Table Of Contents
show statistics service-router
show statistics transaction-logs
shutdown (interface configuration)
web-engine (EXEC configuration)
web-engine (global configuration)
VDS-OS Software Commands
This chapter contains an alphabetical listing of all the commands in VDS-OS software. The VDS-OS software CLI is organized into the following command modes:
•
EXEC mode—For setting, viewing, and testing system operations. It is divided into two access levels, user and privileged. To use the privileged access level, enter the enable command at the user access level prompt and then enter the privileged EXEC password when you see the password prompt.
•
Global configuration (config) mode—For setting, viewing, and testing the configuration of VDS-OS software features for the entire device. To use this mode, enter the configure command from privileged EXEC mode.
•
Interface configuration (config-if) mode—For setting, viewing, and testing the configuration of a specific interface. To use this mode, enter the interface command from global configuration mode.
•
Other configuration modes—Several configuration modes are available from the global configuration mode for managing specific features. The commands used to access these modes are marked with a footnote in Table 2-1.
See the "Using Command Modes" section for a complete discussion of using CLI command modes.
Table 2-1 summarizes the VDS-OS commands and indicates the command mode for each command. The same command may have different effects when entered in a different command mode, and for this reason, they are listed and documented separately. In Table 2-1, when the first occurrence is entered in EXEC mode, the second occurrence is entered in global configuration mode. When the first occurrence is entered in global configuration mode, the second occurrence is entered in interface configuration mode.
The VDS-OS software device mode determines whether the VDS-OS device is functioning as a Service Engine (SE), Virtual Origin System Manager (VOSM), or Service Router (SR). The commands available from a specific CLI mode are determined by the VDS-OS device mode in effect. Table 2-1 also indicates the device mode for each command. All indicates that the command is available for every device mode.
access-lists
To configure access control list (ACL) entries, use the access-lists command in global configuration mode. To remove access control list entries, use the no form of this command.
access-lists {300 {deny groupname {any [position number] | groupname [position number]}} | {permit groupname {any [position number] | groupname [position number]}} | enable}
no access-lists {300 {deny groupname {any [position number] | groupname [position number}} | {permit groupname {any [position number] | groupname [position number]}} | enable}
Syntax Description
Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
You can configure group authorization using an ACL only after a user has been authenticated against a Lightweight Directory Access Protocol (LDAP) HTTP-request Authentication Server. The use of this list configures group privileges when members of the group are accessing content provided by an SE. You can use the ACL to allow the users who belong to certain groups or to prevent them from viewing specific content. This authorization feature offers more granular access control by specifying that access is only allowed to specific groups.
Use the access-lists enable global configuration command to enable the use of the ACL.
Use the access-lists 300 command to permit or deny a group from accessing the Internet using an SE. For instance, use the access-lists 300 deny groupname marketing command to prevent any user from the marketing group from accessing content through an SE.
At least one login authentication method, such as local, TACACS+, or RADIUS, must be enabled.
![]()
Note
We recommend that you configure the local login authentication method as the primary method.
The ACL contains the following feature enhancements and limitations:
•
A user can belong to several groups.
•
A user can belong to an unlimited number of groups within group name strings.
•
A group name string is a case-sensitive string with mixed-case alphanumeric characters.
•
Each unique group name string cannot exceed 128 characters.
![]()
Note
If the unique group name string is longer than 128 characters, the group is ignored.
•
Group names in a group name string are separated by a comma.
•
Total string of individual group names cannot exceed 750 characters.
For Windows-based user groups, append the domain name in front of the group name in the form domain or group as follows:
For Windows NT-based user groups, use the domain NetBIOS name.
Wildcards
The access-list command does not use a netmask; it uses a wildcard bitmask. The source and destination IP and wildcard usage is as follows:
•
source_ip—Number of the network or host from which the packet is being sent. There are three alternative ways to specify the source:
–
Use a 32-bit quantity in four-part dotted decimal format.
–
Use the any keyword => source and source-wildcard of 0.0.0.0 255.255.255.255.
–
Use the host keyword => specific source and source_wildcard equal 0.0.0.0.
•
source-wildcard—Wildcard bits to be applied to source. Each wildcard bit set to 0 indicates the corresponding bit position in the source. Each wildcard bit set to 1 indicates that both a 0 bit and a 1 bit in the corresponding position of the IP address of the packet is considered a match to this access list entry.
To specify the source wildcard, use a 32-bit quantity in four-part dotted decimal format. Place 1s in the bit positions you want to ignore.
![]()
Note
Wildcard bits set to 1 need not be contiguous in the source wildcard. For example, a source wildcard of 0.255.0.64 would be valid.
Examples
The following example shows how to display the configuration of the ACL by using the show access-lists 300 command:
ServiceEngine# show access-lists 300Access Control List Configuration---------------------------------Access Control List is enabledGroupname-based List (300)1. permit groupname techpubs2. permit groupname acme13. permit groupname engineering4. permit groupname sales5. permit groupname marketing6. deny groupname anyThe following example shows how to display statistical information for the ACL by using the show statistics access-lists 300 command:
ServiceEngine# show statistics access-lists 300Access Control Lists Statistics-----------------------------------------Groupname and username-based List (300)Number of requests: 1Number of deny responses: 0Number of permit responses: 1The following example shows how to reset the statistical information for the ACL by using the clear statistics access-lists 300 command:
ServiceEngine# clear statistics access-lists 300ServiceEngine(config)# access-lists 300 permit groupname acme1 position 2Related Commands
Command Descriptionshow access-lists 300
Displays the ACL configuration.
show statistics access-list 300
Displays the ACL statistics.
alarm
To configure alarms, use the alarm command in global configuration mode. To disable alarms, use the no form of this command.
alarm {admin-shutdown-alarm enable | overload-detect {clear 1-999 [raise 10-1000] | enable | raise 10-1000 [clear 1-999]}}
no alarm {admin-shutdown-alarm enable | overload-detect {clear 1-999 [raise 10-1000] | enable | raise 10-1000 [clear 1-999]}}
Syntax Description
Defaults
admin-shutdown-alarm: disabled
raise: 10 alarms per second
clear: 1 alarm per second
Command Modes
Global configuration (config) mode.
Usage Guidelines
The alarm admin-shutdown-alarm command must be enabled for an admin-shutdown alarm to take effect. If an admin-shutdown alarm occurs, disabling this option does not clear the outstanding alarm properly. There are two ways to avoid this situation:
•
Clear the outstanding admin-shutdown alarm first before disabling this option.
•
Disable this option and reboot, which clears this alarm.
When multiple applications running on an SE experience problems at the same time, numerous alarms are set off simultaneously, and an SE may stop responding. Use the alarm overload-detect command to set an overload limit for the incoming alarms from the node Health Manager. If the number of alarms exceeds the maximum number of alarms allowed, an SE enters an alarm overload state until the number of alarms drops down to the number defined in the clear.
When an SE is in the alarm overload state, the following events occur:
•
Alarm overload notification is sent to SNMP and the CMS. The clear and raise values are also communicated to SNMP and the CMS.
•
SNMP traps and CMS notifications for subsequent alarm raise and clear operations are suspended.
•
Alarm overload clear notification is sent.
•
SE remains in the alarm overload state until the rate of incoming alarms decreases to the clear value.
![]()
Note
In the alarm overload state, applications continue to raise alarms and the alarms are recorded within an SE. The show alarms and show alarms history command in EXEC configuration modes display all the alarms even in the alarm overload state.
Examples
The following example shows how to generate a linkdown alarm when an interface shuts down:
ServiceEngine(config)# alarm admin-shutdown-alarm enable
The following example shows how to enable the detection of alarm overload:
ServiceEngine(config)# alarm overload-detect enableThe following example shows how to set the threshold for triggering the alarm overload at 100 alarms per second:
ServiceEngine(config)# alarm overload-detect raise 100The following example shows how to set the level for clearing the alarm overload at 10 alarms per second:
ServiceEngine(config)# alarm overload-detect clear 10Related Commands
Command Descriptionshow alarms
Displays information on various types of alarms, their status, and history.
show alarm status
Displays the status of various alarms and alarm overload settings.
asset
To configure the CISCO-ENTITY-ASSET-MIB, use the asset command in global configuration mode. To remove the asset tag name, use the no form of this command.
asset tag name
no asset tag name
Syntax Description
Defaults
None
Command Modes
Global configuration (config) mode.
Examples
The following example shows how to configure a tag name for the asset tag string:
ServiceEngine(config)# asset tag entitymibbanner
To configure the EXEC, login, and message-of-the-day (MOTD) banners, use the banner command in global configuration mode. To disable the banner feature, use the no form of this command.
banner {enable | exec {message line | message_text} | login {message line | message_text} | motd {message line | message_text}}
no banner {enable | exec [message] | login [message] | motd [message]}
Syntax Description
Defaults
Banner support is disabled by default.
Command Modes
Global configuration (config) mode.
Usage Guidelines
You can configure the following three types of banners in any VDS-OS software device mode:
•
MOTD banner sets the message of the day. This message is the first message that is displayed when a login is attempted.
•
Login banner is displayed after the MOTD banner but before the actual login prompt appears.
•
EXEC banner is displayed after the EXEC CLI shell has started.
![]()
Note
All these banners are effective on a console, Telnet, or a Secure Shell (SSH) Version 2 session.
After you configure the banners, enter the banner enable command to enable banner support on the SE. Enter the show banner command in EXEC configuration mode to display information about the configured banners.
![]()
Note
When you run an SSH Version 1 client and log in to the SE, the MOTD and login banners are not displayed. You need to use SSH Version 2 to display the banners when you log in to the SE.
Examples
The following example shows how to enable banner support on the SE:
ServiceEngine(config)#
banner enableThe following example shows how to use the banner motd message command to configure the MOTD banner. In this example, the MOTD message consists of a single line of text.
ServiceEngine(config)#
banner motd message This is a VDS-OS 2.3 deviceThe following example shows how to use the banner motd message global command to configure a MOTD message that is longer than a single line. In this case, the SE translates the \n portion of the message to a new line when the MOTD message is displayed to the user.
ServiceEngine(config)#
banner motd message "This is the motd message. \nThis is a VDS-OS 2.3 device\n"The following example shows how to use the banner login message command to configure a MOTD message that is longer than a single line. In this case, SE A translates the \n portion of the message to a new line in the login message that is displayed to the user.
ServiceEngine(config)#
banner login message "This is login banner. \nUse your password to login\n"The following example shows how to use the banner exec command to configure an interactive banner. The banner exec command is similar to the banner motd message commands except that for the banner exec command, the banner content is obtained from the command-line input that the user enters after being prompted for the input.
ServiceEngine(config)# banner execPlease type your MOTD messages below and end it with '.' at beginning of line:(plain text only, no longer than 980 bytes including newline)This is the EXEC banner.\nUse your VDS-OS username and password to log in to this SE.\n.Message has 99 characters.ServiceEngine(config)#Assume that the SE has been configured with the MOTD, login, and EXEC banners as shown in the previous examples. When a user uses an SSH session to log in to the SE, the user sees a login session that includes a MOTD banner and a login banner that asks the user to enter a login password as follows:
This is the motd banner.
This is a VDS-OS 2.3 device
This is login banner.
Use your password to login.Cisco SE
admin@ce's password:
After the user enters a valid login password, the EXEC banner is displayed, and the user is asked to enter the VDS-OS username and password as follows:
Last login: Fri Oct 1 14:54:03 2004 from client
System Initialization Finished.
This is the EXEC banner.
Use your VDS-OS username and password to log in to this SE.After the user enters a valid VDS-OS username and password, the SE CLI is displayed. The CLI prompt varies depending on the privilege level of the login account. In the following example, because the user entered a username and password that had administrative privileges (privilege level of 15), the EXEC configuration mode CLI prompt is displayed:
ServiceEngine#
Related Commands
blink
To identify physical devices by blinking their LED(s), use the blink command in EXEC configuration mode.
blink {disk name | interface {GigabitEthernet slot/port_num | TenGigabitEthernet slot/port_num}}
Syntax Description
Command Default
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The blink disk command submits IO to a disk, do not use this command in systems with live traffic.
Examples
The following example shows how to blink a disk:
ServiceRouter# blink disk disk00
Blinking disk00 LED for 3 secondsThe following example shows how to blink a GigabitEthernet interface:
ServiceRouter# blink interface gigabitEthernet 1/0
Blinking eth0 LED for 3 secondscache
To restrict the maximum number of contents in the VDS-OS, use the cache command in global configuration mode.
cache content {eviction-preferred-size {small | large} | eviction-protection {min-size-100MB {min-duration-1hr | min-duration-2hr | min-duration-3hr | min-duration-4hr}| min-size-1GB {min-duration-1hr | min-duration-2hr | min-duration-3hr | min-duration-4hr} | min-size-4GB {min-duration-1hr | min-duration-2hr | min-duration-3hr | min-duration-4hr} | min-size-500MB {min-duration-1hr | min-duration-2hr | min-duration-3hr | min-duration-4hr}}| max-cached-entries num
Syntax Description
Defaults
The max-cached-entries default is 2000000 entries.
Command Modes
Global configuration (config) mode.
Usage Guidelines
The cache command is not supported in VDS-OS 2.0.
The Content Manager manages the caching, storage, and deletion of content.
Current priority favors small objects. The cache content eviction-preferred size command allows users to configure a preference for small or large objects in the Content Manager. Once a preference is specified, it only applies on contents made after the configurative; contents prior to configuration remain unchanged.
Addition and Deletion Processes
Previously, the VDS-OS software did not restrict adding new content to CDNFS as long as there was enough disk space for the asset. The cache content max-cached-entries command restricted the number of assets, but it was not a hard limit. New content was always added and the VDS-OS would delete old content in an attempt to keep within the limits configured. The VDS-OS could actually have more content than the configured limit, because the process to delete content is slower than the process to add content. The same situation applies to disk-usage based deletion, where deletion occurs when 90 percent of the CDNFS is used.
Content addition stops at 105 percent of the maximum object count or 95 percent of the CDNFS capacity (disk usage). For example, if the maximum number of objects has been configured as 20 million (which is the default value), the VDS-OS starts deleting content if the object count reaches 20 million, but adding content is still allowed. Adding content stops when the maximum number of content objects reaches 21 million (105 percent of 20 million), which allows time for the content deletion process to reduce the number of objects in the VDS-OS to the configured limit. Adding content resumes only after the number of objects is 20 million or less. The same logic applies to disk usage. The deletion process starts when disk usage reaches 93 percent, adding content stops when disk usage reaches 98 percent, and adding content resumes only after the disk usage percentage reaches 95 percent or less.
![]()
Note
We recommend that any content delivery engine (CDE) model that has hard-disk drives (HDDs) (instead of solid-state drives [SDDs]), and is used to stream ABR content, be configured with a maximum of 5 million objects instead of the default of 20 million. This is because HDD-based hardware requires more seek time to access content. The software can handle 20 million objects, but the hard-drive access time impacts the ABR streaming performance. ABR content consists of a large number of small files, which results in a lot of overhead.
If adding content has been stopped because either the content count reached 105 percent of the limit or the disk usage reached 98 percent of capacity, the un-writable flag is set in the share memory and when the protocol engine calls create, FastCAL library looks into the share memory and denies the creation request. The protocol engine performs a bypass or cut-through operation.
The show cdnfs usage command shows the current status of whether the content is able to be cached or not. Following is an example of the output:
ServiceEngine# show cdnfs usage
Total number of CDNFS entries : 2522634Total space : 4656.3 GBTotal bytes available : 4626.0 GBTotal cache size : 2.4 GBTotal cached entries : 2522634Cache-content mgr status : CacheableUnits: 1KB = 1024B; 1MB = 1024KB; 1GB = 1024MBIf the maximum object count is reached, the following is displayed:
Cache-content mgr status: Not cacheable on the following disk(s): [/disk00-06] [/disk01-06] [/disk02-01]105% of max obj count reached : [/disk00-06] [/disk01-06] [/disk02-01]If the disk usage reaches more than 98 percent, the following is displayed:
Cache-content mgr status: Not cacheable on the following disk(s): [/disk01-06] [/disk02-01]98% of disk usage reached: [/disk01-06] [/disk02-01]Eviction Protection
The Content Manager provides configurable eviction protection for some content. The Content Manager eviction algorithm is triggered when the disk usage reaches 93 percent or when the cached object count reaches the configured maximum object count. The eviction algorithm assigns a priority number to each content object based on an algorithm similar to the greedy-dual-size-frequency (GDSF) algorithm. The priority number is based on the size and usage of the object. Small objects are given preference over large objects; that is, they are less likely to be deleted.
To protect incoming large objects from getting a low priority and being deleted, use the cache content eviction-protection global configure command. The cache content eviction-protection command allows you to set the minimum content size (100 MB, 500 MB, 1 GB, and 4 GB) and the minimum age (1-4 hours for 100 MB size, 1, 4, 8, or 24 hours for all other sizes) of the content object to be protected from deletion. For example, to set the eviction protection for content objects larger than 100 MB that were ingested in the last two hours, you would enter the following command:
ServiceEngine(config)# cache content eviction-protection min-size-100MB min-duration-2hrs
If the content object being cached is larger than the configured size, it is inserted into a protection table along with the current time stamp. If the difference between the object's time stamp and the current time is greater than the configured time duration, the object is removed from the protection table. If the eviction algorithm is triggered, before it selects an object for deletion, it first looks at the protection table, and if the object is found, it is skipped for that iteration. The clear-cache-content command also checks the protection table before deleting an object. The clear-cache-all command does not check the eviction protection table; cache content is just deleted. As for relative cache content, content in the protection table might still be deleted if the relative content that is not protected is deleted. The eviction protection is disabled by default.
If the Content Manager eviction algorithm is not able to find any content to delete, a syslog message is sent to notify the administrator to revisit the configuration. Changing the settings of the cache content eviction-protection command only affect the content that are currently in the protection table and any new content that is added. Any object that is removed from the protection table prior to the configuration change is not brought back into the protection table.
Reloading the SE or entering the no cache content eviction-protection min-size-xx duration-xx command removes all entries in the eviction protection table.
![]()
Note
Changing the time on the SE affects the Content Manager eviction process. If the time is set forward, content is deleted sooner than expected. If the time is set back, content is protected longer.
The show content command displays the eviction protection status and the number of elements in the eviction protection table.
![]()
Note
The cache command is not supported in VDS-OS 2.0.
Examples
The following example shows how to configure the cache content:
ServiceEngine# cache content max-cached-entries 1000The show cdnfs usage command shows the current status of whether the content is able to be cached or not. Following is an example of the output:
# show cdnfs usageTotal number of CDNFS entries : 2522634Total space : 4656.3 GBTotal bytes available : 4626.0 GBTotal cache size : 2.4 GBTotal cached entries : 2522634Cache-content mgr status : CacheableUnits: 1KB = 1024B; 1MB = 1024KB; 1GB = 1024MBIf the maximum object count is reached, the following is displayed:
Cache-content mgr status : caching paused[ max count 105% of configured reached ]If the disk usage reaches more than 95 percent, the following is displayed:
Cache-content mgr status : caching paused[ disk max 95% of disk usage reached ]![]()
Note
When the VDS-OS is started or the cache Content Manager is restarted, it performs a scan of the entire CDNFS. During this period, the deletion starts at 94 percent (not 90 percent) and adding content stops at 95 percent.
Related Commands
capture-controller
To enables/disables debugging for specific capture-controller modules, use the capture-controller command in EXEC configuration mode.
capture-controller {debug module {all | app | http-client | httpsession-mgr | none | parser | scheduler} undebug module {app | http-client | httpsession-mgr | parser | scheduler}}
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
When debug capturecontroller trace is turned on, the CLI helps limit the volume of logs to specific modules of interest. It is recommended to keep "app" and "scheduler" modules turned on.
Examples
The following example shows how to disable debugging for all modules:
ServiceEngine# capture-controller debug-module none
ServiceEngine#
cd
To change from one directory to another directory, use the cd command in EXEC configuration mode.
cd directoryname
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use this command to maneuver between directories and for file management. The directory name becomes the default prefix for all relative paths. Relative paths do not begin with a slash (/). Absolute paths begin with a slash (/).
Examples
The following example shows how to use a relative path:
ServiceEngine(config)# cd local1The following example shows how to use an absolute path:
ServiceEngine(config)# cd /local1Related Commands
cdnfs
To browse the CDS network file system (CDNFS), use the cdnfs browse command in EXEC configuration mode.
cdnfs {browse | cleanup {info | start force | stop}}
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The CDNFS stores the prepositioned VDS-OS network content to be delivered by all supported protocols.
Use the cdnfs browse command to browse the CDNFS directories and files. It does not display cached content for the Web Engine. It only caches content for Windows Media Streaming and displays prefetched content. To display cached content, use the show cache content command.
ServiceEngine# cdnfs browse------ CDNFS interactive browsing ------dir, ls: list directory contentscd,chdir: change current working directoryinfo: display attributes of a filemore: page through a filecat: display a fileexit,quit: quit CDNFS browse shell/>dirwww.gidtest.com//>cd www.gidtest.com/www.gidtest.com/>dir764 Bytes index.html/www.gidtest.com/>info index.htmlCDNFS File Attributes:Status 3 (Ready)File Size 764 BytesStart Time nullEnd Time nullLast-modified Time Sun Sep 9 01:46:40 2001Internal path to data file: /disk06-00/d/www.gidtest.com/05/05d201b7ca6fdd41d491eaec7cfc6f14.0.data.htmlnote: data file actual last-modified time: Tue Feb 15 00:47:35 2005/www.gidtest.com/>Because the CDNFS is empty in this example, the ls command does not show any results. Typically, if the CDNFS contains information, it lists the websites as directories, and file attributes and content could be viewed using these subcommands.
The cdnfs cleanup command, which is used to cleanup unwanted entries in CDNFS, is deprecated in Release 2.6. in the following manner. When an SE is removed from a delivery service, the Content Manager removes all cache content for that delivery service. All prefetched content for that delivery service is removed by the Acquisition and Distribution process. However, if the Acquisition and Distribution process fails because of an SE being offline or for any other reason, then the cdnfs cleanup command is still required to remove the prefetched content.
In certain cases, the Acquirer is not notified by the Centralized Management System (CMS) about deleted channels, and it fails to clear all unified name space (UNS) content. In such cases, the cdnfs cleanup command can be used to clean up all UNS content associated with deleted channels.
![]()
Note
You can use the cdnfs cleanup start command to clean up the orphan content. The orphan content is content that is not associated with any channel to which the SE is subscribed.
The cdnfs database recover command must be run when the cdnfs_db_corrupt alarm is raised. This alarm is raised when the Total Cached entries is more than Total CDNFS entries in the output for the show cdnfs usage command:
ServiceEngine# show cdnfs usage
Total number of CDNFS entries : 202Total space : 5037.9 GBTotal bytes available : 5019.5 GBTotal cache size : 21.0 GBTotal cached entries : 218Cache-content mgr status : CacheableUnits: 1KB = 1024B; 1MB = 1024KB; 1GB = 1024MBThis occurs generally when an internal bookkeeping file is corrupted. With the server in the offloading status, enter the cdnfs database recover command to remove this inconsistency, then reload the server.
Examples
The following example shows the output of the cdnfs cleanup info command:
ServiceEngine# cdnfs cleanup info
Gathering cleanup information. This may take some time....(Use Ctrl+C or 'cdnfs cleanup stop' to interrupt)..............................Summary of garbage resource entries found-------------------------------------------Number of entries : 605Size of entries (KB) : 60820911The following example shows the output for the cdnfs database recover command:
ServiceEngine# cdnfs database recover
CDNFS database inconsistency issue found.CDNFS database recovery operation would impact existing and new client sessions.Recovering database would need device in offloaded state.Do you want to recover the CDNFS database now (y/n)?yRecovering CDNFS database. It may take few minutes.Please wait...CDNFS database recovery is complete. Please reload the device now.ServiceEngine# reload
Proceed with reload? [confirm] yes
Shutting down all services, will timeout in 15 minutes.reload in progress...Related Commands
Command Descriptionshow cdnfs
Displays the CDS network file system information.
show statistics cdnfs
Displays the SE CDS network file system statistics.
cdn-select
To enable the Content Delivery Network (CDN) selector, use the cdnfs browse command in EXEC configuration mode.
cdn-select enable
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
T
The following example shows the output of the cdnfs cleanup info command:
ServiceEngine# cdnfs cleanup info
Gathering cleanup information. This may take some time....(Use Ctrl+C or 'cdnfs cleanup stop' to interrupt)..............................Summary of garbage resource entries found-------------------------------------------Number of entries : 605Size of entries (KB) : 60820911The following example shows the output for the cdnfs database recover command:
ServiceEngine# cdnfs database recover
CDNFS database inconsistency issue found.CDNFS database recovery operation would impact existing and new client sessions.Recovering database would need device in offloaded state.Do you want to recover the CDNFS database now (y/n)?yRecovering CDNFS database. It may take few minutes.Please wait...CDNFS database recovery is complete. Please reload the device now.ServiceEngine# reload
Proceed with reload? [confirm] yes
Shutting down all services, will timeout in 15 minutes.reload in progress...Related Commands
Command Descriptionshow cdnfs
Displays the CDS network file system information.
show statistics cdnfs
Displays the SE CDS network file system statistics.
clear ip
To clear the IP configuration, use the clear ip command in EXEC configuration mode.
clear ip access-list counters [standard_acl-num | extended_acl_num | acl-name]
Syntax Description
Command Default
None
Command Modes
EXEC configuration mode.
Examples
The following example shows how to clear IP counters:
ServiceRouter# clear ip countersServiceRouter#Related Commands
Command Descriptionshow ip bgp summary
Displays the status of all Border Gateway Protocol (BGP) connections.
clear ipv6
To clear the IPv6 ACL counters, use the clear ipv6 command in EXEC configuration mode.
clear ipv6 access-list counters [standard_acl-num | extended_acl_num | acl_name]
Syntax Description
Defaults
No
Command Modes
EXEC configuration mode.
Examples
The following example shows how to clear IPv6 ACL counters:
ServiceRouter# clear ipv6 access-list counters 99ServiceRouter#Related Commands
Command Descriptionipv6
Specifies the default gateway's IPv6 address.
show ipv6
Displays the IPv6 information.
traceroute6
Traces the route to a remote IPv6-enabled host.
clear logging
To clear the syslog messages saved in the disk file, use the clear logging command in EXEC configuration mode.
clear logging
Syntax Description
This command has no keywords or arguments.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The clear logging command removes all current entries from the syslog.txt file, but does not make an archive of the file. It puts a "Syslog cleared" message in the syslog.txt file to indicate that the syslog has been cleared, as shown in the following example:
Feb 14 12:17:18 ServiceEngine# exec_clear_logging:Syslog clearedExamples
The following example shows how to clear the syslogs:
ServiceRouter# clear logging
U11-CDE220-2#clear service-router
To clear the Service Router cache, use the clear service-router command in EXEC configuration mode.
clear service-router
Syntax Description
This command has no keywords.
Defaults
Clears the cache for all proximity ratings.
Command Modes
EXEC configuration mode.
Usage Guidelines
The clear service-router command is used to force clear cache.
Examples
The following example shows how to clear the Service Router.
ServiceRouter# clear service-router
ServiceRouter#Related Commands
clear ssh-key
To clear the Secure Shell (SSH) key for a remote host, use the clear ssh-key command in EXEC configuration mode.
clear ssh-key line
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Examples
The following example shows how to clear the ssh key for a remote host:
ServiceEngine# clear ssh-key lineServiceEngine#Related Commands
clear statistics
To clear the statistics, use the clear statistics command in EXEC configuration mode.
On the SE:
clear statistics {access-lists 300 | admission | all | history | icap | icmp | icmpv6 | ip | radius | running | snmp | tacacs | tcp | transaction-logs | udp | vos | web-engine [force]}
On the SR:
clear statistics {all | history | http requests | icmp | icmpv6 | ip | radius | running | service-router | snmp | tacacs | tcp | udp}
On the VOSM:
clear statistics {all | history | icmp | icmpv6 | ip | radius | running | snmp | tacacs | tcp | udp}
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The clear statistics command clears all statistical counters from the parameters given. Use this command to monitor fresh statistical data for some or all features without losing cached objects or configurations.
The clear statistics web-engine and clear statistics all commands clear only normal statistics, not the Web Engine statistics details. To clear all Web Engine statistics, use the clear statistics web-engine force command.
![]()
Note
The clear statistics web-engine and clear statistics all commands clear only normal statistics, not the Web Engine statistics details. To clear all Web Engine statistics, use the clear statistics web-engine force command. We do not recommend using the clear statistics web-engine force command, but if it is used, restart the Web Engine service by entering the web-engine stop and web-engine start commands.
Examples
The following example shows how to clear all statistics on the Service Router:
ServiceRouter# clear statistics all
ServiceRouter#Related Commands
clear transaction-log
To clear and archive the working transaction log files, use the clear transaction-log command in EXEC configuration mode.
clear transaction-log
Syntax Description
This command has no keywords or arguments.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The clear transaction-log command causes the transaction log to be archived immediately to the SE hard disk. This command has the same effect as the transaction-log force archive command.
Examples
The following example shows that the clear transaction-log command forces the working transaction log file to be archived:
ServiceEngine# clear transaction-logRelated Commands
clear users
To clear the connections (login) of authenticated users, use the clear users command in EXEC configuration mode.
clear users administrative
Syntax Description
administrative
Clears the connections of administrative users who have been authenticated through a remote login service.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The clear users administrative command clears the connections for all administrative users who are authenticated through a remote login service, such as TACACS. This command does not affect an administrative user who is authenticated through the local database.
Examples
The following example shows how to clear the connections of the authenticated users:
ServiceRouter# clear users administrative
ServiceRouter#Related Commands
clock (EXEC configuration)
To set or clear clock functions or update the calendar, use the clock command in EXEC configuration mode.
clock {read-calendar | set time day month year | update-calendar}
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
If you have an outside source on your network that provides time services (such as a Network Time Protocol [NTP] server), you do not have to set the system clock manually. Enter the local time when setting the clock. The SE calculates the Coordinated Universal Time (UTC) based on the time zone set by the clock timezone command.
![]()
Note
We strongly recommend that you configure the SE for the NTP by using the ntp command. See the "ntp" section for more details.
![]()
Note
If you change the local time on the device, you must change the BIOS clock time as well; otherwise, the timestamps on the error logs are not synchronized. Changing the BIOS clock is required because the kernel does not handle time zones.
Two clocks exist in the system: the software clock and the hardware clock. The software uses the software clock. The hardware clock is used only at bootup to initialize the software clock. The calendar clock is the same as the hardware clock that runs continuously on the system, even if the system is powered off or rebooted. This clock is separate from the software clock settings that are erased when the system is powered cycled or rebooted.
The set keyword sets the software clock. If the system is synchronized by a valid outside timing mechanism, such as a NTP clock source, you do not have to set the system clock. Use this command if no other time sources are available. The time specified in this command is relative to the configured time zone.
To perform a one-time update of the hardware clock (calendar) from the software clock or to copy the software clock settings to the hardware clock (calendar), use the clock update-calendar command.
Examples
The following example shows how to set the software clock on the SE:
ServiceEngine# clock set 13:32:00 01 February 2000Related Commands
Command Descriptionclock timezone
Sets the clock timezone.
ntp
Configures the Network Time Protocol server.
show clock detail
Displays the UTC and local time.
clock (global configuration)
To set the summer daylight saving time and time zone for display purposes, use the clock command in global configuration mode. To disable this function, use the no form of this command.
clock {summertime timezone {date startday startmonth startyear starthour endday endmonth endyear offset | recurring {1-4 startweekday startmonth starthour endweekday endmonth endhour offset | first startweekday startmonth starthour endweekday endmonth endhour
offset | last startweekday startmonth starthour endweekday endmonth endhour offset}} | timezone {timezone hoursoffset minutesoffset}}no clock {summertime timezone {date startday startmonth startyear starthour endday endmonth endyear offset | recurring {1-4 startweekday startmonth starthour endweekday endmonth endhour offset | first startweekday startmonth starthour endweekday endmonth endhour
offset | last startweekday startmonth starthour endweekday endmonth endhour offset}} | timezone {timezone hoursoffset minutesoffset}}Syntax Description
summertime
Configures the summer or daylight saving time.
timezone
Name of the summer time zone.
date
Configures the absolute summer time.
startday
Date to start. The range is from 1 to 31.
startmonth
Month to start. The range is from January through December.
startyear
Year to start. The range is from 1993-2032.
starthour
Hour to start in (hh:mm) format. The range is from 0 to 23.
endday
Date to end. The range is from 1 to 31.
endmonth
Month to end. The range is from January through December.
endyear
Year to end. The range is from 1993-2032.
endhour
Hour to end in (hh:mm) format. The range is from 0 to 23.
offset
Minutes offset (see Table 2-2) from Coordinated Universal Time (UTC) The range is from 0 to 59.
recurring
Configures the recurring summer time.
1-4
Configures the starting week number. The range is from 1 to 4.
first
Configures the summer time to recur beginning the first week of the month.
last
Configures the summer time to recur beginning the last week of the month.
startweekday
Day of the week to start. The range is from Monday to Friday.
startmonth
Month to start. The range is from January through December.
starthour
Hour to start in hh:mm format. The range is from 0 to 23.
endweekday
Weekday to end. The range is from Monday to Friday
endmonth
Month to end. The range is from January through December.
endhour
Hour to end in hour:minute (hh:mm) format. The range is from 0 to 23.
offset
Minutes offset (see Table 2-2) from UTC. The range is from 0 to 59.
timezone
Configures the standard time zone.
timezone
Name of the time zone.
hoursoffset
Hours offset (see Table 2-2) from UTC. The range is from -23 to +23.
minutesoffset
Minutes offset (see Table 2-2) from UTC. The range is from 0 to 59.
Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
To set and display the local and UTC current time of day without an NTP server, use the clock timezone command with the clock set command. The clock timezone parameter specifies the difference between UTC and local time, which is set with the clock set command in EXEC configuration mode. The UTC and local time are displayed with the show clock detail command in EXEC configuration mode.
Use the clock timezone offset command to specify a time zone, where timezone is the desired time zone entry from Table 2-2 and 0 0 is the offset (ahead or behind) Coordinated Universal Time (UTC) in hours and minutes. UTC was formerly known as Greenwich Mean Time (GMT).
SE(config)# clock timezone timezone 0 0![]()
Note
The time zone entry is case sensitive and must be specified in the exact notation listed in the time zone table, Table 2-2. When you use a time zone entry from Table 2-2, the system is automatically adjusted for daylight saving time.
![]()
Note
If you change the local time on the device, you must change the BIOS clock time as well; otherwise, the timestamps on the error logs are not synchronized. Changing the BIOS clock is required because the kernel does not handle time zones.
The offset (ahead or behind) UTC in hours, as displayed in Table 2-2, is in effect during winter time. During summer time or daylight saving time, the offset may be different from the values in the table and are calculated and displayed accordingly by the system clock.
![]()
Note
An accurate clock and timezone setting is required for the correct operation of the HTTP proxy caches.
Table 2-2 lists all the standard time zones that you can configure on a content delivery engine (CDE) and the offset from Coordinated Universal Time (UTC) for each standard time zone. The offset (ahead or behind) UTC in hours, as displayed in Table 2-2, is in effect during winter time. During summer time or daylight saving time, the offset may be different from the values in the table, and are calculated and displayed accordingly by the system clock.
![]()
Note
The time zone entry is case sensitive and must be specified in the exact notation listed in the following time zone table. When you use a time zone entry from the following time zone table, the system is automatically adjusted for daylight saving time.
Examples
The following example shows how to specify the local time zone as Pacific Standard Time with an offset of 8 hours behind UTC:
ServiceEngine(config)# clock timezone PST -8Custom Timezone: PST will be used.The following example shows how to configure a standard time zone on the SE:
ServiceEngine(config)# clock timezone US/Pacific 0 0Resetting offset from 0 hour(s) 0 minute(s) to -8 hour(s) 0 minute(s)Standard Timezone: US/Pacific will be used.ServiceEngine(config)#The following example negates the time zone setting on the SE:
ServiceEngine(config)# no clock timezoneThe following example shows how to configure daylight saving time:
ServiceEngine(config)# clock summertime PDT date 10 October 2001 23:59 29 April 2002 23:59 60Related Commands
Command Descriptionclock
To set the summer daylight saving time and time zone for display purposes.
show clock detail
Displays the Coordinated Universal Time (UTC) and local time.
cms (EXEC configuration)
To configure the Centralized Management System (CMS) embedded database parameters, use the cms command in EXEC configuration mode.
cms {config-sync | database {backup | create | delete | downgrade [script filename] | maintenance {full | regular} | restore filename | validate} | deregister [force] | recover {identity word}}
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The VDS-OS network is a collection of SR, SE and VOSM nodes. One primary VOSM retains the VDS-OS network settings and provides other VDS-OS network nodes with updates. Communication between nodes occurs over secure channels using the Secure Shell Layer (SSL) protocol, where each node on the VDS-OS network uses a Rivest, Shamir, Adelman (RSA) certificate-key pair to communicate with other nodes.
Use the cms config-sync command to enable registered SRs, SEs, and standby VOSM to contact the primary VOSM immediately for a getUpdate (get configuration poll) request before the default polling interval of 5 minutes. For example, when a node is registered with the primary VOSM and activated, it appears as Pending in the VOSM GUI until it sends a getUpdate request. The cms config-sync command causes the registered node to send a getUpdate request at once, and the status of the node changes as Online.
Use the cms database create command to initialize the CMS database. Before a node can join a VDS-OS network, it must first be registered and then activated. The cms enable command automatically registers the node in the database management tables and enables the CMS. The node sends its attribute information to the VOSM over the SSL protocol and then stores the new node information. The VOSM accepts these node registration requests without admission control and replies with registration confirmation and other pertinent security information required for getting updates. Activate the node using the VOSM GUI.
Once the node is activated, it automatically receives configuration updates and the necessary security RSA certificate-key pair from the VOSM. This security key allows the node to communicate with any other node in the VDS-OS network. The cms deregister command removes the node from the VDS-OS network by deleting registration information and database tables.
![]()
Note
The cms deregister command cleans up the database automatically. You do not need to use the cms database delete command. If the deregistration fails, the best practice is to resolve any issues that caused the deregistration failure; for example, the Service Engine is the Content Acquirer of a delivery service and cannot be deleted or deactivated. Assign a different SE as the Content Acquirer in each delivery service where this SE is assigned as the Content Acquirer and try the cms deregister command again.
To back up the existing management database for the VOSM, use the cms database backup command. For database backups, specify the following items:
•
Location, password, and user ID
•
Dump format in PostgreSQL plain text syntax
The naming convention for backup files includes the time stamp.
When you use the cms recover identity word command when recovering lost registration information, or replacing a failed node with a new node that has the same registration information, specify the device recovery key that you configured in the Modifying Config Property, System.device.recovery.key window of the VOSM GUI.
Use the lcm command to configure local or central management (LCM) on a VDS-OS network device. The LCM feature allows settings configured using the device CLI or GUI to be stored as part of the VDS-OS network-wide configuration data (enable or disable).
When you enter the cms lcm enable command, the CMS process running on SEs, SRs, and the standby VOSM detects the configuration changes that you made on these devices using CLIs and sends the changes to the primary VOSM.
When you enter the cms lcm disable command, the CMS process running on SEs, SRs, and the standby VOSM does not send the CLI changes to the primary VOSM. Settings configured using the device CLIs are not sent to the primary VOSM.
If LCM is disabled, the settings configured through the VOSM GUI overwrite the settings configured from the SE or SR; however, this rule applies only to those local device settings that have been overwritten by the VOSM when you have configured the local device settings. If you (as the local CLI user) change the local device settings after the particular configuration has been overwritten by the VOSM, the local device configuration is applicable until the VOSM requests a full-device statistics update from the SE or SR (clicking the Force full database update button from the Device Home window of the VOSM GUI triggers a full update). When the VOSM requests a full update from the device, the VOSM settings overwrite the local device settings.
The cms deregister force command should be used only as the last option, because the VOSM does not know about the device being removed. When executing the cms deregister force command, take note of any messages stating that the deregistration failed and make sure to resolve them before reregistering the device with the same VOSM or registering the device to another VOSM. The cms deregister force command forces the deregistration to continue.
Examples
The following example shows how to back up the database management tables:
VOSM# cms database backupcreating backup file with label `backup'backup file local1/VDS-OS-db-9-22-2002-17-36.dump is ready. use `copy' commands to move the backup file to a remote host.The following example shows how to validate the database management tables:
VOSM# cms database validate
Management tables are validIn the following example, the CMS deregistration process has problems deregistering the SE, but it proceeds to deregister it from the CMS database when the force option is used:
ServiceEngine# cms deregister forceDeregistration requires management service to be stopped.You will have to manually start it. Stopping management service on this node...This operation needs to restart http proxy and streaming proxies/servers (if running) for memory reconfiguration. Proceed? [ no ] yesmanagement services stoppedThu Jun 26 13:17:34 UTC 2003 [ I ] main: creating 24 messagesThu Jun 26 13:17:34 UTC 2003 [ I ] main: creating 12 dispatchersThu Jun 26 13:17:34 UTC 2003 [ I ] main: sending eDeRegistration message to VOSM 10.107.192.168...ServiceEngine#The following example shows the use of the cms recover identity command when the recovery request matches the SE record, and the VOSM updates the existing record and sends a registration response to the requesting SE:
ServiceEngine# cms recover identity defaultRegistering this node as Service Engine...Sending identity recovery request with key defaultThu Jun 26 12:54:42 UTC 2003 [ I ] main: creating 24 messagesThu Jun 26 12:54:42 UTC 2003 [ I ] main: creating 12 dispatchersThu Jun 26 12:54:42 UTC 2003 [ I ] main: Sending registration message to VOSM 10.107.192.168Thu Jun 26 12:54:44 UTC 2003 [ W ] main: Unable to load device info file in TestServerThu Jun 26 12:54:44 UTC 2003 [ I ] main: Connecting storeSetup for SE.Thu Jun 26 12:54:44 UTC 2003 [ I ] main: Instantiating AStore 'com.cisco.unicorn.schema.PSqlStore'...Thu Jun 26 12:54:45 UTC 2003 [ I ] main: Successfully connected to databaseThu Jun 26 12:54:45 UTC 2003 [ I ] main: Registering object factories for persistent store...Thu Jun 26 12:54:51 UTC 2003 [ I ] main: Dropped Sequence IDSET.Thu Jun 26 12:54:51 UTC 2003 [ I ] main: Successfully removed old management tablesThu Jun 26 12:54:51 UTC 2003 [ I ] main: Registering object factories for persistent store......Thu Jun 26 12:54:54 UTC 2003 [ I ] main: Created Table FILE_VOSM.Thu Jun 26 12:54:55 UTC 2003 [ I ] main: Created SYS_MESS_TIME_IDX index.Thu Jun 26 12:54:55 UTC 2003 [ I ] main: Created SYS_MESS_NODE_IDX index.Thu Jun 26 12:54:55 UTC 2003 [ I ] main: No Consistency check for store.Thu Jun 26 12:54:55 UTC 2003 [ I ] main: Successfully created management tablesThu Jun 26 12:54:55 UTC 2003 [ I ] main: Registering object factories for persistent store...Thu Jun 26 12:54:55 UTC 2003 [ I ] main: AStore Loading store data...Thu Jun 26 12:54:56 UTC 2003 [ I ] main: ExtExpiresRecord Loaded 0 Expires records.Thu Jun 26 12:54:56 UTC 2003 [ I ] main: Skipping Construction RdToClusterMappings on non-VOSM node.Thu Jun 26 12:54:56 UTC 2003 [ I ] main: AStore Done Loading. 327Thu Jun 26 12:54:56 UTC 2003 [ I ] main: Created SYS_MESS_TIME_IDX index.Thu Jun 26 12:54:56 UTC 2003 [ I ] main: Created SYS_MESS_NODE_IDX index.Thu Jun 26 12:54:56 UTC 2003 [ I ] main: No Consistency check for store.Thu Jun 26 12:54:56 UTC 2003 [ I ] main: Successfully initialized management tablesNode successfully registered with id 103Registration complete.ServiceEngine#The following example shows the use of the cms recover identity command when the hostname of the SE does not match the hostname configured in the VOSM GUI:
ServiceEngine# cms recover identity defaultRegistering this node as Service Engine...Sending identity recovery request with key defaultThu Jun 26 13:16:09 UTC 2003 [ I ] main: creating 24 messagesThu Jun 26 13:16:09 UTC 2003 [ I ] main: creating 12 dispatchersThu Jun 26 13:16:09 UTC 2003 [ I ] main: Sending registration message to VOSM 10.107.192.168There are no SE devices in CDNregister: Registration failed.ServiceEngine#Related Commands
Command Descriptioncms enable
Enables the CMS.
show cms
Displays the CMS protocol, embedded database content, maintenance status, and other information.
cms (global configuration)
To schedule maintenance and enable the Centralized Management System (CMS) on a given node, use the cms command in global configuration mode. To negate these actions, use the no form of this command.
cms {database maintenance {full {enable | schedule weekday at time} | regular {enable | schedule weekday at time}} | enable | rpc timeout {connection 5-1800 | incoming-wait 10-600 | transfer 10-7200}}
no cms {database maintenance {full {enable | schedule weekday at time} | regular {enable | schedule weekday at time}} | enable | rpc timeout {connection 5-1800 | incoming-wait 10-600 | transfer 10-7200}}
Syntax Description
Defaults
database maintenance regular: enabled
database maintenance full: enabled
connection: 30 seconds for VOSM; 180 seconds for the SE and the SR
incoming wait: 30 seconds
transfer: 300 seconds
Command Modes
Global configuration (config) mode.
