liability to Customer, whether in contract, tort (including negligence), or otherwise, exceed the price paid by Customer. The foregoing limitations shall apply even if the above-stated warranty fails of its essential purpose. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.
Term and Termination. This Agreement is effective until terminated. Customer may terminate this Agreement at any time by destroying all copies of Software including any documentation. Customer's license rights under this Agreement will terminate immediately without notice from Cisco if Customer fails to comply with any provision of this Agreement. Upon termination, Customer must destroy all copies of Software in its possession or control.
Customer Records. Customer grants to Cisco and its independent accountants the right to examine Customer's books, records and accounts during Customer's normal business hours to verify compliance with this Agreement.In the event such audit discloses non-compliance with this Agreement, Customer shall promptly pay to Cisco the appropriate licensee fees.
Export. Software, including technical data, may be subject to U.S. export control laws, including the U.S. Export Administration Act and its associated regulations, and may be subject to export or import regulations in other countries. Customer agrees to comply strictly with all such regulations and acknowledges that it has the responsibility to obtain licenses to export, re-export, or import Software.
Restricted Rights. Cisco's commercial software and commercial computer software documentation is provided to United States Government agencies in accordance with the terms of this Agreement, and per subparagraph "(c)" of the "Commercial Computer Software - Restricted Rights" clause at FAR 52.227-19 (June 1987). For DOD agencies, the restrictions set forth in the "Technical Data-Commercial Items" clause at DFARS 252.227-7015 (Nov 1995) shall also apply. General. This Agreement shall be governed by and construed in accordance with the laws of the State of California, United States of America, as if performed wholly within the state and without giving effect to the principles of conflict of law. If any portion hereof is found to be void or unenforceable, the remaining provisions of this Agreement shall remain in full force and effect. Cisco hereby specifically disclaims the UN Convention on Contracts for the International Sale of Goods. Except as expressly provided herein, this Agreement constitutes the entire agreement between the parties with respect to the license of the Software and supercedes any conflicting or additional terms contained in the purchase order.