Usage Guidelines
Use the cms database maintenance command to schedule routine, full-maintenance cleaning (vacuuming) or a regular maintenance reindexing of the embedded database. The full maintenance routine runs only when the disk is more than 90 percent full and runs only once a week. Cleaning the tables returns reusable space to the database system.
The cms enable command automatically registers the node in the database management tables and enables the CMS process. The no cms enable command stops only the management services on the device and does not disable a primary sender. You can use the cms deregister command to remove a primary or backup sender SE from the VDS-OS network and to disable communication between two multicast senders.
Examples
The following example shows how to schedule a regular (reindexing) maintenance routine to start every Friday at 11:00 p.m.:
ServiceEngine(config)# cms database maintenance regular schedule Fri at 23:00The following example shows how to enable the CMS process on an SE:
ServiceEngine(config)# cms enableThis operation needs to restart http proxy and streaming proxies/servers (if running) for memory reconfiguration. Proceed? [ no ] yesRegistering this node as Service Engine...Thu Jun 26 13:18:24 UTC 2003 [ I ] main: creating 24 messagesThu Jun 26 13:18:25 UTC 2003 [ I ] main: creating 12 dispatchersThu Jun 26 13:18:25 UTC 2003 [ I ] main: Sending registration message to VOSM 10.107.192.168Thu Jun 26 13:18:27 UTC 2003 [ I ] main: Connecting storeSetup for SE.Thu Jun 26 13:18:27 UTC 2003 [ I ] main: Instantiating AStore 'com.cisco.unicorn.schema.PSqlStore'...Thu Jun 26 13:18:28 UTC 2003 [ I ] main: Successfully connected to databaseThu Jun 26 13:18:28 UTC 2003 [ I ] main: Registering object factories for persistent store...Thu Jun 26 13:18:35 UTC 2003 [ I ] main: Dropped Sequence IDSET.Thu Jun 26 13:18:35 UTC 2003 [ I ] main: Dropped Sequence GENSET.Thu Jun 26 13:18:35 UTC 2003 [ I ] main: Dropped Table USER_TO_DOMAIN....Thu Jun 26 13:18:39 UTC 2003 [ I ] main: Created Table FILE_VOSM.Thu Jun 26 13:18:40 UTC 2003 [ I ] main: Created SYS_MESS_TIME_IDX index.Thu Jun 26 13:18:40 UTC 2003 [ I ] main: Created SYS_MESS_NODE_IDX index.Thu Jun 26 13:18:40 UTC 2003 [ I ] main: No Consistency check for store.Thu Jun 26 13:18:40 UTC 2003 [ I ] main: Successfully created management tablesThu Jun 26 13:18:40 UTC 2003 [ I ] main: Registering object factories for persistent store...Thu Jun 26 13:18:40 UTC 2003 [ I ] main: AStore Loading store data...Thu Jun 26 13:18:41 UTC 2003 [ I ] main: ExtExpiresRecord Loaded 0 Expires records.Thu Jun 26 13:18:41 UTC 2003 [ I ] main: Skipping Construction RdToClusterMappings on non-VOSM node.Thu Jun 26 13:18:41 UTC 2003 [ I ] main: AStore Done Loading. 336Thu Jun 26 13:18:41 UTC 2003 [ I ] main: Created SYS_MESS_TIME_IDX index.Thu Jun 26 13:18:41 UTC 2003 [ I ] main: Created SYS_MESS_NODE_IDX index.Thu Jun 26 13:18:41 UTC 2003 [ I ] main: No Consistency check for store.Thu Jun 26 13:18:41 UTC 2003 [ I ] main: Successfully initialized management tablesNode successfully registered with id 28940Registration complete.Warning: The device will now be managed by the VOSM. Any configuration changesmade via CLI on this device will be overwritten if they conflict with settings on the VOSM.Please preserve running configuration using 'copy running-config startup-config'.Otherwise management service will not be started on reload and node will be shown'offline' in VOSM UI.management services enabledServiceEngine(config)#Related Commands
configure
To enter global configuration mode, use the configure command in EXEC configuration mode.
configure
To exit global configuration mode, use the end or exit commands. In addition, you can press Ctrl-Z to exit from global configuration mode.
Syntax Description
This command has no keywords or arguments.
Defaults
None
Command Modes
EXEC configuration mode.
Examples
The following example shows how to enable global configuration mode:
ServiceEngine# configureServiceEngine(config)#Related Commands
content-origin
To support multiple origin services within a content origin, use the content-origin command in global configuration mode. To remove configured content origin, use the no form of this command.
content-origin request-fqdn domain config-url url [username username password password]
no content-origin request-fqdn domain config-url url [username username password password]
Syntax Description
Defaults
None
Command Modes
Global configuration mode.
Usage Guidelines
Previously, only one origin service per content origin was allowed and the same origin service could not be shared across multiple content origins. Users had to create delivery services or content origins and different content origin domain names resolving to same IP addresses of the origin service. This created much overhead during deployment. The content-origin command supports multiple origin services within a content origin and allows users to share single origin services across multiple delivery service or content origins.
Examples
The following example shows how to support multiple origin services within a content origin:
ServiceEngine# content-origin request-fqdn xxx.com config-url http://171.XX.XX.XXX/VDS-OSorigin.xml username admin password default
Related Commands
Command Descriptionshow content-origin
Displays information about the Network-Attached Storage (NAS) mount.
copy
To copy the configuration or image data from a source to a destination, use the copy command in EXEC configuration mode.
copy cdnfs disk url sysfs-filename
copy disk {ftp {hostname | ip-address} remotefiledir remotefilename localfilename | startup-config filename}
copy ftp {disk {hostname | ip-address} remotefiledir remotefilename localfilename | install {hostname | ip-address} remotefiledir remotefilename}
copy http install {{hostname | ip-address} remotefiledir remotefilename} [port \ port-num [proxy {hostname | ip-address} | username username password [proxy {hostname | ip-address} proxy_portnum]] | proxy {hostname | ip-address} proxy_portnum | username username password [proxy {hostname | ip-address} proxy_portnum]]
copy running-config {disk filename | startup-config}
copy startup-config {disk filename | running-config}
copy system-status disk filename
copy tech-support {disk filename | remotefilename}
Syntax Description
Defaults
HTTP server port: 80
Default working directory for sysfs files: /local1
Command Modes
EXEC configuration mode.
Usage Guidelines
The copy cdnfs command in EXEC configuration mode copies data files from of the CDNFS to the sysfs for further processing. For example, you can use the install imagefilename command in EXEC configuration mode to provide the copied files to the command.
The copy disk ftp command copies files from a sysfs partition to an FTP server. The copy disk startup-config command copies a startup configuration file to NVRAM.
The copy ftp disk command copies a file from an FTP server to a sysfs partition.
Use the copy ftp install command to install an image file from an FTP server. Part of the image goes to the disk and part goes to the flash memory.
Use the copy http install command to install an image file from an HTTP server and install it on a local device. It transfers the image from an HTTP server to the SE using HTTP as the transport protocol and installs the software on the device. Part of the image goes to the disk and part goes to the flash memory. You can also use this command to redirect your transfer to a different location or HTTP proxy server, by specifying the proxy hostname | ip-address option. A username and a password have to be authenticated with the remote HTTP server if the server is password protected and requires authentication before the transfer of the software release file to the SE is allowed.
Use the copy running-config command to copy the running system configuration to a sysfs partition or flash memory. The copy running-config startup-config command is equivalent to the write memory command.
The copy startup-config command copies the startup configuration file to a sysfs partition.
The copy system-status command creates a file on a sysfs partition containing hardware and software status information.
The copy tech-support tftp command copies technical support information to a a sysfs partition.
Related Commands
core-dump
To configure a coredump file, use the core-dump command in EXEC configuration mode.
core-dump {backtrace {all| word} | service {acquisition force | cms force | distribution force | dns force | rtspg force | service-router force}}
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Examples
The following example shows how to display the backtrace of all coredump files:
ServiceEngine# core backtrace al
cpfile
To make a copy of a file, use the cpfile command in EXEC configuration mode.
cpfile oldfilename newfilename
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use this command to create a copy of a file. Only system file system (sysfs) files can be copied.
Examples
The following example shows how to create a copy of a file:
ServiceEngine# cpfile syslog.txt syslog.txt.saveRelated Commands
debug
To monitor and record caching application functions, use the debug command in EXEC configuration mode. To disable these functions, use the no form of this command.
debug option
no debug option
Syntax Description
Defaults
debug all: default logging level is ERROR.
Command Modes
EXEC configuration mode.
Usage Guidelines
We recommend that you use the debug command only at the direction of Cisco Technical Assistance Center (TAC) because the SE performance is affected when you enter the debug command.
You can use the logging disk priority debug command with the debug command. This configuration causes the debugging messages to be logged in the syslog file, which is available in the /local1 directory by default. You can then download the messages from the SE, copy them to a local disk file (for example, using the copy disk ftp command), and forward the logs to Cisco TAC for further investigation.
By default, system log messages are logged to the console and you need to copy and paste the output to a file. However, this method of obtaining logs is more prone to errors than capturing all messages in the syslog.txt file. When you use system logging to a disk file instead of system logging to a console, there is no immediate feedback that debug logging is occurring, except that the syslog.txt file gets larger (you can track the lines added to the syslog.txt file by entering the type-tail syslog.txt follow command). When you have completed downloading the system logs to a local disk, disable the debugging functions by using the undebug command (see the "undebug" section section for more details), and reset the level of logging disk priority to any other setting that you want (for example, notice priority).
Table 2-3 shows valid values for the debug command options.
Debugging Keywords
All modules have debug error as the default level if they support the error keyword; however, when you execute the show debug command, the error does not display.
Some modules have two debugging keywords (error and trace), but you cannot enable both at the same time. See the table above to identify commands with only the error and trace keywords.
Some modules have the all keyword through which you can enable both the error and trace keywords at the same time. This results in debug set to everything. See Table 2-3 to identify commands with the all keyword.
![]()
Note
When debugging is set to trace level, it uses a lot of the CPU on the SE to handle error log writing. When writing the trace-level error logs reaches 100 percent of the CPU usage, 504 timeout error messages start to occur. Therefore, trace-level error logging should not be enabled in production systems.
Debugging Cdnfs
You can use the debug cdnfs command to monitor the lookup and serving of prepositioned files. If prepositioned files are available in CDNFS but are not served properly, you can use the debug cdnfs command.
Related Commands
Command Descriptionshow debugging
Displays the state of each debugging option.
undebug
Disables the debugging functions (see also debug).
delfile
To delete a file, use the delfile command in EXEC configuration mode.
delfile filename
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use this command to remove a file from a system file system (sysfs) partition.
Examples
The following example shows how to delete a file:
ServiceEngine# delfile /local1/tempfileRelated Commands
Command Descriptioncpfile
Copies a file.
deltree
Deletes a directory and its subdirectories.
mkdir
Creates a directory.
mkfile
Creates a file (for testing).
rmdir
Removes a directory.
deltree
To remove a directory with its subdirectories and files, use the deltree command in EXEC configuration mode.
deltree directory
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use this command to remove a directory and all files within the directory from the Service Engine (SE) system file system (sysfs). Do not remove files or directories required for proper SE functioning.
Examples
The following example shows how to delete a directory from the /local1 directory:
ServiceEngine# deltree /local1/testdirRelated Commands
Command Descriptiondelfile
Deletes a file.
mkdir
Creates a directory.
mkfile
Creates a file (for testing).
rmdir
Removes a directory.
device
To configure the mode of operation on a device as a VOSM, SE or SR, use the device command in global configuration mode. To reset the mode of operation on a device, use the no form of this command.
device mode {service-engine | service-router | virtual-origin-system-manager}
no device mode {service-engine | service-router | virtual-origin-system-manager}
Syntax Description
Defaults
The default device operation mode is SE.
Command Modes
Global configuration (config) mode.
Usage Guidelines
A VOSM is the content management and device management station of a VDS-OS network that allows you to specify what content is to be distributed, and where the content should be distributed. If an SR is deployed in the VDS-OS network, the SR redirects the client based on redirecting policy. An SE is the device that serves content to the clients. There are typically many SEs deployed in a VDS-OS network, each serving a local set of clients. IP/TV brings movie-quality video over enterprise networks to the desktop of the VDS-OS network user.
Because different device modes require disk space to be used in different ways, disk space must also be configured when the device mode changes from being an SE or SR to VOSM (or the other way around). You must reboot the device before the configuration changes to the device mode take effect.
Disks must be configured before device configuration is changed. Use the disk configure command to configure the disk before reconfiguring the device to the SE or SR mode. Disk configuration changes using the disk configure command takes effect after the next device reboot.
To enable VDS-OS network-related applications and services, use the cms enable command. Use the no form of this command to disable the VDS-OS network.
All VDS-OS devices ship from the factory as SEs. Before configuring network settings for VOSMs and SRs using the CLI, change the device from an SE to the proper device mode.
Configuring the device mode is not a supported option on all hardware models. However, you can configure some hardware models to operate as any one of the four content networking device types. Devices that can be reconfigured using the device mode command are shipped from the factory by default as SEs.
To change the device mode of your SE, you must also configure the disk space allocations, as required by the different device modes, and reboot the device for the new configuration to take effect.
When you change the device mode of an SE to an SR or VOSM, you may need to reconfigure the system file system (sysfs). However, SRs and VOSMs do not require any disk space other than sysfs. When you change the device mode to an SR or a VOSM, disk configuration changes are not required because the device already has some space allotted for sysfs. sysfs disk space is always preconfigured on a factory-fresh VDS-OS network device.
If you are changing the device mode of an SR or a VOSM back to an SE, configure disk space allocations for the caching, pre-positioning (CDNFS) and system use (sysfs) file systems that are used on the SE. You can configure disk space allocations either before or after you change the device mode to an SE.
Examples
The following examples show the configuration from the default mode, SE to the VOSM, SR and SE modes:
ServiceEngine(config)# device mode virtual-origin-system-managerVOSM(config)# device mode service-routerServiceRouter(config)# device mode service-engineRelated Commands
Command Descriptionshow device-mode
Displays the configured or current mode of a VOSM, SE or SR device.
dir
To view a long list of files in a directory, use the dir command in EXEC configuration mode.
dir [directory]
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use this command to view a detailed list of files contained within the working directory, including names, sizes, and time created. The equivalent command is lls.
Examples
The following example shows how to view a list of files in a directory:
ServiceEngine# dir
size time of last change name-------------- ------------------------- -----------3931934 Tue Sep 19 10:41:32 2000 errlog-cache-20000918-164015431 Mon Sep 18 16:57:40 2000 ii.cfg431 Mon Sep 18 17:27:46 2000 ii4.cfg431 Mon Sep 18 16:54:50 2000 iii.cfg1453 Tue Sep 19 10:34:03 2000 syslog.txt1024 Tue Sep 19 10:41:31 2000 <DIR> testdirRelated Commands
Command Descriptionlls
Displays the files in a long list format.
ls
Lists the files and subdirectories in a directory.
disable
To turn off privileged command in EXEC configuration mode, use the disable command in EXEC configuration mode.
disable
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The disable command places you in the user-level EXEC shell. To turn privileged EXEC configuration mode back on, use the enable command.
Examples
The following example shows how to enter the user-level EXEC configuration mode:
ServiceEngine# disableServiceEngine>Related Commands
disk (EXEC configuration)
To configure disks and allocate disk space for devices that are using the CDS software, use the disk command in EXEC configuration mode.
disk {erase diskname | mark diskname {bad | good} | policy apply | recover-cdnfs-volumes | recover-system-volumes | repair diskname sector sector_address_in_decimal | unuse diskname}
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The disk space in the CDS software is allocated on a per-file system basis, rather than on a per-disk basis.
The CDNFS amounts are reported by the actual usable amounts of storage for applications. Because of the internal file system overhead of approximately 3 percent, the reported amounts may be smaller than what you configured.
To view disk details, use the show disk details command.
![]()
Note
The show disk details command shows the amount of disk space that is allocated to system use. This detail is not shown by using the show disk current command.
To show the space allocation in each individual file system type, use the show statistics cdnfs command.
After upgrading, the disk space allocation remains the same as previously configured.
Remapping of Bad Sectors on Disk Drives
The disk erase command in EXEC configuration mode performs a low-level format of the Small Computer Systems Interface (SCSI) or Serial Advanced Technology Attachment (SATA) disks. This command erases all the content on the disk.
If a disk drive continues to report a failure after you have used the disk erase command, you must replace the disk drive.
![]()
CautionBe careful when using the disk erase command because this command causes all content on the specified disk to be deleted.
![]()
Note
SCSI and SATA drives can be reformatted.
Erasing Disk Drives
The disk erase command replaced the disk reformat command. This command erases all the content on the disk. The sequence to erase a disk with the disk erase and then use the disk policy apply commands. If a disk drive continues to report a failure after you have used the disk erase command, you must replace the disk drive.
![]()
CautionBe careful when using the disk erase command because this command causes all content on the specified disk to be deleted.
Disk Hot Swapping
A new disk is recognized and the RAID is rebuilt when the device is rebooted. After inserting the new disk, enter the disk policy apply command to force the VDS-OS software to detect the new disk and rebuild the RAID.
![]()
Note
RAID is not supported for generic hardware (UCS servers). These systems have a single un-RAIDed system disk. Any disk replacement requires that the system first be taken off-line.
The disk policy's design, when adding new disks, is to always favor safety. If when a new disk is added, the disk manager detects "degraded" or "bad" system volumes, the new disk is used to repair the system volumes. Thus, the disk manager always strives to have two disks allocated to the system volumes. If when a new disk is added, the system volumes are "normal" or "syncing," the new disk is added to the cdnfs volume.
![]()
Note
For the CDE220-2S3i,and the CDE220-2S3, because the system disks are internal drives, if the system disk is "bad," the CDE should be replaced.
Repairing a Disk
The disk repair command re pairs the bad sector, including the proximal sectors. All data on the drive is lost, but the sectors are repaired and available for data storage again. This command provides equivalent functionality as the repair-disk utility. The disk repair command takes approximately three hours to complete per disk; after the repair disk command completes, reboot the SE to ensure all VDS-OS software services are functioning correctly.
![]()
CautionThe device should be off-line before running the disk repair command. Because this command involves complex steps, we recommend you contact Cisco Technical Support before running this command.
The disk repair command not only repairs the bad sectors, but reformats the entire drive, so all data on the drive is lost. The difference between the disk repair command and the disk erase command is that the disk erase command only re-initializes the file system and does not repair bad sectors.
A minor alarm is set when an LSE is detected. After the sector is repaired with the disk repair command, the alarm is turned off.
Minor Alarms:-------------Alarm ID Module/Submodule Instance-------------------- -------------------- -------------------------1 badsector sysmon disk11May 19 20:40:38.213 UTC, Equipment Alarm, #000003, 1000:445011"Device: /dev/sdl, 1 Currently unreadable (pending) sectors"Stopping Applications from Using a Disk Drive
The disk unuse command in EXEC configuration mode allows you to stop applications from using a specific disk drive (for example, disk01) without having to reboot the device.
![]()
Note
When executing the disk unuse command, any applications using the disk will be terminated. Off-line the device before executing this command.
The disk unuse command has the following behavior:
•
Cannot be used with system disk if the state of RAID-1 is not "Normal".
•
Cannot be used with the CDNFS disk, which contains the "/uns-symlink-tree" directory.
•
Can be used with any disk except as in scenario 1 and 2 above.
Examples
The following example shows how to repair the sector 4660 on disk 02:
ServiceEngine# disk repair disk02 sector 4660
![]()
Note
A system disk cannot be unused in a non-RAID system (generic/ucs).
The following examples show usage of the disk unuse command and the resultant actions:
ServiceEngine# disk unuse disk00
disk00 has key CDNFS data and can not be unused!ServiceEngine# disk unuse disk01
This will restart applications currently using disk01and unmount all partitions on disk01.Do you want to continue? (Yes/No): yes[WARNING] CDNFS and RAID SYSTEM partitions detected on disk01To safely remove a RAID SYSTEM disk, the entire drive must be erased. Thisoperation has little effect on the RAID-ed SYSTEM volumes, as their data canbe resynced. However, because the drive also contains non-RAID CDNFSdata, it will result in loss of all CDNFS data for this drive!Unuse disk01, erasing all CDNFS data? (Yes/No): yesdisk01 is now unused.All partitions on disk01 have been erased.ServiceEngine# disk unuse disk02
This will restart applications currently using disk02and unmount all partitions on disk02.Do you want to continue? (Yes/No): yesdisk02 is now unusedThe following example shows how to view disk details:
ServiceEngine# show disk details
disk00: Normal (h02 c00 i00 l00 - mptsas) 476940MB(465.8GB)disk00/01: SYSTEM 5120MB(5.0GB) mounted internallydisk00/02: SYSTEM 2560MB(2.5GB) mounted internallydisk00/04: SYSTEM 1536MB(1.5GB) mounted internallydisk00/05: SYSFS 32767MB(32.0GB) mounted at /local1disk00/06: CDNFS 434948MB(424.8GB) mounted internallydisk01: Normal (h02 c00 i01 l00 - mptsas) 476940MB(465.8GB)Unallocated: 476940MB(465.8GB)disk02: Normal (h02 c00 i02 l00 - mptsas) 476940MB(465.8GB)disk02/01: CDNFS 476932MB(465.8GB) mounted internallyThe following example shows how to display the current disk space configuration:
ServiceEngine# show disk currentLocal disks:SYSFS 32.0GB 0.7%CDNFS 4616.0GB 99.3%The following examples show how to view space allocation in each file system type:
ServiceEngine# show statistics cdnfsCDNFS Statistics:------------------Volume on :size of physical filesystem: 444740904 KBspace assigned for CDNFS purposes: 444740904 KBnumber of CDNFS entries: 40 entriesspace reserved for CDNFS entries: 436011947 KBavailable space for new entries: 8728957 KBphysical filesystem space in use: 435593864 KBphysical filesystem space free: 9147040 KBphysical filesystem percentage in use: 98 %Volume on :size of physical filesystem: 444740904 KBspace assigned for CDNFS purposes: 444740904 KBnumber of CDNFS entries: 43 entriesspace reserved for CDNFS entries: 436011384 KBavailable space for new entries: 8729520 KBphysical filesystem space in use: 435593720 KBphysical filesystem space free: 9147184 KBphysical filesystem percentage in use: 98 %Volume on :size of physical filesystem: 488244924 KBspace assigned for CDNFS purposes: 488244924 KBnumber of CDNFS entries: 48 entriesspace reserved for CDNFS entries: 479612533 KBavailable space for new entries: 8632391 KBphysical filesystem space in use: 479152708 KBphysical filesystem space free: 9092216 KBphysical filesystem percentage in use: 99 %The following example shows how to erase all CDNFS volumes and reboot the SE:
ServiceEngine# disk recover-cdnfs-volumes
This will erase all CDNFS volumes.Any applications using CDNFS, including streaming applications, will be killed and the system will be rebooted.Please make sure you have offloaded the SE on the VOSM GUI so the SR is no longer sending traffic to this SE.Are you sure you want to proceed? [no] yes Are you really sure you want to proceed to recover and reload? [yes/no] yes
Stopping all services (this may take several minutes)...diskman will now recover CDNFS volumes...CDNFS recovery complete, rebooting now...Related Commands
disk (global configuration)
To configure how disk errors should be handled and to define a disk device error-handling threshold, use the disk command in global configuration mode. To remove the device error-handling options, use the no form of this command.
disk error-handling {bad-sectors-mon-period minutes | reload | threshold {alarm-bad-sectors bad-sectors | alarm-remapped-sectors remapped-sectors | bad-sectors bad-sectors | errors errors}}
no disk error-handling {bad-sectors-mon-period minutes | reload | threshold {alarm-bad-sectors bad-sectors | alarm-remapped-sectors remapped-sectors | bad-sectors bad-sectors | errors errors}}
Syntax Description
Defaults
Bad sector minutes: 1440
Bad sectors alarm: 15
Remapped sectors: 128
Disk bad sectors: 30
Errors: 500
Command Modes
Global configuration (config) mode.
Usage Guidelines
To operate properly, the SE must have critical disk drives. A critical disk drive is the first disk drive that also contains the first system file system (sysfs) partition. It is referred to as disk00. Disk00 is not guaranteed to be the system drive or the 'key' CDS network file system (CDNFS) drive. For example, the system drives on a 2S6 are internal (disk24 and disk25), and the 'key' CDNFS disk is typically disk00, although it can move to other disks as a result of a missing or bad disk00.
The sysfs partition is used to store log files, including transaction logs, system logs (syslogs), and internal debugging logs. It can also be used to store image files and configuration files on an SE.
![]()
Note
A critical drive is a disk drive that is either disk00 or a disk drive that contains the first sysfs partition. Smaller single disk drive SEs have only one critical disk drive. Higher-end SEs that have more than one disk drive may have more than one critical disk drive.
When an SE is booted and a critical disk drive is not detected at system startup time, the VDS-OS system on the SE runs at a degraded state. On a generic UCS system the boot partition resides on the system disk (single disk, no RAID). In the event that this disk dies, the system is unbootable. If one of the critical disk drives goes bad at run time, the VDS-OS system applications can malfunction, hang, or crash, or the VDS-OS system can hang or crash. Monitor the critical disk drives on an SE and report any disk drive errors to Cisco Technical Assistance Center (TAC).
In a RAIDed system, if a single system disk fails, the system handles the failure seamlessly (apart from any would be CDNFS partitions). If the 'key' CDNFS disk, typically the lowest numbered disk containing CDNFS, fails the system enters an bad state and must be rebooted. In a non-RAID system, if the system disk fails, the system is no longer boots.
With a VDS-OS system, a disk device error is defined as any of the following events:
•
Small Computer Systems Interface (SCSI) or Integrated Drive Electronics (IDE) device error is printed by a Linux kernel.
•
Disk device access by an application (for example, an open(2), read(2), or write(2) system call) fails with an EIO error code.
•
Disk device that existed at startup time is not accessible at run time.
The disk status is recorded in flash (nonvolatile storage). When an error on an SE disk device occurs, a message is written to the system log (syslog) if the sysfs partition is still intact, and an Simple Network Management Protocol (SNMP) trap is generated if SNMP is configured on the SE.
In addition to tracking the state of critical disk drives, you can define a disk device error-handling threshold on the SE. If the number of disk device errors reaches the specified threshold, the corresponding disk device is automatically marked as bad.
If the specified threshold is exceeded, the SE either records this event or reboots. If the automatic reload feature is enabled and this threshold is exceeded, then the VDS-OS system automatically reboots the SE. For more information about specifying this threshold, see the "Specifying the Disk Error-Handling Threshold" section.
You can remap bad (but unused) sectors on a SCSI drive and Serial Advanced Technology Attachment (SATA) drives using the disk repair command.
Disk Latent Sector Error Handling
Latent Sector Errors (LSE) are when a particular disk sector cannot be read from or written to, or when there is an uncorrectable ECC error. Any data previously stored in the sector is lost. There is also a high probability that sectors in close proximity to the known bad sector have as yet undetected errors, and therefore are included in the repair process.
The syslog file shows the following disk I/O error message and smartd error message when there are disk sector errors:
Apr 28 21:00:26 U11-CDE220-2 kernel: %SE-SYS-4-900000: end_request: I/O error, dev sdd, sector 4660
Apr 28 21:00:26 U11-CDE220-2 kernel: %SE-SYS-3-900000: Buffer I/O error on device sdd, logical block 582
Apr 28 21:04:54 U11-CDE220-2 smartd[7396]: %SE-UNKNOWN-6-899999: Device: /dev/sdd, SMART Prefailure Attribute: 1 Raw_Read_Error_Rate changed from 75 to 73
Apr 28 21:04:54 U11-CDE220-2 smartd[7396]: %SE-UNKNOWN-6-899999: Device: /dev/sdd, SMART Usage Attribute: 187 Reported_Uncorrect changed from 99 to 97
Apr 28 21:04:54 U11-CDE220-2 smartd[7396]: %SE-UNKNOWN-2-899999: Device: /dev/sdd, ATA error count increased from 1 to 3
Specifying the Disk Error-Handling Threshold
You can configure a disk error-handling threshold to determine how many disk errors or bad sectors can be detected before the disk drive is automatically marked as bad.
The disk error-handling threshold bad-sectors command determines how many bad sectors can be detected before the disk drive is automatically marked as bad. By default, this threshold is set to 15. To change the default threshold, use the disk error-handling threshold bad-sectors command. Specify 0 if you never want the disk drive to be marked as bad.
If the bad disk drive is a critical disk drive, and the automatic reload feature (disk error-handling reload command) is enabled, then the VDS-OS software marks the disk drive as bad and the SE is automatically reloaded. After the SE is reloaded, a syslog message and an SNMP trap are generated.
The disk error-handling threshold errors command determines how many disk errors can be detected before the disk drive is automatically marked as bad. By default, this threshold is set to 500. To change the default threshold, use the disk error-handling threshold errors command. Specify 0 if you never want the disk drive to be marked as bad.
By default, the automatic reload feature is disabled on an SE. To enable the automatic reload feature, use the disk error-handling reload command. After enabling the automatic reload feature, use the no disk error-handling reload command to disable it.
Examples
The following example shows that five disk drive errors for a particular disk drive (for example, disk00) are allowed before the disk drive is automatically marked as bad:
ServiceEngine(config)#
disk error-handling threshold errors 5Related Commands
dnslookup
To resolve a host or domain name to an IP address, use the dnslookup command in EXEC configuration mode.
dnslookup line
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The dnslookup command accepts IPv6 address. If an IPv6 address is specified in the dnslookup command, the server replies to a query including the IPv6 address and the IPv6 address displays in the output of the and tcpdump and netstat commands and all logs.
Examples
The following examples show that the dnslookup command is used to resolve the hostname myhost to IP address 172.31.69.11, cisco.com to IP address 192.168.219.25, and an IP address used as a hostname to 10.0.11.0:
ServiceEngine# dnslookup myhostofficial hostname: myhost.cisco.comaddress: 172.31.69.11ServiceEngine# dnslookup cisco.comofficial hostname: cisco.comaddress: 192.168.219.25ServiceEngine# dnslookup 10.0.11.0official hostname: 10.0.11.0address: 10.0.11.0enable (EXEC configuration)
To access privileged commands in EXEC configuration modes, use the enable command in EXEC configuration mode.
enable
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
To access privileged EXEC configuration mode from EXEC configuration mode, use the enable command. The disable command takes you from privileged EXEC configuration mode to user EXEC configuration mode.
Examples
The following example shows how to access privileged EXEC configuration mode:
ServiceEngine> enableServiceEngine#Related Commands
Command Descriptiondisable
Turns off the privileged EXEC commands.
exit
Exits from interface, global configuration, or privileged EXEC configuration modes.
enable (global configuration)
To modify enable password parameters, use the enable password command in global configuration mode.
enable password {0 | 1 | word}
Syntax Description
password
Assigns a privileged-level password.
0
Specifies an unencrypted password will follow.
1
Specifies a hidden password will follow.
word
The unencrypted (cleartext) user password.
Defaults
None
Command Modes
Global configuration mode.
Examples
The following example shows how to assign a privileged-level unencrypted password:
ServiceEngine> enable password 0 xxxxServiceEngine#end
To exit global configuration mode, use the end command in global configuration mode.
end
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
Use the end command to exit global configuration mode after completing any changes to the running configuration. To save new configurations to nonvolatile random-access memory (NVRAM), use the write command.
In addition, you can press Ctrl-Z to exit global configuration mode.
Examples
The following example shows how to exit global configuration mode:
ServiceEngine(config)# endServiceEngine#Related Commands
Command Descriptionexit
Exits from interface, global configuration, or privileged EXEC configuration modes.
exec-timeout
To configure the length of time that an inactive Telnet or Secure Shell (SSH) session remains open, use the exec-timeout command in global configuration mode. To revert to the default value, use the no form of this command.
exec-timeout timeout
no exec-timeout
Syntax Description
Defaults
The default is 15 minutes.
Command Modes
Global configuration (config) mode.
Usage Guidelines
A Telnet or SSH session with the SE can remain open and inactive for the interval of time specified by the exec-timeout command. When the exec-timeout interval elapses, the SE automatically closes the Telnet or SSH session.
Configuring a timeout interval of 0 minutes by entering the exec-timeout 0 command is equivalent to disabling the session-timeout feature.
Examples
The following example shows how to configure a timeout of 100 minutes:
ServiceEngine(config)# exec-timeout 100The following example negates the configured timeout of 100 minutes and reverts to the default value of 15 minutes:
ServiceEngine(config)# no exec-timeoutRelated Commands
Command Descriptionsshd
Configures the SSH service parameters.
telnet enable
Enables the Telnet services.
exit
To access commands in EXEC configuration mode shell from the global, interface, and debug configuration command shells, use the exit command.
exit
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC, global configuration (config), and interface configuration (config-if) modes.
Usage Guidelines
Use the exit command in any configuration mode to return to EXEC configuration mode. Using this command is equivalent to pressing the Ctrl-Z key or entering the end command.
The exit command issued in the user-level EXEC shell terminates the console or Telnet session. You can also use the exit command to exit other configuration modes that are available from the global configuration mode for managing specific features (see the commands marked with a footnote in Table 2-1).
Examples
The following example shows how to exit the global configuration mode and return to the privileged-level EXEC configuration mode:
ServiceEngine(config)# exitServiceEngine#The following example shows how to exit the privileged-level EXEC configuration mode and return to the user-level EXEC configuration mode:
ServiceEngine# exitServiceEngine>Related Commands
expert-mode
To configure debugshell, use the expert-mode command in global configuration mode.
expert-mode password [encrypted] password
Syntax Description
password
Sets the expert mode password.
encrypted
(Optional) Encrypts the password.
password
The encrypted password.
Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
This is a customer configurable password for allowing to enter engineering mode for troubleshooting purposes. The function prompts the user for the current admin password to verify that the user attempting to set the expert-mode password is authorized to do so. If the user is authenticated, the user is prompted twice to enter the new expert-mode password. The new expert-mode password is encrypted prior to being persisted.
Examples
The following example shows how to configure debugshell:
ServiceEngine(config)# expert-mode password encrypted xxxx
New Expert Mode Password: xxxx
Confirm New Expert Mode Password: xxxx
Password successfully changedexternal-ip
To configure up to eight external Network Address Translation (NAT) IP addresses, use the external-ip command in global configuration mode. To remove the NAT IP addresses, use the no form of this command.
external-ip ip_addresses
no external-ip ip_addresses
Syntax Description
Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
Use this command to configure up to eight Network Address Translation IP addresses to allow the router to translate up to eight internal addresses to registered unique addresses and translate external registered addresses to addresses that are unique to the private network. If the IP address of the Real-Time Streaming Protocol (RTSP) gateway has not been configured on the SE, then the external IP address is configured as the IP address of the RTSP gateway.
In a VDS-OS network, there are two methods for a device registered with the VOSM (SEs, SRs, or the standby VOSM) to obtain configuration information from the primary VOSM. The primary method is for the device to periodically poll the primary VOSM on port 443 to request a configuration update. You cannot configure this port number. The backup method is when the VOSM pushes configuration updates to a registered device as soon as possible by issuing a notification to the registered device on port 443. This method allows changes to take effect in a timelier manner. You cannot configure this port number even when the backup method is being used. VDS-OS networks do not work reliably if devices registered with the VOSM are unable to poll the VOSM for configuration updates. When a receiver SE requests the content and content metadata from a forwarder SE, it contacts the forwarder SE on port 443.
When a device (SEs at the edge of the network, SRs, and primary or standby VOSMs) is inside a NAT firewall, those devices that are inside the same NAT use one IP address (the inside local IP address) to access the device and those devices that are outside the NAT use a different IP address (the NAT IP address or inside global IP address) to access the device. A centrally managed device advertises only its inside local IP address to the VOSM. All other devices inside the NAT use the inside local IP address to contact the centrally managed device that resides inside the NAT. A device that is not inside the same NAT as the centrally managed device cannot contact it without a special configuration.
If the primary VOSM is inside a NAT, you can allow a device outside the NAT to poll it for getUpdate requests by configuring a static translation (NAT IP address or inside global IP address) for the VOSM's inside local IP address on its NAT, and using this address, rather than the VOSM's inside local IP address in the VOSM ip ip_address command when you register the device to the VOSM. If an SE or SR is inside a NAT and the VOSM is outside the NAT, you can allow the SE or SR to poll for getUpdate requests by configuring a static translation (NAT IP address or inside global IP address) for the SE or SR's inside local address on its NAT.
![]()
Note
Static translation establishes a one-to-one mapping between your inside local address and an inside global address. Static translation is useful when a host on the inside must be accessible by a fixed address from the outside.
Examples
The following example shows how to configure four external NAT IP addresses:
ServiceEngine(config)# external-ip 192.168.43.1 192.168.43.2 192.168.43.3 192.168.43.4find-pattern
To search for a particular pattern in a file, use the find-pattern command in EXEC configuration mode.
find-pattern {binary filename | case {binary filename | count filename | lineno filename | match filename | nomatch filename | recursive filename} | count filename | lineno filename | match filename | nomatch filename | recursive filename}
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use this command to search for a particular regular expression pattern in a file.
Examples
The following example shows how to search a file recursively for a case-sensitive pattern:
ServiceEngine# find-pattern case recursive admin removed_core-rw------- 1 admin root 95600640 Oct 12 10:27 /local/local1/core_dir/core.2.2.1.b5.eh.2796-rw------- 1 admin root 97054720 Jan 11 11:31 /local/local1/core_dir/core.cache.5.3.0.b131.cnbuild.14086-rw------- 1 admin root 96845824 Jan 11 11:32 /local/local1/core_dir/core.cache.5.3.0.b131.cnbuild.14823-rw------- 1 admin root 101580800 Jan 11 12:01 /local/local1/core_dir/core.cache.5.3.0.b131.cnbuild.15134-rw------- 1 admin root 96759808 Jan 11 12:59 /local/local1/core_dir/core.cache.5.3.0.b131.cnbuild.20016-rw------- 1 admin root 97124352 Jan 11 13:26 /local/local1/core_dir/core.cache.5.3.0.b131.cnbuild.30249-rw------- 1 admin root 98328576 Jan 11 11:27 /local/local1/core_dir/core.cache.5.3.0.b131.cnbuild.8095The following example searches a file for a pattern and prints the matching lines:
ServiceEngine# find-pattern match 10 removed_coreTue Oct 12 10:30:03 UTC 2004-rw------- 1 admin root 95600640 Oct 12 10:27 /local/local1/core_dir/core.5.2.1.b5.eh.2796-rw------- 1 admin root 101580800 Jan 11 12:01 /local/local1/core_dir/core.cache.5.3.0.b131.cnbuild.15134The following example searches a file for a pattern and prints the number of matching lines:
ServiceEngine# find-pattern count 10 removed_core3Related Commands
Command Descriptioncd
Changes the directory.
dir
Displays the list of files in a directory.
lls
Displays the files in a long list format.
ls
Lists the files and subdirectories in a directory.
ftp
To enable File Transfer Protocol (FTP) services, use the ftp command in global configuration mode. To cancel the request, use the no form of this command.
ftp enable
no ftp enable
Syntax Description
Defaults
None
Command Modes
Global configuration (config) mode.
Examples
The following example shows how to enable FTP services:
ServiceRouter# ftp enable
Related Commands
gulp
To capture lossless gigabit packets and write them to disk, use the gulp command in EXEC configuration mode.
gulp line
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The gulp utility captures lossless gigabit packets and writes them to disk, as well as captures packets remotely. The gulp utility has the ability to read directly from the network.
To view the list of options, enter gulp --h.
ServiceEngine# gulp --helpUsage: /ruby/bin/gulp [--help | options]--help prints this usage summarysupported options include:-d decapsulate Cisco ERSPAN GRE packets (sets -f value)-f "..." specify a pcap filter - see manpage and -d-i eth#|- specify ethernet capture interface or '-' for stdin-s # specify packet capture "snapshot" length limit-r # specify ring buffer size in megabytes (1-1024)-c just buffer stdin to stdout (works with arbitrary data)-x request exclusive lock (to be the only instance running)-X run even when locking would forbid it-v print program version and exit-Vx...x display packet loss and buffer use - see manpage-p # specify full/empty polling interval in microseconds-q suppress buffer full warnings-z # specify write blocksize (power of 2, default 65536) for long-term capture-o dir redirect pcap output to a collection of files in dir-C # limit each pcap file in -o dir to # times the (-r #) size-W # overwrite pcap files in -o dir rather than start #+1-B check if select(2) would ever have blocked on write-Y avoid writes which would blockTable 2-4 lists the gulp options and provides a description of each.
Examples
The following example shows how to get a basic capture on eth1 with a pcap filter:
ServiceEngine# gulp -i eth1 -f "..." > pcapfile
The ellipsis (...) refers to the Berkeley Packet Filter (pcap) expressions, such as "host foo."
The following example shows how to get a capture of the 10 most recent files of a 200 MB ring buffer to 1000 MB files:
ServiceEngine# gulp -i eth1 -r 200 -C 10 -W 10 -o pcapdir
Related Commands
help
To obtain online help for the command-line interface, use the help command in EXEC and global configuration modes.
help
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration and global configuration (config) modes.
Usage Guidelines
You can get help at any point in a command by entering a question mark (?). If nothing matches, the help list is empty, and you must back up until entering a ? shows the available options.
Two styles of help are provided:
•
Full help is available when you are ready to enter a command argument (for example, show ?). In addition, full help describes each possible argument.
•
Partial help is provided when you enter an abbreviated command and you want to know what arguments match the input (for example, show stat?).
Examples
The following example shows the output of the help command in EXEC configuration mode:
ServiceEngine# helpHelp may be requested at any point in a command by entering a question mark '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.Two styles of help are provided:1. Full help is available when you are ready to enter a command argument (e.g. 'show ?') and describes each possible argument.2. Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (e.g. 'show stat?'.)hostname
To configure the device's network hostname, use the hostname command in global configuration mode. To reset the hostname to the default setting, use the no form of this command.
hostname name
no hostname
Syntax Description
name
New hostname for the device; the name is case sensitive. The name may be from 1 to 30 alphanumeric characters.
Defaults
The default hostname is the SE model number.
Command Modes
Global configuration (config) mode.
Usage Guidelines
Use this command to configure the hostname for the SE. The hostname is used for the command prompts and default configuration filenames. This name is also used by content routing and conforms to the following rules:
•
It can use only alphanumeric characters and hyphens (-).
•
Maximum length is 30 characters.
•
Following characters are considered invalid and cannot be used when naming a device: @, #, $,%, ^, &, *, (), |, \""/, <>, _.
Examples
The following example changes the hostname to Sandbox:
ServiceEngine(config)# hostname SandboxSandbox(config)#The following example removes the hostname:
ServiceEngine(config)# no hostnameNO-HOSTNAME(config)#Related Commands
Command Descriptiondnslookup
Resolves a host or domain name to an IP address.
ip
Configures the IP.
show hosts
Displays the IP domain name, name servers, IP addresses, and host table.
http
To configure HTTP-related parameters, use the http command in EXEC configuration mode.
http asx-302-redirect enable
Syntax Description
asx-302-redirect
Configures 302 response for asx requests.
enable
Enables 302 redirection for asx requests.
Defaults
None
Command Modes
EXEC configuration mode.
Examples
The following example shows how to install a .bin file on the SE:
ServiceEngine# install VDS-OS-2.2.1.7-K9.bininstall
To install the VDS-OS software image, use the install command in EXEC configuration mode.
install imagefile_name
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The install command loads the system image into flash memory and the disk.
To install a system image, copy the image file to the system file system (sysfs) directory local1 or local2. Before entering the install command, change the present working directory to the directory where the system image resides. When the install command is executed, the image file is expanded. The expanded files overwrite the existing files in the SE. The newly installed version takes effect after the system image is reloaded.
![]()
Note
The install command does not accept .pax files. Files should be of the .bin type (for example, VDS-OS-2.2.1.7-K9.bin). Also, if the release being installed does not require a new system image, then it may not be necessary to write to flash memory. If the newer version has changes that require a new system image to be installed, then the install command may result in a write to flash memory.
Examples
The following example shows how to install a .bin file on the SE:
ServiceEngine# install VDS-OS-2.2.1.7-K9.binRelated Commands
interface
To configure a Gigabit Ethernet or port channel interface, use the interface command in global configuration mode. To disable selected options, restore default values, or enable a shutdown interface, use the no form of this command.
interface {GigabitEthernet slot/port_num [autosense | bandwidth {10 | 100 | 1000} | channel-group group_interface | description line | full-duplex | half-duplex | ip {access-group {access_list_num {in | out} | name} | address {ip_address_netmask | range low_num high_num netmask} | ipv6 {access-group {access_list_num {in | out}| access_list_name {in | out}} | address {range low_num high_num netmask {prefix | subnet_mask} | ip_addr/mask} | mtu mtu_size | shutdown | standby num [priority num] | tx-queue-limit queue_length] | PortChannel num [autosense | bandwidth {10 | 100 | 1000} | description line | full-duplex | half-duplex | ip line | ipv6 line | lacp | shutdown | standby num [priority num] | Standby group_number [description line | errors error_num | ip address {ip_address_netmask | range low_num high_num netmask}| ipv6 address {range low_num high_num netmask {prefix | subnet_mask} | ip_addr/mask} | shutdown] | TenGigabitEthernet slot/port_num [autosense | bandwidth {10 | 100 | 1000} channel-group group_interface | description line | full-duplex | half-duplex | ip {access-group {access_list_num {in | out} | name} | address {ip_address_netmask | range low_num high_num netmask} | ipv6 {acccess-group {access_list_num {in | out}| access_list_name {in | out}} | address {range low_num high_num netmask {prefix | subnet_mask} | ip_addr/mask} | mtu mtu_size | shutdown | standby num [priority num] | tx-queue-limit queue_length]
no interface {GigabitEthernet slot/port_num [autosense | bandwidth {10 | 100 | 1000} | channel-group group_interface | description line | full-duplex | half-duplex | ip {access-group {access_list_num {in | out} | name} | address {ip_address_netmask | range low_num high_num netmask} | ipv6 {access-group {access_list_num {in | out}| access_list_name {in | out}} | address {range low_num high_num netmask {prefix | subnet_mask} | ip_addr/mask} | mtu mtu_size | shutdown | standby num [priority num] | tx-queue-limit queue_length] | PortChannel num [autosense | bandwidth {10 | 100 | 1000} | description line | full-duplex | half-duplex | ip line | ipv6 line | lacp | shutdown | standby num [priority num] | Standby group_number [description line | errors error_num | ip address {ip_address_netmask | range low_num high_num netmask}| ipv6 address {range low_num high_num netmask {prefix | subnet_mask} | ip_addr/mask} | shutdown] | TenGigabitEthernet slot/port_num [autosense | bandwidth {10 | 100 | 1000} channel-group group_interface | description line | full-duplex | half-duplex | ip {access-group {access_list_num {in | out} | name} | address {ip_address_netmask | range low_num high_num netmask} | ipv6 {access-group {access_list_num {in | out}| access_list_name {in | out}} | address {range low_num high_num netmask {prefix | subnet_mask} | ip_addr/mask} | mtu mtu_size | shutdown | standby num [priority num] | tx-queue-limit queue_length]
Syntax Description
Defaults
Standby priority: 100.
Command Modes
Global configuration (config) mode.
Usage Guidelines
![]()
Note
The Gigabit Ethernet interfaces are shared between CIMC and UCS for UCS devices (specifically UCS220). The default values for duplex, speed, auto negotiation and advertising cannot be changed.
String to Be Set as Cookie Port Channel (EtherChannel) Interface
EtherChannel for VDS-OS supports the grouping of up to four same- network interfaces into one virtual interface. This grouping allows the setting or removing of a virtual interface that consists of two Gigabit Ethernet interfaces. EtherChannel also provides interoperability with Cisco routers, switches, and other networking devices or hosts supporting EtherChannel, load balancing, and automatic failure detection and recovery based on current link status of each interface.
You can use the Gigabit Ethernet ports to form an EtherChannel. A physical interface can be added to an EtherChannel subject to the device configuration.
Configuring Multiple IP Addresses
The Multiple Logical IP Addresses feature supports up to 24 unique IP addresses within the same subnet for the same interface.
When you configure multiple IP addresses on an SE using either the range option or using individual commands, the show running-config output displays all the IP addresses individually. The netmask value is unique for each interface, so under a single interface you cannot have multiple IP addresses with different netmask values.
Configuring IPv6
When configuring an IPv6 address on the interface, if <ipv6addr> is specified, it must be in the form of hexadecimal using16-bit values between colons (X:X:X:X: :X). Optionally, a double colon may be used when consecutive 16-bit values are denoted as zero.
To configure the IPv6 access list on an interface, first configure the Access List using the access-list enable command; <in | out> means apply for inbound or outbound packets.
interface {<GigabitEthernet | Portchannel | Standby | TenGigabitEthernet>} ipv6 access-group <access_ list_number | access_list_name> <in | out>Examples
The following example shows how to create an EtherChannel. The port channel is port channel 2 and is assigned an IP address of 10.10.10.10 and a netmask of 255.0.0.0:
ServiceEngine#
configureServiceEngine(config)#
interface PortChannel 2ServiceEngine(config-if)#
exitThe following example how to remove an EtherChannel:
ServiceEngine(config)#
interface PortChannel 2ServiceEngine(config-if)#
exitServiceEngine(config)#
no interface PortChannel 2The following example shows a sample output of the show running-config command in EXEC configuration mode:
ServiceEngine#
show running-config.
.
.
interface GigabitEthernet 0/0
description This is an interface to the WAN
ip address 192.168.1.200 255.255.255.0
bandwidth 100
exit
..The following example shows the sample output of the show interface command:
ServiceEngine#
show interface GigabitEthernet 1/0Description: This is the interface to the lab
type: EthernetThe following example shows how to create standby groups on SEs:
ServiceEngine(config)# interface GigabitEthernet 1/0 standby 2 priority 300
ServiceEngine(config)# interface GigabitEthernet 2/0 standby 2 priority 200
ServiceEngine(config)# interface GigabitEthernet 3/0 standby 2 priority 100
ServiceEngine(config)# interface standby 2 errors 10000
The following example shows how to configure multiple IP addresses using a range command:
ServiceEngine(config)#
interface PortChannel 2ServiceEngine(config-if)# ip address range 2.2.2.3 2.2.2.6 255.255.255.0
The following example shows a sample output of the show running-config command in EXEC configuration mode after configuring multiple IP addresses:
ServiceEngine#
show running-config.
interface PortChannel 4ip address 2.2.2.3 255.255.255.0ip address 2.2.2.4 255.255.255.0ip address 2.2.2.5 255.255.255.0ip address 2.2.2.6 255.255.255.0exitRelated Commands
iostat
To Show CPU and I/O statistics for devices and partitions, use the iostat command in EXEC configuration mode.
iostat [line]
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Examples
The following example shows how to display CPU statistics:
ServiceEngine# iostatLinux 2.6.32.52-cds-64 (W14-UCS220-2) 10/16/12 _x86_64_ (32 CPU)avg-cpu: %user %nice %system %iowait %steal %idle0.00 0.03 0.03 0.00 0.00 99.93Device: tps kB_read/s kB_wrtn/s kB_read kB_wrtnsdc 1.79 7.24 30.89 580715 2478770sdd 0.00 0.05 0.03 4143 2057ServiceEngine#ip (global configuration)
To change initial network device configuration settings, use the ip command in global configuration mode. To delete or disable these settings, use the no form of this command.
ip {access-list (see "ip access-list" section) | default-gateway ip_address [gateway_ip_addr] | domain-name name1 name2 name3 | name-server ip_addresses | path-mtu-discovery enable | route dest_IP_addr dest_netmask default_gateway [interface source_IP_addr]}
no ip {access-list | default-gateway ip_address [gateway_ip_addr] | domain-name name1 name2 name3 | name-server ip_addresses | path-mtu-discovery enable | route dest_IP_addr dest_netmask default_gateway [interface source_IP_addr]}
Syntax Description
Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
To define a default gateway, use the ip default-gateway command. Only one default gateway can be configured. To remove the IP default gateway, use the no form of this command. The SE uses the default gateway to route IP packets when there is no specific route found to the destination.
To define a default domain name, use the ip domain-name command. To remove the IP default domain name, use the no form of this command. Up to three domain names can be entered. If a request arrives without a domain name appended in its hostname, the proxy tries to resolve the hostname by appending name1, name2, and name3 in that order until one of these names succeeds.
The SE appends the configured domain name to any IP hostname that does not contain a domain name. The appended name is resolved by the Domain Name System (DNS) server and then added to the host table. The SE must have at least one domain name server specified for hostname resolution to work correctly.
To specify the address of one or more name servers to use for name and address resolution, use the ip name-server ip_addresses command. To disable IP name servers, use the no form of this command. For proper resolution of the hostname to the IP address or the IP address to the hostname, the SE uses DNS servers. Use the ip name-server command to point the SE to a specific DNS server. You can configure up to eight servers.
Path MTU autodiscovery discovers the MTU and automatically sets the correct value. Use the ip path-mtu-discovery enable command to start this autodiscovery utility. By default, this feature is enabled. When this feature is disabled, the sending device uses a packet size that is smaller than 576 bytes and the next hop MTU. Existing connections are not affected when this feature is turned on or off.
The VDS-OS software supports IP Path MTU Discovery, as defined in RFC 1191. When enabled, Path MTU Discovery discovers the largest IP packet size allowable between the various links along the forwarding path and automatically sets the correct value for the packet size. By using the largest MTU that the links bear, the sending device can minimize the number of packets that it must send.
![]()
Note
IP Path MTU Discovery is useful when a link in a network goes down, forcing the use of another, different MTU-sized link. IP Path MTU Discovery is also useful when a connection is first being established and the sender has no information at all about the intervening links.
IP Path MTU Discovery is started by the sending device. If a server does not support IP Path MTU Discovery, the receiving device has no mechanism available to avoid fragmenting datagrams generated by the server.
Use the ip route command to add a specific static route for a network or host. Any IP packet designated for the specified destination uses the configured route.
To configure static IP routing, use the ip route command. To remove the route, use the no form of this command. Do not use the ip route 0.0.0.0 0.0.0.0 command to configure the default gateway; use the ip default-gateway command instead.
Source Policy Routes
To configure source policy routing, use the ip route command with the interface option. By using source policy routing, the reply packet to a client leaves the SE on the same interface where the request came in. Source policy routing tables are automatically instantiated based on the interface subnets defined on the system. The policy routes are added automatically to the policy routing tables based on the nexthop gateway of the routes in the main routing table.
When configuring multiple IP address you must configure a default gateway in the same subnet. You can configure multiple gateways (up to 14).
The CDE220-2S3i supports multiple IP addresses, which includes specifying the default gateway and IP routes. The IP routes, source policy routes, were added to ensure incoming traffic would go out the same interface it came in on. An IP route was added using the interface keyword and has the following syntax:
ip route <dest_IP_addr> <dest_netmask> <default_gateway> interface <source_IP_addr>
In the following example, all destination traffic (IP address of 0.0.0.0 and netmask of 0.0.0.0) sent from the source interface, 8.1.0.2, uses the default gateway, 8.1.0.1. This is a default policy route.
ip route 0.0.0.0 0.0.0.0 8.1.0.1 interface 8.1.0.2
A non-default policy route defines a specific destination (IP address and netmask). The following ip route command is an example of a non-default policy route:
ip route 10.1.1.0 255.255.255.0 <gateway> interface <source_IP_addr>
Because you had to define the default gateway for all the interfaces as part of the multi-port support feature, the equivalent source policy route is automatically generated in the routing table. The following example shows the output for the show ip route command after upgrading the software with the default source policy routes highlighted in bold and the non-default policy routes highlighted in italics:
ServiceEngine# show ip route
Destination Gateway Netmask---------------- ---------------- ----------------172.22.28.0 8.1.0.1 255.255.255.1286.21.1.0 0.0.0.0 255.255.255.08.2.1.0 0.0.0.0 255.255.255.08.2.2.0 0.0.0.0 255.255.255.0171.70.77.0 8.1.0.1 255.255.255.08.1.0.0 0.0.0.0 255.255.0.00.0.0.0 8.1.0.1 0.0.0.00.0.0.0 8.2.1.1 0.0.0.00.0.0.0 8.2.2.1 0.0.0.0Source policy routing table for interface 8.1.0.0/16172.22.28.0 8.1.0.1 255.255.255.128171.70.77.0 8.1.0.1 255.255.255.08.1.0.0 0.0.0.0 255.255.0.00.0.0.0 8.1.0.1 0.0.0.0Source policy routing table for interface 8.2.1.0/248.2.1.0 0.0.0.0 255.255.255.00.0.0.0 8.2.1.1 0.0.0.0Source policy routing table for interface 8.2.2.0/248.2.2.0 0.0.0.0 255.255.255.00.0.0.0 8.2.2.1 0.0.0.0If you have a default source policy route where the gateway is not defined as a default gateway, then you must add it after upgrading the software. For example, if you had a source policy route with a gateway of 6.23.1.1 for a source interface of 6.23.1.12, and you did not specify the gateway as one of the default gateways, you would need to add it.
If you have a non-default source policy route, then you must add it as a regular static route (without the obsoleted interface keyword) after upgrading the software. This route is then added to the main routing table as well as the policy routing table.
Differentiated Services
The differentiated services (DiffServ) architecture is based on a simple model where traffic entering a network is classified and possibly conditioned at the boundaries of the network. The class of traffic is then identified with a differentiated services (DS) code point or bit marking in the IP header. Within the core of the network, packets are forwarded according to the per-hop behavior associated with the DS code point.
DiffServ describes a set of end-to-end QoS (Quality of Service) capabilities. End-to-end QoS is the ability of the network to deliver service required by specific network traffic from one end of the network to another. QoS in the VDS-OS software supports differentiated services.
With differentiated services, the network tries to deliver a particular kind of service based on the QoS specified by each packet. The network uses the QoS specification to classify, mark, shape, and police traffic, and to perform intelligent queueing.
Differentiated services is used for several mission-critical applications and for providing end-to-end QoS. Typically, differentiated services is appropriate for aggregate flows because it performs a relatively coarse level of traffic classification.
DS Field Definition
A replacement header field, called the DS field, is defined by differentiated services. The DS field supersedes the existing definitions of the IPv4 Type of Service (ToS) octet (RFC 791) and the IPv6 traffic class octet. A currently unused (CU) 2-bit field is reserved for explicit congestion notification (ECN). The value of the CU bits is ignored by DS-compliant interfaces when determining the Per-Hop Behavior (PHB) to apply to a received packet.
Per-Hop Behaviors
RFC 2475 defines PHB as the externally observable forwarding behavior applied at a DiffServ-compliant node to a DiffServ Behavior Aggregate (BA).
A PHB refers to the packet scheduling, queueing, policing, or shaping behavior of a node on any given packet belonging to a BA, as configured by a service level agreement (SLA) or a policy map.
There are four available standard PHBs:
•
Default PHB (as defined in RFC 2474)
•
Class-Selector PHB (as defined in RFC 2474)
•
Assured Forwarding (AFny) PHB (as defined in RFC 2597)
•
Expedited Forwarding (EF) PHB (as defined in RFC 2598)
The following sections describe the PHBs.
Assured Forwarding PHB
Assured Forwarding PHB is nearly equivalent to Controlled Load Service, which is available in the integrated services model. AFny PHB defines a method by which BAs can be given different forwarding assurances.
For example, network traffic can be divided into the following classes:
•
Gold—Traffic in this category is allocated 50 percent of the available bandwidth.
•
Silver—Traffic in this category is allocated 30 percent of the available bandwidth.
•
Bronze—Traffic in this category is allocated 20 percent of the available bandwidth.
The AFny PHB defines four AF classes: AF1, AF2, AF3, and AF4. Each class is assigned a specific amount of buffer space and interface bandwidth according to the SLA with the service provider or policy map.
Within each AF class, you can specify three drop precedence (dP) values: 1, 2, and 3. Assured Forwarding PHB can be expressed as shown in the following example: AFny. In this example, n represents the AF class number (1, 2, or 3) and y represents the dP value (1, 2, or 3) within the AFn class.
In instances of network traffic congestion, if packets in a particular AF class (for example, AF1) need to be dropped, packets in the AF1 class are dropped according to the following guideline:
dP(AFny) >= dP(AFnz) >= dP(AFnx)
where dP (AFny) is the probability that packets of the AFny class are dropped and y denotes the dP within an AFn class.
In the following example, packets in the AF13 class are dropped before packets in the AF12 class, which in turn are dropped before packets in the AF11 class:
dP(AF13) >= dP (AF12) >= dP(AF11)
The dP method penalizes traffic flows within a particular BA that exceed the assigned bandwidth. Packets on these offending flows could be re-marked by a policer to a higher drop precedence.
Expedited Forwarding PHB
Resource Reservation Protocol (RSVP), a component of the integrated services model, provides a guaranteed bandwidth service. Applications, such as Voice over IP (VoIP), video, and online trading programs, require this type of service. The EF PHB, a key ingredient of DiffServ, supplies this kind of service by providing low loss, low latency, low jitter, and assured bandwidth service.
You can implement EF by using priority queueing (PQ) and rate limiting on the class (or BA). When implemented in a DiffServ network, EF PHB provides a virtual leased line or premium service. For optimal efficiency, however, you should reserve EF PHB for only the most critical applications because, in instances of traffic congestion, it is not feasible to treat all or most traffic as high priority.
EF PHB is suited for applications such as VoIP that require low bandwidth, guaranteed bandwidth, low delay, and low jitter.
IP Precedence for ToS
IP precedence allows you to specify the class of service (CoS) for a packet. You use the three precedence bits in the IPv4 header's type of service (ToS) field for this purpose.
Using the ToS bits, you can define up to six classes of service. Other features configured throughout the network can then use these bits to determine how to treat the packet. These other QoS features can assign appropriate traffic-handling policies including congestion management strategy and bandwidth allocation. For example, although IP precedence is not a queueing method, queueing methods such as weighted fair queueing (WFQ) and Weighted Random Early Detection (WRED) can use the IP precedence setting of the packet to prioritize traffic.
By setting precedence levels on incoming traffic and using them with the VDS-OS software QoS queueing features, you can create differentiated service. You can use features, such as policy-based routing (PBR) and Committed Access Rate (CAR), to set the precedence based on an extended access list classification. For example, you can assign the precedence based on the application or user or by destination and source subnetwork.
So that each subsequent network element can provide service based on the determined policy, IP precedence is usually deployed as close to the edge of the network or the administrative domain as possible. IP precedence is an edge function that allows core or backbone QoS features, such as WRED, to forward traffic based on CoS. You can also set IP precedence in the host or network client, but this setting can be overridden by the service provisioning policy of the domain within the network.
The following QoS features can use the IP precedence field to determine how traffic is treated:
•
Distributed-WRED
•
WFQ
•
CAR
How the IP Precedence Bits Are Used to Classify Packets
You use the three IP precedence bits in the ToS field of the IP header to specify a CoS assignment for each packet. You can partition traffic into up to six classes—the remaining two classes are reserved for internal network use—and then use policy maps and extended ACLs to define network policies in terms of congestion handling and bandwidth allocation for each class.
Each precedence corresponds to a name. These names, which continue to evolve, are defined in RFC 791. The numbers and their corresponding names, are listed from least to most important.
IP precedence allows you to define your own classification mechanism. For example, you might want to assign the precedence based on an application or an access router. IP precedence bit settings 96 and 112 are reserved for network control information, such as routing updates.
The IP precedence field occupies the three most significant bits of the ToS byte. Only the three IP precedence bits reflect the priority or importance of the packet, not the full value of the ToS byte.
Examples
The following example shows how to configure a default gateway for the SE:
ServiceEngine(config)# ip default-gateway 192.168.7.18The following example disables the default gateway:
ServiceEngine(config)# no ip default-gatewayThe following example shows how to configure a static IP route for the SE:
ServiceEngine(config)# ip route 172.16.227.128 255.255.255.0 172.16.227.250The following example negates the static IP route:
ServiceEngine(config)# no ip route 172.16.227.128 255.255.255.0 172.16.227.250The following example shows how to configure a default domain name for the SE:
ServiceEngine(config)# ip domain-name cisco.comThe following example negates the default domain name:
ServiceEngine(config)# no ip domain-nameThe following example shows how to configure a name server for the SE:
ServiceEngine(config)# ip name-server 10.11.12.13The following example disables the name server:
ServiceEngine(config)# no ip name-server 10.11.12.13The following example shows how to configure source policy routing for the SE interface assigned with the IP address 192.168.1.5:
ServiceEngine(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.1 interface 192.168.1.5
Related Commands
Command Descriptionip (interface configuration)
Configures the interface Internet Protocol.
show ip routes
Displays the IP routing table.
ip (interface configuration)
To configure the interface Internet Protocol, use the interface command in interface configuration mode. To delete or disable these settings, use the no form of this command.
ip {access-group {num {in | out} {name {in | out} | address {ip_addr netmask | range {ip_addr_low ip_addr_high netmask}}
no ip {access-group {num {in | out} {name {in | out} | address {ip_addr netmask | range {ip_addr_low ip_addr_high netmask}}
Syntax Description
Defaults
None
Command Modes
Interface configuration (config-if) mode.
Usage Guidelines
You can configure multiple IP addresses for Gigabit Ethernet, port channel and Standby interfaces in the SEs. With multiple IP support, the SEs can stream the content under a specific IP while having another stream with different source IP address under the same interface.
The ip command configures up to 24 unique IP addresses within the same subnet for the same Gigabit Ethernet, port channel and Standby interface. You can add and delete IP addresses for each interface without affecting other configured IP addresses.
![]()
Note
All IP addresses configured in the same interface must be in the same subnet.
The ip range command adds and deletes an IP address range per interface without affecting other configured IP addresses, and it notifies the SR and VOSM on the added and deleted IP address. The IP address can only be deleted when it is already disassociated from the delivery service. If the delivery service's IP address has been updated, for example from 10.1.1.1 to 10.1.1.5, the service is not interrupted. The new stream uses the new IP address.
Examples
Configuring an IP Address Range
The following example shows how to configure an IP address in a range:
ServiceEngine(config)# interface PortChannel 1
ServiceEngine(config-if)# ip address 2.2.2.2 255.255.255.0
ServiceEngine(config-if)# ip address range 2.2.2.3 2.2.2.10 255.255.255.0
ServiceEngine(config-if)# ip address range 2.2.2.12 2.2.2.20 255.255.255.0
If the user configures an IP address range but one or more of the IP addresses in the range matched with an already configured IP address, the configuration is still accepted. For example, if interface PortChannel 1 has the following configuration:
interface PortChannel 1ip address 2.2.2.2 255.255.255.0ip address 2.2.2.3 255.255.255.0ip address 2.2.2.5 255.255.255.0ip address 2.2.2.12 255.255.255.0The following configuration is accepted and the IP address in the range (not the same subnet) is rejected:
ServiceEngine# configure terminal
ServiceEngine(config)# interface PortChannel 1
ServiceEngine(config-if)# ip address range 2.2.2.3 2.2.2.4 255.255.255.0
ServiceEngine(config-if)# end
If the interface PortChannel 1 has the following configuration:
interface PortChannel 1ip address 2.2.2.2 255.255.255.0ip address 2.2.2.5 255.255.255.0ip address 2.2.2.12 255.255.255.0And you enter the following commands:
ServiceEngine# configure terminal
ServiceEngine(config)# interface PortChannel 1
ServiceEngine(config-if)# ip address range 2.2.3.9 2.2.3.15 255.255.255.0
ServiceEngine(config-if)# end
It is an invalid IP address range and an incompatible netmask.
Configuring an IP Address
The following example shows how to configure an individual IP address:
ServiceEngine(config)# interface PortChannel 1
ServiceEngine(config-if)# ip address 2.2.2.2 255.255.255.0
ServiceEngine(config-if)# ip address 2.2.2.3 255.255.255.0
ServiceEngine(config-if)# ip address 2.2.2.10 255.255.255.0
Removing an IP Address
The following example shows how to remove an IP address range configuration:
ServiceEngine(config)# interface PortChannel 1
ServiceEngine(config-if)# no ip address range 2.2.2.3 2.2.2.10 255.255.255.0
The following example shows how to remove an IP address configuration:
ServiceEngine(config)# interface PortChannel 1
ServiceEngine(config-if)# no ip address 2.2.2.3 255.255.255.
Related Commands
ip access-list
To create and modify access lists for controlling access to interfaces or applications, use the ip access-list standard or ip access-list extended command in global configuration modes. To remove access control lists, use the no form of this command.
ip access-list {extended {acl_num [delete num | deny {num {ip address | any | host} | gre {ip address | any | host} | icmp {ip address | any | host} | ip {ip address | any | host} | tcp {ip address | any | host} | udp {ip address | any | host}} | insert {num {deny | permit} | list {start_line_num | end_line_num} | move {old_line_num | new_line_num} | permit {num {ip address | any | host} | gre {ip address | any | host} | icmp {ip address | any | host} | ip {ip address | any | host} | tcp {ip address | any | host} | udp {ip address | any | host}}] | acl_name [delete num | deny{num {ip address | any | host} | gre {ip address | any | host} | icmp {ip address | any | host} | ip {ip address | any | host} | tcp {ip address | any | host} | udp {ip address | any | host}} | insert {num {deny | permit} | list {start_line_num | end_line_num} | move {old_line_num | new_line_num} | permit {num {ip address | any | host} | gre {ip address | any | host} | icmp {ip address | any | host} | ip {ip address | any | host} | tcp {ip address | any | host} | udp {ip address | any | host}}] | {standard {acl_num | acl_name {delete num | deny {num {ip address | any | host} | gre {ip address | any | host} | icmp {ip address | any | host} | ip {ip address | any | host} | tcp {ip address | any | host} | udp {ip address | any | host}} | insert {num {deny | permit} | list {start_line_num | end_line_num} | move {old_line_num | new_line_num} | permit {ip address | any | host}}}}
noip access-list {extended {acl_num [delete num | deny {num {ip address | any | host} | gre {ip address | any | host} | icmp {ip address | any | host} | ip {ip address | any | host} | tcp {ip address | any | host} | udp {ip address | any | host}} | insert {num {deny | permit} | list {start_line_num | end_line_num} | move {old_line_num | new_line_num} | permit {num {ip address | any | host} | gre {ip address | any | host} | icmp {ip address | any | host} | ip {ip address | any | host} | tcp {ip address | any | host} | udp {ip address | any | host}}] | acl_name [delete num | deny{num {ip address | any | host} | gre {ip address | any | host} | icmp {ip address | any | host} | ip {ip address | any | host} | tcp {ip address | any | host} | udp {ip address | any | host}} | insert {num {deny | permit} | list {start_line_num | end_line_num} | move {old_line_num | new_line_num} | permit {num {ip address | any | host} | gre {ip address | any | host} | icmp {ip address | any | host} | ip {ip address | any | host} | tcp {ip address | any | host} | udp {ip address | any | host}}] | {standard {acl_num | acl_name {delete num | deny {num {ip address | any | host} | gre {ip address | any | host} | icmp {ip address | any | host} | ip {ip address | any | host} | tcp {ip address | any | host} | udp {ip address | any | host}} | insert {num {deny | permit} | list {start_line_num | end_line_num} | move {old_line_num | new_line_num} | permit {ip address | any | host}}}}
Syntax Description
Defaults
An access list drops all packets unless you configure at least one permit entry.
Command Modes
Global configuration (config) mode.
Usage Guidelines
Standard ACL Configuration Mode Commands
To work with a standard access list, enter the ip access-list standard command from the global configuration mode prompt. The CLI enters a configuration mode in which all subsequent commands apply to the current access list.
To add a line to the standard IP ACL, enter the following command. For example, choose a purpose (permit or deny) that specifies whether a packet is to be passed or dropped, enter the source IP address, and enter the source IP wildcard address as follows:
[insert line_num] {deny | permit} {source_ip [wildcard] | host source_ip | any}
To delete a line from the standard IP ACL, enter the following command:
delete line_num
To display a list of specified entries within the standard IP ACL, enter the following command:
list [start_line_num [end_line_num]]
To move a line to a new position within the standard IP ACL, enter the following command:
move old_line_num new_line_num
To return to the CLI global configuration mode prompt, enter the following command:
exit
To negate a standard IP ACL, enter the following command:
no {deny | permit} {source_ip [wildcard] | host source_ip | any}
Extended ACL Configuration Mode Commands
To work with an extended access list, enter the ip access-list extended command from the global configuration mode prompt. The CLI enters a configuration mode in which all subsequent commands apply to the current access list.
To delete a line from the extended IP ACL, enter the following command:
delete line_num
To move a line to a new position within the extended IP ACL, enter the following command:
move old_line_num new_line_num
To display a list of specified entries within the standard IP ACL, enter the following command:
list [start_line_num [end_line_num]]
To return to the CLI global configuration mode prompt, enter the following command:
exit
To add a condition to the extended IP ACL, note that the options depend on the chosen protocol.
For IP, enter the following command to add a condition:
[insert line_num] {deny | permit} {gre | ip | proto_num} {source_ip [wildcard] | host source_ip | any} {dest_ip [wildcard] | host dest_ip | any}
no {deny | permit} {gre | ip | proto_num} {source_ip [wildcard] | host source_ip | any} {dest_ip [wildcard] | host dest_ip | any}
where if you enter proto_num is 47 or 0, they represent the equivalent value for GRE or IP.
For TCP, enter the following command to add a condition:
[insert line_num] {deny | permit} {tcp | proto_num} {source_ip [wildcard] | host source_ip | any} [operator port [port]] {dest_ip [wildcard] | host dest_ip | any} [operator port [port]] [established]
no {deny | permit} {tcp | proto_num} {source_ip [wildcard] | host source_ip | any} [operator port [port]] {dest_ip [wildcard] | host dest_ip | any} [operator port [port]] [established]
where proto_num can be 6, which is the equivalent value for TCP.
For UDP, enter the following command to add a condition:
[insert line_num] {deny | permit} {udp | proto_num} {source_ip [wildcard] | host source_ip | any} [operator port [port]] {dest_ip [wildcard] | host dest_ip | any} [operator port [port]]
no {deny | permit} {udp | proto_num} {source_ip [wildcard] | host source_ip | any} [operator port [port]] {dest_ip [wildcard] | host dest_ip | any} [operator port [port]]
where proto_num can be 17, which is the equivalent value for UDP.
For Internet Control Message Protocol (ICMP), enter the following command to add a condition:
[insert line_num] {deny | permit} {icmp | proto_num} {source_ip [wildcard] | host source_ip | any} {dest_ip [wildcard] | host dest_ip | any} [icmp_type [code] | icmp_msg]
no {deny | permit} {icmp | proto_num} {source_ip [wildcard] | host source_ip | any} {dest_ip [wildcard] | host dest_ip | any} [icmp_type [code] | icmp_msg]
where proto_num can be 2, which is the equivalent value for ICMP.
For extended IP ACLs, the wildcard keyword is required if the host keyword is not specified. For a list of the keywords that you can use to match specific ICMP message types and codes, see Table 2-7. For a list of supported UDP and TCP keywords, see Table 2-5 and Table 2-6.
Use access lists to control access to specific applications or interfaces on an SE. An ACL consists of one or more condition entries that specify the kind of packets that the SE drops or accepts for further processing. The SE applies each entry in the order in which it occurs in the access list, which by default, is the order in which you configured the entry.
The following are some examples of how IP ACLs can be used in environments that have SEs:
•
SE resides on the customer premises and is managed by a service provider, and the service provider wants to secure the device for its management only.
•
SE is deployed anywhere within the enterprise. As with routers and switches, the administrator wants to limit Telnet and SSH access to the IT source subnets.
•
Application layer proxy firewall with a hardened outside interface has no ports exposed. (Hardened means that the interface carefully restricts which ports are available for access, primarily for security reasons. With an outside interface, many types of security attacks are possible.) The SE's outside address is Internet global, and its inside address is private. The inside interface has an IP ACL to limit Telnet and SSH access to the SE.
•
SE is deployed as a reverse proxy in an untrusted environment. The SE administrator wants to allow only port 80 inbound traffic on the outside interface and outbound connections on the back-end interface.
Within ACL configuration mode, you can use the editing commands (list, delete, and move) to display the current condition entries, to delete a specific entry, or to change the order in which the entries are evaluated. To return to global configuration mode, enter exit at the ACL configuration mode prompt.
To create an entry, use a deny or permit keyword and specify the type of packets that you want the SE to drop or to accept for further processing. By default, an access list denies everything because the list is terminated by an implicit deny any entry. You must include at least one permit entry to create a valid access list.
After creating an access list, you can include the access list in an access group using the access-group command, which determines how the access list is applied. You can also apply the access list to a specific application using the appropriate command. A reference to an access list that does not exist is the equivalent of a permit any condition statement.
To work with access lists, enter either the ip access-list standard or ip access-list extended global configuration command. Identify the new or existing access list with a name up to 30 characters long beginning with a letter or with a number. If you use a number to identify a standard access list, it must be between 1 and 99; for an extended access list, use a number from 100 to 199. Use a standard access list for providing access to the Simple Network Management Protocol (SNMP) server or to the Trivial File Transfer Protocol (TFTP) gateway or server.
After you identify the access list, the CLI enters the appropriate configuration mode and all subsequent commands apply to the specified access list.
ip access-list standard Command
You typically use a standard access list to allow connections from a host with a specific IP address or from hosts on a specific network. To allow connections from a specific host, use the permit host source_ip option and replace source_ip with the IP address of the specific host.
To allow connections from a specific network, use the permit source_ip wildcard option. Replace source_ip with a network ID or the IP address of any host on the network that you want to specify. Replace wildcard with the dotted decimal notation for a mask that is the reverse of a subnet mask, where a 0 indicates a position that must be matched and a 1 indicates a position that does not matter. For instance, the wildcard 0.0.0.255 causes the last eight bits in the source IP address to be ignored. Therefore, the permit 192.168.1.0 0.0.0.255 entry allows access from any host on the 192.168.1.0 network.
ip access-list extended Command
Use an extended access list to control connections based on the destination IP address or based on the protocol type. You can combine these conditions with information about the source IP address to create more restrictive conditions. Table 2-5 lists the UDP keywords that you can use with extended access lists.
Table 2-6 lists the TCP keywords that you can use with extended access lists.
Table 2-7 lists the keywords that you can use to match specific ICMP message types and codes.
Examples
The following example shows how to create an access list to allow all web traffic and to allow only a specific host administrative access using Secure Shell (SSH):
ServiceEngine(config)# ip access-list extended exampleServiceEngine(config-ext-nacl)# permit tcp any any eq wwwServiceEngine(config-ext-nacl)# permit tcp host 10.1.1.5 any eq sshServiceEngine(config-ext-nacl)# exitThe following example shows how to activate the access list for an interface:
ServiceEngine(config)# interface gigabitethernet 1/0ServiceEngine(config-if)# exitThe following example shows how this configuration appears when you enter the show running-configuration command:
...!ip access-list extended examplepermit tcp any any eq wwwpermit tcp host 10.1.1.5 any eq sshexit...Related Commands
ipv6
To specify the default gateway's IPv6 address, use the ipv6 command in global configuration mode. To disable the IPv6 address, use the no form of this command.
ipv6 {access-list {extended {extended_acess_list_num [delete num | deny {protocol_num {any | host | ipv6_addr} | gre {any | host | ipv6_addr} | icmpv6 {any | host | ipv6_addr} | ip {any | host | ipv6_addr} | tcp {any | host | ipv6_addr} | udp {any | host | ipv6_addr} | insert position_num {deny {protocol_num {any | host | ipv6_addr} | gre {any | host | ipv6_addr} | icmpv6 {any | host | ipv6_addr} | ip {any | host | ipv6_addr} | tcp {any | host | ipv6_addr} | udp {any | host | ipv6_addr}} | permit {any | host | ipv6_addr}} | list [position_start position_end] | move {move_from move_to} | permit {protocol_num {any | host | ipv6_addr} | gre {any | host | ipv6_addr} | icmpv6 {any | host | ipv6_addr} | ip {any | host | ipv6_addr} | tcp {any | host | ipv6_addr} | udp {any | host | ipv6_addr}}] | access_list name [delete num | deny {protocol_num {any | host | ipv6_addr} | gre {any | host | ipv6_addr} | icmpv6 {any | host | ipv6_addr} | ip {any | host | ipv6_addr} | tcp {any | host | ipv6_addr} | udp {any | host | ipv6_addr}} | insert position_num {deny {protocol_num {any | host | ipv6_addr} | gre {any | host | ipv6_addr} | icmpv6 {any | host | ipv6_addr} | ip {any | host | ipv6_addr} | tcp {any | host | ipv6_addr} | udp {any | host | ipv6_addr}} | permit} | list [position_start position_end] | move {move_from move_to} | permit {protocol_num {any | host | ipv6_addr} | gre {any | host | ipv6_addr} | icmpv6 {any | host | ipv6_addr} | ip {any | host | ipv6_addr} | tcp {any | host | ipv6_addr} | udp {any | host | ipv6_addr}}]} | standard {standard_acess_list_num [delete num | deny {any | host | ipv6_addr} | insert position_num {deny {any | host | ipv6_addr} | permit {any | host | ipv6_addr}} | list [position_start position_end] | move {move_from move_to} | permit {any | host | ipv6_addr} | default-gateway ip_address | route dest_ip_adder gateway_ip_addr}
no ipv6 {access-list {extended {extended_acess_list_num [delete num | deny {protocol_num {any | host | ipv6_addr} | gre {any | host | ipv6_addr} | icmpv6 {any | host | ipv6_addr} | ip {any | host | ipv6_addr} | tcp {any | host | ipv6_addr} | udp {any | host | ipv6_addr} | insert position_num {deny {protocol_num {any | host | ipv6_addr} | gre {any | host | ipv6_addr} | icmpv6 {any | host | ipv6_addr} | ip {any | host | ipv6_addr} | tcp {any | host | ipv6_addr} | udp {any | host | ipv6_addr}} | permit {any | host | ipv6_addr}} | list [position_start position_end] | move {move_from move_to} | permit {protocol_num {any | host | ipv6_addr} | gre {any | host | ipv6_addr} | icmpv6 {any | host | ipv6_addr} | ip {any | host | ipv6_addr} | tcp {any | host | ipv6_addr} | udp {any | host | ipv6_addr}}] | access_list name [delete num | deny {protocol_num {any | host | ipv6_addr} | gre {any | host | ipv6_addr} | icmpv6 {any | host | ipv6_addr} | ip {any | host | ipv6_addr} | tcp {any | host | ipv6_addr} | udp {any | host | ipv6_addr}} | insert position_num {deny {protocol_num {any | host | ipv6_addr} | gre {any | host | ipv6_addr} | icmpv6 {any | host | ipv6_addr} | ip {any | host | ipv6_addr} | tcp {any | host | ipv6_addr} | udp {any | host | ipv6_addr}} | permit} | list [position_start position_end] | move {move_from move_to} | permit {protocol_num {any | host | ipv6_addr} | gre {any | host | ipv6_addr} | icmpv6 {any | host | ipv6_addr} | ip {any | host | ipv6_addr} | tcp {any | host | ipv6_addr} | udp {any | host | ipv6_addr}}]} | standard {standard_acess_list_num [delete num | deny {any | host | ipv6_addr} | insert position_num {deny {any | host | ipv6_addr} | permit {any | host | ipv6_addr}} | list [position_start position_end] | move {move_from move_to} | permit {any | host | ipv6_addr} | default-gateway ip_address | route dest_ip_adder gateway_ip_addr}
Syntax Description
Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
Explosive growth in network device diversity and mobile communications, along with global adoption of networking technologies have resulted in IPv4 addresses getting exhausted. IPv4 address space has a theoretical limit of 4.3 billion addresses. IPv6 quadruples the number of network address bits from 32 bits (in IPv4) to 128 bits. This provides more than enough globally unique IP addresses for every networked device in use.
VOS-IS IPv6 ACL, a permit or deny policy for IPv6 traffic you want to filter is based on source and destination IPv6 address, plus other IPv6 protocol factors such as TCP/UDP, Internet Control Message Protocol v6 (ICMPv6) and GRE, or specify the port number. This command mirrors IPv4:
[no] ipv6 access-list {<standard|extended>} {<name|number>} {<permit|deny|delete|move|insert|list>} {protocol no|protocol name}[any|host|ipv6addr/prefix] {any|host|ipv6addr/prefix}IPv6 access lists are identified by user selected names. Access lists are defined by a list of "permit" and "deny" statements.
[no] ip name-server {<hostname|ipv6addr|ipv4addr>}[no] ntp server {<hostname|ipv6addr|ipv4addr>}These above configurations should support both IPv6 and IPv4 addresses.
Domain Name System (DNS) Configuration
The IPv6 address name server must be configured by using the ipv6 name-server ip-address command.
![]()
Note
The Service Router acts as the authoritative DNS server, and supports IPv6 DNS extensions.
If an IPv6 address is configured on the SR for DNS, the communication between the SR and the DNS server is over the IPv6 transport. The IPv4 address of the Service Router must be configured in the DNS server, so that the Service Router can respond to both A and AAAA queries. In this case, the communication between the DNS Server and the SR is over IPv4 transport.
Service Router
Communication between the SE and SR is through the IPv4 stack, including the keep-alive message. If IPv6 is enabled, then the keep-alive message includes the IPv6 address of the SE in the keep-alive message payload. This enables the SR to resolve the SE's IPv6 address correctly.
The SR operates as a DNS Server for the requests that belong to the delivery service to which the SR is associated. The SR is provisioned to respond to A or AAAA queries for the configured Service Routing Domain Name (RFQDN). The query can be on either an IPv4 or IPv6 transport.
The SR accepts the HTTP, Real-Time Streaming Protocol (RTSP), and Real-Time Messaging Protocol (RTMP) requests and sends back the response by way of the IPv6 transport. The SR also supports the IP-based redirection, and includes the IPv6 address of the SE in the redirect URL. If the redirect URL has the SE host name, the client sends a DNS query to the SR, and the SR responds with the SE's IPv4 address for the A query and the SE's IPv6 address for the AAAA query.
The Coverage Zone file supports IPv6 and IPv4 addresses. The network and subnetwork addresses in the Coverage Zone file support CIDR format (IP address with a prefix).
Examples
The following example shows how to configure an IPv6-related address:
ServiceRouter(config)# ipv6 default-gateway fec0: :100/64
When configuring a static IPv6 prefix route, specify the host ipv6 address and prefix. <next-hop> is the IPv6 address of the next-hop to reach the destination prefix. The following example shows how to configure a static IPv6 prefix route:
ServiceRouter(config)# ipv6 route <ipv6addr/prefix> <next-hop>
Related Commands
Command Descriptionclear ipv6
Clears IPv6 ACL counters.
show ipv6
Displays the IPv6 information.
traceroute6
Traces the route to a remote IPv6-enabled host.
kernel
To configure the kernel, use the kernel command in global configuration mode. To disable the kernel configuration, use the no form of this command.
kernel {kdb | optimization network}
no kernel {kdb | optimization network}
Syntax Description
kdb
Specifies the kernel debugger (kdb).
optimization
Enables kernel performance optimization.
network
Optimizes network performance.
Defaults
Kdb is disabled by default.
Command Modes
Global configuration (config) mode.
Usage Guidelines
Once enabled, KDB is automatically activated when kernel problems occur. Once activated, all normal functioning of the VDS-OS device is suspended until KDB is manually deactivated. The KDB prompt looks like this prompt:
[ 0 ] kdb>
To deactivate KDB, enter go at the KDB prompt. If KDB was automatically activated because of kernel problems, you must reboot to recover from the issue. If you activated KDB manually for diagnostic purposes, the system resumes normal functioning in whatever state it was when you activated KDB. In either case, if you enter reboot, the system restarts and normal operation resumes.
Examples
The following example shows how to enable KDB:
ServiceEngine(config)# kernel kdbThe following example shows how to disable KDB:
ServiceEngine(config)# no kernel kdbline
To specify terminal line settings, use the line command in global configuration mode. To disable terminal line settings, use the no form of this command.
line console carrier-detect
no line console carrier-detect
Syntax Description
console
Configures the console terminal line settings.
carrier-detect
Sets the device to check the carrier detect signal before writing to the console.
Defaults
This feature is disabled by default.
Command Modes
Global configuration (config) mode.
Usage Guidelines
You should enable carrier detection if you connect the SE, SR, or VOSM to a modem for receiving calls. If you are using a null modem cable with no carrier detect pin, the device might appear unresponsive on the console until the carrier detect signal is asserted. To recover from a misconfiguration, you should reboot the device and set the 0x2000 bootflag to ignore the carrier detect setting.
Examples
The following example shows how to specify terminal line settings:
ServiceEngine(config)# line console carrier-detectlls
To view a long list of directory names, use the lls user command in user EXEC configuration mode.
lls [directory]
Syntax Description
Defaults
None
Command Modes
User EXEC configuration mode.
Usage Guidelines
This command provides detailed information about files and subdirectories stored in the present working directory (including size, date, time of creation, system file system (sysfs) name, and long name of the file). This information can also be viewed with the dir command.
Examples
The following example shows how to view a long list of directory names:
ServiceEngine# llssize time of last change name-------------- ------------------------- -----------4096 Mon Jan 10 14:02:26 2005 <DIR> WebsenseEnterprise4096 Mon Jan 10 14:02:26 2005 <DIR> Websense_config_backup10203 Mon Feb 28 04:24:53 2005 WsInstallLog4096 Wed Feb 9 00:59:48 2005 <DIR> core_dir4096 Mon Jan 10 13:49:27 2005 <DIR> crash382 Tue Mar 1 03:32:13 2005 crka.log1604 Tue Feb 22 03:55:04 2005 dbupgrade.log4096 Mon Jan 10 14:02:31 2005 <DIR> downgrade4096 Mon Feb 28 04:17:32 2005 <DIR> errorlog53248 Tue Mar 1 03:01:53 2005 <DIR> logs16384 Mon Jan 10 13:49:26 2005 <DIR> lost+found438 Tue Jan 11 05:37:57 2005 new_file.xml8192 Tue Mar 1 00:00:00 2005 <DIR> preload_dir4096 Tue Mar 1 03:26:00 2005 <DIR> sa40960 Tue Mar 1 03:32:15 2005 <DIR> service_logs4096 Tue Feb 22 03:51:25 2005 <DIR> smartfilter384802 Mon Feb 28 03:46:00 2005 syslog.txt16296 Mon Feb 21 04:42:12 2005 test4096 Mon Jan 10 14:02:24 2005 <DIR> varRelated Commands
logging
To configure system logging, use the logging command in global configuration mode. To disable logging functions, use the no form of this command.
logging {console {enable | priority loglevel} | disk {enable | filename filename | priority loglevel | recycle size} | facility facility | host {hostname | ip_address} [port port_num | priority loglevel | rate-limit message_rate]}
no logging {console {enable | priority loglevel} | disk {enable | filename filename | priority loglevel | recycle size} | facility facility | host {hostname | ip_address} [port port_num | priority loglevel | rate-limit message_rate]}
Syntax Description
Defaults
Logging: on
Priority of message for console: warning
Priority of message for log file: debug
Priority of message for a host: warning
Log file: /local1/syslog.txt
Log file recycle size: 10,000,000
Command Modes
Global configuration (config) mode.
Usage Guidelines
Use the logging command to set specific parameters of the system log file. System logging is always enabled internally on the SE. The system log file is located on the system file system (sysfs) partition as /local1/syslog.txt. This file contains the output from many of the VDS-OS components running on the SE, such as authentication entries, privilege levels, administrative details, and diagnostic output during the boot process.
To view information about events that have occurred in all devices in your VDS-OS network, you can use the system message log feature. When a problem occurs in the VDS-OS network, use the system message logs to diagnose and correct such problems.
The syslog.txt file on the VOSM contains information about events that have occurred on the VOSM and not on the registered nodes. The messages written to the syslog.txt file depend on specific parameters of the system log file that you have set using the logging global configuration command. For example, a critical error message logged on a registered node does not appear in the syslog.txt file on the VOSM because the problem never occurred on the VOSM but occurred only on the registered node. However, such an error message is displayed in the syslog.txt file on the registered node.
A disk failure syslog message is generated every time that a failed sector is accessed. Support for filtering multiple syslog messages for a single failed sector on an Integrated Drive Electronics (IDE) disk was added. Support for filtering multiple syslog messages for a single failed section for Small Computer Systems Interface (SCSI) disks and Serial Advanced Technology Attachment (SATA) disks exists.
To configure the SE to send varying levels of event messages to an external syslog host, use the logging host command. Logging can be configured to send various levels of messages to the console using the logging console priority command.
The no logging disk recycle size command sets the file size to the default value. Whenever the current log file size surpasses the recycle size, the log file is rotated. The log file cycles through at most five rotations, and they are saved as [log file name]. [1-5] under the same directory as the original log. The rotated log file is the one configured using the logging disk filename command.
Configuring System Logging to Remote Syslog Hosts
Users can log to only a single remote syslog host Use one of the following two commands to configure a single remote syslog host for an SE:
ServiceEngine(config)#
logging host hostnameServiceEngine(config)#
logging priority priorityYou can configure an SE to send varying levels of messages to up to four remote syslog hosts. To accommodate this, logging host priority priority global configuration command (shown above) is deprecated, and the logging host hostname global configuration command is extended as follows:
ServiceEngine(config)# [no]
logging host hostname [priority priority-code | port port | rate-limit limit]where the following is true:
•
hostname is the hostname or IP address of the remote syslog host. Specify up to four remote syslog hosts. To specify more than one syslog host, use multiple command lines; specify one host per command.
•
priority-code is the severity level of the message that should be sent to the specified remote syslog host. The default priority code is warning (level 4). Each syslog host can receive a different level of event messages.
![]()
Note
You can achieve syslog host redundancy by configuring multiple syslog hosts on the SE and assigning the same priority code to each configured syslog host (for example, assigning a priority code of critical level 2 to syslog host 1, syslog host 2, and syslog host 3).
•
port is the destination port of the remote syslog host to which the SE is to send the messages. The default port is port 514.
•
rate-limit specifies the number of messages that are allowed to be sent to the remote syslog host per second. To limit bandwidth and other resource consumption, messages to the remote syslog host can be rate limited. If this limit is exceeded, messages to the specified remote syslog host are dropped. There is no default rate limit, and by default all syslog messages are sent to all the configured syslog hosts. If the rate limit is exceeded, a message of the day (MOTD) is printed for any CLI EXEC shell login.
Mapping syslog Priority Levels to RealProxy Error Codes
The RealProxy system generates error messages and writes them to the RealProxy log file. These error messages are captured by the caching application and passed to the system log file. A one-to-one mapping exists between the RealProxy error codes and the syslog priority levels.
Examples
The following example shows that the SE is configured to send messages that have a priority code of "error" (level 3) to the console:
ServiceEngine(config)# logging console priority warningsThe following example shows that the SE is configured to disable sending of messages that have a priority code of "error" (level 3) to the console:
ServiceEngine(config)# no logging console warningsThe following example shows that the SE is configured to send messages that have a priority code of "error" (level 3) to the remote syslog host that has an IP address of 172.31.2.160:
ServiceEngine(config)#
logging host 172.31.2.160 priority errorRelated Commands
ls
To view a list of files or subdirectory names within a directory, use the ls command in EXEC configuration mode.
ls [directory]
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
To list the filenames and subdirectories within a particular directory, use the ls directory command; to list the filenames and subdirectories of the current working directory, use the ls command. To view the present working directory, use the pwd command.
Examples
The following example shows how to display a list of files within the current working directory:
ServiceEngine# ls/local1The following example shows how to display a list of files within the /local1 directory:
ServiceEngine# ls /local1core_dircrasherrorloglogslost+foundservice_logssmartfiltersyslog.txtRelated Commands
mkdir
To create a directory, use the mkdir command in EXEC configuration mode.
mkdir directory
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use this command to create a new directory or subdirectory in the SE file system.
Examples
The following example shows how to create a new directory under local1:
ServiceEngine# mkdir /local1/mydirRelated Commands
mkfile
To create a new file, use the mkfile command in EXEC configuration mode.
mkfile filename
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use this command to create a new file in any directory of the SE.
Examples
The following example shows how to create a new file:
ServiceEngine# mkfile traceinfoRelated Commands
model
To change the CDE250 platform model number after a remanufacturing or rescue process, use the model command in EXEC configuration mode.
model {cde250-2S10 | cde250-2S6 | cde250-2S8 | cde250-2S9}
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use the model command to change the CDE250 model type. Table 2-8 shows the internal and external drives for the CDE250 models.
Examples
The following example shows how to change the CDE250 to model 2S9:
ServiceEngine# model CDE250-2S6
This platform is already a CDE250-2S6.ServiceEngine#mount-option
To configure the mount option profile for remote storage, use the mount-option command in global configuration mode. To delete the configuration, use the no form of this command.
mount-option config-url url [username username password password]
no mount-option config-url url [username username password password]
Syntax Description
Command Default
None
Command Modes
Global configuration (config) mode.
Examples
The following example shows how configure the mount option:
ServiceEngine(config)# mount-option config-url ftp://domain/path/config.xmlRelated Commands
mpstat
To display processor-related statistics, use the mpstat command in EXEC configuration mode.
mpstat line
Syntax Description
Command Default
None
Command Modes
EXEC configuration mode.
Examples
The following example shows how to display the mpstat list of options:
ServiceEngine# mpstat -h
Linux 2.6.32.52-cds-64 (W14-UCS220-3) 10/17/12 _x86_64_ (8 CPU)01:50:50 CPU %usr %nice %sys %iowait %irq %soft %steal %guest %idle01:50:50 all 0.01 0.11 0.12 0.02 0.00 0.00 0.00 0.00 99.74ServiceEngine#netmon
To display the transmit and receive activity on an interface, use the netmon command in EXEC configuration mode.
netmon line
Syntax Description
Command Default
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The netmon utility displays the transmit and receive activity on each interface in megabits per second (Mbps), bytes per second (Bps), and packets per second (pps).
Examples
The following example shows how to display the netmon list of options:
ServiceEngine# netmon -h
Usage: netmon [<loop-time-in-seconds>] [<iterations>](runs forever if iterations not specified)Related Commands
netstatr
To display the rate of change of netstat statistics, use the netstatr command in EXEC configuration mode.
netstatr line
Syntax Description
Command Default
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The netstatr utility displays the rate of change, per second, of netstat statistics for a given period of time. The average rate per second is displayed, regardless of the sample period. To view the list of options, enter netstatr -h.
Examples
The following example shows how to display the netstart list of options:
ServiceEngine# netstatr -h
Usage: netstatr [-v] [<loop-time-in-seconds>] [<iterations>]-v verbose mode(default is 3 sec loop time, run forever)Related Commands
no (global configuration)
To undo a command in global configuration mode or set its defaults, use the no form of a command in global configuration mode.
no command
![]()
Note
The commands you can use with a VDS-OS device (including the no form of each command) vary based on whether the device is configured as a VOSM, SE, or SR. See Table 2-1 to identify the commands available for a specific device.
Syntax Description
Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
Valid values for command are as follows:
Use the no command to disable functions or negate a command. If you need to negate a specific command, such as the default gateway IP address, you must include the specific string in your command, such as no ip default-gateway ip-address.
no (interface configuration)
To negate an interface configuration mode, use the no command in interface configuration mode.
no {autosense | bandwidth {10-10 | 100-100 | 1000-1000 | 10000-10000} | description | full-duplex | half-duplex | ip {access-group {num {in | out} | name {in | out} | address ip-addr} | ipv6 {access-group {num {in | out} | name {in | out} | address ip-addr} | lacp | mtu | shutdown | standby group-num [priority interface]}
Syntax Description
Defaults
Priority: 100.
Command Modes
Interface configuration (config-if) mode.
Related Commands
ntp
To configure the Network Time Protocol (NTP) server and to allow the system clock to be synchronized by a time server, use the ntp command in global configuration mode. To disable this function, use the no form of this command.
ntp server {ip_address | hostname} [ip_addresses | hostnames]
no ntp server {ip_address | hostname} [ip_addresses | hostnames]
Syntax Description
Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
Use this command to synchronize the SE, SR or VOSM clock with the specified NTP server. The ntp server command enables NTP servers for timekeeping purposes and is the only way to synchronize the system clock with a time server.
When you synchronize the VOSM clock with an NTP server, there is a possibility of all devices registered with the VOSM being shown as offline and then reverted to online status. This situation can occur when synchronization with the NTP server sets the VOSM clock forward in time by an interval greater than at least two polling intervals or when the software clock on the VOSM is changed by a similar value using the clock command in EXEC configuration mode. The VOSM determines the status of devices in the VDS-OS network depending on when it was last contacted by the devices for a getUpdate request. If you set the VOSM clock ahead in time, you have added that amount of time to the period since the VOSM received the last getUpdate request. However, it is only a transient effect. Once the devices contact the VOSM for their next getUpdate request after the clock setting change, the VOSM GUI reports the status of all devices correctly.
Examples
The following example shows how to configure the IP address of the time server providing the clock synchronization:
ServiceEngine(config)# ntp server 172.16.22.44The following example shows how to reset the time server providing the clock synchronization:
ServiceEngine(config)# no ntp server 172.16.22.44Related Commands
Command Descriptionclock
Sets or clears clock functions or updates the calendar.
show clock
Displays the system clock.
show ntp
Displays the Network Time Protocol parameters.
ntpdate
To set the software clock (time and date) using a Network Time Protocol (NTP) server, use the ntpdate command in EXEC configuration mode.
ntpdate {hostname | ip_address}
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use NTP to find the current time of day and set the SE current time to match. The ntpdate command synchronizes the software clock with the hardware clock.
Examples
The following example shows how to set the software clock of the SE using an NTP server:
ServiceEngine# ntpdate 10.11.23.40Related Commands
ping
To send echo packets for diagnosing basic network connectivity on networks, use the ping command in EXEC configuration mode.
ping {hostname | ip_address}
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
To use this command with the hostname argument, be sure that Domain Name System (DNS) functionality is configured on your SE. To force the timeout of a nonresponsive host or to eliminate a loop cycle, press Ctrl-C.
Following are sample results of the ping command:
•
Normal response—The normal response occurs in 1 to 10 seconds, depending on network traffic.
•
Destination does not respond—If the host does not respond, a no answer from host message appears in 10 seconds.
•
Destination unreachable—The gateway for this destination indicates that the destination is unreachable.
•
Network or host unreachable—The SE found no corresponding entry in the route table.
Examples
The following example shows how to test the basic network connectivity with a host:
ServiceEngine# ping 172.19.131.189PING 172.19.131.189 (172.19.131.189) from 10.1.1.21 : 56(84) bytes ofdata.64 bytes from 172.19.131.189: icmp_seq=0 ttl=249 time=613 usec64 bytes from 172.19.131.189: icmp_seq=1 ttl=249 time=485 usec64 bytes from 172.19.131.189: icmp_seq=2 ttl=249 time=494 usec64 bytes from 172.19.131.189: icmp_seq=3 ttl=249 time=510 usec64 bytes from 172.19.131.189: icmp_seq=4 ttl=249 time=493 usec--- 172.19.131.189 ping statistics ---5 packets transmitted, 5 packets received, 0% packet lossround-trip min/avg/max/mdev = 0.485/0.519/0.613/0.047 msServiceEngine#ping6
To ping the IPv6 address, use the ping6 command in EXEC configuration mode.
ping6 line ip_address
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Examples
The following example shows how to ping the IPv6 address:
ServiceEngine# ping6 fec0: :100/64
Related Commands
port-channel
To configure the port channel load balancing, use the port-channel command in global configuration mode. To disable load balancing, use the no form of this command.
port-channel load-balance {dst-ip | dst-mac | dst-mixed-ip-port | dst-port | round-robin | src-dst-mac | src-dst-mixed-ip-port | src-dst-port | src-ip | src-mixed-ip-port | src-port}
no port-channel load-balance
Syntax Description
Defaults
Round-robin is the default load balancing method.
Command Modes
Global configuration (config) mode.
Usage Guidelines
The port-channel load-balance command configures one of three load balancing algorithms and provides flexibility in choosing interfaces when an Ethernet frame is sent. The round-robin keyword allows evenly balanced usage of identical network interfaces in a channel group. Because this command takes effect globally, if two channel groups are configured, they must use the same load balancing.
The other balancing options give you the flexibility to choose specific interfaces (by IP address, MAC address, port) when sending an Ethernet frame. The source and destination options, while calculating the outgoing interface, take into account both the source and destination (MAC address or port).
Because the VDS-OS software normally starts IP packets or Ethernet frames, it does not support hashing based on the source IP address and source MAC address. The round-robin keyword is the default load balancing algorithm to evenly distribute traffic among several identical network interfaces.
To remove a port channel, use the no port-channel interface PortChannel command.
![]()
Note
Ingress traffic from Network-Attached Storage (NAS) mounts is not distributed evenly over port channels. Separate interfaces can be used for NAS outside of the port-channel configuration to achieve better load balancing. Ingress traffic to the VDS-OS is determined by the switch, this applies to all application traffic over port channels.
For load balancing, the round robin method alone is not supported with LACP.
Examples
The following example shows how to configure the round-robin load balancing method on an SE:
ServiceEngine(config)# port-channel load-balance round-robinRelated Commands
primary-interface
To configure the primary interface for the VDS-OS network, use the primary-interface command in global configuration mode. Use the no form of the command to remove the configured primary interface.
primary-interface {GigabitEthernet 1-2/port | PortChannel 1-2 | Standby group_num}
no primary-interface {GigabitEthernet 1-2/port | PortChannel 1-2 | Standby group_num}
Syntax Description
Defaults
The default primary interface is the first operational interface on which a link beat is detected. Interfaces with lower-number IDs are polled first (for example, GigabitEthernet 0/0 is checked before 1/0). Primary interface configuration is required for the proper functioning of the Centralized Management System (CMS). After devices are registered to the VOSM, the VOSM uses the configured primary interface to communicated with the registered devices.
You cannot enable the VDS-OS network without specifying the primary interface. Also, you must have chosen the primary interface before you enable the CMS. The primary interface can be changed without disabling the VDS-OS network. The primary interface specifies the default route for an interface. To change the primary interface, choose a different interface as the primary interface.
![]()
Note
Whenever the IP address of the primary interface is changed, the Domain Name System (DNS) server must be restarted.
You can select a standby interface as the primary interface (you can enter the primary-interface Standby group_num command) to specify a standby group as the primary interface on an SE.
Command Modes
Global configuration (config) mode.
Usage Guidelines
The primary-interface command in global configuration mode allows the administrator to specify the primary interface for the VDS-OS network.
The primary interface can be changed without disabling the VDS-OS network. To change the primary interface, re-enter the command string and specify a different interface.
![]()
Note
If you use the restore factory-default preserve basic-config command, the configuration for the primary interface is not preserved. On a device in a VDS-OS network, if you want to re-enable the VDS-OS network after using the restore factory-default preserve basic-config command, make sure to reconfigure the primary interface after the factory defaults are restored.
Examples
The following example shows how to specify the Gigabit Ethernet slot 1 port 0 as the primary interface on an SE:
ServiceEngine(config)# primary-interface GigabitEthernet 1/0The following example shows how to specify the Gigabit Ethernet slot 2 port 0 as the primary interface on an SE:
ServiceEngine(config)# primary-interface GigabitEthernet 2/0pwd
To view the present working directory, use the pwd command in EXEC configuration mode.
pwd
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use this command to display the present working directory of the SE.
Examples
The following example shows how to view the present working directory:
ServiceEngine# pwd/local1Related Commands
radius-server
To configure RADIUS authentication parameters, use the radius-server command in global configuration mode. To disable RADIUS authentication parameters, use the no form of this command.
radius-server {enable | host {hostname | host_ipaddr} [auth-port port] | key keyword | redirect {enable | message reply location url} | retransmit retries | timeout seconds}
no radius-server {enable | host {hostname | host_ipaddr} | key | redirect {enable | message reply location url} | retransmit | timeout}
Syntax Description
Defaults
auth-port port: UDP port 1645
retransmit retries: 2
timeout seconds: 5
Command Modes
Global configuration (config) mode.
Usage Guidelines
RADIUS is a client/server authentication and authorization access protocol used by a VDS-OS network device to authenticate users attempting to connect to a network device. The VDS-OS network device functions as a client, passing user information to one or more RADIUS servers. The VDS-OS network device permits or denies network access to a user based on the response that it receives from one or more RADIUS servers. RADIUS uses the User Datagram Protocol (UDP) for transport between the RADIUS client and server.
You can configure a RADIUS key on the client and server. If you configure a key on the client, it must be the same as the one configured on the RADIUS servers. The RADIUS clients and servers use the key to encrypt all RADIUS packets sent. If you do not configure a RADIUS key, packets are not encrypted. The key itself is never sent over the network.
![]()
Note
For more information about how the RADIUS protocol operates, see RFC 2138, Remote Authentication Dial In User Service (RADIUS).
RADIUS authentication usually occurs in these instances:
•
Administrative login authentication—When an administrator first logs in to the SE to configure the SE for monitoring, configuration, or troubleshooting purposes. For more information, see the "Enabling and Disabling Administrative Login Authentication Through RADIUS" section.
•
HTTP request authentication—When an end user sends a service request that requires privileged access to content that is served by the SE. For more information, see the "Configuring RADIUS Authentication of HTTP Requests" section.
RADIUS authentication is disabled by default. You can enable RADIUS authentication and other authentication methods at the same time. You can also specify which method to use first.
To configure RADIUS parameters, use the radius-server command in global configuration mode. To disable RADIUS authentication parameters, use the no form of this command.
The redirect keyword of the radius-server command redirects an authentication response to a different Authentication Server if an authentication request using the RADIUS server fails.
![]()
Note
The following rule command is relevant to RADIUS authentication only if the redirect keyword has been configured.
To exclude domains from RADIUS authentication, use the rule no-auth domain command. RADIUS authentication takes place only if the site requested does not match the specified pattern.
Enabling and Disabling Administrative Login Authentication Through RADIUS
When configuring an SE to use RADIUS to authenticate and authorize administrative login requests, follow these guidelines:
•
By default, RADIUS authentication and authorization is disabled on an SE.
•
Before enabling RADIUS authentication on the SE, you must specify at least one RADIUS server for the SE to use.
•
You can enable RADIUS authentication and other authentication methods at the same time. You can specify which method to use first using the primary keyword. When local authentication is disabled, if you disable all other authentication methods, local authentication is re-enabled automatically.
•
You can use the VOSM GUI or the CLI to enable RADIUS authentication on an SE.
![]()
Tip
From the VOSM GUI, choose Devices > General Settings > Authentication. Use the displayed Authentication Configuration window.
To use the SE CLI to enable RADIUS authentication on an SE, enable RADIUS authentication for normal login mode by entering the authentication login radius command in global configuration mode as follows:
ServiceEngine(config)#
authentication login radius enable [primary] [secondary]Use the authentication configuration radius command in global configuration mode to enable RADIUS authorization as follows:
ServiceEngine(config)#
authentication configuration radius enable [primary]
[secondary]
![]()
Note
To disable RADIUS authentication and authorization on an SE, use the no radius-server enable command.
Configuring RADIUS Authentication of HTTP Requests
To configure RADIUS authentication for HTTP requests on an SE, configure the RADIUS server settings on the SE and enable RADIUS authentication for HTTP requests on the SE using the radius-server command in global configuration mode.
Examples
The following example shows how to enable the RADIUS client, specify a RADIUS server, specify the RADIUS key, accept retransmit defaults, and excludes the domain name, mydomain.net, from RADIUS authentication. You can verify the configuration with the show radius-server and show rule all commands.
ServiceEngine(config)# radius-server enableServiceEngine(config)# radius-server host 172.16.90.121ServiceEngine(config)# radius-server key myradiuskeyServiceEngine(config)# rule action no-auth pattern-list 2ServiceEngine(config)# rule pattern-list 2 domain mydomain.netServiceEngine# show radius-serverLogin Authentication for Console/Telnet/Ftp/SSH Session: enabledConfiguration Authentication for Console/Telnet/Ftp/SSH Session: enabled (secondary)Radius Configuration:---------------------Radius Authentication is onTimeout = 5Retransmit = 2Key = ****Radius Redirect is offThere is no URL to authentication failure instructionsServers-------IP 172.16.90.121 Port = 1645ServiceEngine# show rule allRules Template Configuration----------------------------Rule Processing Enabledrule no-auth domain mydomain.netThe following example disables RADIUS authentication on the SE:
ServiceEngine(config)# no radius-server enableThe following example shows how to force the SE to try RADIUS authentication first:
ServiceEngine(config)#
authentication login radius enable primaryRelated Commands
reload
To halt and perform a cold restart on the SE, use the reload command in EXEC configuration mode.
reload [force]
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
To reboot the SE, use the reload command. If the current running configuration is different from the startup configuration and if the configuration changes are not saved to flash memory, you are prompted to save the current running configuration parameters to the startup configuration.
To save any file system contents to disk from memory before a restart, use the cache synchronize command.
Examples
The following example shows how to reload the SE after you have saved the configuration changes.
ServiceEngine# reloadSystem configuration has been modified. Save? [ yes ] :yes
Proceed with reload? [ confirm ] yes
Shutting down all services, will timeout in 15 minutes.reload in progress.....The following example forces a reboot on the SE:
ServiceEngine# reload forceRelated Commands
rename
To rename a file on the SE, use the rename command in EXEC configuration mode.
rename old_filename new_filename
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use this command to rename any system file system (sysfs) file without making a copy of the file.
Examples
The following example renames a file named errlog.txt as old_errlog.txt:
ServiceEngine# rename errlog.txt old_errlog.txtRelated Commands
restore
To restore the device to its manufactured default status, removing the user data from the disk and flash memory, use the restore command in EXEC configuration mode. This command erases all existing content on the device.
restore factory-default [preserve basic-config]
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use this command to restore data on disk and in flash memory to the factory default, while preserving particular time stamp evaluation data. You need to enter this command from the root directory, or else the following error message is displayed:
ServiceEngine# restore factory-defaultNeed to cd to / before issuing this commandCommand aborted.SERVICEENGINE#Be sure to back up the VOSM database and copy the backup file to a safe location that is separate from that of the VOSM, or change over from the primary to a standby VOSM before you use the restore factory-default command on your primary VOSM. The primary VOSM operation must be halted before proceeding with backup and restore commands.
![]()
CautionThis command erases user-specified configuration information stored in the flash image and removes the data on the disk, the user-defined disk partitions, and the entire VOSM database. User-defined disk partitions that are removed include the sysfs and cdnfs partitions. The configuration being removed includes the starting configuration of the device.
By removing the VOSM database, all configuration records for the entire VDS-OS network are deleted. If you do not have a valid backup file or a standby VOSM, you must use the cms deregister force command and reregister every SE and SR after you have reconfigured the VOSM, because all previously configured data is lost.
If you used your standby VOSM to store the database while you reconfigured the primary, you can simply register the former primary as a new standby VOSM.
If you created a backup file while you configured the primary VOSM, you can copy the backup file to this newly reconfigured VOSM and use the cms database restore command.
![]()
CautionIf you upgraded your software after you received your software recovery CD-ROM, using the CD-ROM software images may downgrade your system.
VDS-OS software consists of three basic components:
•
Disk-based software
•
Flash-based software
•
Hardware platform cookie (stored in flash memory)
All these components must be correctly installed for VDS-OS software to work properly.
Examples
The following two examples show the results of using the restore factory-default and restore factory-default preserve basic-config commands. Because configuration parameters and data are lost, prompts are given before initiating the restore operation to ensure that you want to proceed.
![]()
Note
If you use the restore factory-default preserve basic-config command, the configuration for the primary interface is not preserved. If you want to re-enable the VDS-OS network after using the restore factory-default preserve basic-config command, reconfigure the primary interface after the factory defaults have been restored.
VOSM# restore factory-defaultThis command will wipe out all of data on the disksand wipe out VDS-OS CLI configurations you have ever made.If the box is in evaluation period of certain product,the evaluation process will not be affected though.It is highly recommended that you stop all active servicesbefore this command is run.Are you sure you want to go ahead?[
yes/no
]
VOSM# restore factory-default preserve basic-configThis command will wipe out all of data on the disksand all of VDS-OS CLI configurations except basic networkconfigurations for keeping the device online.The to-be-preserved configurations are network interfaces,default gateway, domain name, name server and hostname.If the box is in evaluation period of certain product,the evaluation process will not be affected.It is highly recommended that you stop all active servicesbefore this command is run.Are you sure you want to go ahead?[
yes/no
]
![]()
Note
You can enter basic configuration parameters (such as the IP address, hostname, and name server) at this point or later through entries in the command-line interface.
The following example shows that entering the show disks command after the restore command verifies that the restore command has removed data from the partitioned file systems (sysfs and cdnfs):
ServiceEngine# show disksSYSFS 0.0GB 0.0%CDNFS 0.0GB 0.0%FREE 29.9GB 100.0%Because flash memory configurations were removed after the restore command was used, the show startup-config command does not return any flash memory data. The show running-config command returns the default running configurations.
Related Commands
rmdir
To delete a directory, use the rmdir command in EXEC configuration mode.
rmdir directory
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use this command to remove any directory from the SE file system. The rmdir command removes only empty directories.
Examples
The following example shows how to remove the oldfiles directory under /local1:
ServiceEngine# rmdir /local1/oldfilesRelated Commands
script
To execute a script provided by Cisco or check the script for errors, use the script command in EXEC configuration mode.
script {check | execute} file_name
Syntax Description
check
Checks the validity of the script.
execute
Executes the script. The script file must be a system file system (sysfs) file in the current directory.
file_name
Name of the script file.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The script command in EXEC configuration mode opens the script utility, which allows you to execute scripts supplied by Cisco or check errors in those scripts. The script utility can read standard terminal input from the user if the script you run requires inputs from the user.
![]()
Note
The script utility is designed to run only in scripts supplied by Cisco. You cannot execute script files that lack Cisco signatures or that have been corrupted or modified.
Examples
The following example shows how to check for errors in the script file foo.script:
ServiceEngine# script check foo.scriptScript file foo.script is valid.service
To specify the type of service, use the service command in EXEC configuration mode.
On the VOSM:
service csm restart
On the SE:
service {capture-controller restart | csm restart | web-engine restart}
On the SR:
service {cms restart | service-router restart}
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Examples
The following example shows how to restart Web Engine service:
ServiceEngine# service web-engine restart
The service Web Engine has been restarted successfully!ServiceEngine#service-router
To configure service routing, use the service-router command in global configuration mode. To disable last-resort routing, use the no form of this command.
On the SE:
service-router {keepalive-interval num | service-monitor {augmentation-alarm enable | license-universal enable | number-of-samples {all num | cpu num | disk num | kmemory num | memory num | nic num} | sample-period {all num | cpu num | disk num | kmemory num | memory num | nic num} | threshold {augmentation num | burstcnt num | cpu num | disk num | faildisk num | kmemory num | memory num |nic num} | transaction-log enable | type {all | cpu | disk | kmemory | memory | nic}}}
no service-router {keepalive-interval num | service-monitor {augmentation-alarm enable | license-universal enable | number-of-samples {all num | cpu num | disk num | kmemory num | memory num | nic num} | sample-period {all num | cpu num | disk num | kmemory num | memory num | nic num} | threshold {augmentation num | burstcnt num | cpu num | disk num | faildisk num | kmemory num | memory num |nic num} | transaction-log enable | type {all | cpu | disk | kmemory | memory | nic}}}
On the SR:
service-router service-monitor {augmentation-alarm enable | number-of-samples {all num | cpu num | disk num | kmemory num | memory num} | sample-period {all num | cpu num | disk num | kmemory num | memory num} | threshold {augmentation num | cpu num | disk num | faildisk num | kmemory num | memory num} | type {all | cpu | disk | kmemory | memory}}
no service-router service-monitor {augmentation-alarm enable | number-of-samples {all num | cpu num | disk num | kmemory num | memory num} | sample-period {all num | cpu num | disk num | kmemory num | memory num} | threshold {augmentation num | cpu num | disk num | faildisk num | kmemory num | memory num} | type {all | cpu | disk | kmemory | memory}}
On the VOSM:
service-router {lastresort {domain name {allow all | alternate name port_num} | error-domain name error-file port_num | translator ip_address port_num} | redirect-burst-control {enable | rate num} | service-monitor {augmentation-alarm enable | number-of-samples {all num | cpu num | disk num | kmemory num | memory num}} | threshold {augmentation num | cpu num | disk num | kmemory num | memory num | transaction-log enable}}
no service-router {lastresort {domain name {allow all | alternate name port_num} | error-domain name error-file port_num | translator ip_address port_num} | redirect-burst-control {enable | rate num} | ip-redirect} | service-monitor {augmentation-alarm enable | number-of-samples {all num | cpu num | disk num | kmemory num | memory num}} | threshold {augmentation num | cpu num | disk num | kmemory num | memory num | transaction-log enable}}
Syntax Description
Defaults
keepalive-interval: 2
redundant copies: 1
dns-ttl: 60
burstcnt: 1
location cache timeout: 691200 seconds (8 days)
proximity cache timeout: 1800
sample-period: 1
nic sample-period: 3
number of samples: 2
faildisk: 75 percent
augmentation-alarm: disabled
transaction-logs: disabled
port number: 80
Command Modes
Global configuration (config) mode.
Usage Guidelines
To configure last-resort routing, use the service-router command in global configuration mode, where domain is the service routing domain name, and alternate is where to route requests.
Last-resort routing is applicable when load-based routing is enabled and all SEs have exceeded their thresholds or all SEs in the domain are offline. The SR can redirect requests to a configurable alternate domain when all SEs serving a client network region are overloaded.
![]()
Note
If the last-resort domain is not configured and the SE thresholds are exceeded, requests are redirected to the origin service.
Augmentation Alarms
Augmentation alarms on the Service Monitor are soft alarms that send alerts before the threshold is reached. These alarms are applicable to all devices—Service Engines, Service Routers and VOSMs. Augmentation thresholds apply to device and Protocol Engine parameters.
![]()
Note
For system disks (disks that contain SYSTEM partitions), only when all system disks are bad is the disk failure augmentation and threshold alarms raised. The disk fail threshold does not apply to system disks. The threshold only applies to CDS network file system (CDNFS) disks, which is also the case for the augmentation thresholds. This is because the system disks use RAID1. There is a separate alarm for bad RAID. With the RAID system, if the critical primary disk fails, the other mirrored disk (mirroring only occurs for SYSTEM partitions) seamlessly continues operation. However, if the disk drive that is marked bad is a critical disk drive (by definition this is a disk with a SYSTEM partition), the redundancy of the system disks for this device is affected.
As the show disk details command output reports, if disks have both SYSTEM and CDNFS partitions, they are treated as only system disks, which means they are not included in the accounting of the CDNFS disk calculation.
Cross Domain Support
When a client requests the content from a portal and the content then makes a request to a different remote domain (or origin service), the request cannot be served unless the origin service or the remote domain has a crossdomain.xml that grants access to the original portal to continue with the streaming.
For example, a client request for abc.com/streaming.html (which has the content), makes a request for VDS-OS-origin.com/vod/sample.flv (which is a different domain), then the client must request a crossdomain.xml. The crossdomain.xml allows access to abc.com and can then stream sample.flv. If the VDS-OS-origin.com does not have crossdomain.xml, then the request is denied.
![]()
Note
In the case of Flash, the request is made for crossdomain.xml. In the case of Silverlight the request is made for clientaccesspolicy.xml.
Instead of directly going to VDS-OS-origin.com, the request first comes to the Service Router. So when the request for crossdomain.xml comes to the Service Router, it is served to the client. This xml grants access to the portal for the file requested. So the client then sends the request for the file which is served.
![]()
Note
For Silverlight the client access policy is requested only when web service calls are made. Depending on the client player, for both Silverlight and Flash applications, the clientaccesspolicy.xml and crossdomain.xml need to be provisioned on the origin service.
FLVPlaybackComponent does not currently crossdomain requests for video files. The crossdomain request is issued only when a query string is present. In such cases, the video gets downloaded but does not play.
The number of the HTTP Requests (normal) in Request Received (show statistics service-router summary) should increase.
Last-Resort Routing
Last-resort routing is not supported when dns-based-redirect is enabled.
Configuring the license-universal Command
Universal license is like a regular license but with higher BW and it applies to all PEs. When the user buys a universal license and configures this command, alarm data for all PEs is cleared. Thereafter monitoring of the PEs continues as usual for any future alarms. If universal license was already configured upon box reload (through saved configuration in the show run command), the existing licenses on the PEs is cleared and the PEs are monitored as usual for any future alarms.
The following information is cleared when you execute the service-router service-monitor license-universal enable command:
•
Protocol Engine minor and major alarms
![]()
Note
Alarm history commands continue to show all alarms as this is a different module.
•
Protocol Engine internal vectors
•
Protocol Engine alarm backup files in /tmp and /state
Burst Streaming License Control
Previously, the license limit was set to 500 Mbps and each protocol engine had a maximum number of sessions allowed. The base license limit is set to 200 sessions and 200 Mbps bandwidth.
When the number of sessions or current bandwidth usage exceeds the configured license limit on the Service Engine, the protocol engine raises an alarm and sends a threshold exceeded notification to the Service Router. Any new requests for that protocol engine are not routed to that Service Engine.
![]()
Note
This feature only applies to the Windows Media Streaming engine.
Configure Burst Count
The protocol engines can trigger multiple minor alarms for session and bandwidth exceeded threshold conditions. If multiple minor alarms are triggered for a protocol engine in a single day (24-hour interval), they are recorded as a single alarm.
The burst count, which indicates the number of days after which a major alarm is raised, is configurable. On the Service Engine, use the service-router service-monitor threshold burstcnt command to configure the burst count. The default setting is one (1), which means all the minor alarms that occur in a single day (24-hour interval) are counted as one single alarm. If the service-router service-monitor threshold burstcnt command is set to two, all minor alarms that occur in two days (48-hour interval) are counted as a single alarm.
Configure Universal License
A universal license is similar to a regular license, except it has a higher bandwidth and applies to all protocol engines (except Web Engine). When a universal license is purchased and configured, the alarm data for all protocol engines are cleared. Thereafter, the monitoring of the protocol engines continues as usual for any future alarms.
On the Service Engine, use the service-router service-monitor license-universal enable command to enable the universal license. The service-router service-monitor license-universal command is disabled by default.
Disk Failure Count Threshold
When the number of failed disks exceeds this threshold, no further requests are sent to this device and an alarm is raised. The Disk Failure Count Threshold is only for the CDNFS disks. Disk threshold configuration is the overall percentage of CDNFS disk failures after which an alarm is raised.
![]()
Note
When an alarm is received for a SYSTEM disk, it is immediately marked as a failed disk. It is not checked against the Disk Failure Count Threshold. The SR continues redirecting to the SE, unless all SYSTEM disks on the SE are marked as failed disks
URL Translator
Use the service-router lastresort domain domain translator ipaddress command to configure the IP address of the third party URL translator. If a translator configuration is not present for any domain, it falls back to the alternate domain configuration. A maximum of one translator can be configured per content origin.
Service Router Transaction Log Fields
Table 2-9 describes the fields for the Service Router transaction log.
Service Monitor Transaction Logs
Service Monitor transaction logs provide an additional tool for analyzing the health history of a device and the protocol engines.
The device and service health information are periodically logged on the device in transaction log files. Transaction logs provide a useful mechanism to monitor and debug the system. The transaction log fields include both device and protocol engine information applicable to Service Engines and Service Routers that are useful for capacity monitoring. Additionally, when a device or protocol engine threshold is exceeded, detailed information is sent to a file (threshold_exceeded.log) to capture the processes that triggered the threshold alarm.
The Service Monitor transaction log filename has the following format: service_monitor_<ipaddr>_yyyymmdd_hhmmss_<>, where:
•
<ipaddr> represents the IP address of the SE, SR, or VOSM.
•
yyyymmdd_hhmmss represents the date and time when the log was created.
For example, service_monitor_192.168.1.52_20110630_230001_00336 is the filename for the log file on the device with the IP address of 192.168.1.52 and a time stamp of June 30, 2011 at 3:36 AM.
The Service Monitor transaction log file is located in the /local1/logs/service_monitor directory.
An entry to the Service Monitor transaction log is made every two seconds.
![]()
Note
The following rules apply to Service Monitor transaction logs:
•
A transaction log value is only logged if the Service Monitor is enabled for that component or protocol engine on the device. For example, if CPU monitoring is not enabled, the transaction log value "-" is displayed.
•
If Service Monitor is enabled for a protocol engine, but the protocol engine is not enabled, the value is not displayed in the log file.
•
If a log field can have more than one value, the values are delimited by the pipe (|) character.
•
If a value can have sub-values, the sub-values are delimited by the carrot (^) character.
•
Some of the fields display aggregate values. If the statistics are cleared using the clear statistics command, the value after clearing the statistics may be less than the previous values, or may be zero (0).
Table 2-10 describes the fields for the Service Monitor transaction log on an SE.
Table 2-11 describes the fields for the Service Monitor transaction log on a SR.
Examples
The following example shows how to configure the keepalive interval:
ServiceRouter(config)# service-router keepalive-interval 2
The following example shows how to configure the service monitor type:
ServiceRouter(config)# service-router service-monitor type allAugmentation Alarms
The augmentation alarms threshold is a percentage, that applies to the CPU, memory, kernel memory, disk, disk fail count, Network Information Center (NIC), and protocol engine usages. By default it is set to 80 percent.
As an example of an augmentation alarm, if the threshold configured for CPU usage is 80 percent, and the augmentation threshold is set to 80 percent, then the augmentation alarm for CPU usage is raised when the CPU usage crosses 64 percent.
If "A" represents the Service Monitor threshold configured, and "B" represents the augmentation threshold configured, then the threshold for raising an augmentation alarm = (A * B) / 100 percent.
The threshold value range is 1-100. The following command shows how to set the augmentation alarms threshold to 70 percent:
ServiceRouter(config)# service router service-monitor threshold augmentation 70
The following command shows how to reset the augmentation alarm threshold to the default:
ServiceRouter(config)# no service router service-monitor threshold augmentation 70
The show service-router service monitor command displays the augmentation alarm threshold configuration.
The show alarms command displays the alarms output.
The show alarms history detail command displays the history details.
The show alarms detail command displays the alarms details.
The show alarms detail support command displays the support information.
Cross Domain Support
The following example shows how to configure the failed disk threshold to 40 percent:
ServiceEngine(config)# service-router service-monitor threshold faildisk 40
U2-205-2(config)#end
U2-205-2#show running-config | include threshold
service-router service-monitor threshold faildisk 40ServiceEngine#To display the statistics, use the show statistics service-router summary command and the show statistics se sename command. The new output for the DNS-Based Redirection feature is highlighted in boldface type in the examples below. In addition to these two show commands, there is also the show statistics service-router dns command, which displays the same output as before:
ServiceRouter# show statistics service-router summary
----- SR Summary Statistics -----Requests Received : 650HTTP Requests (normal) : 650HTTP Requests (API) : 0DNS Requests : 0Requests Served : 0HTTP Requests Served : 0Requests Redirected : 650HTTP 302 Redirects : 650HTTP API Redirects : 0DNS redirects : 0Requests Overflowed : 0HTTP 302 Redirects : 0HTTP API Redirects : 0DNS redirects : 0Requests Not Redirected : 0No SE Covering Client : 0Unknown Content Origin : 0Invalid Requests : 0"Stale SE" Requests : 0ServiceRouter# show statistics service-router se temp2
----- Statistics Of SE: temp2 -----IP Address : 2.225.2.59Aliveness : upHTTP 302 Redirects : 0ASX Redirects : 0RTSP Redirects : 0RTMP Redirects : 0DNS Redirects : 1Number Of Keepalives : 85261The following example shows how to enable the Service Monitor transaction logging:
ServiceEngine(config)# transaction-logs enableServiceEngine(config)# service-router service-monitor transaction-log enableThe following example shows how to configure the URL translator:
ServiceRouter(config)# service-router last-resort domain vos.com translator 171.XX.XX.XXX
ServiceRouter(config)# service-router last-resort domain vosis.com translator 171.XX.XX.XXX port 8080
ServiceRouter#The following example shows how to verify the current last resort configuration details:
ServiceRouter# show service-router last-resort
Domain vos.com translator 171.XX.XX.XXXDomain vosis.com translator 171.XX.XX.XXX port 8080Related Commands
setup
To configure basic configuration settings (general settings, device network settings, and disk configuration) on the SE and a set of commonly used caching services, use the setup command in EXEC configuration mode. You can also use the setup command in EXEC configuration mode to complete basic configuration after upgrading.
setup
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The setup command is not supported for virtual machines (VMs). Instead, use the instructions for deploying a VM in the Cisco Videoscape Distribution Suite Origin Server Command Reference.
Examples
The following example shows the part of the output when you enter the setup command in EXEC configuration mode on an SE running the VDS-OS software:
ServiceEngine# setupHere is the current profile of this deviceCDN device : YesDo you want to change this (y/n) [ n ] :
Press the ESC key at any time to quit this sessionshow access-lists
To display the access control list (ACL) configuration, use the show access-lists command in EXEC configuration mode.
show access-lists
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Table 2-12 describes the fields shown in the show access-lists 300 display.
Related Commands
show alarms
To display information on various types of alarms, their status, and history, use the show alarms command in EXEC configuration mode.
show alarms [critical [detail [support] | detail [support] | history [start_num [end_num [detail [support] | detail [support]]] | critical [start_num [end_num [detail [support]] | detail [support]]] | detail [support] | major [start_num [end_num [detail [support]] | detail [support]]] | minor [start_num [end_num [detail [support]]] | detail [support]]] | major [detail [support]] | minor [detail [support]]] | status]]
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The Node Health Manager enables VDS-OS applications to raise alarms to draw attention to error or significant conditions. The Node Health Manager, which is the data repository for such alarms, aggregates the health and alarm information for the applications, services (for example, the cache service), and resources (for example, disk drives) that are being monitored on the SE. For example, the Node Health Manager gives you a mechanism to determine if a monitored application (for example, the HTTP proxy caching service) is alive on the SE. These alarms are referred to as VDS-OS software alarms.
The VDS-OS software uses Simple Network Management Protocol (SNMP) to report error conditions by generating SNMP traps. In the VDS-OS software, the following SE applications can generate a VDS-OS software alarm:
•
Node Health Manager (alarm overload condition and Node Manager aliveness)
•
Node Manager for service failures (aliveness of monitored applications)
•
System Monitor (sysmon) for disk failures
The three levels of alarms in the VDS-OS software are as follows:
•
Critical—Alarms that affect the existing traffic through the SE and are considered fatal (the SE cannot recover and continue to process traffic).
•
Major—Alarms that indicate a major service (for example, the cache service) has been damaged or lost. Urgent action is necessary to restore this service. However, other node components are fully functional and the existing service should be minimally impacted.
•
Minor—Alarms that indicate that a condition that will not affect a service has occurred, but corrective action is required to prevent a serious fault from occurring.
You can configure alarms using the snmp-server enable traps alarm command in global configuration mode.
Use the show alarms critical command in EXEC configuration mode to display the current critical alarms being generated by the VDS-OS software applications. Use the show alarms critical detail command in EXEC configuration mode to display additional details for each of the critical alarms being generated. Use the show alarms critical detail support command in EXEC configuration mode to display an explanation about the condition that triggered the alarm and how you can find out the cause of the problem. Similarly, you can use the show alarms major and show alarms minor command in EXEC configuration modes to display the details of major and minor alarms.
Use the show alarms history command in EXEC configuration mode to display a history of alarms that have been raised and cleared by the VDS-OS software on the SE. The VDS-OS software retains the last 100 alarm raise and clear events only.
Use the show alarm status command in EXEC configuration mode to display the status of current alarms and the SE's alarm overload status and alarm overload configuration.
![]()
Note
The maximum concurrent sessions limit for the Web Engine is based on the CDE; for the CDE220-2M0 and CDE220-2S6 the maximum is 30,000 and for the CDE205 the maximum is 20,000.
Brstcnt Threshold Alarm
When the number of sessions or current bandwidth usage exceeds the configured license limit on the Service Engine, the protocol engine raises an alarm and sends a threshold exceeded notification to the Service Router. Any new requests for that protocol engine are not routed to that Service Engine.
![]()
Note
This feature only applies to the Windows Media Streaming engine.
Table 2-13 describes the fields shown in the show alarms history display.
Table 2-14 describes the fields shown in the show alarms status display.
Related Commands
Command Descriptionalarm
Configure alarms.
snmp-server enable traps
Enables the Service Engine (SE) to send Simple Network Management Protocol (SNMP) traps.
show arp
To display the Address Resolution Protocol (ARP) table, use the show arp command in EXEC configuration mode.
show arp
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The show arp command displays the Internet-to-Ethernet address translation tables of the ARP. Without flags, the current ARP entry for the hostname is displayed.
Table 2-15 describes the fields shown in the show arp display.
show authentication
To display the authentication configuration, use the show authentication command in EXEC configuration mode.
show authentication user
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Related Commands
Command Descriptionclear
Clears the HTTP object cache, the hardware interface, statistics, archive working transaction logs, and other settings.
show banner
To display information on various types of banners, use the show banner command in EXEC configuration mode.
show banner
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Table 2-16 describes the fields shown in the show banner display.
Related Commands
show cdnfs
To display CDS network file system (CDNFS) information, use the show cdnfs command in EXEC configuration mode.
show cdnfs {usage | volumes}
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
If there are any clear cache all commands in progress, the show cdnfs usage command displays the progress. If any disks are marked for not creation, then the disk is listed here and the reason is provided.
Table 2-17 describes the fields shown in the show cdnfs volumes display.
Table 2-17 show cdnfs volumes Field Descriptions
Field Descriptioncdnfs 00-04
CDS network file system and disk number.
nnnnnnKB
Size of the volume in kilobytes.
Table 2-18 describes the fields shown in the show cdnfs usage display.
Examples
The following example shows how to display the CDNFS usage on an SE:
ServiceEngine# show cdnfs usage
Total number of CDNFS entries : 13437532Total space : 5037.9 GBTotal bytes available : 2425.6 GBTotal cache size : 2521.4 GBTotal cached entries : 13436995Cache-content mgr status : CacheableUnits: 1KB = 1024B; 1MB = 1024KB; 1GB = 1024MBThe following example shows how to display the CDNFS volumes:
ServiceEngine# show cdnfs volumes
cdnfs 00: /disk00-06 444200480KBcdnfs 01: /disk01-06 444200480KBcdnfs 02: /disk03-01 488246296KBcdnfs 03: /disk04-01 488247316KBcdnfs 04: /disk05-01 488246296KBcdnfs 05: /disk06-01 488244924KBcdnfs 06: /disk07-01 488244924KBcdnfs 07: /disk09-01 488244924KBcdnfs 08: /disk10-01 488244924KBcdnfs 09: /disk11-01 488246296KBcdnfs 10: /disk08-01 488377368KBRelated Commands
show clock
To display the system clock, use the show clock command in EXEC configuration mode.
show clock [detail | standard-timezones {all | details timezone | regions | zones region_name}]
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The VDS-OS has several predefined standard time zones. Some of these time zones have built-in summertime information while others do not. For example, if you are in an eastern region of the United States (US), you must use the US/Eastern time zone that includes summertime information and adjusts the clock automatically every April and October. There are about 1500 standard time zone names.
The clock summertime command is disabled when a standard time zone is configured. You can only configure summertime if the time zone is not a standard time zone (if the time zone is a customized zone).
In addition, CLI commands exist to enable you to display a list of all the standard time zones. The show clock standard-timezones all command in EXEC configuration mode enables you to browse through all standard time zones and choose from these predefined time zones. You can choose a customized name that does not conflict with the predefined names of the standard time zones. Most predefined names of the standard time zones have two components, a region name and a zone name. You can list time zones by several criteria, such as regions and zones.
Table 2-19 describes the field in the show clock display.
Table 2-19 show clock Field Description
Field DescriptionLocal time
Day of the week, month, date, time (hh:mm:ss), and year in local time relative to the Coordinated Universal Time (UTC) offset.
Table 2-20 describes the fields shown in the show clock detail display.
The following example shows an excerpt of the output from the show clock standard-timezones all command in EXEC configuration mode. As the following example shows all the standard time zones (approximately 1500 time zones) are listed. Each time zone is listed on a separate line.
ServiceEngine #
show clock standard-timezones allAfrica/Abidjan
Africa/Accra
Africa/Addis_Ababa
Africa/Algiers
Africa/Asmera
Africa/BamakoAfrica/BanguiAfrica/BanjulAfrica/BissauAfrica/BlantyreAfrica/BrazzavilleAfrica/BujumburaAfrica/CasablancaAfrica/CeutaAfrica/ConakryAfrica/DakarAfrica/Dar_es_SalaamAfrica/Djibouti.
.
.
The following example shows an excerpt of the output from the show clock standard-timezones region command in EXEC configuration mode. As the example shows, all first level time zone names or directories are listed. All 1500 time zones are organized into directories by region.
ServiceEngine #
show clock standard-timezones regionsAfrica/America/Antarctica/Arctic/Asia/Atlantic/Australia/Brazil/CET...The following example shows an excerpt of the output from the show clock standard-timezones zones command in EXEC configuration mode. As the following example shows, this command lists the name of every time zone that is within the specified region (for example, the US region).
ServiceEngine#
show clock standard-timezones zones USAlaskaAleutianArizonaCentralEast-IndianaEasternHawaiiIndiana-StarkeMichiganMountainPacificSamoaThe following example shows an excerpt of the output from the show clock standard-timezones details command in EXEC configuration mode. This command shows details about the specified time zone (for example, the US/Eastern time zone). The command output also includes the standard offset from the Greenwich Mean Time (GMT).
ServiceEngine #
show clock standard-timezones details US/EasternUS/Eastern is standard timezone.Getting offset information (may take a while)...Standard offset from GMT is -300 minutes (-5 hour(s)).It has built-in summertime.Summer offset from GMT is -240 minutes. (-4 hour(s)).Related Commands
Command Descriptionclock (EXEC)
Sets or clears clock functions or updates the calendar.
clock (global configuration
Sets the summer daylight saving time and time zone for display purposes.
show cms
To display the Centralized Management System (CMS)-embedded database content and maintenance status and other information, use the show cms command in EXEC configuration mode.
show cms {database {content {dump filename | text | xml} | maintenance [detail]} | info | processes}
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Table 2-21 describes the fields shown in the VOSM show cms info display.
Table 2-22 describes the fields shown in the SE show cms info display.
The following example writes the database content to a file in text format:
VOSM# show cms database content textDatabase content can be found in /local1/cms-db-12-12-2002-17:06:08:070.txt.The following example writes the database content to a file in XML format:
VOSM# show cms database content xmlDatabase content can be found in /local1/cms-db-12-12-2002-17:07:11:629.xml.The following example shows the output of the show cms database maintenance detail on an SE:
ServiceEngine# show cms database maintenance detailDatabase maintenance is not running.Regular database maintenance is enabled.Regular database maintenance schedule is set on Sun, Mon, Tue, Wed, Thu, Fri, Sat at 02:00Full database maintenance is enabled.Full database maintenance schedule is set on Sun, Mon, Tue, Wed, Thu, Fri, Sat at 04:00Disk usage for STATE partition: Total: 1523564K, Available: 1443940K, Use: 6%DATABASE VACUUMING DETAILS AND ERRORS-------------------------------------Database Vacuuming never performed or it did not complete due to error.Latest Vacuuming status :No ErrorLast Vacuum Error : No ErrorLast Reindex Time : Thu Jul 15 02:02:49 2004Latest Reindexing status :No ErrorLast Reindex Error: No ErrorServiceEngine#Related Commands
Command Descriptioncms (EXEC)
Configures the CMS-embedded database parameters.
cms (global)
Schedules maintenance and enables the CMS on a given node.
show content
To display all content entries in the VDS-OS, use the show content command in EXEC configuration mode.
show content {all [brief | foreground] | diskpath [brief | detail] | last-folder-url [brief] | url url [brief | detail]}
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The show content command is not supported in VDS-OS 2.0.
This command allows users to check the cached or prepositioned content in an SE. Through this command, users can view content attributes such as status and file size.
The show content all command scans through the entire disk and transfers the information to the file specified by the user. This command runs in the background unless the foreground option is specified.
The show content url command displays cached content and Web Engine metadata attributes, and it helps debug header validation issues. It also displays additional information including start, end time, unified name space (UNS), and relative content information. If the input URL is parent, then it shows the child disk path. The Authorization field is only applicable for preposition content and this field is moved to the show content url detail output.
When executing the show content url command with live URL, it displays as preposition content. This is because the object stored on CDS network file system (CDNFS) is either cache content or preposition content.
Examples
The following command shows how to display cached content and Web Engine attributes for a URL:
ServiceEngine# show content url http://172.XX.XX.XXX/diff.new detail
CAL content object attributes:URL: http://we-os.vos.com/vod/pinball.wmvStatus is 3 (Servable)Content is CompleteFile size is 0 BytesLinked to[rtsp://http-we-os.vos.com-s6kmyz359zgyulqfiavhgw/vod/pinball.wmv]Content is PREPOSITIONEDStart Time : Not presentEnd Time : Not presentInternal path to data file[/disk00-06/p/we-os.vos.com/1d/a1/1da1394af838bbcb45af78fd5681abeb/pinball.wmv]Protocol Engine Metadata:Authorization is Not Requireduns_attr_symlink :http-we-os.vos.com-s6kmyz359zgyulqfiavhgw/vod/pinball.wmvUNS_NV_CALC_N_CACHED : PREPOSITIONEDcdn_uns_id : Rm+7u02g2S8PsuaCfnOKAQ. .content-type : video/x-ms-wmvetag : "9601c7-cc3d0-11016c00"file_duration : 25ignore_query_string : 1last-modified : Wed, 06 Oct 2010 22:12:00 GMTserver : Apache/2.2.3 (Red Hat)The following example shows how to display the Real-Time Streaming Protocol (RTSP) URL in the VDS-OS:
ServiceEngine# show content url rtsp://www.cht.com/CHT_2M.wmv
CAL content object attributes:URL: rtsp://www.cht.com/CHT_2M.wmvStatus is 2 (Servable)File size is 16 BytesAuthorization is Not RequiredContent is CACHED with priority 0.574964The following example shows how to display all content entries in the VDS-OS:
ServiceEngine# show content all name background
Command running in background...ServiceEngine# USER INFO: Your 'show content all' command finishedThe following example shows how to display cached content objects with the original diskpath.
ServiceEngine# show content diskpath /disk02-01/c/171.71.51.234/66/66/6666cd76f96956469e7be39d750cc7d9/1mbs.wmv.hdr
CAL content object attributes:URL: rtsp://171.XX.XX.XXX/1mbs.wmv.hdrStatus is 3 (Servable)Content is IncompleteFile size is 4096 BytesAuthorization is Not RequiredContent is CACHED with priority 0.303707The following example shows how to display all the contents matching to that last-folder-url with the brief option:
ServiceEngine# show content last-folder-url http://172.XX.XX.XXX/vod/types brief
Protocol will be ignored with last-folder-url.-----------------------------------------------------------------Type URL Size(K) Status-----------------------------------------------------------------C http://172.XX.XX.XXX/vod/types/sample_s 81 Servableorenson.movC http://172.XX.XX.XXX/vod/types/sample_1 912 Servable00kbit.mp4C http://172.XX.XX.XXX/vod/types/brodeo.m 3745 Servablep3The following example shows how to display all the contents matching to that last-folder-url without the brief option:
ServiceEngine# show content last-folder-url http://172.XX.XX.XXX/vod/types
Protocol will be ignored with last-folder-url.CAL content object attributes:URL: http://172.XX.XX.XXX/vod/types/sample_sorenson.movStatus is 3 (Servable)Content is CompleteFile size is 82395 BytesPlayable by Web EngineContent is CACHEDCAL content object attributes:URL: http://172.XX.XX.XXX/vod/types/sample_100kbit.mp4Status is 3 (Servable)Content is CompleteFile size is 933456 BytesPlayable by Web EngineContent is CACHEDCAL content object attributes:URL: http://172.XX.XX.XXX/vod/types/brodeo.mp3Status is 3 (Servable)Content is CompleteFile size is 3834862 BytesPlayable by Web EngineContent is CACHEDshow content-origin
To display information about the Network-Attached Storage (NAS) mount, use the show content-origin command in user EXEC configuration mode.
show content-origin request-fqdn domain
Syntax Description
request-fqdn
Configures the request fully qualified domain name (FQDN).
domain
Domain of the request FQDN.
Command Default
None
Command Modes
User EXEC configuration mode.
Usage Guidelines
Table 2-22 describes the fields shown in the show content-origin display.
The following syslog messages are displayed if the NAS mount fails:
Vos Origin Manager writes syslog messages when NAS mount fails. Below are some sample syslog messages:Apr 28 04:25:26 nas-se VOSOriginMgr: %SE-VOSOriginMgr-3-802100: Failed to mount NFS vod/0 for NAS share 14.1.2.12:/ifs/dataExamples
The following example shows how to display the content origin information:
ServiceEngine# show content-origin
FQDN: www.cisco.comProtocol: CIFSSharePoint: 171.XX.XX.X:/wmrootMountPoint: WMSStatus: SuccessProtocol: NFSSharePoint: 171.XX.XX.XXX:/usr/local/apache2/htdocs/ZeriMountPoint: ZERIStatus: FailedMaxRetry: 10RetryCount: 17ServiceEngine#Related Commands
show debugging
To display the state of each debugging option, use the show debugging user command in user EXEC configuration mode.
show debugging
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command Modes
User EXEC configuration mode.
Examples
The following is sample output from the show debugging command:
ServiceRouter# show debuggingDebug web-engine is set to traceDebug capturecontroller is set to traceServiceRouter#Related Commands
Command Descriptiondebug
Monitors and records caching application functions.
undebug
Disables debugging functions.
show device-mode
To display the configured or current mode of a device, use the show device-mode command in EXEC configuration mode.
show device-mode {configured | current}
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
If the configured and current device modes differ, a reload is required for the configured device mode to take effect.
Examples
The configured device mode field in the show device-mode configured display shows the device mode that has been configured, but has not yet taken effect. The current device mode field in the show device-mode current command display shows the current mode in which the VDS-OS device is operating.
The following example shows how to use the show device-mode command to show the device mode when you change the device from an SE to an SR using the device mode command:
Acmehost# show device-mode currentCurrent device mode: service-engineAcmehost# show device-mode configuredConfigured device mode: service-engineAcmehost(config)# device mode service-routerThe new configuration will take effect after a reloadAcmehost(config)# exitAcmehost# show device-mode currentCurrent device mode: service-engineNote: The configured and current device modes differ,a reload is required for the configured device mode totake effect.Acmehost# show device-mode configuredConfigured device mode: service-routerNote: The configured and current device modes differ,a reload is required for the configured device mode totake effect.Acmehost# write memoryAcmehost# reload force...reload...Acmehost# show running-configdevice mode service-router!hostname Acmehost. .Acmehost# show device-mode configuredConfigured device mode: service-routerAcmehost# show device-mode currentCurrent device mode: service-routerRelated Commands
show disks
To view information about your disks, use the show disks command in EXEC configuration mode.
show disks [current | details | error-handling [details] | raid-state | SMART-info [details]]
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The show disks command displays the names of the disks currently attached to the SE.
Table 2-24 describes the fields shown in the show disks details display.
The show disks error-handling command displays the current level of disk and sector-related errors.
Table 2-25 describes the fields shown in the show disks error-handling details display.
I/O e
Proactively Monitoring Disk Health with SMART
The ability to proactively monitor the health of disks with Self Monitoring, Analysis, and Reporting Technology (SMART) was added. SMART provides you with hard drive diagnostic information and information about impending disk failures.
SMART is supported by most disk vendors and is a standard method used to determine the health of a disk. SMART has several read-only attributes (for example, the power-on hours attribute, the load and unload count attribute) that provide the VDS-OS software with information about the operating and environmental conditions that may indicate an impending disk failure.
To display more detailed information, enter the show disks SMART-info details command in EXEC configuration mode. The output from the show disks SMART-info and the show disks SMART-info details commands differ based on the disk vendor and the type of drive technology (Integrated Drive Electronics [IDE], Small Computer Systems Interface [SCSI], and Serial Advanced Technology Attachment [SATA] disk drives).
Even though SMART attributes are vendor dependent, there is a common way of interpreting most SMART attributes. Each SMART attribute has a normalized current value and a threshold value. When the current value exceeds the threshold value, the disk is considered as failed. The VDS-OS software monitors the SMART attributes and reports any impending failure through syslog messages, Simple Network Management Protocol (SNMP) traps, and alarms.
The output from the show tech-support command in EXEC configuration mode also includes SMART information.
Table 2-26 describes some typical fields in the show disks SMART-info display.
Examples
The following example displays output for two disks experiencing sector errors:
ServiceEngine# show disks error-handling
Disk errors since last boot:disk05 total bad sectors = 1, total errors = 2disk10 total bad sectors = 3, total errors = 9If the details option is given, then each bad sector's Logical Block Address (LBA) displays along with its corresponding I/O error count:
ServiceEngine# show disks error-handling details
Disk errors since last boot:disk05 total bad sectors = 1, total errors = 2# diskname Sector (LBA) I/O errors:disk05 3000005 2disk10 total bad sectors = 3, total errors = 9# diskname Sector (LBA) I/O errors:disk10 16000 3disk10 170001 4disk10 180001 2Total errors (since system boot) across all disks = 11![]()
Note
For additional disk health statistics, execute the show disks smart-info or show alarms commands.
SMART support is vendor dependent; each disk vendor has a different set of supported SMART attributes. The following example shows the output from the show disks SMART-info command in EXEC configuration mode that was entered on two different SEs (Service Engine A and Service Engine B). These two SEs contain hard disks that were manufactured by different vendors.
ServiceEngine# show disks SMART-info
=== disk00 ===smartctl version 5.38 [ i686-spcdn-linux-gnu ] Copyright (C) 2002-8 Bruce Allen
Home page is http://smartmontools.sourceforge.net/=== START OF INFORMATION SECTION ===Device Model: ST3500320NSSerial Number: 5QM19RKRFirmware Version: SN04User Capacity: 500,107,862,016 bytesDevice is: Not in smartctl database [ for details use: -P showall ]
ATA Version is: 6ATA Standard is: ATA/ATAPI-6 T13 1410D revision 2Local Time is: Thu May 21 14:09:19 2009 UTCSMART support is: Available - device has SMART capability.SMART support is: Enabled=== START OF READ SMART DATA SECTION ===SMART overall-health self-assessment test result: PASSEDRUNNING: /usr/sbin/smartctl /dev/sda -H -i=== disk01 ===smartctl version 5.38 [ i686-spcdn-linux-gnu ] Copyright (C) 2002-8 Bruce Allen
Home page is http://smartmontools.sourceforge.net/=== START OF INFORMATION SECTION ===Device Model: ST3500320NSSerial Number: 5QM19B0BFirmware Version: SN04User Capacity: 500,107,862,016 bytesDevice is: Not in smartctl database [ for details use: -P showall ]
ATA Version is: 6ATA Standard is: ATA/ATAPI-6 T13 1410D revision 2Local Time is: Thu May 21 14:09:19 2009 UTCSMART support is: Available - device has SMART capability.SMART support is: Enabled=== START OF READ SMART DATA SECTION ===SMART overall-health self-assessment test result: PASSEDRUNNING: /usr/sbin/smartctl /dev/sdb -H -i=== disk02 ===smartctl version 5.38 [ i686-spcdn-linux-gnu ] Copyright (C) 2002-8 Bruce Allen
Home page is http://smartmontools.sourceforge.net/=== START OF INFORMATION SECTION ===Device Model: ST3500320NSSerial Number: 5QM19SK9Firmware Version: SN04User Capacity: 500,107,862,016 bytesDevice is: Not in smartctl database [ for details use: -P showall ]
ATA Version is: 6ATA Standard is: ATA/ATAPI-6 T13 1410D revision 2Local Time is: Thu May 21 14:09:19 2009 UTCSMART support is: Available - device has SMART capability.SMART support is: Enabled=== START OF READ SMART DATA SECTION ===SMART overall-health self-assessment test result: PASSEDRUNNING: /usr/sbin/smartctl /dev/sdc -H -iThe following example shows the output from the show dis raid-state command, which shows all the disk partitions on a CDE:
ServiceEngine# #show disks raid-state
SYSTEM : RAID-1Status: NormalPartitions: disk00/05 disk02/05SYSTEM: RAID-1Status: NormalPartitions: disk00/01 disk02/01SYSTEM: RAID-1Status: NormalPartitions: disk00/02 disk02/02SYSTEM: RAID-1Status: NormalPartitions: disk00/04 disk02/04Related Commands
Command Descriptiondisk (EXEC)
Configures disks and allocates disk space for devices using VDS-OS software.
show flash
To display the flash memory version and usage information, use the show flash command in EXEC configuration mode.
show flash
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
If a new software image has been installed and is waiting to be run after a reboot, the show flash command displays this information and the version of VDS-OS software that runs on the device after reload.
![]()
Note
If you update the VDS-OS software on an SE, the new version displays in the show flash command output, but it says, "Pending software change will occur on next bootup." You must reboot the device for the software update to take effect.
Examples
The following example shows how to display the flash information:
ServiceEngine# show flash
VDS-OS software version (disk-based code): VDS-OS-2.4.0-b328System image on flash:Version: 2.4.0.328System flash directory:System image: 274 sectorsBootloader, rescue image, and other reserved areas: 59 sectors512 sectors total, 179 sectors free.Table 2-27 describes the fields shown in the show flash display.
Related Commands
show ftp
To display the caching configuration of the File Transfer Protocol (FTP), use the show ftp command in EXEC configuration mode.
show ftp
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Examples
The following example shows how to display the caching configuration of FTP:
ServiceEngine# show ftp
FTP heuristic age-multipliers: directory-listing 30% file 60%Maximum Time To Live in days : directory-listing 3 file 7Minimum Time To Live in minutes: 60No objects are revalidated on every request.Serve-IMS without revalidation if...Directory listing object is less than 50% of max ageFile object is less than 80% of max ageIncoming Proxy-Mode:Servicing Proxy mode FTP connections on ports: 22 23 88 66 48 488 449 90Outgoing Proxy-Mode:Not using outgoing proxy mode.Maximum size of a cacheable object is unlimited.Related Commands
show hardware
To display the system hardware status, use the show hardware command in EXEC configuration mode.
show hardware [all | core | cpuinfo | dmi [all | baseboard | bios | cache | chassis | connector | memory | processor | slot | system] | mapping {disk [all | diskname] | interface [all | GigabitEthernet slot/port_num | TenGigabitEthernet slot/port_num]} | meminfo | pci [details | drivers | ids | tree]]
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The output of the show hardware command in EXEC configuration mode displays all core or Desktop Management Interface (DMI) information. The DMI output can also be filtered by optional keywords.
Table 2-28 describes the fields shown in the show hardware display.
Examples
The following example shows how to display the core hardware information:
ServiceEngine# show hardware core
Videoscape Distribution Suite Origin Server Software (VDS-OS)Copyright (c) 1999-2011 by Cisco Systems, Inc.Videoscape Distribution Suite Origin Server Software Release 2.6.0 (buildb460 Aug 28 2011)Version: cde220-2g2-DEVELOPMENT[vcn-build1:/auto/vcn-u1/vosis_release_builds/vosis_2.6.0-b460/spcdn]Compiled 05:55:01 Aug 28 2011 by ipvbuildCompile Time Options: KQ SSSystem was restarted on Mon Aug 29 11:56:58 2011.The system has been up for 1 day, 5 hours, 5 minutes, 2 seconds.CPU 0 is GenuineIntel Intel(R) Xeon(R) CPUL5410 @ 2.33GHz (rev 23) running at 2333MHz.CPU 1 is GenuineIntel Intel(R) Xeon(R) CPUL5410 @ 2.33GHz (rev 23) running at 2333MHz.CPU 2 is GenuineIntel Intel(R) Xeon(R) CPUL5410 @ 2.33GHz (rev 23) running at 2333MHz.CPU 3 is GenuineIntel Intel(R) Xeon(R) CPUL5410 @ 2.33GHz (rev 23) running at 2333MHz.CPU 4 is GenuineIntel Intel(R) Xeon(R) CPUL5410 @ 2.33GHz (rev 23) running at 2333MHz.CPU 5 is GenuineIntel Intel(R) Xeon(R) CPUL5410 @ 2.33GHz (rev 23) running at 2333MHz.CPU 6 is GenuineIntel Intel(R) Xeon(R) CPUL5410 @ 2.33GHz (rev 23) running at 2333MHz.CPU 7 is GenuineIntel Intel(R) Xeon(R) CPUL5410 @ 2.33GHz (rev 23) running at 2333MHz.Total 8 CPUs.16000 Mbytes of Physical memory.10 GigabitEthernet interfaces1 Console interface2 USB interfaces [Not supported in this version ofsoftware]Cookie info:Base PID: CDE220-2G2 VID: 00SerialNumber: 99999999999Model Type:SerialNumber (raw): 57 57 57 57 57 57 57 57 5757 57TestDate: 12-19-2002ExtModel: CDE220-2G2ModelNum (raw): 55 0 0 0 1HWVersion: 1PartNumber: 53 54 55 56 57BoardRevision: 1ChipRev: 1VendID: 0CookieVer: 2Chksum: 0xfb9eList of all disk drives:disk00: Normal (h02 c00 i00 l00 - mptsas) 476940MB(465.8GB)disk00/01: SYSTEM 5120MB[ 5.0GB)mounted internallydisk00/02: SYSTEM 3072MB[ 3.0GB)mounted internallydisk00/04: SYSTEM 2048MB[ 2.0GB)mounted internallydisk00/05: SYSFS 32768MB[ 32.0GB)mounted at /local1disk00/06: CDNFS 433917MB(423.7GB)mounted internallydisk01: Normal (h02 c00 i01 l00 - mptsas) 476940MB(465.8GB)disk01/01: SYSTEM 5120MB[ 5.0GB)mounted internallydisk01/02: SYSTEM 3072MB[ 3.0GB)mounted internallydisk01/04: SYSTEM 2048MB[ 2.0GB)mounted internallydisk01/05: SYSFS 32768MB[ 32.0GB)mounted at /local1<Output truncated>The following example shows how to display the DMI information:
ServiceEngine# show hardware dmi
--------------------- DMI Information -------------# dmidecode 2.9SMBIOS 2.5 present.70 structures occupying 2793 bytes.Table at 0xCFF66000.Handle 0x0000, DMI type 0, 24 bytesBIOS InformationVendor: Phoenix Technologies LTDVersion: 1.2aRelease Date: 04/09/2009Address: 0xE3DD0Runtime Size: 115248 bytesROM Size: 2048 kBCharacteristics:PCI is supportedPNP is supportedBIOS is upgradeableBIOS shadowing is allowedESCD support is availableBoot from CD is supportedServiceEngine#Related Commands
show hosts
To view the hosts on your SE, use the show hosts command in EXEC configuration mode.
show hosts
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Examples
The show hosts command lists the name servers and their corresponding IP addresses. It also lists the hostnames, their corresponding IP addresses, and their corresponding aliases (if applicable) in a host table summary.
Table 2-29 describes the fields shown in the show hosts display.
show interface
To display the hardware interface information, use the show interface command in EXEC configuration mode.
show interface {all | GigabitEthernet slot/port | PortChannel {1 [lacp] | 2} | standby group_num | TenGigabitEthernet slot/port}
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Table 2-30 describes the fields shown in the show interface GigabitEthernet display.
Table 2-31 describes the fields shown in the show interface PortChannel display.
Table 2-32 describes the fields shown in the show interface standby display.
Table 2-33 describes the fields shown in the show interface TenGigabitEthernet display.
Related Commands
show inventory
To display the system inventory information, use the show inventory command in EXEC configuration mode.
show inventory
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The show inventory command allows you to view the unique device identifier information (UDI) for an SE. Typically, Cisco SEs contain the following three identification items that make up the UDI:
•
Product ID (PID)
•
Version ID (VID)
•
Serial number (SN)
This identity information is stored in the SE nonvolatile memory. Each SE has a UDI. The UDI shows PID, VID and SN.
The UDI is electronically accessed by the product operating system or network management application to enable identification of unique hardware devices. The data integrity of the UDI is vital to customers. The UDI that is programmed into the SE's nonvolatile memory is equivalent to the UDI that is printed on the product label and on the carton label. This UDI is also equivalent to the UDI that can be viewed through any electronic means and in all customer-facing systems and tools. Currently, there is only CLI access to the UDI; there is no Simple Network Management Protocol (SNMP) access to the UDI information.
On newer SE models, you can use the show inventory command in EXEC configuration mode to display the SE's UDI. On older SE models, use the show tech-support command in EXEC configuration mode to display the SE's UDI.
Examples
The following example shows the inventory information for one of the newer SE models (SE-565):
ServiceEngine# show inventoryPID: SE-565-K9 VID: 0 SN: serial_numberIn the preceding example, serial number is the serial number of the SE. The version ID is displayed as "0" because the version number is not available.
Table 2-34 describes the fields shown in the show inventory display.
The following example shows that you must use the show tech-support command in EXEC configuration mode to display the inventory information on an older SE model:
ServiceEngine# show inventoryPlease look at 'sh tech-support' for information!ServiceEngine# show tech-supportRelated Commands
Command Descriptionshow tech-support
Displays system information necessary for Cisco Technical Support to assist you with your SE.
show ip
To display the, use the show ip command in user EXEC configuration mode.
show ip
Syntax Description
Command Default
None
Command Modes
User EXEC configuration mode.
Usage Guidelines
This command requires a Proximity Engine license.
Examples
To display information about an entry in the BGP routing table (for example, 42.1.1.0/24), use the show ip bgp 42.1.1.0/24 command. To locate information by IP address (for example, 42.1.1.1), use the show ip bgp 42.1.1.1 command.
ServiceRouter# show ip bgp 42.1.1.0/24
BGP routing table entry for 42.1.1.0/24, version 12Paths: (1 available, best # 1)Flags: on xmit-list, is in urib, is best urib routePath type: internal, path is valid, is best pathAS-Path: NONE, path sourced internal to AS192.168.86.3 (metric 0) from 192.168.86.3 (192.168.86.3)Origin incomplete, MED 0, localpref 100, weight 0Not advertised to any peerServiceRouter# show ip bgp 42.1.1.1
BGP routing table entry for 42.1.1.0/24, version 12Paths: (1 available, best # 1)Flags: on xmit-list, is in urib, is best urib routePath type: internal, path is valid, is best pathAS-Path: NONE, path sourced internal to AS192.168.86.3 (metric 0) from 192.168.86.3 (192.168.86.3)Origin incomplete, MED 0, localpref 100, weight 0Not advertised to any peerServiceRouter#
The following sample output shows the display when the advertised community and the configured location community matches:
ServiceRouter# sh ip bgp 1.1.1.1
BGP routing table entry for 1.1.1.1/32, version 4Paths: (1 available, best # 1)Flags: on xmit-list, is in urib, is best urib routePath type: internal, path is valid, is best pathAS-Path: NONE, path sourced internal to AS48.0.0.8 (metric 0) from 48.0.0.8 (1.1.1.1)Origin IGP, MED 0, localpref 100, weight 0Community: 1:1(location specific)The following sample output shows the display when the community is not advertised to any peer:
ServiceRouter# sh ip bgp 33.1.5.0
BGP routing table entry for 33.1.5.0/24, version 4Paths: (1 available, best #1)Flags: on xmit-list, is in urib, is best urib routePath type: internal, path is valid, is best pathAS-Path: 2 , path sourced external to AS62.0.0.2 (metric 20) from 26.0.0.6 (10.1.1.1)Origin IGP, MED 0, localpref 100, weight 0Community: 5:5(location specific)Related Commands
Command Descriptionclear ip bgp
Clears entries in the BGP route table.
router bgp
Configures a BGP routing process.
show ipv6
To display IPv6 information, use the show ipv6 command in user EXEC configuration mode.
show ipv6
Syntax Description
Command Default
None
Command Modes
User EXEC configuration mode.
Examples
The following example shows sample output from the show ipv6 access-list command:
ServiceRouter# show ipv6 access-list
Space available:48 access lists498 access list conditionsStandard IPv6 access list 11 deny fec0:0:3:5: :1/128(implicit deny any: 0 matches)total invocations: 0Extended IPv6 access list test1 permit icmpv6 any any echo(implicit fragment permit: 0 matches)(implicit deny ip any any: 0 matches)total invocations: 0Interface access list references:None ConfiguredApplication access list references:No applications registered.The following example shows sample output from the show ipv6 routes command:
ServiceRouter# show ipv6 routes
Destination Next Hop---------------------------------------- ------------------------------------Destination Next3ffe:1200:4260:f: :/64 : :fe80: :/64 : :fec0:0:3:3: :/64 : :ff00: :/8 : :: :/0 fec0:0:3:3: :1: :/0 fe80: :218:74ff:fe17:a8c0ServiceRouter#![]()
Note
On other show commands that relate to the IPv6 addresses, the output fields were designed to work with the longest possible IPv4 address, which has 15 characters; IPv6 addresses can be up to 39 characters long. When the command output displays an IPv6 address, a long IPv6 address can overflow into neighboring fields causing the output to be difficult to read.
Related CommandsI
Command Descriptionclear ipv6
Clears IPv6 ACL counters.
ipv6
Specifies the default gateway's IPv6 address.
traceroute6
Traces the route to a remote IPv6-enabled host.
show lacp
To display LACP information, use the show lacp command in EXEC configuration mode.
show lacp {counters| internal}
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
You must first turn on LACP by entering the lacp command in interface configuration mode before you can display the LACP statistics.
In the show lacp counters command, the LACP control packet is sent or received every 30 seconds. If one of the interfaces within the port channel goes down, then the counter value does not further increment for that interface.
Examples
The following example shows how to display the LACP statistics:
ServiceEngine# show lacp counters
Interface PortChannel 1 (4 physical interface(s)):Protocol: noneInterface PortChannel 2 (4 physical interface(s)):lacpdu marker marker responsePort send receive send receive send receive error-----------------------------------------------------GigabitEthernet 7/0 16 16 0 0 0 0 0GigabitEthernet 8/0 16 15 0 0 0 0 0GigabitEthernet 9/0 16 15 0 0 0 0 0GigabitEthernet 10/0 17 15 0 0 0 0 0Interface PortChannel 3 (0 physical interface(s)):Protocol: noneInterface PortChannel 4 (0 physical interface(s)):Protocol: noneThe following example shows how to display the link status for the port channel:
ServiceEngine# show lacp internal
Interface PortChannel 1 (4 physical interface(s)):Protocol: LACPMode: src-dst-portPort Admin-State Link-State LACP-State Aggregate id-----------------------------------------------------------------------------GigabitEthernet 3/0 up up bndl 21GigabitEthernet 4/0 up up bndl 21GigabitEthernet 5/0 up up bndl 21GigabitEthernet 6/0 up up bndl 21ServiceEngine# show interface portChannel 1 lacp
Interface PortChannel 1 (4 physical interface(s)):Protocol: LACPMode: src-dst-portPort Admin-State Link-State LACP-State Aggregate id-----------------------------------------------------------------------------GigabitEthernet 3/0 up up bndl 21GigabitEthernet 4/0 up up bndl 21GigabitEthernet 5/0 up up bndl 21GigabitEthernet 6/0 up up bndl 21Related Commands
Command Descriptionlacp
Turns on Link Aggregation Control Protocol (LACP).
show interface portchannel 1 lacp
Displays the link status for the port channel.
show logging
To display the system message log configuration, use the show logging command in EXEC configuration mode.
show logging
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The following is an example of a syslog message for proxy mode native File Transfer Protocol (FTP) support:
SE-FTP_PROXY-3-252009: Failed to configure FTP Proxy-mode listener on port
'
[port
]'.
Explanation: Could not start proxy-mode listener for FTP control
connection for the specified port. The port is temporarily
in an un-bindable state, or is in use by some other
application.
Action: Check whether the port has been configured for use by a
different application. If not, retry the
incoming proxy command after 2 minutes. If this error
repeats frequently, contact Cisco TAC.
To view information about events that have occurred in all devices in your VDS-OS network, you can use the system message log in the VOSM GUI. The VOSM logs only severity level critical or higher messages from registered nodes. Also, the VOSM logs certain other status messages that are considered important to the Centralized Management System (CMS). The messages displayed in the system message log for device, SE, are not related to the messages logged in the system log file on the system file system (sysfs) partition on the VOSM as /local1/syslog.txt.
The syslog.txt file on the VOSM contains information about events that have occurred on the VOSM and not on the registered nodes. The messages that are written to the syslog.txt file depend on specific parameters of the system log file that you have set by using the logging global configuration command. For example, a critical error message logged on a registered node does not appear in the syslog.txt file on the VOSM because the problem never occurred on the VOSM but only on the registered node. However, this error message is displayed in the system message log for device the SE device.
Examples
The following example shows how to display the syslog host configuration on an SE:
ServiceEngine# show loggingSyslog to host is disabledPriority for host logging is set to: warningSyslog to console is disabledPriority for console logging is set to: warningSyslog to disk is enabledPriority for disk logging is set to: noticeFilename for disk logging is set to: /local1/syslog.txtSyslog facility is set to *Syslog disk file recycle size is set to 500000Related Commands
Command Descriptionclear
Clears the HTTP object cache, the hardware interface, statistics, archive working transaction logs, and other settings.
logging
Configures system logging.
show mount-option
To display the mount options, use the show mount-option command in EXEC configuration mode.
show mount-option
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Table 2-35 describes the fields shown in the show mount-option display.
Table 2-35 show mount-option status Field Descriptions
Field DescriptionRead/Write
ReadBlock Size
WriteBlock Size
Mount Timeout
Retransmit
Retry Minutes
Related Commands
show ntp
To display the Network Time Protocol (NTP) parameters, use the show ntp command in EXEC configuration mode.
show ntp status
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Table 2-35 describes the fields shown in the show ntp status display.
Related Commands
show processes
To display CPU or memory processes, use the show processes command in EXEC configuration mode.
show processes [cpu | debug pid | memory | system [delay delay_num | count count_num]]
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use the commands shown in this section to track and analyze system CPU utilization.
The show processes debug command displays the extensive internal system call information and a detailed account of each system call (and arguments) made by each process and the signals that it has received.
Use the show processes system command to display system updates. The delay option specifies the delay between updates, in seconds. The count option specifies the number of updates that are displayed. This command displays these items:
•
List of all processes in wide format.
•
Two tables listing the processes that use CPU resources. The first table displays the list of processes in descending order of utilization of CPU resources based on a snapshot taken after the processes system (ps) output is displayed. The second table displays the same processes based on a snapshot taken 5 seconds after the first snapshot.
•
Virtual memory used by the corresponding processes in a series of five snapshots, each separated by 1 second.
![]()
Note
CPU utilization and system performance may be affected when you use the show process command. We recommend that you avoid using the show process command with keywords system and especially debug, unless it is absolutely necessary.
Table 2-37 describes the fields shown in the show processes displays.
show radius-server
To display RADIUS information, use the show radius-server command in EXEC configuration mode.
show radius-server
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Table 2-38 describes the fields shown in the show radius-server display.
Related Commands
show running-config
To display the current running configuration information on the terminal, use the show running-config command in EXEC configuration mode.
show running-config
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use this command with the show startup-config command to compare the information in running memory to the startup configuration used during bootup.
![]()
Note
This command replaces the write terminal command.
Examples
The following example shows how to display the current running configuration information:
ServiceEngine# show running-config
! VDS-OS version 2.6.0!device mode service-engine!hostname EE8-2G2-5!authsvr location-server primary 4.0.1.3 7000!clock timezone PDT -7 0!ip domain-name telstra.com!exec-timeout 0!interface PortChannel 1ip address 188.0.82.8 255.255.255.0exitinterface PortChannel 2ip address 188.87.0.5 255.255.0.0exit!interface GigabitEthernet 1/0channel-group 1exitinterface GigabitEthernet 2/0channel-group 1exitinterface GigabitEthernet 3/0channel-group 2exitinterface GigabitEthernet 4/0channel-group 2exitinterface GigabitEthernet 5/0channel-group 2exitinterface GigabitEthernet 6/0channel-group 2exitinterface GigabitEthernet 7/0channel-group 2exitinterface GigabitEthernet 8/0channel-group 2exitinterface GigabitEthernet 9/0channel-group 2exitinterface GigabitEthernet 10/0channel-group 2exit!streaming-interface PortChannel 2!ip default-gateway 188.0.82.1ip default-gateway 188.87.0.1!port-channel load-balance round-robinprimary-interface PortChannel 2!transaction-logs enabletransaction-logs archive max-file-size 2000000transaction-logs archive max-file-number 50transaction-logs archive interval 300transaction-logs export enabletransaction-logs export interval 5transaction-logs export sftp-server 188.0.84.5 root **** /var/ftp/pub/uploadtransaction-logs format custom "%J"!ip name-server 188.0.84.7!ip route 10.74.61.0 255.255.255.0 188.87.0.1ip route 171.70.77.0 255.255.255.0 188.87.0.1ip route 188.85.0.3 255.255.255.255 188.87.0.1ip route 188.0.86.3 255.255.255.255 188.0.82.1ip route 188.85.0.4 255.255.255.255 188.87.0.1ip route 225.1.1.12 255.255.255.255 188.87.0.1ip route 239.1.1.12 255.255.255.255 188.87.0.1ip route 239.1.1.14 255.255.255.255 188.87.0.1ip route 224.0.0.22 255.255.255.255 188.87.0.1!ntp server 171.68.10.150ntp server 171.68.10.80!rule enable!username admin password 1 $5$bVz2jc/k$QYvCAKrBmq3YqM5IklvuGrXQACMelfONdq3/siTpqV8username admin privilege 15!snmp-server enable traps configsnmp-server enable traps service-engine disk-failsnmp-server enable traps alarm raise-criticalsnmp-server enable traps alarm clear-criticalsnmp-server enable traps alarm raise-majorsnmp-server enable traps alarm clear-majorsnmp-server enable traps alarm raise-minorsnmp-server enable traps alarm clear-minorsnmp-server enable traps entitysnmp-server enable traps snmp cold-startsnmp-server host 188.0.84.6 telstra v2csnmp-server group telstra v2c read telstra notify telstrasnmp-server community telstra!tacacs key ****tacacs password asciitacacs host 188.0.84.5 primary!ftp enable!telnet enable!VOSM ip 188.0.86.3cms enable!cms database maintenance regular schedule every-day at 04:00cms database maintenance full schedule Sun at 04:00!kernel kdbdisk error-handling reload!banner enable!url-signature key-id-owner 1 key-id-number 1 key ****url-signature key-id-owner 2 key-id-number 2 key ****!contentmgr disk-bucket-fail-threshold 1!! End of VDS-OS configurationServiceEngine#Related Commands
Command Descriptionconfigure
Enters global configuration mode.
copy
Copies the configuration or image data from a source to a destination.
show service-router
To display the Service Router configuration, use the show service-router command in EXEC configuration mode.
On the SE:
show service-router {keepalive-interval | service-monitor}
On the SR:
show service-router {forwarding [content-origin content_origin] | lastresort [domain name] | load {all | sename sename} | memory | redirect-burst-control | routes [content-origin content_origin ip-address ip_address] | service-monitor | services {all | sename se_name} | summary [content-origin content_origin]}
On the VOSM:
show service-router service-monitor
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
This command allows users to check the Service Router-related configuration. Through this command, users can view the configured features of an SR, such as location-based routing and content-based routing.
![]()
Note
The Load percentage displayed in the Average Device Load field when the show service-router service-monitor command is executed on the SE is the maximum of the average disk load/average CPU load given both CPU and disk monitoring are enabled on the SE.
The memory usage is calculated in the show service-router service-monitor command as follows:
Total used memory = total memory - (total free memory + total buffer memory + total cache memory) + total pinned memory. The percentage of total used memory = (total used memory)/total memory.
The total memory, total free memory, total buffer memory, and total cache memory are obtained from /proc/meminfo. The total pinned memory is obtained from /proc/ukse/ukse_prefetch_details.
The show service-router content-origin <content-origin> ip-address <client-ip> command is only used to check which SE the request is routed to based on the network entries and metrics configured in the coverage zone file. It does not take into account the service status of the SEs because there is no protocol or filename in the input. Also, it does not take into account matches from location based routing and proximity based routing.
The show service-router content-origin <content-origin> output shows an SE as overloaded only if the device load has exceeded thresholds. The SE does not show as overloaded because there might be other Protocol Engines in the SE that are still able to serve requests.
Examples
The following example shows how to display SR routing statistics:
ServiceRouter# show statistics service-router all | begin "SR Routing Statistics"
----- SR Routing Statistics -----Network Redirects : 0Proximity Redirects : 2Geo Location Redirects : 0Zero Network Redirects : 0Last Resort Redirects : 0----- SR Proximity Routing Statistics -----Cache Hits : 1Cache Misses : 1Errors : 0The following example shows how to display the Service Router information on the SE:
ServiceEngine# show service-router service-monitor
Monitor types configured:-------------------------CPU,MEM,KMEM,WEB,DISK,NICThreshold values configured:---------------------------CPU : 80%MEM : 80%KMEM : 50%NIC : 90%BURST COUNT : 1DISK : 80%DISKFAILCNT : 1Sample periods configured:--------------------------CPU : 1 (secs)MEM : 1 (secs)KMEM : 1 (secs)NIC : 3 (secs)DISK : 1 (secs)Sample counts configured to use in calculating average:-------------------------------------------------------CPU : 2MEM : 2KMEM : 2NIC : 2DISK : 2Device Status-------------CPUCurrent load : 35%Average load : 35%Threshold : Not reachedDISKCurrent load : 20%Average load : 20%Threshold : Not reachedStatus : OperationalMEMAverage Used Memory : 10%Threshold : Not reachedKMEMAverage Kernel Memory : 1%Threshold : Not reachedNICInterface : PortChannel 1/0Average BW In : 9%Average BW Out : 9%Threshold : Not reachedAverage Device load : 35%Services Status---------------Critical Service(s) : RunningWEBEnabled : YesThreshold : Not reachedStopped : NoThe following example shows how to display the Service Router information on the VOSM:
VOSM# show service-router service-monitorAlarm types configured:-------------------------AUGMENTATION ALARM : DisabledMonitor types configured:-------------------------CPU,MEM,KMEM,DISKThreshold values configured:---------------------------CPU : 80%MEM : 80%KMEM : 50%DISK : 80%DISKFAILCNT : 75%AUGMENTATION: 80%Sample periods configured:--------------------------CPU : 1 (secs)MEM : 1 (secs)KMEM : 1 (secs)DISK : 1 (secs)Sample counts configured to use in calculating average:-------------------------------------------------------CPU : 2MEM : 2KMEM : 2DISK : 2Device Status-------------CPUCurrent load : 1%Average load : 1%Threshold : Not reachedDISKCurrent load : 1%Average load : 0%Load Threshold : Not reachedDisk Fail Cnt Threshold : Not reachedMEMAverage Used Memory : 6%Threshold : Not reachedKMEMAverage Kernel Memory : 0%Threshold : Not reachedAverage Device load : 1%VOSM#Related Commands
Command Descriptionservice-router
Configures service routing.
clear service-router
Clears the Service Router cache.
show services
To display services-related information, use the show services command in EXEC configuration mode.
show services {ports [port_num] | summary}
Syntax Description
ports
Displays services by port number.
port_num
(Optional) Displays up to eight port numbers. The port number range is from 1 to 65535.
summary
Displays the services summary.
Defaults
None
Command Modes
EXEC configuration mode.
Examples
The following example shows how to display the services information by the port number:
VOSM# show services portsService information by port---------------------------550 Started on Mon Oct 14 12:13:20 2002Runs 1 serviceCisco_Streaming_Engine553 Started on Mon Oct 14 12:13:20 2002Runs 1 serviceRTSP_Gateway554 Started on Mon Oct 14 12:13:20 2002Runs 1 serviceRTSP_Gateway...15256 Started on Mon Oct 14 12:13:20 2002Runs 1 serviceCMS27999 Started on Mon Oct 14 12:13:20 2002Runs 1 serviceReal_Server28000 Started on Mon Oct 14 12:13:20 2002Runs 1 serviceReal_ProxyThe following example shows how to display a services information summary, showing the service and the associated port numbers:
VOSM# show services summaryService Ports-----------------------------------------------------CMS 15256 2000 2001 2002 2003 2004 2005GUI 8001icp 3128emdb 5432CertMgr 6001MgmtAgent 5252Real_Proxy 1090 8082 9002 555 28000 7879 6060 7071 3031VOSM_UI_http 8443Real_Server 7070 8081 9091 27999 7878 7802 1554 3030 4040 5050RTSP_Gateway 554 553RPC_APACHE_PORT 6550temp_RPC_APACHE_PORT 8008Cisco_Streaming_Engine 550 SNMPshow snmp
To check the status of Simple Network Management Protocol (SNMP) communications, use the show snmp command in EXEC configuration mode.
show snmp {alarm-history | engineID | group | stats | user}
Syntax Description
alarm-history
Displays SNMP alarm history information.
engineID
Displays the local SNMP engine identifier.
group
Displays SNMP groups.
stats
Displays SNMP statistics.
user
Displays SNMP users.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
This command provides information on various SNMP variables and statistics on SNMP operations.
Table 2-39 describes the fields shown in the snmp alarm-history display.
Table 2-39 show snmp alarm-history Field Descriptions
Field DescriptionIndex
Serial number of the listed alarms.
Type
Status of whether the alarm has been Raised or Cleared.
Sev
Levels of alarm severity (Critical, Major or Minor).
Alarm ID
Traps sent by a VDS-OS device contain numeric alarm IDs.
ModuleID
Traps sent by a VDS-OS device contain numeric module IDs. See Table 2-40 to map module names to module IDs.
Category
Traps sent by a VDS-OS device contain numeric category IDs. See Table 2-41 to map category names to category IDs.
Descr
Description of the VDS-OS software alarm and the application that generated the alarm.
Table 2-40 describes the mapping of module names to module IDs.
Table 2-41 describes the mapping of category names to category IDs.
Table 2-41 Mapping of Category Names to Category IDs
Category Name Category IDCommunications
1
Service Quality
2
Processing Error
3
Equipment
4
Environment
5
Content
6
Table 2-42 describes the fields shown in the show snmp stats display.
Table 2-43 describes the fields shown in the show snmp engineID display.
Table 2-43 show snmp engineID Field Descriptions
Field DescriptionLocal SNMP Engine ID
String that identifies the copy of SNMP on the local device.
Table 2-44 describes the fields shown in the show snmp group display.
Table 2-45 describes the fields shown in the show snmp user display.
Related Commands
show ssh
To display Secure Shell (SSH) status and configuration information, use the show ssh command in EXEC configuration mode.
show ssh
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Related Commands
show standby
To display standby interface information, use the show standby command in EXEC configuration mode.
show standby
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Table 2-46 describes the fields shown in the show standby display.
Related Commands
show startup-config
To display the startup configuration, use the show startup-config command in EXEC configuration mode.
show startup-config
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use this command to display the configuration used during an initial bootup, stored in non-volatile random-access memory (NVRAM).
Examples
The following example shows how to display the startup configuration details on the SE:
ServiceEngine# show startup-config! VDS-OS version 2.3.9!device mode service-engine!hostname V2-CDE220-3!primary-interface PortChannel 1!interface PortChannel 1ip address 3.1.14.72 255.255.255.0exitinterface PortChannel 2ip address 4.0.8.13 255.255.255.0exit!interface GigabitEthernet 1/0channel-group 2exitinterface GigabitEthernet 2/0channel-group 2exitinterface GigabitEthernet 3/0channel-group 1exitinterface GigabitEthernet 4/0channel-group 1exitinterface GigabitEthernet 5/0channel-group 1exitinterface GigabitEthernet 6/0channel-group 1exit!ip default-gateway 3.1.14.1!offline-operation enable!rule action block pattern-list 3rule action redirect http://www.baidu.com pattern-list 2rule pattern-list 1 url-regex http://chunliu.com/b.wmvrule pattern-list 2 header-field request-line b.wmvrule pattern-list 3 header-field request-line c.wmv!icap service camiantserver icap://trythis/servernameexit!transaction-logs enabletransaction-logs archive interval 120!username admin password 1 bVmDmMMmZAPjYusername admin privilege 15!authentication login local enable primaryauthentication configuration local enable primary!access-lists 300 deny groupname Disneyaccess-lists 300 permit groupname anyaccess-lists enable!telnet enable!VOSM ip 4.0.8.10cms enable!cache content max-cached-entries 1000! End of VDS-OS configurationRelated Commands
show statistics access-lists
To display SE access control list statistics, use the show statistics access-lists command in EXEC configuration mode.
show statistics access-lists
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The access control list statistics display the number of access requests, denials, and permissions recorded. Use the show statistics access-lists 300 command to display the number of group name accesses recorded.
Table 2-47 describes the fields shown in the show statistics access-lists 300 display.
Related Commands
Command Descriptionclear
Clears the HTTP object cache, the hardware interface, statistics, archive working transaction logs, and other settings.
show statistics admission
To display admission control statistics, use the show statistics admission command in EXEC configuration mode.
show statistics admission
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Table 2-48 describes the fields shown in the show statistics admission display.
show statistics cdnfs
To display SE CDS network file system (cdnfs) statistics, use the show statistics cdnfs command in EXEC configuration mode.
show statistics cdnfs
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Table 2-49 describes the show statistics cdnfs command fields displayed in the command output.
Related Commands
show statistics content-mgr
To display Content Manager statistics, use the show statistics content-mgr command in EXEC configuration mode.
show statistics content-mgr
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Table 2-50 describes the show statistics content-mgr command fields displayed in the command output.
Related Commands-
show statistics fd
To display file descriptors limit statistics, use the show statistics netstat command in EXEC configuration mode.
show statistics fd
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Table 2-57 describes the fields shown in the show statistics fd display.
Examples
The following is sample output from the show statistics fd command:
ServiceEngine# show statistics fd
Number of file descriptors in use = 3600Maximum number of file descriptions allowed = 262144Percentage of file descriptions in use = 1.37%show statistics icmp
To display SE Internet Control Message Protocol (ICMP) statistics, use the show statistics icmp command in EXEC configuration mode.
show statistics icmp
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
ICMP messages are sent in several situations, such as when a datagram cannot reach its destination, when the gateway does not have the buffering capacity to forward a datagram, and when the gateway can direct the host to send traffic on a shorter route. The purpose of these control messages is to provide feedback about problems in the communication environment, not to make IP reliable. There is still no guarantee that a datagram is delivered or a control message is returned. Some datagrams may still be undelivered without any report of their loss.
The ICMP messages typically report errors in the processing of datagrams. To avoid the infinite regress of messages about messages, no ICMP messages are sent about ICMP messages. Also, ICMP messages are only sent about errors in handling fragment zero of fragmented datagrams.
ICMP messages are sent using the basic IP header. The first octet of the data portion of the datagram is on a ICMP type field; the value of this field determines the format of the remaining data.
Many of the type fields contain more specific information about the error condition identified by a code value. ICMP messages have two types of codes:
•
Query
•
Error
Queries contain no additional information because they ask for information and show a value of 0 in the code field. ICMP uses the queries as shown in Table 2-52.
Error messages give specific information and have varying values that further describe conditions. Error messages always include a copy of the offending IP header and up to 8 bytes of the data that caused the host or gateway to send the error message. The source host uses this information to identify and fix the problem reported by the ICMP error message. ICMP uses the error messages as shown in Table 2-53.
Table 2-53 Errors
Error Type Field ValueDestination Unreachable
3
Source Quench
4
Redirect
5
Time Exceeded
11
Parameter Problems
12
Table 2-54 describes the fields shown in the show statistics icmp display.
Related Commands
show statistics icmpv6
To display the Internet Control Message Protocol (ICMP) v6 statistics, use the show statistics icmpv6 command in user EXEC configuration mode.
show statistics icmpv6
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
User EXEC configuration mode.
Examples
The following is sample output from the show statistics icmpv6 command:
ServiceRouter# show statistics icmpv6
ICMPv6 statistics---------------ICMPv6 messages received = 0ICMPv6 messages receive failed = 0Destination unreachable = 0Packet too big = 0Timeout in transit = 0Wrong parameters = 0Echo requests = 0Echo replies = 0Group member queries = 0Group member responses = 0Group member reductions = 0Router solicits = 0Router advertisements = 0Neighbor solicits = 0Neighbor advertisements = 0Redirects = 0MLDv2 reports = 0ICMPv6 messages sent = 0Destination unreachable = 0Packet too big = 0Time exceeded = 0Wrong parameters = 0Echo requests = 0Echo replies = 0Group member queries = 0Group member responses = 0Group member reductions = 0Router solicits = 0Router advertisements = 0Neighbor solicits = 0Neighbor advertisements = 0Redirects = 0MLDv2 reports = 0Table 2-56 describes the fields shown in the show statistics icmpv6 display.
Related Commands
show statistics ip
To display the IP statistics, use the show statistics ip command in user EXEC configuration mode.
show statistics ip
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
User EXEC configuration mode.
Examples
The following is sample output from the show statistics ip command:
ServiceRouter# show statistics ip
IP statistics-------------Total packets in = 1408126with invalid header = 0with invalid address = 0forwarded = 0unknown protocol = 0discarded = 0delivered = 1408126Total packets out = 1500110dropped = 0dropped (no route) = 0Fragments dropped after timeout = 0Reassemblies required = 0Packets reassembled = 0Packets reassemble failed = 0Fragments received = 0Fragments failed = 0Fragments created = 0ServiceRouter#Table 2-56 describes the fields shown in the show statistics ip display.
Related Commands
Command Descriptionclear statistics ip
Clears IP statistics counters.
ip
Configures the IP.
show ip routes
Displays the IP routing table.
show statistics lsof
To display the List of Open File (lsof) descriptors, use the show statistics lsof command in EXEC configuration mode.
show statistics lsof
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Examples
The following example shows to display the lsof descriptors:
ServiceEngine# show statistics lsof
COMMAND PID USER FD TYPE DEVICE SIZE NODENAMEinit 1 admin cwd DIR 1,0 1024 2/init 1 admin rtd DIR 1,0 1024 2/init 1 admin txt REG 1,0 45436 7488/sbin/initinit 1 admin mem REG 1,0 1852502 6566/lib/libc-2.13.soinit 1 admin mem REG 1,0 154528 2006/lib/ld-2.13.soinit 1 admin 10u FIFO 0,13 4069/dev/initctlkthreadd 2 admin cwd DIR 1,0 1024 2/kthreadd 2 admin rtd DIR 1,0 1024 2/kthreadd 2 admin txt unknown/proc/2/exemigration 3 admin cwd DIR 1,0 1024 2/migration 3 admin rtd DIR 1,0 1024 2/<Output truncated>show statistics netstat
To display SE Internet socket connection statistics, use the show statistics netstat command in EXEC configuration mode.
show statistics netstat
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Table 2-57 describes the fields shown in the show statistics netstat display.
show statistics radius
To display SE RADIUS authentication statistics, use the show statistics radius command in EXEC configuration mode.
show statistics radius
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The fields in the show statistics radius display are as follows:
•
Number of access requests
•
Number of access deny responses
•
Number of access allow responses
•
Number of authorization requests
•
Number of authorization failure responses
•
Number of authorization success responses
Related Commands
Command Descriptionclear statistics
Clears the statistics settings.
radius-server
Configures the RADIUS authentication.
show radius-server
Displays the RADIUS server information.
show statistics service-router
To display Service Router statistics, use the show statistics service-router command in EXEC configuration mode.
show statistics service-router {all | content-origin content_name | dns | history | keepalive | routing} | se se_name | summary}
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Examples
The following example shows how to display the content origin-specific statistics on the number of requests and redirects:
ServiceRouter# show statistics service-router content-origin
----- SR Statistics Of Content Origin -----domain: sr.ABC.com (Origin Services: ABC.com)HTTP Requests (normal) : 0HTTP Requests (ASX) : 0HTTP Requests (API) : 0RTSP Requests : 0RTMP Requests : 0HTTP 302 Redirects : 0ASX Redirects : 0HTTP API Redirects : 0RTSP Redirects : 0RTMP Redirects : 0Overflow Redirects : 0----- SR Statistics Of Content Origin -----domain: chunliu.com (Origin Services: 72.163.255.111)HTTP Requests (normal) : 0HTTP Requests (ASX) : 0HTTP Requests (API) : 0RTSP Requests : 0RTMP Requests : 0HTTP 302 Redirects : 0ASX Redirects : 0HTTP API Redirects : 0RTSP Redirects : 0RTMP Redirects : 0Overflow Redirects : 0----- SR Statistics Of Content Origin -----domain: install3.com (Origin Services: 10.74.115.24)HTTP Requests (normal) : 0HTTP Requests (ASX) : 0HTTP Requests (API) : 0RTSP Requests : 0RTMP Requests : 0HTTP 302 Redirects : 0ASX Redirects : 0HTTP API Redirects : 0RTSP Redirects : 0RTMP Redirects : 0Overflow Redirects : 0V2-CDE220-2#The following example shows how to display the DNS statistics, including the number of DNS queries for each type (Content Origin FQDN, Service Engine aliases), and the response sent (aliases for down Service Engines, unknown domains, failed, dropped).
:
ServiceRouter# show statistics service-router dns
----- SR DNS Statistics -----Total DNS queries : 0Content Origin FQDNs : 0Service Engine aliases : 0Aliases for Down SEs : 0Unknown domains : 0PTR queries : 0Failed : 0Dropped : 0ServiceRouter#The following example shows how to display the statistics history on the number of redirect requests (maximum, minimum, average, last [in the past hour or minute]):
ServiceRouter# show statistics service-router history
----- SR Statistics History -----Type Minimum Maximum Average Last (in past hour/per minute)---------- --------- --------- --------- ---------REQUESTS 0 0 0 0REDIRECTS 0 0 0 0The following example shows how to display keepalive statistics on the number of keepalives received from Service Engines, unknown source, and number of keepalives dropped:
ServiceRouter# show statistics service-router keepalive
----- SR Keepalive Statistics -----Dropped : 0Service Engine keepalives : 0From unknown source : 0ServiceRouter#The following example shows how to display statistics to show which routing method is used in redirection to SEs:
ServiceRouter# show statistics service-router routing
----- SR Routing Statistics -----Network Redirects : 0Proximity Redirects : 0Geo Location Redirects : 4Zero Network Redirects : 0Last Resort Redirects : 1ServiceRouter#The following example shows how to display proximity-related statistics showing the number of cache hits, cache misses and errors.
ServiceRouter# show statistics service-router routing proximity
----- SR Proximity Routing Statistics -----Cache Hits : 2Cache Misses : 3Errors : 2ServiceRouter#The following example shows how to display Service Engine statistics including liveness of the SE, number of redirects to that particular SE, and the total number of keepalives received from that SE.
ServiceRouter# show statistics service-router se
----- Statistics Of SE: V2-CDE220-1 -----Aliveness : downHTTP 302 Redirects : 0ASX Redirects : 0HTTP API Redirects : 0RTSP Redirects : 0RTMP Redirects : 0DNS Redirects : 0Number Of Keepalives : 0----- Statistics Of SE: V2-CDE220-3 -----Aliveness : downHTTP 302 Redirects : 0ASX Redirects : 0HTTP API Redirects : 0RTSP Redirects : 0RTMP Redirects : 0DNS Redirects : 0Number Of Keepalives : 0V2-CDE220-2#The following example shows how to display summary statistics including the number of requests received, requests redirected, requests served, and requests not redirected:
ServiceRouter# show statistics service-router summary
----- SR Summary Statistics -----Requests Received : 1HTTP Requests (normal) : 0HTTP Requests (ASX) : 0HTTP Requests (API) : 0RTSP Requests : 1RTMP Requests : 0DNS Requests : 0Requests Served : 0HTTP Requests Served : 0Requests Redirected : 1HTTP 302 Redirects : 0ASX Redirects : 0HTTP API Redirects : 0RTSP redirects : 1RTMP redirects : 0DNS redirects : 0Requests Overflowed : 0HTTP 302 Redirects : 0ASX Redirects : 0HTTP API Redirects : 0RTSP redirects : 0RTMP redirects : 0DNS redirects : 0Requests Not Redirected : 0No SE Covering Client : 0Unknown Content Origin : 0Invalid Requests : 0Session limit exceeded : 0Bandwidth limit exceeded : 0"Stale SE" Requests : 0Related Commands
Command Descriptionservice-router
Configures service routing.
show service-router
Displays the Service Router configuration.
show statistics services
To display SE services statistics, use the show statistics services command in EXEC configuration mode.
show statistics services
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Table 2-58 describes the fields shown in the show statistics services display.
Related Commands
show statistics snmp
To display SE Simple Network Management Protocol (SNMP) statistics, use the show statistics snmp command in EXEC configuration mode.
show statistics snmp
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Table 2-42 describes the fields shown in the show statistics snmp display.
Related Commands
show statistics tacacs
To display Service Engine (SE) Terminal Access Controller Access Control System Plus (TACACS+) authentication and authorization statistics, use the show statistics tacacs command in user EXEC configuration mode.
show statistics tacacs
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
User EXEC configuration mode.
Usage Guidelines
The fields shown in the show statistics tacacs display for the service engine are as follows:
•
Number of access requests
•
Number of access deny responses
•
Number of access allow responses
•
Number of authorization requests
•
Number of authorization failure responses
•
Number of authorization success responses
•
Number of accounting requests
•
Number of accounting failure responses
•
Number of accounting success responses
Related Commands
Command Descriptionclear tacacs
Clears the TACACS+ settings.
show tacacs
Displays TACACS+ authentication protocol configuration information.
tacacs
Configures TACACS+ server parameters.
show statistics tcp
To display SE Transmission Control Protocol (TCP) statistics, use the show statistics tcp command in EXEC configuration mode.
show statistics tcp
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Table 2-60 describes the fields shown in the show statistics tcp display.
Related Commands
show statistics transaction-logs
To display SE transaction log export statistics, use the show statistics transaction-logs command in EXEC configuration mode.
show statistics transaction-logs
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
To display the transaction log export statistics, you must first configure the File Transfer Protocol (FTP) server.
Table 2-61 describes the fields shown in the show statistics transaction-logs display.
Related Commands
show statistics udp
To display SE User Datagram Protocol (UDP) statistics, use the show statistics udp command in EXEC configuration mode.
show statistics udp
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Table 2-62 describes the fields shown in the show statistics udp display.
show statistics vos
To display Videoscape Distribution Suite Origin Server (VDS-OS) statistics, use the show statistics vos command in EXEC configuration mode.
show statistics vos {errors | rm-interface | vosm-interface | we-interface}
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Table 2-63 describes the fields shown in the show statistics vos display.
Examples
The follow example shows how to display the VDS-OS statistics:
ServiceEngine# show statistics vos
VDS-OS Statistics-----------------------------------Origin Services Created : 0Origin Services Deleted : 0Channels Created : 0Channels Deleted : 0Live Publish Resources Configured : 0Live Publish Resources Created : 0Live Publish Resources Deleted : 0Scheduled Publish Resources Configured : 0Scheduled Publish Resources Created : 0Scheduled Publish Resources Deleted : 0Current Active Live Publish Resources : 0Current Active Scheduled Publish Resources: 0Error Statistics-----------------------------------Channel Failures : 0Live Publish Resource Failures : 0Scheduled Publish Resource Failures : 0Capture Resource Failures : 0Capture Stream Failures : 0Publish Stream Failures : 0Parsing/Validation Failures : 0VOSM Communication Failures : 0RM Communication Failures : 0The follow example shows how to display the VDS-OS error statistics:
ServiceEngine# show statistics vos errors
The follow example shows how to display the Recording Manager interface statistics:
ServiceEngine# show statistics vos rm-interface
RM Communication Statistics-----------------------------------Start Recording Requests : 0Modify Recording Requests : 0Recording Status Requests : 0Delete Recording Requests : 0Cancel Recording Requests : 0Get Recording List Count Requests : 0Get Recording List Requests : 0Notification To RM : 0Error Statistics-----------------------------------RM Communication Failures : 0HTTP Bad Request : 0HTTP Not Found : 0Internal server Error : 0The follow example shows how to display the VOSM interface statistics:
ServiceEngine# show statistics vos vosm-interface
VOSM Communication Statistics-----------------------------------Origin Service Creates/Updates : 0Origin Service Deletes : 0Channel Config Creates : 0Channel Config Updates : 0Channel Config Deletes : 0Schedule Config Creates : 0Schedule Config Updates : 0Schedules Config Deletes : 0Start Channel Commands : 0Stop Channel Commands : 0Start Capture Resource Commands : 0Stop Capture Resource Commands : 0Start Publish Resource Commands : 0Stop Publish Resource Commands : 0Resource Notifications : 0Resource Status Queries : 0VOSM Heartbeats : 579Error Statistics-----------------------------------Channel Parsing/Validation Failures : 0Origin Service Create Failures : 0Origin Service Delete Failures : 0Channel Config Create Failures : 0Channel Config Update Failures : 0Channel Config Delete Failures : 0Schedule Config Create Failures : 0Schedule Config Update Failures : 0Schedule Config Delete Failures : 0Start Channel Command Failures : 0Stop Channel Command Failures : 0Start Capture Resource Failures : 0Stop Capture Resource Failures : 0Start Publish Resource Failures : 0Stop Publish Resource Failures : 0Resource Notification Failures : 0Resource Status Query Failures : 0The follow example shows how to display the Web Engine statistics:
ServiceEngine# show statistics vos we-interface
WE Communication statistics-----------------------------------Create Channel : 0Create Capture Resource : 0Create Publish Resource : 0Update Publish Resource : 0Stop Channel : 0Stop Capture Resource : 0Stop Publish Resource : 0Delete Publish Resource : 0Publish Resource Status Notify : 0Capture Resource Status Notify : 0Web Engine Registration : 0Error Statistics-----------------------------------WE Communication Failures : 0Create Channel Failures : 0Create Capture Resource Failures : 0Create Publish Resource Failures : 0Update Publish Resource Failures : 0Stop Channel Failures : 0Stop Capture Resource Failures : 0Stop Publish Resource Failures : 0Delete Publish Resource Failures : 0Publish Resource Status Notify Failures : 0Capture Resource Status Notify Failures : 0Related Commands
show statistics web-engine
To display the Web Engine statistics, use the show statistics web-engine command in EXEC configuration mode.
show statistics web-engine
[
abr
{
dash-media-app
[
detail |
fragment-file |
manifest-file |
representation-index-file |
server-manifest-file | summary
] |
hls-media-app
[
detail |
fragment-file |
manifest-file |
meta-file |
session | summary
] |
smoothhd-media-app
[
detail |
fragment-file |
manifest-file |
meta-file |
session |
summary
] |
zeri-media-app
[
detail |
fragment-file |
manifest-file |
meta-file |
session |
summary
]
} |
detail |
error summary |
key-client |
performance |
usage
]Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The Web Engine must be running to see the statistics. The Web Engine is running by default.
![]()
Note
A client request to an edge SE triggers a liveness query to the upstream SEs and Content Acquirer. Even after the client connection is closed, the liveness query continues for up to ten minutes. This is to keep the SEs ready with liveness states for subsequent client requests.
The show statistics web-engine detail command output also displays Web Engine memory usage. This can increase to greater than 2 GB and can stay above 2 GB even after traffic subsides. This is expected behavior and does not indicate a memory leak.
Table 2-64 describes the fields shown in the show statistics web-engine display.
![]()
Note
The "Total Bytes Out" statistic counts the header length but the "Total Bytes In" statistic does not.
Examples
The following example shows how to display the detailed Web Engine statistics:
ServiceEngine# show statistics web-engine detail
HTTP Request Info Statistics-----------------------Num Lookups : 4212308Preposition Hit : 0External Hit : 0Cache Hit : 30109Cache Miss : 4043651Partial Cache Hit : 0Cache Bypass : 0Live Miss : 0Live Hit : 0ASX Meta Response : 0HTTP Request Type Statistics-----------------------Get Requests : 4215164Post Requests : 0Head Requests : 0Range Requests Received : 10Range Requests Sent : 0Revalidation Requests Received : 26921Revalidation Requests Sent : 1003660Liveness Query : 6832Local Requests : 0Play Live Requests : 0Total Outgoing Requests : 4073031HTTP Authorization Statistics----------------------Authorization Allow : 4212638Authorization No Cache : 0Authorization Force Revalidate : 0Authorization Deny : 0Authorization Rewrite : 0Authorization GenerateSign : 0Authorization Redirect : 0Authorization Resolve : 0HTTP Error Statistics----------------------Client Errors : 0Server Errors : 877658Bad Requests : 0Error Response Miss : 0Error Response Hit : 0HTTP Performance Statistics----------------------Total Bytes In : 621029676477Total Bytes Out : 594801670055Total Requests : 4215255Average Requests Per Second : 60.61Average Bytes Per Second : 8552759.45Web Engine Detail Statistics----------------------Active HTTPSession : 29Active DataSource : 161Active HTTPDataFeed : 0Active HTTPDataSourceFinder : 0Active HTTPTransaction : 1Pending HTTPTransaction : 0Active ServerXact : 0Total HTTPConnection : 12Active HTTPConnection : 0Idle Proxy HTTPConnection : 0Idle Origin HTTPConnection : 12Memory Hit : 377Cut-Thru Counter : 7390705Memory Usage : 2297475072Web Engine Trickle Status : 0Outstanding Content Create Requests: 0Outstanding Content Lookup Requests: 0Outstanding Content Delete Requests: 0Outstanding Content Update Requests: 0Outstanding Content Popularity Update Requests: 0Statistics was last cleared on Wednesday, 24-Aug-2011 22:18:08 PDT.ServiceEngine#The following example shows how to display the statistics for the DASH-Media-App:
ServiceEngine# show statistics web-engine abr hls-media-app
Media Manifest File Statistics-----------------------Dynamic Ingest Mem Hit : 0Dynamic Ingest Cache Miss : 0Media Fragment File Statistics-----------------------Dynamic Ingest Mem Hit : 0Dynamic Ingest Cache Miss : 0Media Server Manifest File Statistics-----------------------Dynamic Ingest Mem Hit : 0Dynamic Ingest Cache Miss : 0Media Representation Index File Statistics-----------------------Dynamic Ingest Mem Hit : 0Dynamic Ingest Cache Miss : 0Media Error Statistics----------------------Dynamic Ingest cMPD Parsing Error : 0Dynamic Ingest sMPD Download Error : 0Dynamic Ingest sMPD Parsing Error : 0Dynamic Ingest Fragment Download Error : 0Dynamic Ingest RepresentationIndex Parsing Error : 0Dynamic Ingest RepresentationIndex Download Error : 0Media Detail Statistics----------------------Dynamic Ingest InProgress Active Assets : 0Dynamic Ingest InProgress Request : 0Dynamic Ingest Complete Request : 0The following example shows how to display the statistics for the HLS-Media-App:
ServiceEngine# show statistics web-engine abr hls-media-app
Media Manifest File Statistics-----------------------Preposition Hit : 0Alien Hit : 0Cache Hit : 0Cache Miss : 0Partial Cache Hit : 0Cache Bypass : 0Media Fragment File Statistics-----------------------Preposition Hit : 0Alien Hit : 0Cache Hit : 0Cache Miss : 0Partial Cache Hit : 0Cache Bypass : 0Media Detail Statistics----------------------Active Assets : 0Active Manifest Files : 0Active Media Files : 0Request Sent To Default App : 0Session Statistics----------------------Active Media sessions : 0Sessions Created : 0Sessions Created-Internal SessID : 0Sessions Recreated With Received Cookie : 0Sessions Deleted-Inactive : 0Sessions Deleted-Internal Error : 0Sessions Deleted-Expired Request : 0Sessions Deleted-Session ID Error : 0Requests Rejected-Client IP Invalid : 0Requests Rejected-SessID Collision : 0Requests Rejected-Failed to Track : 0Inline Key Requests : 0Start Notifications sent : 0Start Notification send failed : 0Stop Notifications sent : 0Stop Notification send failed : 0Notification message send aborted due to DNS failure : 0ServiceEngine#The following example shows how to display the detailed statistics for the Zeri-Media-App:
ServiceEngine# show statistics web-engine abr zeri-media-app detail
Media Detail Statistics-----------------------Active DataSource : 0Request Sent To Default App : 0ServiceEngine#The following example shows how to display the summary for the Smooth-Media-App:
ServiceEngine# show statistics web-engine abr smoothhd-media-app summary
Media Summary Statistics-----------------------Preposition Hit : 0External Hit : 0Cache Hit : 0Cache Miss : 0ServiceEngine#Related Commands
show tacacs
To display Terminal Access Controller Access Control System Plus (TACACS+) authentication protocol configuration information, use the show tacacs command in EXEC configuration mode.
show tacacs
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The show tacacs command displays the TACACS+ configuration for the Service Engine.
Table 2-65 describes the fields shown in the show tacacs display.
Related Commands
Command Descriptionclear tacacs
Clears the TACACS+ settings.
show statistics tacacs
Displays the SE TACACS+ authentication and authorization statistics.
tacacs
Configures TACACS+ server parameters.
show tech-support
To view information necessary for the Cisco Technical Assistance Center (TAC) to assist you, use the show tech-support command in EXEC configuration mode.
show tech-support [list-files directory_name [recursive] | page | service {authentication | cms | kernel | web-engine] | authentication}]
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use this command to view system information necessary for TAC to assist you with your SE. We recommend that you log the output to a disk file. Use the streaming option to view information specific to the streaming feature.
You can access the following general information when you enter the show tech-support command:
•
Version and hardware (show version)
•
Running configuration (show running-config)
•
Processes (show processes)
•
Process memory (show processes memory)
•
System memory
•
File system information
•
Interface information
•
Media file system statistics
•
Application and kernel core dump information
•
Netstat
Examples
The following example shows the types of information available about the CDS software. Because the show tech-support command output is comprehensive and can be extensive, only excerpts are shown in the following example:
ServiceEngine# show tech-support
CPU Usage:cpu: 0.39% User, 0.42% System, 0.33% User(nice), 98.86% Idlecpu0: 0.39% User, 0.42% System, 0.33% User(nice), 98.86% Idle--------------------------------------------------------------------PID STATE PRI User T SYS T COMMAND----- ----- --- ------ ------ --------------------1 S 0 4386 1706 (init)2 S 0 0 0 (keventd)3 S 19 0 0 (ksoftirqd_CPU0)4 S 0 0 0 (kswapd)5 S 0 0 0 (bdflush)6 S 0 0 0 (kupdated)7 S 0 0 0 (scsi_eh_0)45 S 0 4733 4114 (nodemgr)46 S 0 0 0 (syslogd)47 R 0 83 65 (dataserver)920 S 0 0 0 (login)1207 S 0 0 0 (parser_server)1208 S 0 0 0 (eval_timer_mana)1211 S 0 46 1 (parser_server)1443 S 0 0 0 (overload)1444 S 0 0 0 (standby)1445 S 0 13 29 (cache)1446 S 0 0 0 (proxy_poll)1447 S 0 0 0 (snmpced)1448 S 0 0 0 (http_authmod)1458 S 0 0 0 (http_authmod)1465 S 0 0 0 (http_authmod)1466 S 0 0 0 (http_authmod)1467 S 0 0 0 (http_authmod)1537 S 0 0 0 (cache)1538 S 0 0 0 (unified_log)1540 S 0 0 1 (webserver)1541 S 0 2 2 (mcm)1542 S 0 0 0 (cache)1543 S 0 0 0 (cache)1550 S 0 0 0 (cache)1551 S 0 0 0 (cache)1556 S 0 0 0 (cache)1567 S 0 0 0 (mcm)1568 S 0 0 0 (mcm)1629 S 0 18982 4140 (crond)1936 S 0 1669 611 (bootnet)1937 S 10 0 0 (tracknet)1938 S 10 33545 5556 (checkup)1983 S 0 0 0 (srcpd)2023 S 0 1 0 (admin-shell)2024 S 0 0 0 (parser_server)2150 S 0 0 0 (rsvpd)2152 S 0 0 0 (rtspd)2153 S 0 1635 1067 (httpsd)2164 S 0 0 0 (librarian)2167 S 0 1667 2105 (libaux)2170 S 0 0 0 (mapper)2178 S 0 32 37 (cache)2179 S 0 0 0 (router)2180 S 0 0 0 (fill)2183 S 0 0 0 (remotereq)2185 S -20 0 0 (videosvr)2188 S 0 9 4 (contentsvr)2189 S 0 0 0 (routeraux)2190 S 0 0 1 (dfcontrolsvr)2226 S 0 0 0 (smbd)2228 S 0 0 0 (nmbd)2973 Z 0 0 0 (cache)8446 S 0 0 0 (httpsd)8447 S 0 0 0 (gcache)18173 S 0 0 0 (in.telnetd)18174 S 0 0 0 (login)18175 S 0 2 2 (admin-shell)18176 S 0 0 0 (parser_server)19426 S 0 0 0 (httpsd)19427 S 0 0 0 (httpsd)19456 Z 0 0 0 (cache)19503 Z 0 30 3 (crond)19515 S 0 0 0 (more)19516 S 0 6 18 (exec_show_tech-)19553 R 0 0 0 (exec_show_proce)------------------ process memory --------------------Total Used Free Shared Buffers Cached1050943488 564785152 486158336 0 5222400 475176960PID State TTY %MEM VM Size RSS (pages) Name------ ----- ------ ----- ---------- ----------- ----1 S 0 0.0 1146880 119 (init)2 S 0 0.0 0 0 (keventd)3 S 0 0.0 0 0 (ksoftirqd_CPU0)4 S 0 0.0 0 0 (kswapd)5 S 0 0.0 0 0 (bdflush)6 S 0 0.0 0 0 (kupdated)7 S 0 0.0 0 0 (scsi_eh_0)45 S 0 0.0 1208320 143 (nodemgr)46 S 0 0.0 1630208 194 (syslogd)47 R 0 0.0 1974272 238 (dataserver)920 S 1088 0.0 1728512 236 (login)1207 S 0 0.3 4980736 847 (parser_server)1208 S 0 0.0 1933312 151 (eval_timer_mana)1211 S 0 0.3 4980736 847 (parser_server)1443 S 0 0.0 1548288 154 (overload)1444 S 0 0.0 1724416 161 (standby)1445 S 0 5.9 65646592 15266 (cache)1446 S 0 0.0 1957888 173 (proxy_poll)1447 S 0 0.1 2097152 290 (snmpced)1448 S 0 0.0 1757184 205 (http_authmod)1458 S 0 0.0 1757184 205 (http_authmod)1465 S 0 0.0 1757184 205 (http_authmod)1466 S 0 0.0 1757184 205 (http_authmod)1467 S 0 0.0 1757184 205 (http_authmod)1537 S 0 5.9 65646592 15266 (cache)1538 S 0 0.0 1789952 169 (unified_log)1540 S 0 0.4 10817536 1164 (webserver)1541 S 0 0.0 2150400 251 (mcm)1542 S 0 5.9 65646592 15266 (cache)1543 S 0 5.9 65646592 15266 (cache)1550 S 0 5.9 65646592 15266 (cache)1551 S 0 5.9 65646592 15266 (cache)1556 S 0 5.9 65646592 15266 (cache)1567 S 0 0.0 2150400 251 (mcm)1568 S 0 0.0 2150400 251 (mcm)1629 S 0 0.0 1187840 137 (crond)1936 S 0 0.6 7532544 1605 (bootnet)2189 S 0 0.3 6103040 953 (routeraux)2190 S 0 0.4 10272768 1075 (dfcontrolsvr)2226 S 0 0.1 3559424 504 (smbd)2228 S 0 0.0 2084864 247 (nmbd)2973 Z 0 0.0 0 0 (cache)8446 S 0 0.1 2506752 327 (httpsd)8447 S 0 0.0 1421312 116 (gcache)18173 S 0 0.0 1220608 132 (in.telnetd)18174 S 34816 0.0 1736704 238 (login)18175 S 34816 0.0 2162688 184 (admin-shell)18176 S 0 0.3 4980736 847 (parser_server)19426 S 0 0.1 2551808 350 (httpsd)19427 S 0 0.1 2576384 354 (httpsd)19456 Z 0 0.0 0 0 (cache)19503 Z 0 0.0 0 0 (crond)19515 S 34816 0.0 1163264 109 (more)19516 S 34816 0.0 1941504 168 (exec_show_tech-)19554 R 34816 0.1 2277376 266 (exec_show_proce)------------------ system memory --------------------Total physical memory : 1026312 KBTotal free memory : 474692 KBTotal memory shared : 0 KBTotal buffer memory : 5100 KBTotal cached memory : 464040 KB------------------ interfaces --------------------Interface type: GigabitEthernet Slot: 0 Port: 0Type:EthernetEthernet address:00:05:32:02:DD:74Internet address:172.16.5.234Netmask:255.255.255.0Maximum Transfer Unit Size:1500Metric:1Packets Received: 513241Input Errors: 0Input Packets Dropped: 0Input Packets Overruns: 0Input Packets Frames: 0Packet Sent: 153970Output Errors: 0Output Packets Dropped: 0Output Packets Overruns: 0Output Packets Carrier: 0Output Queue Length:100Collisions: 0Interrupts:9MULTICASTMode:autoselect, 100baseTXshow telnet
To display the Telnet services configuration, use the show telnet command in EXEC configuration mode.
show telnet
Syntax Description
This command has no arguments or keywords.
Defaults
Enabled.
Command Modes
EXEC configuration mode.
Examples
The following example shows how to display the Telnet service details:
ServiceEngine# show telnettelnet service is enabledRelated Commands
Command Descriptionexec-timeout
Configures the length of time that an inactive Telnet or SSH session remains open.
telnet enable
Enables the Telnet services.
show transaction-logging
To display the transaction log configuration settings and a list of archived transaction log files, use the show transaction-logging command in EXEC configuration mode.
show transaction-logging
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
To display information about the current configuration of transaction logging on an SE, use the show transaction-logging command. Transaction log file information is displayed for HTTP caching proxy transactions and Trivial File Transfer Protocol (TFTP) and Internet Content Adaptation Protocol (ICAP) transactions.
Examples
The following example shows how to display information about the current configuration of transaction logging on an SE:
ServiceEngine# show transaction-loggingTransaction log configuration:---------------------------------------Logging is enabled.Archive interval: 1800 secondsMaximum size of archive file: 2000000 KBMaximum number of archive files: 50 filesLog File format is apache.Windows domain is not logged with the authenticated usernameExporting files to ftp servers is enabled.File compression is disabled.Export interval: 30 minutesserver type username directory10.77.153.110 ftp root /var/ftp/testA&D Transaction Log File InfoWorking Log file - size : 138age: 483497Archive Log file - acqdist_3.1.18.8_20090522_074807 size: 138ICAP Transaction Log File InfoWorking Log file - size : 61age: 483496Archive Log file - icap_3.1.18.8_20090522_074807 size: 61Web Engine Transaction Log File Info - Apache formatWorking Log file - size : 86age: 483497Archive Log file - we_accesslog_apache_3.1.18.8_20090522_074807 size: 82Web Engine Transaction Log File Info - CLF formatWorking Log file - size : 3age: 483497Archive Log file - we_accesslog_clf_3.1.18.8_20090522_074807 size: 3Web Engine Transaction Log File Info - Extended Squid formatWorking Log file - size : 102age: 483497Archive Log file - we_accesslog_extsqu_3.1.18.8_20090522_074807 size: 102Cached Content Log File InfoWorking Log file - size : 41age: 483496Archive Log file - cache_content_3.1.18.8_20090522_074807 size: 41Authserver Transaction Log File InfoWorking Log file - size : 108age: 483496Archive Log file - authsvr_3.1.18.8_20090522_065857 size: 108ServiceEngine#The following example shows how to display information about the current configuration of transaction logging on an SR:
ServiceRouter# show transaction-loggingTransaction log configuration:---------------------------------------Logging is enabled.Archive interval: 120 secondsMaximum size of archive file: 2000000 KBMaximum number of archive files: 50 filesExporting files to ftp servers is enabled.File compression is disabled.Export interval: 1 minuteserver type username directory10.74.115.12 sftp xinwwang /workspace/xinwwang/test10.74.124.156 sftp root /root/test10.74.124.157 sftp root /root/test171.71.50.162 sftp root /testService Router Log File InfoWorking Log file - size : 96age: 169813Archive Log file - service_router_3.1.14.70_20090421_222006 size: 256Archive Log file - service_router_3.1.14.70_20090422_020038 size: 223Archive Log file - service_router_3.1.14.70_20090422_210022 size: 351Archive Log file - service_router_3.1.14.70_20090423_020006 size: 1248Archive Log file - service_router_3.1.14.70_20090423_210021 size: 456Archive Log file - service_router_3.1.14.70_20090521_000218 size: 402Archive Log file - service_router_3.1.14.70_20090521_014815 size: 243Archive Log file - service_router_3.1.14.70_20090521_015020 size: 225Archive Log file - service_router_3.1.14.70_20090521_015227 size: 243Archive Log file - service_router_3.1.14.70_20090521_015417 size: 272Archive Log file - service_router_3.1.14.70_20090521_015601 size: 390Archive Log file - service_router_3.1.14.70_20090521_015816 size: 243Archive Log file - service_router_3.1.14.70_20090521_020033 size: 243Archive Log file - service_router_3.1.14.70_20090521_020249 size: 143Archive Log file - service_router_3.1.14.70_20090521_032633 size: 168Archive Log file - service_router_3.1.14.70_20090526_025027 size: 143Archive Log file - service_router_3.1.14.70_20090526_030002 size: 176Archive Log file - service_router_3.1.14.70_20090526_030226 size: 250Archive Log file - service_router_3.1.14.70_20090526_052206 size: 250Archive Log file - service_router_3.1.14.70_20090526_052413 size: 143Archive Log file - service_router_3.1.14.70_20090526_200213 size: 168Archive Log file - service_router_3.1.14.70_20090526_200413 size: 481Archive Log file - service_router_3.1.14.70_20090526_200645 size: 173Archive Log file - service_router_3.1.14.70_20090526_201010 size: 250Related Commands
show url-signature
To display the URL signature information, use the show url-signature command in EXEC configuration mode.
show url-signature
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Examples
The following example shows how to display the URL signature information:
ServiceEngine# show url-signaturekey-id-owner key-id-number key
-------------------------------
show user
To display the user identification number and username information for a particular user, use the show command in EXEC configuration mode.
show user {uid num | username name}
Syntax Description
uid
Displays the user's identification number.
num
Identification number. The range is from 0 to 65535.
username
Displays the name of user.
name
Name of the user.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Table 2-66 describes the fields shown in the show user display.
Related Commands
Command Descriptionclear user
Clears the user settings.
show users
Displays the specified users.
username
Establishes the username authentication.
show users
To display users, use the show users command in EXEC configuration mode.
show users administrative
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Examples
The following example shows how to display the list of users with administrative privileges:
ServiceEngine# show users administrativeUID USERNAME0 adminRelated Commands
show version
To display version information about the software, use the show version command in EXEC configuration mode.
show version pending
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Table 2-67 describes the fields shown in the show version display.
![]()
Note
If you update the VDS-OS software on an SE, the new version displays in the show version pending command output, but it says, "Pending version will take effect after reload." You must reboot the device for the software update to take affect.
Examples
The follow example shows how to display the software version:
ServiceEngine# show version
Videoscape Distribution Suite Origin Server SoftwareCopyright (c) 1999-2011 by Cisco Systems, Inc.Content Delivery System Software Release 3.0.0 (build b460 Aug 28 2011)Version: cde220-2g2-DEVELOPMENT[vcn-build1:/auto/vcn-u1/vosis_release_builds/vosis_3.0.0-b460/spcdn]Compiled 05:55:01 Aug 28 2011 by ipvbuildCompile Time Options: KQ SSSystem was restarted on Mon Aug 29 11:56:58 2011.The system has been up for 1 day, 23 hours, 32 minutes, 15 seconds.ServiceEngine#The following example shows how to display the pending software version:
ServiceEngine# show version pending
Pending version is VDS-OS 3.0.0-b360, built on 05:17:52 Jun 19 2011 by ipvbuildIt will take effect after reloadServiceEngine#Related Commands
show vos
To display Videoscape Distribution Suite Origin Server (VDS-OS) information about the software, use the show vos command in EXEC configuration mode.
show vos {asset livePublishResrcName | capture-src-manager {channels | statistics} | channel {all | channelURI [config [outfile filename]] | schedule [ all [outfile filename] | [publishResrcName]] | origin-service [all | srdn]}}
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The show vos asset livePublishResrcName command displays the following information for the Live Publish Resource:
•
Channel ID
•
Publish URI
•
Acquisition Node
•
Asset Path
•
For each bit rate:
–
How many segments are available on the disk
–
How many segments are available on the playlist Manifest file
–
Total Segment duration in the Manifest
The show vos origin-service all command displays the list of Origin Services. When this command is issue, the CLI sends HTTP request to the Capture Controller:
GET /vosapi/CaptureController/OriginService/VOS-CMD-HDR: ShowVosOriginServiceAllThe show vos origin-service srdn command displays the general settings of the origin-service identified by the SRDN. When this command is issued, the CLI looks up the configuration from the Data Server.
The show vos channel all command displays the channel URI and status of all the channels on the box. When this command is issued, the CLI sends the following HTTP request to the Capture Controller:
GET /vosapi/CaptureController/ChannelMgr/List HTTP/1.0User-Agent: Wget/1.12 (linux-gnu)Accept: */*Host: 127.0.0.1:8080Connection: Keep-AliveThe show vos channel channelURI command displays the following information for the channel specified by channel URI:
•
State of the Channel
•
Capture Resource - URLs, State, CaptureStream (IDs and state)
•
Live Publish Resource - URL, State
•
Num. Active Capture Events
When this command is issued, the CLI sends the following HTTP request to the Capture Controller:
GET /vosapi/CaptureController/ChannelMgr/abchd_east/Details HTTP/1.0User-Agent: Wget/1.12 (linux-gnu)Accept: */*Host: vos.sp.netConnection: Keep-AliveThe show vos channel channelURI config command displays the Channel Config Extensible Markup Language (XML) in a user-friendly format. When this command is issued, the CLI displays the XML by looking up the file path from the Data Server.
The show vos channel channelURI schedule command displays all the publish URIs and the state of all the active publish and capture events for the channel specified by channelURI. When this command is issued, the CLI sends the following HTTP request to the Capture Controller:
GET /vosapi/CaptureController/ChannelMgr/abchd_east/ScheduleActive HTTP/1.0User-Agent: Wget/1.12 (linux-gnu)Accept: */*Host: vos.sp.netConnection: Keep-AliveThe show vos channel channelURI schedule all command displays the publish URI and the state of all the events for the channel specified by channelURI. When this command is issued, the CLI sends the following HTTP request to the Capture Controller:
GET /vosapi/CaptureController/ChannelMgr/abchd_east/ScheduleAll HTTP/1.0User-Agent: Wget/1.12 (linux-gnu)Accept: */*Host: vos.sp.netConnection: Keep-AliveThe show vos channel channelURI schedule publishResrcName command displays the following information for the Publish Resource or the Capture Event:
•
Format - HLS/HSS
•
State of the Publish Resource/Capture Event
•
Publish URL, StartOverURL (if applicable)
•
Schedule - Start Time & End Time
•
Capture Resource & Capture Stream Information - URI, State
•
Action on Completion (if applicable)
•
TimeShiftBuffer (if applicable)
When this command is issued, the CLI sends the following HTTP request to the Capture Controller:
GET/vosapi/CaptureController/ChannelMgr/abchd_east/PublishResource/hd/all/live/hls/index.m 3u8/Details HTTP/1.0User-Agent: Wget/1.12 (linux-gnu)Accept: */*Host: vos.sp.netConnection: Keep-AliveExamples
The follow example shows how to display the VDS-OS asset information for the Live Publish Resource:
ServiceEngine# show vos asset http://live.passthrough.com/live7/cap7/hls/index.m3u8Channel ID : http://live.passthrough.com/live7Publish URI : cap7/hls/index.m3u8Acq. Node : 37.0.116.199Asset Path :/state/export/NAS/live.passthrough.com/sharmi/mountpoint/0/o/live.passthrough.com/_S ERVER_37.0.116.199/live7/cap7/hlsProfile Duration SegmentInManifest SegmentOnStorage======= ========= ================= ================strm4 27195 4528 7617strm3 27195 4528 7078strm2 27195 4528 8858strm1 27201 4529 7600The follow example shows how to display the VDS-OS capture-src-manager information:
ServiceEngine# show vos capture-src-manager channels---------------------------------------------------Number of Post Received = 0Total DataBlock consumed = 0Current DataBlock state = 0Total DataBlockFactory Mem created= 0The follow example shows how to display the VDS-OS capture-src-manager statistics:
ServiceEngine# show vos capture-src-manager statistics
-----------------------Statistics---------------------------------------Average Time between Segment Arrival (usec) = 0Maximum Time between Segment Arrival (usec) = 0Minimum Time between Segment Arrival (usec) = 0The follow example shows how to display all VDS-OS channel information:
ServiceEngine# show vos channel all
Fetching...Channel URI, Status:--------------------http://xxxx.test.com/Test-Live Stoppedhttp://xxxx.test.com/Test-Live2 Stoppedhttp://xxxx.test.com/Test-live3 Stoppedhttp://vos.hls.com/bugverification StoppedThe follow example shows how to display all VDS-OS information:
ServiceEngine# show vos origin-service all
Fetching...Origin Services---------------vod.hss.comvos.hls.comvod.hds.comsylvia.test.commy.mickjagger.comTotal No. of Origin Services: 5Related CommandsS
show web-engine
To display the Web Engine information, use the show web-engine command in EXEC configuration mode.
show web-engine {all | admission-control | health | mediaapp}
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Because admission control CPU and RAM averages are weighted, their values might not be equivalent to values reported by other CLI.
Examples
The following example shows how to display the Web Engine information:
ServiceEngine# show web-engine all
HTTP heuristic age-multipliers: 30%HTTP Body Read Buffer Size: 32 (KB)Maximum time to live in days: 61Minimum time to live in minutes: 60Web Engine Maximum Concurrent Sessions: 20000Web Engine OS certificate validation Enabled.The following example shows how to display the Web Engine health information:
ServiceEngine# show web-engine health
WebEngine - Virtual memory Usage----------------------------------Total memory usage : 4603785216 bytes [UnderLimit]Platform Virtual memory ThresHold : 67473127424 bytesGlibc Caching Turn-Off Threshold : 40483876454 bytesGlibc memory Caching : ONWeb Engine - Alarm Status-------------------------memory_exceeded : OFFmax_session_exceeded : OFFWebCalLookupThreshold : OFFWebCalDiskWriteThreshold : OFFaug_memory_exceeded : OFFaug_session_exceeded : OFFWebCalLookupAugThreshold : OFFWebCalDiskWriteAugThreshold : OFFUNKNOWN : OFFCMESyncFailed : OFFCMEIndexDegraded : OFFOverloaded : OFFThe following example shows how to display the Web Engine admission control information:
ServiceEngine# show web-engine admission-control
Assets Active : 8Assets Active Average : 19.515Assets Blocked : 0Assets Blocked / Second Average : 0.000Estimated Max Active Assets : 3704.5Sessions Active : 0Sessions Active Average : 0.503Sessions Blocked : 0Sessions Blocked / Second Average : 0.000Estimated Max Active Sessions : 3704.5CPU Utilization : 2.429 %CPU Utilization Threshold : 90.000 %CPU Asset Weight : 0.024CPU Session Weight : 0.024RAM Utilization : 1.756 %RAM Utilization Threshold : 90.000 %RAM Asset Weight : 0.018RAM Session Weight : 0.018CPU Averaging Weights : 0.750,0.250RAM Averaging Weights : 0.750,0.250Asset Weighting Threshold : 100Session Weighting Threshold : 100Overloaded : NoThe following example shows how to display the Web Engine media application information:
ServiceEngine# show web-engine mediaapp
HLSMediaApp Stats: (0x7fde78274e00)MediaAssetHandler (0x7fde7826da80): No of Assets: 1MediaAsset (0x7fdde8041fc0): Asset URL(http://vos.ipndvr.com/58.0.118.109/ndvr/ip/824/hls) No of Media Profiles: 2MediaProfile (0x7fdde810f440): Profile URL(http://vos.ipndvr.com/58.0.118.109/ndvr/ip/824/hls/1614740) No of Media Files: 2MediaFile (0x7fdde800b500), MediaFileURL(http://vos.ipndvr.com/58.0.118.109/ndvr/ip/824/hls/1614740) MediaIndexTableUsed: 1HLSMediaManifest (0x7fdde810c5b0), ManifestFileURL(http://vos.ipndvr.com/58.0.118.109/ndvr/ip/824/hls/1614740.m3u8)MediaProfile (0x7fdde8043190): Profile URL(http://vos.ipndvr.com/58.0.118.109/ndvr/ip/824/hls/index) No of Media Files: 1HLSMediaManifest (0x7fdde8043410), ManifestFileURL(http://vos.ipndvr.com/58.0.118.109/ndvr/ip/824/hls/index.m3u8)Related Commands
shutdown (interface configuration)
To shut down a specific hardware interface, use the shutdown command in interface configuration mode. To restore an interface to operation, use the no form of this command.
shutdown
no shutdown
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Interface configuration (config-if) mode.
Usage Guidelines
See the "interface" section for alternative mechanism.
Examples
The following example shows how to shut down an interface configured on an SE:
ServiceEngine(config-if)# shutdownRelated Commands
shutdown (EXEC configuration)
To shut down the SE, SR or VOSM, use the shutdown command in EXEC configuration mode.
shutdown [poweroff]
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
A controlled shutdown refers to the process of properly shutting down an SE without turning off the power on the device. With a controlled shutdown, all the application activities and the operating system are properly stopped on an SE but the power is still on. Controlled shutdowns of an SE can help you minimize the downtime when the SE is being serviced.
The shutdown command enables you to shut down and optionally power off an SE:
•
Shutdown means that all application activities (applications and operating system) are stopped, but the power is still on. This shutdown is similar to the Linux halt command.
•
Shutdown poweroff means that the SE is powered down by the VDS-OS software after being shut down. This operation is also referred to as a software poweroff. The implementation of the shutdown poweroff feature uses the Advanced Configuration and Power Interface (ACPI) power management interface.
![]()
CautionIf you do not perform a controlled shutdown, the SE file system can be corrupted. It also takes longer to reboot the SE if the SE is not properly shut down.
![]()
Note
You cannot power on SEs again through software after a software poweroff operation. You must press the power button once on these SEs to bring these SEs back online.
The shutdown command facilitates a proper shutdown for SEs, SRs, or VOSMs. Where the shutdown command is supported on all content networking hardware models, the shutdown poweroff command is supported only on those models that support ACPI.
The shutdown command closes all applications and stops all system activities but keeps the power on. The fans continue to run and the power LED is on, indicating that the device is still powered on. When you enter the shutdown command, you are prompted to save your configuration changes, if any. The device console displays a menu after the shutdown process is completed. You need to log in to the SE using a console to display the following menu:
ServiceEngine# shutdownSystem configuration has been modified. Save? [ yes ] :yes
Device can not be powered on again through software after shutdown.Proceed with shutdown? [ confirm ] yes
Shutting down all services, will timeout in 15 minutes.shutdown in progress...Halt requested by CLI@ttyS0...........Shutdown successCisco Service Engine ConsoleUsername: adminPassword:================= SHUTDOWN SHELL =================System has been shut down.You can eitherPower down system by pressing and holding power buttonor1. Reload system through software2. Power down system through softwarePlease select [ 1-2 ] :
The shutdown poweroff command closes all applications and the operating system, stops all system activities, and turns off the power. The fans stop running and the power LED starts flashing, indicating that the device has been powered off.
![]()
Note
If you use the shutdown or shutdown poweroff commands, the device does not perform a file system check when you power on and boot the device the next time.
Table 2-68 describes the shutdown and shutdown power-off operations for SEs.
You can enter the shutdown command from a console session or from a remote session (Telnet or SSH Version 1 or SSH Version 2) to perform a shutdown on an SE.
To perform a shutdown on an SE, enter the shutdown command as follows:
ServiceEngine#
shutdownWhen you are asked if you want to save the system configuration, enter yes as follows:
System configuration has been modified. Save? [ yes ] :yesWhen you are asked if you want to proceed with the shutdown, press Enter to proceed with the shutdown operation as follows:
Device can not be powered on again through software after shutdown.
Proceed with shutdown?
[confirm
]
The following message appears, reporting that all services are being shut down on this SE:
Shutting down all services, will timeout in 15 minutes.
shutdown in progress...System halted.After the system is shut down (the system has halted), a VDS-OS software shutdown shell displays the current state of the system (for example, System has been shut down) on the console. You are asked whether you want to perform a software power off (the Power down system by software option), or if you want to reload the system through the software.
================= SHUTDOWN SHELL =================
System has been shut down.
You can either
Power down system by pressing and holding power button
or
1. Reload system through software
2. Power down system through software
To power down the SE, press and hold the power button on the SE, or use one of the following methods to perform a shutdown poweroff:
•
From the console command line, enter 2 when prompted as follows:
================= SHUTDOWN SHELL =================
System has been shut down.
You can either
Power down system by pressing and holding power button
or
1. Reload system through software
2. Power down system through software
•
From the SE CLI, enter the shutdown poweroff command as follows:
ServiceEngine#
shutdown poweroffWhen you are asked if you want to save the system configuration, enter yes as follows:
System configuration has been modified. Save?
[yes
] :yesWhen you are asked to confirm your decision, press Enter.
Device can not be powered on again through software after poweroff.
Proceed with poweroff?
[confirm
]
Shutting down all services, will timeout in 15 minutes.
poweroff in progress...Power down.
Examples
The following example shows that the shutdown command is used to close all applications and stop all system activities:
ServiceEngine1# shutdownSystem configuration has been modified. Save? [ yes ] :yes
Device can not be powered on again through software after shutdown.Proceed with shutdown? [ confirm ]
Shutting down all services, will timeout in 15 minutes.shutdown in progress...System halted.The following example shows that the shutdown poweroff command is used to close all applications, stop all system activities, and then turn off power to the SE:
ServiceEngine2# shutdown poweroffSystem configuration has been modified. Save? [ yes ] :yes
Device can not be powered on again through software after poweroff.Proceed with poweroff? [ confirm ]
Shutting down all services, will timeout in 15 minutes.poweroff in progress...Power down.snmp-server community
To configure the community access string to permit access to the Simple Network Management Protocol (SNMP), use the snmp-server community command in global configuration mode. To remove the specified community string, use the no form of this command.
snmp-server community community_string [group group_name | rw]
no snmp-server community community_string [group group_name | rw]
Syntax Description
Defaults
An SNMP community string permits read-only access to all Management Information Base (MIB) objects.
A community string is assigned to the Secure Domain Router (SDR) owner.
Command Modes
Global configuration (config) mode.
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. Use the snmp-server community command to configure the community access string to permit access to SNMP. To remove the specified community string, use the no form of this command.
![]()
Note
In a non-owner SDR, a community name provides access only to the object instances that belong to that SDR, regardless of the access privilege assigned to the community name. Access to the owner SDR and system-wide access privileges are available only from the owner SDR.
Examples
The following example shows how to add the community comaccess:
ServiceEngine(config)# snmp-server community comaccess rw
The following example shows how to remove the community comaccess:
ServiceEngine(config)# no snmp-server community comaccess
Related Commands
snmp-server contact
To set the system server contact (sysContact) string, use the snmp-server contact command in global configuration mode. To remove the system contact information, use the no form of this command.
snmp-server contact line
no snmp-server contact
Syntax Description
Defaults
No system contact string is set.
Command Modes
Global configuration (config) mode.
Usage Guidelines
The system contact string is the value stored in the MIB-II system group sysContact object.
Examples
The following example shows how to configure a system contact string:
ServiceEngine(config)# snmp-server contact Dial System Operator at beeper # 27345The following example shows how to reset the system contact string:
ServiceEngine(config)# no snmp-server contactRelated Commands
snmp-server enable traps
To enable the Service Engine (SE) to send Simple Network Management Protocol (SNMP) traps, use the snmp-server enable traps command in global configuration mode. To disable all SNMP traps or only SNMP authentication traps, use the no form of this command.
snmp-server enable traps [alarm [clear-critical | clear-major | clear-minor | raise-critical | raise-major | raise-minor] | config | entity | event | service-engine [disk-fail | disk-read | disk-write | transaction-log] | snmp [authentication | cold-start]]
no snmp-server enable traps [alarm [clear-critical | clear-major | clear-minor | raise-critical | raise-major | raise-minor] | config | entity | event | service-engine [disk-fail | disk-read | disk-write | transaction-log] | snmp [authentication | cold-start]]
Syntax Description
Defaults
This command is disabled by default. No traps are enabled.
Command Modes
Global configuration (config) mode.
Usage Guidelines
You can configure an SE to generate an SNMP trap for a specific alarm condition. You can configure the generation of SNMP alarm traps on SEs based on the following:
•
Severity of the alarm (critical, major, or minor)
•
Action (the alarm is raised or cleared)
VDS-OS software supports six generic alarm traps. These six generic alarm traps provide SNMP and Node Health Manager integration. Each trap can be enabled or disabled through the SE CLI.
![]()
Note
Some SNMP traps are different between v1 and v2 and v3 when configure the trap.
SNMP notifications can be sent as traps or inform requests. The snmp-server enable traps command enables both traps and inform requests for the specified notification types.
To configure traps, enter the snmp-server enable traps command. If you do not enter the snmp-server enable traps command, no traps are sent.
If you do not enter an snmp-server enable traps command, no notifications controlled by this command are sent. To configure the SE to send these SNMP notifications, enter at least one snmp-server enable traps command. If you enter the command with no keywords, all notification types are enabled. If you enter the command with a keyword, only the notification type related to that keyword is enabled. To enable multiple types of notifications, enter a separate snmp-server enable traps command for each notification type and notification option.
The snmp-server enable traps command is used with the snmp-server host command. Use the snmp-server host command to specify which host or hosts receive SNMP traps. To send traps, configure at least one host using the snmp-server host command.
For a host to receive a trap, enable both the snmp-server enable traps command and the snmp-server host command for that host.
In addition, enable SNMP with the snmp-server community command.
To disable the sending of the MIB-II SNMP authentication trap, enter the no snmp-server enable traps snmp authentication command.
Examples
The following example shows how to enable the Service Engine (SE) to send all traps to the host 172.31.2.160 using the community string public:
ServiceEngine(config)# snmp-server enable trapsServiceEngine(config)# snmp-server host 172.31.2.160 publicThe following example disables all traps:
ServiceEngine(config)# no snmp-server enable trapsRelated Commands
snmp-server group
To define a user security model group, use the snmp-server group command in global configuration mode. To remove the specified group, use the no form of this command.
snmp-server group name {v1 [notify name] [read name] [write name] | v2c [notify name] [read name] [write name] | v3 {auth [notify name] [read name] [write name] | noauth [notify name] [read name] [write name] | priv [notify name] [read name] [write name]}}
no snmp-server group name {v1 [notify name] [read name] [write name] | v2c [notify name] [read name] [write name] | v3 {auth [notify name] [read name] [write name] | noauth [notify name] [read name] [write name] | priv [notify name] [read name] [write name]}}
Syntax Description
Defaults
The default is that no user security model group is defined.
Command Modes
Global configuration (config) mode.
Usage Guidelines
The maximum number of SNMP groups that can be created is 10.
Select one of three SNMP security model groups: Version 1 (v1) Security Model, Version 2c (v2c) Security Model, or the User Security Model (v3 or SNMPv3). Optionally, you then specify a notify, read, or write view for the group for the particular security model chosen. The v3 option allows you to specify the group using one of three security levels: auth (AuthNoPriv Security Level), noauth (noAuthNoPriv Security Level), or priv (AuthPriv Security Level).
![]()
Note
Each community is associated with a group. Each group has a view and users are assigned to a group. If the group does not have a view associated with it, then users associated that group cannot access any MIB entry.
The VDS-OS software supports the following versions of SNMP:
•
Version 1 (SNMPv1)—This version is the initial implementation of SNMP. See RFC 1157 for a full description of its functionality.
•
Version 2 (SNMPv2c)—This version is the second release of SNMP, described in RFC 1902. It provides additions to data types, counter size, and protocol operations.
•
Version 3 (SNMPv3)—This version is the most recent SNMP version, defined in RFC 2271 through RFC 2275.
SNMP Security Models and Security Levels
SNMPv1 and SNMPv2c do not have any security (authentication or privacy) mechanisms to keep SNMP packet traffic on the wire confidential. As a result, packets on the wire can be detected and SNMP community strings can be compromised.
To solve the security shortcomings of SNMPv1 and SNMPv2c, SNMPv3 provides secure access to SEs by authenticating and encrypting packets over the network. The SNMP agent supports SNMPv3, SNMPv1, and SNMPv2c.
Using SNMPv3, users can securely collect management information from their SNMP agents. Also, confidential information, such as SNMP set packets that change an SE's configuration, can be encrypted to prevent their contents from being exposed on the wire. Also, the group-based administrative model allows different users to access the same SNMP agent with varying access privileges.
Examples
The following example shows how to configure the SNMP group name, security model, and notify view on the SE:
ServiceEngine(config)# snmp-server group acme v1 notify mymibRelated Commands
snmp-server host
To specify the recipient of a host Simple Network Management Protocol (SNMP) trap operation, use the snmp-server host command in global configuration mode. To remove the specified host, use the no form of this command.
snmp-server host {hostname | ip_address} communitystring [v2c [retry number] [timeout seconds] | [v3 {auth [retry number] [timeout seconds] | noauth [retry number] [timeout seconds] | priv [retry number] [timeout seconds]}]
no snmp-server host {hostname | ip_address} [v2c [retry number] [timeout seconds] | [v3 {auth [retry number] [timeout seconds] | noauth [retry number] [timeout seconds] | priv [retry number] [timeout seconds]} | communitystring]
Syntax Description
Defaults
This command is disabled by default. No traps are sent. The version of the SNMP protocol used to send the traps is SNMP Version 1.
retry number: 2
timeout seconds: 15
Command Modes
Global configuration (config) mode.
Usage Guidelines
SNMP notifications can be sent as traps or inform requests. Traps are unreliable because the receiver does not send acknowledgments when it receives traps. The sender cannot determine if the traps were received. However, an SNMP entity that receives an inform request acknowledges the message with an SNMP response protocol data unit (PDU). If the sender never receives the response, the inform request can be sent again. Informs are more likely to reach their intended destination.
However, informs consume more resources in the agent and in the network. Unlike a trap, which is discarded as soon as it is sent, an inform request must be held in the memory until a response is received or the request times out. Also, traps are sent only once, while an inform may be retried several times. The retries increase traffic and contribute to a higher overhead on the network.
If you do not enter an snmp-server host command, no notifications are sent. To configure the SE to send SNMP notifications, enter at least one snmp-server host command. To enable multiple hosts, enter a separate snmp-server host command for each host. You can specify multiple notification types in the command for each host.
When multiple snmp-server host commands are given for the same host and kind of security model, each succeeding command overwrites the previous command. Only the last snmp-server host command is in effect. For example, if you enter an snmp-server host v2c command for a host and then enter another snmp-server host v3 command for the same host, the second command replaces the first.
The maximum number of SNMP hosts that can be created by entering the snmp-server host commands is eight.
When multiple snmp-server host commands are given for the same host, the community string in the last command is used.
The snmp-server host command is used with the snmp-server enable traps command. Use the snmp-server enable traps command to specify which SNMP notifications are sent globally. For a host to receive most notifications, at least one snmp-server enable traps command and the snmp-server host command for that host must be enabled.
![]()
Note
You must enable SNMP with the snmp-server community command.
Examples
The following example sends the SNMP traps defined in RFC 1157 to the host specified by the IP address 172.16.2.160. The community string is comaccess:
ServiceEngine(config)# snmp-server enable trapsServiceEngine(config)# snmp-server host 172.16.2.160 comaccessThe following example shows how to remove the host 172.16.2.160 from the SNMP trap recipient list:
ServiceEngine(config)# no snmp-server host 172.16.2.160Related Commands
snmp-server location
To set the Simple Network Management Protocol(SNMP) system location string, use the snmp-server location command in global configuration mode. To remove the location string, use the no form of this command.
snmp-server location line
no snmp-server location
Syntax Description
Defaults
No system location string is set.
Command Modes
Global configuration (config) mode.
Usage Guidelines
The system location string is the value stored in the MIB-II system group system location object. You can see the system location string with the show snmp command.
Examples
The following example shows how to configure a system location string:
ServiceEngine(config)# snmp-server location Building 3/Room 214Related Commands
snmp-server notify inform
To configure the Simple Network Management Protocol (SNMP) notify inform request, use the snmp-server notify inform command in global configuration mode. To return the setting to the default value, use the no form of this command.
snmp-server notify inform
no snmp-server notify inform
Syntax Description
This command has no arguments or keywords.
Defaults
If you do not enter the snmp-server notify inform command, the default is an SNMP trap request.
Command Modes
Global configuration (config) mode.
Usage Guidelines
The snmp-server host command specifies which hosts receive informs. The snmp-server enable traps command globally enables the production mechanism for the specified notifications (traps and informs).
For a host to receive an inform, enable the inform globally by entering the snmp-server notify inform command.
The SNMP inform requests feature allows SEs to send inform requests to SNMP managers. SEs can send notifications to SNMP managers when particular events occur. For example, an agent SE might send a message to a manager when the agent SE experiences an error condition.
SNMP notifications can be sent as traps or inform requests. Traps are unreliable because the receiver does not send any acknowledgment when it receives a trap. The sender cannot determine if the trap was received. However, an SNMP manager that receives an inform request acknowledges the message with an SNMP response protocol data unit (PDU). If the manager does not receive an inform request, it does not send a response. If the sender never receives a response, the inform request can be sent again. Informs are more likely to reach their intended destination.
Because they are more reliable, informs consume more resources in the SE and in the network. Unlike a trap, which is discarded as soon as it is sent, an inform request must be held in the memory until a response is received or the request times out. Also, traps are sent only once, while an inform may be retried several times. The retries increase traffic and contribute to a higher overhead on the network. Traps and inform requests provide a trade-off between reliability and resources.
![]()
Tip
If it is important that the SNMP manager receives every notification, then you should use inform requests in your network. If you are concerned about traffic on your network or about the memory in the SE and you do not need to receive every notification, then you should use traps in your network.
Examples
The following example shows how to configure the SNMP notify inform request on the SE:
ServiceEngine(config)# snmp-server notify informRelated Commands
snmp-server user
To define a user who can access the Simple Network Management Protocol (SNMP) server, use the snmp-server user command in global configuration mode. To remove access, use the no form of this command.
snmp-server user name group [auth {md5 password [priv password] | sha password [priv password]} | remote octet_string [auth {md5 password [priv password] | sha password [priv password]}]]
no snmp-server user name group [auth {md5 password | sha password} [priv password] | remote octetstring [auth {md5 password | sha password} [priv password]]]
Syntax Description
Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
The maximum number of SNMP users that can be created is 10. Follow these guidelines when defining SNMP users for SEs:
•
If SNMPv3 is going to be used for SNMP requests, define at least one SNMPv3 user account on the SE for the SE to be accessed through SNMP.
•
Group defined with the SNMPv1 or SNMPv2c security model should not be associated with SNMP users; they should only be associated with the community strings.
![]()
Tip
To send an SNMPv3 inform message, you must configure at least one SNMPv3 user with a remote SNMP ID option on the SE. The SNMP ID is entered in octet string form. For example, if the IP address of a remote SNMP entity is 192.147.142.129, then the octet string would be 00:00:63:00:00:00:a1:c0:93:8e:81.
Examples
The following example shows that an SNMPv3 user account is created on the SE. The SNMPv3 user is named acme and belongs to the group named admin. Because this SNMP user account has been set up with no authentication password, the SNMP agent on the SE does not perform authentication on SNMP requests from this user.
ServiceEngine(config)#
snmp-server user acme adminRelated Commands
snmp-server view
To define a Simple Network Management Protocol Version 2 (SNMPv2) Management Information Base (MIB) view, use the snmp-server view command in global configuration mode. To undefine the MIB view, use the no form of this command.
snmp-server view view_name MIB_family {excluded | included}
no snmp-server view view_name MIB_family {excluded | included}
Syntax Description
Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
An SNMP view is a mapping between SNMP objects and the access rights available for those objects. An object can have different access rights in each view. Access rights indicate whether the object is accessible by either a community string or a user. The snmp-server view command is used with the snmp-server group to limit the read-write access of MIB trees based on the group. Because the group can be associated with the SNMP community string or users, using the snmp-server view command extends the limit to users and community strings. If the view is not configured, read-write access to the community string applies to the MIB tree and all users (SNMPv3).
The maximum number of views that can be created is 10. You can configure the SNMP view settings only if you have previously configured the SNMP server settings.
To remove a view record, use the no snmp-server view command.
You can enter the snmp-server view command multiple times for the same view record. Later lines take precedence when an object identifier is included in two or more lines.
![]()
Note
When configuring an SNMP View with Excluded, the specified MIB that is excluded is not accessible for the community associated with the group that has that view.
Examples
The following example shows how to configure the view name, family name, and view type:
ServiceEngine(config)# snmp-server view contentview ciscoServiceEngineMIB includedThe following example creates a view that includes all objects in the MIB-II system group and all objects in the Cisco enterprise MIB:
ServiceEngine(config)# snmp-server view phred system includedServiceEngine(config)# snmp-server view phred cisco includedThe following example shows how to create a view that includes all objects in the MIB-II system group except for sysServices (System 7) in the MIB-II interfaces group:
ServiceEngine(config)# snmp-server view agon system includedServiceEngine(config)# snmp-server view agon system.7 excludedRelated Commands
ss
To dump socket statistics, use the ss command in EXEC configuration mode.
ss line
Syntax Description
Command Defaults
None
Command Modes
EXEC configuration.
Usage Guidelines
The ss utility is used to dump socket statistics. It shows information similar to the netstat command and displays more TCP information than other tools.
When specifying the options and filters, you can use the short form of the option (a single dash followed by a character) or the long form of the option (two dashes followed by the whole word). To view the list of options and filters, enter ss -h (or ss --help) and the list of options and filters are displayed along with descriptions.
ServiceEngine# ss -h
Usage: ss [OPTIONS]ss [OPTIONS] [FILTER]-h, --help this message-V, --version output version information-n, --numeric does not resolve service names-r, --resolve resolve host names-a, --all display all sockets-l, --listening display listening sockets-o, --options show timer information-e, --extended show detailed socket information-m, --memory show socket memory usage-p, --processes show process using socket-i, --info show internal TCP information-s, --summary show socket usage summary-4, --ipv4 display only IP version 4 sockets-6, --ipv6 display only IP version 6 sockets-0, --packet display PACKET sockets-t, --tcp display only TCP sockets-u, --udp display only UDP sockets-d, --dccp display only DCCP sockets-w, --raw display only RAW sockets-x, --unix display only Unix domain sockets-7, --filter display when tcp rqueue threshold meet-8, --filter display when tcp wqueue threshold meet-9, --filter display when tcp retransmit threshold meet-W, --filter display only window scale disable-B, --background display output in new format-L, --no_loop_back display without loopback interface-S, --basic_output display basic information-f, --family=FAMILY display sockets of type FAMILY-A, --query=QUERYQUERY := {all | inet | tcp | udp | raw | unix | packet | netlink}[,QUERY]-F, --filter=FILE read filter information from FILEFILTER := [state TCP-STATE] [EXPRESSION]With the -A query option, you list the identifiers (all, inet, tcp, udp, and so on) of the socket tables you want displayed, separated by commas.
With the -F filter option, you can filter by TCP state, or using a boolean expression you can filter by IP addresses and ports.
The default output does not resolve host addresses (IP addresses) and does resolve service names (usually stored in local files). To resolve host addresses, use the -r option. To suppress resolution of service names, use the -n option.
Examples
The following command shows how to display all TCP sockets:
ServiceEngine# ss -t -aThe following command shows how to display all UDP sockets:
ServiceEngine# ss -u -aThe following command shows how to display all established SSH connections and display the timer information:
ServiceEngine# ss -o state established '(dport = :ssh or sport = :ssh)'The following command shows how to display all established HTTP connections and display the timer information:
ServiceEngine# ss -o state established '(dport = :http or sport = :http)'Related Commands
ssh-key-generate
To generate the SSH host key, use the ssh-key-generate command in global configuration mode. To disable the SSH key, use the no form of this command.
ssh-key-generate [key-length num]
no ssh-key-generate [key-length num]
Syntax Description
key-length
Configures the length of SSH key.
num
Specifies the number of bits in the SSH key to create.
Defaults
key-length bits: 2048
Command Modes
Global configuration (config) mode.
Usage Guidelines
SSH enables login access to the SE through a secure and encrypted channel. SSH consists of a server and a client program. Like Telnet, you can use the client program to remotely log on to a machine that is running the SSH server, but unlike Telnet, messages transported between the client and the server are encrypted. The functionality of SSH includes user authentication, message encryption, and message authentication.
When you enable the SSH server, the Secure File Transfer Protocol (SFTP) server is also enabled. The SFTP is a file transfer program that provides a secure and authenticated method for transferring files between VDS-OS devices and other workstations or clients.
![]()
Note
SFTP is the standard file transfer protocol introduced in SSH Version 2. The SFTP client functionality is provided as part of the SSH component. If you use SSH Version 1 on the SE, SFTP support is not available.
Examples
The following example shows how to generate an SSH host key on an SE:
ServiceEngine(config)#
ssh-key-generate key-length 2048The following example disables the ssh host key:
ServiceEngine(config)# no ssh-key-generate key-length 2048Related Commands
sshd
To enable the Secure Shell (SSH) daemon, use the sshd command in global configuration mode. To disable SSH, use the no form of this command.
sshd {enable | timeout seconds | version {1 | 2}}
no sshd {enable | password-guesses | timeout | version {1 | 2}}
Syntax Description
Defaults
timeout seconds: 300
version: Both SSH Version 1 and 2 are enabled.
Command Modes
Global configuration (config) mode.
Usage Guidelines
SSH enables login access to the SE through a secure and encrypted channel. SSH consists of a server and a client program. Like Telnet, you can use the client program to remotely log on to a machine that is running the SSH server, but unlike Telnet, messages transported between the client and the server are encrypted. The functionality of SSH includes user authentication, message encryption, and message authentication.
When you enable the SSH server, the Secure File Transfer Protocol (SFTP) server is also enabled. The SFTP is a file transfer program that provides a secure and authenticated method for transferring files between VDS-OS devices and other workstations or clients.
![]()
Note
SFTP is the standard file transfer protocol introduced in SSH Version 2. The SFTP client functionality is provided as part of the SSH component. If you use SSH Version 1 on the SE, SFTP support is not available.
The sshd version command in global configuration mode allows you to enable support for either SSH Version 1 or SSH Version 2. When you enable SSH using the sshd enable command in global configuration mode, the VDS-OS software enables support for both SSH Version 1 and SSH Version 2 on the SE. If you want the SE to support only one version of SSH (for example SSH Version 2), disable the other version (in this example, SSH Version 1) by using the no sshd version 1 command.
When support for both SSH Version 1 and SSH Version 2 are enabled in the SE, the show running-config command output does not display any sshd configuration. If you have disabled the support for one version of SSH, the show running-config command output contains the following line:
no sshd version version_number![]()
Note
You cannot disable both SSH versions in an SE. Use the no sshd enable command in global configuration mode to disable SSH on the SE.
Examples
The following example shows how to enable the SSH daemon and configure the number of allowable password guesses and timeout for the SE:
ServiceEngine(config)#
sshd enableServiceEngine(config)#
sshd password-guesses 4ServiceEngine(config)#
sshd timeout 20The following example disables the support for SSH Version 1 in the SE:
ServiceEngine(config)# no sshd version 1Related Commands
streaming-interface
To configure the streaming interface, use the streaming-interface command in global configuration mode. To remove a streaming interface, use the no form of this command.
streaming-interface {GigabitEthernet num | PortChannel num | Standby num}
Syntax Description
Command Default
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
When upgrading from a previous software release, the primary interface is converted to a streaming interface by the upgrade process. When configuring new delivery traffic interfaces, either because of a new installation or because of removing existing configuration, use the streaming-interface command.
Examples
The following example shows how to configure port channel 1 as the streaming interface:
ServiceEngine# streaming-interface portChannel 1ServiceEngine#sysreport
To save the sysreport to a user-specified file, use the sysreport privilege command in EXEC configuration mode.
sysreport {authentication [date-range start_date end_date | filename] | cms [date-range start_date end_date | filename] | dns | ftp | http | icap}
Syntax Description
Defaults
None
Command Modes
Privilege EXEC configuration mode.
Examples
The following example saves the sysreport for authentication to user-specified file xxx.tar.gz:
ServiceEngine# sysreport authentication date-range 2009/05/07 2009/05/11 xxx.tar.gzThe sysreport has been saved onto file xxx.tar.gz in local1
tacacs
To configure Terminal Access Controller Access Control System Plus (TACACS+) server parameters, use the tacacs command in global configuration mode. To disable individual options, use the no form of this command.
tacacs {host {hostname | ip_address} [primary] | key keyword | password ascii | retransmit retries | timeout seconds}
no tacacs {host {hostname | ip_address} [primary] | key | password ascii | retransmit | timeout}
Syntax Description
Defaults
keyword: none (empty string)
timeout seconds: 5
retransmit retries: 2
password ascii: PAP
Command Modes
Global configuration (config) mode.
Usage Guidelines
Using the tacacs command, configure the TACACS+ key, the number of retransmits, the server hostname or IP address, and the timeout.
Execute the following two commands to enable user authentication with a TACACS+ server:
ServiceEngine(config)# authentication login tacacs enableServiceEngine(config)# authentication configuration tacacs enableHTTP request authentication is independent of user authentication options and must be disabled with the following separate commands:
ServiceEngine(config)# no authentication login tacacs enableServiceEngine(config)# no authentication configuration tacacs enableThe Users GUI page or the username command in global configuration provide a way to add, delete, or modify usernames, passwords, and access privileges in the local database. The TACACS+ remote database can also be used to maintain login and configuration privileges for administrative users. The tacacs host command or the TACACS+ Service Engine GUI page allows you to configure the network parameters required to access the remote database.
One primary and two backup TACACS+ servers can be configured; authentication is attempted on the primary server first and then on the others in the order in which they were configured. The primary server is the first server configured unless another server is explicitly specified as primary with the tacacs host hostname primary command.
Use the tacacs key command to specify the TACACS+ key that is used to encrypt the packets sent to the server. This key must be the same as the one specified on the server daemon. The maximum number of characters in the key should not exceed 99 printable ASCII characters (except tabs). An empty key string is the default. All leading spaces are ignored; spaces within and at the end of the key string are not ignored. Double quotes are not required even if there are spaces in the key, unless the quotes themselves are part of the key.
The tacacs timeout is the number of seconds that the Service Engine waits before declaring a timeout on a request to a particular TACACS+ server. The range is from 1 to 20 seconds with 5 seconds as the default. The number of times that the Service Engine repeats a retry-timeout cycle before trying the next TACACS+ server is specified by the tacacs retransmit command. The default is two retry attempts.
Three unsuccessful login attempts are permitted. TACACS+ logins may appear to take more time than local logins depending on the number of TACACS+ servers and the configured timeout and retry values.
Use the tacacs password ascii command to specify the TACACS+ password type as ASCII. The default password type is Password Authentication Protocol (PAP). In earlier releases, the password type was not configurable. When users needed to log in to a Service Engine, a TACACS+ client sent the password information in PAP format to a TACACS+ server. However, TACACS+ servers that were configured for router management required the passwords to be in ASCII cleartext format instead of PAP format to authenticate users logging in to the Service Engine. The password type to authenticate user information to ASCII was configurable from the CLI.
![]()
Note
When the no tacacs password ascii command is used to disable the ASCII password type, the password type is once again reset to PAP.
The TACACS+ client can send different requests to the server for user authentication. The client can send a TACACS+ request with the PAP password type. In this scenario, the authentication packet includes both the username and the user's password. The server must have an appropriately configured user's account.
Alternatively, the client can send a TACACS+ request with the ASCII password type as another option. In this scenario, the authentication packet includes the username only and waits for the server response. Once the server confirms that the user's account exists, the client sends another Continue request with the user's password. The Authentication Server must have an appropriately configured user's account to support either type of password.
Examples
The following example shows how to configure the key used in encrypting packets:
ServiceEngine(config)# tacacs key human789The following example shows how to configure the host named spearhead as the primary TACACS+ server:
ServiceEngine(config)# tacacs host spearhead primaryThe following example shows how to set the timeout interval for the Terminal Access Controller Access Control System Plus (TACACS+) server:
ServiceEngine(config)# tacacs timeout 10The following example shows how to set the number of times that authentication requests are retried (retransmitted) after a timeout:
ServiceEngine(config)# tacacs retransmit 5The following example shows the password type to be PAP by default:
ServiceEngine# show tacacsLogin Authentication for Console/Telnet Session: enabled (secondary)Configuration Authentication for Console/Telnet Session: enabled (secondary)TACACS+ Configuration:---------------------TACACS+ Authentication is offKey = *****Timeout = 5Retransmit = 2Password type: papServer Status---------------------------- ------10.107.192.148 primary10.107.192.16810.77.140.77ServiceEngine#However, you can configure the password type to be ASCII using the tacacs password ascii command. You can then verify the changes using the show tacacs command as follows:
ServiceEngine(config)# tacacs password asciiServiceEngine(config)# exitServiceEngine# show tacacsLogin Authentication for Console/Telnet Session: enabled (secondary)Configuration Authentication for Console/Telnet Session: enabled (secondary)TACACS+ Configuration:---------------------TACACS+ Authentication is offKey = *****Timeout = 5Retransmit = 2Password type: asciiServer Status---------------------------- ------10.107.192.148 primary10.107.192.16810.77.140.77Related Commands
tcpdump
To dump the network traffic, use the tcpdump command in EXEC configuration mode.
tcpdump [LINE]
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use the tcpdump command to gather a sniffer trace on the SE, SR, or VOSM for troubleshooting when asked to gather the data by the Cisco Technical Support. This utility is very similar to the Linux or UNIX tcpdump command.
The tcpdump command allows an administrator (must be an admin user) to capture packets from the Ethernet. On the SE 500 series, the interface names are GigabitEthernet 1/0 and GigabitEthernet 2/0. On all VDS-OS platforms, we recommend that you specify a path/filename in the local1 directory.
You can do a straight packet header dump to the screen by entering the tcpdump command. Press Ctrl-C to stop the dump.
The tcpdump command has the following options:
•
-w <filename>—Writes the raw packet capture output to a file.
•
-s <count>—Captures the first <count> bytes of each packet.
•
-i <interface>—Allows you to specify a specific interface to use for capturing the packets.
•
-c <count>—Limits the capture to <count> packets.
The following example captures the first 1500 bytes of the next 10,000 packets from interface Ethernet 0 and puts the output in a file named dump.pcap in the local1 directory on the SE:
ServiceEngine# tcpdump -w /local1/dump.pcap -i GigabitEthernet 1/0 -s 1500 -c 10000When you specify the -s option, it sets the packet snap length. The default value captures only 64 bytes, and this default setting saves only packet headers into the capture file. For troubleshooting of redirected packets or higher level traffic (HTTP, authentication, and so on), copy the complete packets.
After the TCP dump has been collected, you need to move the file from the SE to a PC so that the file can be viewed by a sniffer decoder.
ftp <ip address of the SE>!--- Log in using the admin username and password.cd local1binhashget <name of the file>!--- Using the above example, it would be dump.pcap.byeWe recommend that you use Ethereal as the software application for reading the TCP dump. With Ethereal, you can decode packets that are encapsulated into a generic routing encapsulation (GRE) tunnel. See the Ethereal website for further information.
![]()
Note
In most cases, redirected packets captured by the tcpdump facility with the VDS-OS CLI differ from the data received on the interface. The destination IP address and TCP port number are modified to reflect the device IP address and the port number 8999.
Examples
The following example shows how to dump the TCP network traffic:
ServiceEngine# tcpdumptcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on GigabitEthernet 1/0, link-type EN10MB (Ethernet), capture size 68 bytes12:45:43.017677 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 3342832089:3342832201(112) ack 1248615673 win 1523212:45:43.018950 IP 172.19.226.63 > ServiceEngine.cisco.com: icmp 36: 172.19.226.63 udp port 2048 unreachable12:45:43.019327 IP ServiceEngine.cisco.com.10015 > dns-sj2.cisco.com.domain: 49828+ [ | domain ]
12:45:43.021158 IP dns-sj2.cisco.com.domain > ServiceEngine.cisco.com.10015: 49828 NXDomain* [ | domain ]
12:45:43.021942 IP ServiceEngine.cisco.com.10015 > dns-sj2.cisco.com.domain: 49829+ [ | domain ]
12:45:43.023799 IP dns-sj2.cisco.com.domain > ServiceEngine.cisco.com.10015: 49829 NXDomain* [ | domain ]
12:45:43.024240 IP ServiceEngine.cisco.com.10015 > dns-sj2.cisco.com.domain: 49830+ [ | domain ]
12:45:43.026164 IP dns-sj2.cisco.com.domain > ServiceEngine.cisco.com.10015: 49830* [ | domain ]
12:45:42.702891 802.1d config TOP_CHANGE 8000.00:03:9f:f1:10:63.8042 root 8000.00:01:43:9a:c8:63 pathcost 26 age 3 max 20 hello 2 fdelay 1512:45:42.831404 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 112 win 6435112:45:42.831490 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: . 112:1444(1332) ack 1 win 1523212:45:42.831504 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 1444:1568(124) ack 1 win 1523212:45:42.831741 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 1568:1696(128) ack 1 win 1523212:45:43.046176 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 1568 win 6553512:45:43.046248 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 1696:2128(432) ack 1 win 1523212:45:43.046469 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 2128:2256(128) ack 1 win 1523212:45:43.046616 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 2256:2400(144) ack 1 win 1523212:45:43.107700 802.1d config TOP_CHANGE 8000.00:03:9f:f1:10:63.8042 root 8000.00:01:43:9a:c8:63 pathcost 26 age 3 max 20 hello 2 fdelay 1512:45:43.199710 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 1696 win 6540712:45:43.199784 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 2400:2864(464) ack 1 win 1523212:45:43.199998 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 2864:2992(128) ack 1 win 1523212:45:43.259968 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 2400 win 6470312:45:43.260064 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 2992:3280(288) ack 1 win 1523212:45:43.260335 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 3280:3408(128) ack 1 win 1523212:45:43.260482 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 3408:3552(144) ack 1 win 1523212:45:43.260621 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 3552:3696(144) ack 1 win 1523212:45:43.413320 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 2992 win 6553512:45:43.413389 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 3696:3984(288) ack 1 win 1523212:45:43.413597 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 3984:4112(128) ack 1 win 1523212:45:43.413741 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 4112:4256(144) ack 1 win 1523212:45:43.473601 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 3552 win 6497512:45:43.473659 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 4256:4544(288) ack 1 win 1523212:45:43.473853 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 4544:4672(128) ack 1 win 1523212:45:43.473994 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 4672:4816(144) ack 1 win 1523212:45:43.474132 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 4816:4960(144) ack 1 win 1523212:45:43.484117 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: P 1:81(80) ack 3696 win 6483112:45:43.484167 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 4960:5248(288) ack 81 win 1523212:45:43.484424 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 5248:5392(144) ack 81 win 1523212:45:43.627125 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 4112 win 6441512:45:43.627204 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 5392:5680(288) ack 81 win 1523212:45:43.627439 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 5680:5808(128) ack 81 win 1523212:45:43.627586 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 5808:5952(144) ack 81 win 1523212:45:43.688261 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 4544 win 6553512:45:43.688316 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 5952:6240(288) ack 81 win 1523212:45:43.688495 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 6240:6368(128) ack 81 win 1523212:45:43.688638 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 6368:6512(144) ack 81 win 1523212:45:43.689012 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 4960 win 6511912:45:43.689046 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 6512:6800(288) ack 81 win 1523212:45:43.689170 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 6800:6928(128) ack 81 win 1523212:45:43.689309 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 6928:7072(144) ack 81 win 1523212:45:43.689447 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 7072:7216(144) ack 81 win 1523212:45:43.698391 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 5392 win 6468712:45:43.698437 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 7216:7504(288) ack 81 win 1523212:45:43.698599 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 7504:7632(128) ack 81 win 1523212:45:43.698740 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 7632:7776(144) ack 81 win 1523212:45:43.840558 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 5808 win 6427112:45:43.840622 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 7776:8064(288) ack 81 win 1523212:45:43.840819 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 8064:8192(128) ack 81 win 1523212:45:43.840962 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 8192:8336(144) ack 81 win 1523212:45:43.901868 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 6368 win 6553512:45:43.901938 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 8336:8624(288) ack 81 win 1523212:45:43.901887 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 6928 win 6497512:45:43.901910 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 7216 win 6468712:45:43.902137 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 8624:8752(128) ack 81 win 1523212:45:43.902281 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 8752:8896(144) ack 81 win 1523212:45:43.902414 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 8896:9024(128) ack 81 win 1523212:45:43.902547 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 9024:9152(128) ack 81 win 1523212:45:43.902687 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 9152:9296(144) ack 81 win 1523212:45:43.902826 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 9296:9440(144) ack 81 win 1523212:45:43.902965 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 9440:9584(144) ack 81 win 1523212:45:43.903104 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 9584:9728(144) ack 81 win 1523212:45:43.922413 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 7632 win 6427112:45:43.922459 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 9728:10304(576) ack 81 win 1523212:45:43.922622 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 10304:10432(128) ack 81 win 1523212:45:43.922764 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 10432:10576(144) ack 81 win 1523212:45:44.053872 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 8192 win 6553512:45:44.053972 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 10576:10864(288) ack 81 win 1523212:45:44.054308 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 10864:11104(240) ack 81 win 1523212:45:44.054453 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 11104:11248(144) ack 81 win 1523212:45:44.054596 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 11248:11392(144) ack 81 win 1523212:45:44.111702 802.1d config TOP_CHANGE 8000.00:03:9f:f1:10:63.8042 root 8000.00:01:43:9a:c8:63 pathcost 26 age 3 max 20 hello 2 fdelay 1512:45:44.114626 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 8752 win 6497512:45:44.114712 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 11392:11712(320) ack 81 win 1523212:45:44.115219 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 11712:11952(240) ack 81 win 1523212:45:44.115381 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 11952:12096(144) ack 81 win 1523212:45:44.115426 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 9152 win 6457512:45:44.115617 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 12096:12336(240) ack 81 win 1523212:45:44.115760 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 12336:12480(144) ack 81 win 1523212:45:44.115904 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 12480:12624(144) ack 81 win 1523212:45:44.116045 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 12624:12768(144) ack 81 win 1523212:45:44.116094 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 9440 win 6428712:45:44.116114 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 9728 win 6553512:45:44.116332 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 12768:13088(320) ack 81 win 1523212:45:44.116473 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 13088:13232(144) ack 81 win 1523212:45:44.116614 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 13232:13376(144) ack 81 win 1523212:45:44.116755 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 13376:13520(144) ack 81 win 1523212:45:44.116895 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 13520:13664(144) ack 81 win 1523212:45:44.135947 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 10432 win 6483112:45:44.135996 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 13664:13808(144) ack 81 win 1523212:45:44.136223 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 13808:14048(240) ack 81 win 1523212:45:44.136366 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 14048:14192(144) ack 81 win 1523212:45:44.144104 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: P 81:161(80) ack 10576 win 64687102 packets captured105 packets received by filter0 packets dropped by kernelThe following example shows how to dump the TCP network traffic and redirect it to a file named test:
ServiceEngine# tcpdump port 8080 -w testtcpdump: listening on GigabitEthernet 1/0, link-type EN10MB (Ethernet), capture size 68 bytes216 packets captured216 packets received by filter0 packets dropped by kerneltcpdumpx
To dump the network traffic with the tcpdump extension for a multi-interface capture, use the tcpdumpx command in EXEC configuration mode.
tcpdumpx [LINE]
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The tcpdumpx command enables tcpdump to capture multiple interfaces in separate files. Each member interface of a PortChannel can be captured in a separate file. For example, if eth2, eth3, eth4 and eth5 are members of PortChannel 1 (bond0), they can be captured in different files.
Current: issue "tcpdump -i" for each PortChannel member in a different shell at the same time.
Implemented: New flag (-j), not used by tcpdump, under tcpdumpx handles this:
tcpdumpx -j PortChannel 1 -w filename.capThis command internally expands to capture each physical interface's dump in an individual file:
tcpdump -i eth2 -w filename.eth2.captcpdump -i eth3 -w filename.eth3.captcpdump -i eth4 -w filename.eth4.captcpdump -i eth5 -w filename.eth5.capIf eth2 and eth3 need to be captured, use "--" as a command separator to separate the two tcpdump instances:
tcpdumpx -i eth2 -w filename.cap -k -m -- -i eth3 -w filename2.cap -c -k -- ... --This command internally expands to:
tcpdump -i eth2 -w filename.captcpdump -i eth3 -w filename.capOther examples:
tcpdumpx -j PortChannel 1 -w filename.cap -- -j PortChannel 2 -w filename2.captcpdumpx -i eth2 -w filename.cap -- -i eth3 -w filename2.cap -- j PortChannel 1 -w filename3.capThis is documented in tcpdumpx help "tcpdumpx -h":
tcpdump Dump traffic on a networktcpdumpx tcpdump extension for multi-interface capturetcpdumpx -htcpdumpx - tcpdump extension for multiple interface capture[WARNING] This program consumes HIGH CPU & memory and impacts system performanceUsage: tcpdumpx [-w filename] [-j PortChannel X] [--] [all tcpdump options][-w filename] Required. Write tcpdump output to filename[-j PortChannel X] Capture each PortChannel slave to file:"filename" --> "filenameslavename""filename.xxx" --> "filename.slavename.xxx"[--] Interface separator. Capture Multiple Interfaces by:tcpdumpx -i eth0 -w eth0 -- -i eth2 -w eth2 -- . . . -- . .tcpdumpx -i eth0 -w eth0 -- -j PortChannel 1 -w pctcpdumpx -j PortChannel 1 -w pc1 -- -j PortChannel 2-w pc2[all tcpdump options] Specify any tcpdump optionsPlease use "tcpdump -h" to get tcpdump help options[-h(elp)] Print this helpExamples
The following example shows how to dump the TCP network traffic with a tcpdump extension for multi-interface capture:
ServiceEngine# tcpdumpxtcpmon
To search all TCP connections, use the tcpmon command in EXEC configuration mode.
tcpmon line
Syntax Description
Command Defaults
None
Command Modes
EXEC configuration.
Usage Guidelines
The tcpmon utility is a script that constantly calls the ss utility at specified intervals. The tcpmon utility searches all TCP connections every 30 seconds and displays information about any socket that meets the search criteria. To view the list of options, enter tcpmon -h.
Table 2-69 describes the tcpmon output fields.
Examples
The following command sets the polling cycle to 30 seconds and the receive-queue threshold to 100:
ServiceEngine# tcpmon -R 100 30
The following command sets the polling cycle to 30 seconds and displays only the sockets with window scaling disabled:
ServiceEngine# tcpmon -N 30The following example shows the output for the tcpmon utility:
State Recv-Q Send-Q Local Address:Port Peer Address:Port Rtt/var Swnd RetransESTAB 0 257744 10.3.5.2:80 10.3.5.137:32963 530/15 13 0ESTAB 0 861560 10.3.5.2:80 10.3.5.137:32849 545/24 4 0ESTAB 0 234576 10.3.5.2:80 10.3.5.122:32979 547/22.2 6 0ESTAB 0 254848 10.3.5.2:80 10.3.5.103:32909 531/14.8 10 0ESTAB 0 231680 10.3.5.2:80 10.3.5.135:32925 532/11.5 9 0ESTAB 0 224440 10.3.5.2:80 10.3.5.133:33057 550/32 7 0ESTAB 0 267880 10.3.5.2:80 10.3.5.135:32985 530/18.2 7 0ESTAB 0 291048 10.3.5.2:80 10.3.5.113:32909 539/12.2 6 0ESTAB 0 249056 10.3.5.2:80 10.3.5.103:32903 520/23.2 8 0ESTAB 0 218648 10.3.5.2:80 10.3.5.132:33069 522/14.5 16 0ESTAB 0 702280 10.3.5.2:80 10.3.5.100:32829 539/24.5 5 0ESTAB 0 412680 10.3.5.2:80 10.3.5.110:32992 546/22.8 7 0ESTAB 0 254848 10.3.5.2:80 10.3.5.115:33136 552/37.2 5 0Related Commands
tcp
To configure TCP-related parameters, use the tcp timestamp command in global configuration mode. To disable the TCP timestamp, use the no form of this command.
tcp timestamp
no tcp timestamp
Syntax Description
Defaults
TCP timestamp is enabled by default.
Command Modes
Global configuration (config) mode.
Examples
The following example shows how to disable the TCP timestamp:
ServiceEngine# no tcp timestampServiceEngine#telnet (EXEC configuration)
To log in to a network device using the Telnet client, use the telnet command in EXEC configuration mode.
telnet {hostname | ip_address} [port_num]
Syntax Description
hostname
Hostname of the network device.
ip_address
IP address of the network device.
port_num
(Optional) Port number. The range is from 1 to 65535. Default port number is 23.
Defaults
The default port number is 23.
Command Modes
EXEC configuration mode.
Usage Guidelines
Some UNIX shell functions, such as escape and the suspend command, are not available in the Telnet client. In addition, multiple Telnet sessions are also not supported.
The Telnet client allows you to specify a destination port. By entering the telnet command, you can test websites by attempting to open a Telnet session to the website from the SE CLI.
Examples
The following example shows how to open a Telnet session to a network device using the hostname:
ServiceEngine# telnet cisco-ceThe following example shows how to open a Telnet session to a network device using the IP address:
ServiceEngine# telnet 172.16.155.224The following example shows how to open a Telnet session to a network device on port 8443 using the hostname:
ServiceEngine# telnet cisco-ce 8443The following example shows how to open a Telnet session to a network device on port 80 using the hostname:
ServiceEngine# telnet www.yahoo.com 80telnet (global configuration)
To enable Telnet service, use the telnet enable command in global configuration mode. To disable Telnet, use the no form of this command.
telnet
no telnet
Syntax Description
Defaults
Telnet is enabled by default.
Command Modes
Global configuration (config) mode.
Usage Guidelines
Use this Terminal Emulation protocol for a remote terminal connection. The telnet enable command allows users to log in to other devices using a Telnet session.
Examples
The following example shows how to enable Telnet on the SE:
ServiceEngine(config)# telnet enableRelated Commands
terminal
To set the number of lines displayed in the console window, or to display the current console debug command output, use the terminal command in EXEC configuration mode.
terminal {length length | monitor [disable]}
Syntax Description
Defaults
The default length is 24 lines.
Command Modes
EXEC configuration mode.
Usage Guidelines
When 0 is entered as the length parameter, the output to the screen does not pause. For all nonzero values of length, the -More- prompt is displayed when the number of output lines matches the specified length number. The -More- prompt is considered a line of output. To view the next screen, press the Spacebar. To view one line at a time, press the Enter key.
The terminal monitor command allows a Telnet session to display the output of the debug commands that appear on the console. Monitoring continues until the Telnet session is terminated.
Examples
The following example shows how to set the number of lines to display to 20:
ServiceEngine# terminal length 20The following example shows how to configure the terminal for no pausing:
ServiceEngine# terminal length 0Related Commands
All show commands.
test-url
To test the accessibility of a URL using FTP, HTTP, or HTTPS, use the test-url command in EXEC configuration mode.
test-url {ftp url [use-ftp-proxy proxy_url] | http url [custom-header header [head-only] [use-http-proxy proxy_url] | head-only [custom-header header] [use-http-proxy proxy_url] | use-http-proxy proxy_url [custom-header header] [head-only]]}
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The HTTP CLI client allows you to test connectivity and debug caching issues. The test-url command allows you to test whether a URL is accessible over the FTP, HTTP, and HTTPS protocols. When you test the connectivity using the test-url command, the SE sends a request using the protocol that you have specified to the server and fetches the requested contents. The actual content is dumped into the path /dev/null, and the server response with the header information is displayed to the user.
You can use the test-url ftp command to test the following for the specified URL:
•
Connectivity to the URL
•
Connectivity to the URL through the FTP proxy (using the use-ftp-proxy option)
•
Authentication
•
FTP proxy authentication
You can use the test-url http command to test the following for the specified URL:
•
Test the connectivity to the URL
•
Test the connectivity to the URL through the HTTP proxy (using the use-http-proxy option)
•
Authentication
•
HTTP proxy authentication
•
Header information only for the specified page (using the head-only option) or additional header information (using the custom-header option)
Examples
The following example tests the accessibility to the URL http://192.168.171.22 using HTTP:
ServiceEngine# test-url http http://ce1.server.com--02:27:20-- http://ce1.server.com/=> `/dev/null'Len - 22, Restval - 0, contlen - 0, Res - 134728056Resolving ce1.server.com. .done.Connecting to ce1.server.com [ 192.168.171.22 ] :80... connected.
HTTP request sent, awaiting response...1 HTTP/1.1 200 OK2 Date: Mon, 26 Jul 2004 08:41:34 GMT3 Server: Apache/1.2b84 Last-Modified: Fri, 25 Apr 2003 12:23:04 GMT5 ETag: "1aee29-663-3ea928a8"6 Content-Length: 16357 Content-Type: text/html8 Via: 1.1 Content Delivery System Software 5.29 Connection: Keep-Alive(1635 to go)0% [ ] 0 --.--K/s ETA --:--L
en - 0 ELen - 1635 Keepalive - 1100% [ ====================================> ] 1,635 1.56M/s ETA 00:00
02:27:20 (1.56 MB/s) - `/dev/null' saved [ 1635/1635 ]
The following example tests the accessibility to the URL http://192.168.171.22 through the HTTP proxy 10.107.192.148:
ServiceEngine# test-url http http://192.168.171.22 use-http-proxy 10.107.192.148:8090--15:22:51-- http://10.77.155.246/=> `/dev/null'Len - 1393, Restval - 0, contlen - 0, Res - 134728344Connecting to 10.107.192.148:8090... connected.Proxy request sent, awaiting response...1 HTTP/1.1 401 Authorization Required2 Date: Mon, 27 Sep 2004 15:29:18 GMT3 Server: Apache/1.3.27 (Unix) tomcat/1.04 WWW-Authenticate: Basic realm="IP/TV Restricted Zone"5 Content-Type: text/html; charset=iso-8859-16 Via: 1.1 Content Delivery System Software 5.2.17 Connection: CloseLen - 0, Restval - 0, contlen - -1, Res - -1Connecting to 10.107.192.148:8090... connected.Proxy request sent, awaiting response...1 HTTP/1.1 401 Authorization Required2 Date: Mon, 27 Sep 2004 15:29:19 GMT3 Server: Apache/1.3.27 (Unix) tomcat/1.04 WWW-Authenticate: Basic realm="IP/TV Restricted Zone"5 Content-Type: text/html; charset=iso-8859-16 Via: 1.1 Content Delivery System Software 5.2.17 Connection: Keep-Alive(1635 to go)0% [ ] 0 --.--K/s ETA --:--L
en - 0 ELen - 1635 Keepalive - 1100% [ ====================================> ] 1,635 1.56M/s ETA 00:00
02:27:20 (1.56 MB/s) - `/dev/null' saved [ 1635/1635 ]
The following example tests the accessibility to the URL ftp://ssivakum:ssivakum@10.77.157.148 using FTP:
ServiceEngine# test-url ftp ftp://ssivakum:ssivakum@10.77.157.148/antinat-0.90.tarMar 30 14:33:44 nramaraj-ce admin-shell: %SE-PARSER-6-350232: CLI_LOG shell_parser_log: test-url ftp ftp://ssivakum:ssivakum@10.77.157.148/antinat-0.90.tar--14:33:44-- ftp://ssivakum:*password*@10.77.157.148/antinat-0.90.tar=> `/dev/null'Connecting to 10.77.157.148:21... connected.Logging in as ssivakum...220 (vsFTPd 1.1.3)--> USER ssivakum331 Please specify the password.--> PASS Turtle Power!230 Login successful. Have fun.--> SYST215 UNIX Type: L8--> PWD257 "/home/ssivakum"--> TYPE I200 Switching to Binary mode.==> CWD not needed.--> PORT 10,1,1,52,82,16200 PORT command successful. Consider using PASV.--> RETR antinat-0.90.tar150 Opening BINARY mode data connection for antinat-0.90.tar (1771520 bytes).Length: 1,771,520 (unauthoritative)0% [ ] 0 --.--K/s ETA --:--Len - 0 ELen - 1771520 Keepalive - 0
100% [ =====================================================================================> ] 1,771,520 241.22K/s ETA 00:00
226 File send OK.14:33:53 (241.22 KB/s) - `/dev/null' saved [ 1771520 ]
ServiceEngine#Related Commands
Command Descriptionacquirer (EXEC)
Starts or stops content acquisition on a specified acquirer delivery service.
top
To see a dynamic real-time view of a running VDS-OS, use the top command in EXEC configuration mode.
top {line}
Syntax Description
Defaults
No default behavior values
Command Modes
EXEC configuration mode.
Examples
The following example shows sample output from the top command on an SE:
ServiceEngine# top
top - 01:08:45 up 8 days, 23:39, 3 users, load average: 1244.22, 1246.32, 1243.66Tasks: 1789 total, 4 running, 1785 sleeping, 0 stopped, 0 zombieCpu(s): 0.0%us, 13.2%sy, 18.1%ni, 57.8%id, 1.1%wa, 0.7%hi, 9.2%si, 0.0%stMem: 32825728k total, 32671416k used, 154312k free, 137164k buffersSwap: 0k total, 0k used, 0k free, 21289468k cachedtraceroute
To trace the route to a remote host, use the traceroute command in EXEC configuration mode.
traceroute {hostname | ip_address}
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Traceroute is a widely available utility on most operating systems. Similar to ping, traceroute is a valuable tool for determining connectivity in a network. Ping allows the user to find out if there is a connection between the two end systems. Traceroute does this as well, but additionally lists the intermediate routers between the two systems. Users can see the routes that packets can take from one system to another. Use the traceroute command to find the route to a remote host when either the hostname or the IP address is known.
The traceroute command uses the Time-to-Live (TTL) field in the IP header to cause routers and servers to generate specific return messages. Traceroute starts by sending a UDP datagram to the destination host with the TTL field set to 1. If a router finds a TTL value of 1 or 0, it drops the datagram and sends back an Internet Control Message Protocol (ICMP) time-exceeded message to the sender. The traceroute facility determines the address of the first hop by examining the source address field of the ICMP time-exceeded message.
To identify the next hop, traceroute sends a UDP packet with a TTL value of 2. The first router decrements the TTL field by 1 and sends the datagram to the next router. The second router sees a TTL value of 1, discards the datagram, and returns the time-exceeded message to the source. This process continues until the TTL is incremented to a value large enough for the datagram to reach the destination host (or until the maximum TTL is reached).
To determine when a datagram has reached its destination, traceroute sets the UDP destination port in the datagram to a very large value that the destination host is unlikely to be using. When a host receives a datagram with an unrecognized port number, it sends an ICMP "port unreachable" error to the source. This message indicates to the traceroute facility that it has reached the destination.
Examples
The following example shows how to trace the route to a remote host from the SE:
ServiceEngine# traceroute 10.77.157.43traceroute to 10.77.157.43 (10.77.157.43), 30 hops max, 38 byte packets1 10.1.1.50 (10.1.1.50) 2.024 ms 2.086 ms 2.219 ms2 sblab2-rtr.cisco.com (192.168.10.1) 3.718 ms 172.19.231.249 (172.19.231.249) 0.653 ms 0.606 ms3 sjc22-00lab-gw1.cisco.com (172.24.115.65) 0.666 ms 0.624 ms 0.597 ms4 sjc20-lab-gw2.cisco.com (172.24.115.109) 0.709 ms 0.695 ms 0.616 ms5 sjc20-sbb5-gw2.cisco.com (128.107.180.97) 0.910 ms 0.702 ms 0.674 ms6 sjc20-rbb-gw5.cisco.com (128.107.180.9) 0.762 ms 0.702 ms 0.664 ms7 sjc12-rbb-gw4.cisco.com (128.107.180.2) 0.731 ms 0.731 ms 0.686 ms8 sjc5-gb3-f1-0.cisco.com (10.112.2.158) 1.229 ms 1.186 ms 0.753 ms9 capnet-hkidc-sjc5-oc3.cisco.com (10.112.2.238) 146.784 ms 147.016 ms 147.051 ms10 hkidc-capnet-gw1-g3-1.cisco.com (10.112.1.250) 147.163 ms 147.319 ms 148.050 ms11 hkidc-gb3-g0-1.cisco.com (10.112.1.233) 148.137 ms 148.332 ms 148.361 ms12 capnet-singapore-hkidc-oc3.cisco.com (10.112.2.233) 178.137 ms 178.273 ms 178.005 ms13 singapore-capnet2-fa4-0.cisco.com (10.112.2.217) 179.236 ms 179.606 ms 178.714 ms14 singapore-gb1-fa2-0.cisco.com (10.112.2.226) 179.499 ms 179.914 ms 179.873 ms15 capnet-chennai-singapore-ds3.cisco.com (10.112.2.246) 211.858 ms 212.167 ms 212.854 ms16 hclodc1-rbb-gw2-g3-8.cisco.com (10.112.1.213) 213.639 ms 212.580 ms 211.211 ms17 10.77.130.18 (10.77.130.18) 212.248 ms 212.478 ms 212.545 ms18 codc-tbd.cisco.com (10.77.130.34) 212.315 ms 213.088 ms 213.063 ms19 10.77.130.38 (10.77.130.38) 212.955 ms 214.353 ms 218.169 ms20 10.77.157.9 (10.77.157.9) 217.217 ms 213.424 ms 222.023 ms21 10.77.157.43 (10.77.157.43) 212.750 ms 217.260 ms 214.610 msThe following example shows how the traceroute command fails to trace the route to a remote host from the SE:
ServiceEngine# traceroute 10.0.0.1traceroute to 10.0.0.1 (10.0.0.1), 30 hops max, 38 byte packets1 10.1.1.50 (10.1.1.50) 2.022 ms 1.970 ms 2.156 ms2 sblab2-rtr.cisco.com (192.168.10.1) 3.955 ms 172.19.231.249 (172.19.231.249) 0.654 ms 0.607 ms3 sjc22-00lab-gw1.cisco.com (172.24.115.65) 0.704 ms 0.625 ms 0.596 ms4 sjc20-lab-gw1.cisco.com (172.24.115.105) 0.736 ms 0.686 ms 0.615 ms5 sjc20-sbb5-gw1.cisco.com (128.107.180.85) 0.703 ms 0.696 ms 0.646 ms6 sjc20-rbb-gw5.cisco.com (128.107.180.22) 0.736 ms 0.782 ms 0.750 ms7 sjce-rbb-gw1.cisco.com (171.69.7.249) 1.291 ms 1.314 ms 1.218 ms8 sjce-corp-gw1.cisco.com (171.69.7.170) 1.477 ms 1.257 ms 1.221 ms9 * * *10 * * *...29 * * *30 * * *Table 2-70 describes the fields in the traceroute command output.
Related Commands
traceroute6
To trace the route to a remote IPv6-enabled host, use the traceroute6 command in EXEC configuration mode.
traceroute6 ip_address
Syntax Description
Defaults
No default behavior values
Command Modes
EXEC configuration mode.
Examples
The following example shows how to trace the route to a remote IPv6-enabled host from the SE:
ServiceEngine# traceroute6 <IP address>Related Commands
transaction-log force
To force the archive or export of the transaction log, use the transaction-log force command in EXEC configuration mode.
transaction-log force {archive | export}
Syntax Description
archive
Forces the archive of the working.log file.
export
Forces the archived files to be exported to the server.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The transaction-log force archive command causes the transaction log working.log file to be archived to the SE hard disk following the next transaction. This command has the same effect as the clear transaction-log command.
The transaction-log force export command causes the transaction log to be exported to a File Transfer Protocol (FTP) server designated by the transaction-logs export ftp-server command.
The transaction-log force command does not change the configured or default schedule for archive or export of transaction log files. If the archive interval is configured, in seconds, or the export interval is configured in minutes, the forced archive or export interval period is restarted after the forced operation.
If a scheduled archive or export job is in progress when a corresponding transaction-log force command is entered, the command has no effect. If a transaction-log force command is in progress when an archive or export job is scheduled to run, the forced operation is completed and the archive or export is rescheduled for the next configured interval.
Examples
The following example shows how to archive the transaction log file to the SE hard disk:
ServiceEngine# transaction-log force archiveThe following example shows that the SE is configured to export its transaction logs to two FTP servers:
ServiceEngine(config)#
transaction-logs export ftp-server 10.1.1.1 mylogin mypasswd /ftpdirectoryServiceEngine(config)#
transaction-logs export ftp-server myhostname mylogin mypasswd /ftpdirectoryThe following example shows how to export the transaction log file from the SE hard disk to an FTP server designated by the transaction-logs export ftp-server command:
ServiceEngine# transaction-log force exportRelated Commands
transaction-logs
To configure and enable transaction logs, use the transaction-logs command in global configuration mode. To disable transaction logs, use the no form of this command.
transaction-logs {archive {interval {seconds | every-day {at hour:minute | every hours} | every-hour {at minute | every minutes} | every-week [on weekdays at hour:minute]} | max-file-number file_number | max-file-size file_size} | ds-snapshot-counter enable | enable | export {compress | enable | ftp-server {hostname | serv_ip_addrs} login passw directory | interval {minutes | every-day {at hour:minute | every hours} | every-hour {at minute | every minutes} | every-week [on weekdays at hour:minute] | sftp-server {hostname | serv_ip_addrs} login passw directory | format {apache | custom string | extended-squid} | log-windows-domain}
no transaction-logs {archive {interval {seconds | every-day {at hour:minute | every hours} | every-hour {at minute | every minutes} | every-week [on weekdays at hour:minute]} | max-file-number file_number | max-file-size file_size} | ds-snapshot-counter enable | enable | export {compress | enable | ftp-server {hostname | serv_ip_addrs} login passw directory | interval {minutes | every-day {at hour:minute | every hours} | every-hour {at minute | every minutes} | every-week [on weekdays at hour:minute] | sftp-server {hostname | serv_ip_addrs} login passw directory | format {apache | custom string | extended-squid} | log-windows-domain}
Syntax Description
Defaults
archive: disabled
enable: disabled
export compress: disabled
export: disabled
file-marker: disabled
archive interval: every day, every one hour
archive max-file-size: 2,000,000 KB
export interval: every day, every one hour
format: apache
logging port port_num: 514
Command Modes
Global configuration (config) mode.
Usage Guidelines
SEs can record all errors and access activities. Each content service module on the SE provides logs of the requests that were serviced. These logs are referred to as transaction logs.
Typical fields in the transaction log are the date and time when a request was made, the URL that was requested, whether it was a cache hit or a cache miss, the type of request, the number of bytes transferred, and the source IP address. Transaction logs are used for problem identification and solving, load monitoring, billing, statistical analysis, security problems, and cost analysis and provisioning.
The translog module on the SE handles transaction logging and supports the Apache CLF, Extended Squid format, and the World Wide Web Consortium (W3C) customizable logging format.
![]()
Note
For Real-Time Streaming Protocol (RTSP), when you choose the Repeat option from the Play menu in the Windows Media player to play media files continuously in a loop, an extra entry is logged in the transaction logs for each playback of the file.
Enable transaction log recording with the transaction-logs enable command. The transactions that are logged include HTTP and File Transfer Protocol (FTP). In addition, Extensible Markup Language (XML) logging for MMS-over-HTTP and MMS-over-RTSP (RTSP over Windows Media Services 9) is also supported.
When enabled, daemons create a working.log file in /local1/logs/ on the system file system (sysfs) volume for HTTP and FTP transactions and a separate working.log file in /local1/logs/export for Windows Media transactions.
The working.log file is a link to the actual log file with the timestamp embedded in its filename. When you configure the transaction-logs archive interval command, the first transaction that arrives after the interval elapses is logged to the working.log file as usual, and then actual log file is archived and a new log file is created. Only transactions subsequent to the archiving event are recorded in the new log file. The working.log file is then updated to point to the newly created log file. The transaction log archive file naming conventions are shown in Table 2-71. The SE default archive interval is once an hour every day.
![]()
Note
The time stamp in the transaction log filename is in Coordinated Universal Time (UTC) and is irrespective of the time zone configured on the SE. The time stamp in the transaction log filename is the time when the file was created. The logs entries in the transaction logs are in the time zone configured on the SE.
Use the transaction-logs ds-snapshot-counter enable command to enable or disable snapshot counter transaction logs. This command is available for both SE and SR. On SE, the snapshot counter transaction log records per delivery service Storage Usage. On the SR, the snapshot counter transaction log records per delivery service Session and Bandwidth Usage.
Use the transaction-logs archive max-file-size command to specify the maximum size of an archive file. The working.log file is archived when it attains the maximum file size if this size is reached before the configured archive interval time.
Use the transaction-logs file-marker option to mark the beginning and end of the HTTP, HTTPS, and FTP proxy logs. By examining the file markers of an exported archive file, you can determine whether the FTP process transferred the entire file. The file markers are in the form of dummy transaction entries that are written in the configured log format.
The following example shows the start and end dummy transactions in the default native Squid log format.
•
970599034.130 0 0.0.0.0 TCP_MISS/000 0 NONE TRANSLOG_FILE_START - NONE/- -
•
970599440.130 0 0.0.0.0 TCP_MISS/000 0 NONE TRANSLOG_FILE_END - NONE/- -
Use the format option to format the HTTP, HTTPS, and FTP proxy log files for custom format, native Squid or Extended Squid formats, or Apache CLF.
The transaction-logs format custom command allows you to use a log format string to log additional fields that are not included in the predefined native Squid or Extended Squid formats or the Apache CLF. The log format string is a string that contains the tokens listed in Table 2-71 and mimics the Apache log format string. The log format string can contain literal characters that are copied into the log file. Two backslashes (\\) can be used to represent a literal backslash, and a backslash followed by a single quotation mark (\') can be used to represent a literal single quotation mark. A literal double quotation mark cannot be represented as part of the log format string. The control characters \t and \n can be used to represent a tab and a new line character, respectively.
Table 2-71 lists the acceptable format tokens for the log format string. The ellipsis (...) portion of the format tokens shown in this table represent an optional condition. This portion of the format token can be left blank, as in %a. If an optional condition is included in the format token and the condition is met, then what is shown in the Value column of Table 2-71 is included in the transaction log output. If an optional condition is included in the format token but the condition is not met, the resulting transaction log output is replaced with a hyphen (-). The form of the condition is a list of HTTP status codes, which may or may not be preceded by an exclamation point (!). The exclamation point is used to negate all the status codes that follow it, which means that the value associated with the format token is logged if none of the status codes listed after the exclamation point (!) match the HTTP status code of the request. If any of the status codes listed after the exclamation point (!) match the HTTP status code of the request, then a hyphen (-) is logged.
For example, %400,501 { User-Agent } i logs the User-Agent header value on 400 errors and 501 errors (Bad Request, Not Implemented) only, and %!200,304,302 { Referer } i logs the Referer header value on all requests that did not return a normal status.
The custom format currently supports the following request headers:
•
User-Agent
•
Referer
•
Host
•
Cookie
The output of each of the following Request, Referer, and User-Agent format tokens specified in the custom log format string is always enclosed in double quotation marks in the transaction log entry:
%r
% { Referer } i
% { User-Agent } i
The % { Cookie } i format token is generated without the surrounding double quotation marks, because the Cookie value can contain double quotes. The Cookie value can contain multiple attribute-value pairs that are separated by spaces. We recommend that when you use the Cookie format token in a custom format string, you should position it as the last field in the format string so that it can be easily parsed by the transaction log reporting tools. By using the format token string \'% { Cookie } i\' the Cookie header can be surrounded by single quotes (').
![]()
Note
Each transaction log includes a header line that provides the VDS-OS software version and a summary line as the last line in the transaction log, which includes a summary of all the requests that appear in the transaction log.
The following command can generate the well-known Apache Combined Log Format:
transaction-log format custom " [ % { %d } t/% { %b } t/% { %Y } t:% { %H } t:% { %M } t:% { %S } t % { %z } t ] %r %s %b % { Referer } i % { User-Agent } i"
The following transaction log entry example in the Apache Combined Format is configured using the preceding custom format string:
[ 11/Jan/2003:02:12:44 -0800 ] "GET http://www.cisco.com/swa/i/site_tour_link.gif HTTP/1.1" 200 3436 "http://www.cisco.com/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)"
Sanitizing Transaction Logs
Use the sanitized option to disguise the IP address of clients in the transaction log file. The default is that transaction logs are not sanitized. A sanitized transaction log disguises the network identity of a client by changing the IP address in the transaction logs to 0.0.0.0.
The no form of this command disables the sanitize feature. The transaction-logs sanitize command does not affect the client IP (%a) value associated with a custom log format string that is configured with the CLI (configured with the transaction-logs format custom string command in global configuration mode in which the string is the quoted log format string that contains the custom log format). To hide the identity of the client IP in the custom log format, either hard code 0.0.0.0 in the custom log format string or exclude the %a token, which represents the client IP, from the format string.
Exporting Transaction Log Files
To facilitate the postprocessing of cache log files, you could export transaction logs to an external host.
This feature allows log files to be exported automatically by File Transfer Protocol (FTP) to an external host at configurable intervals. The username and password used for FTP are configurable. The directory to which the log files are uploaded is also configurable.
The log files automatically have the following naming convention:
•
Module name
•
Host IP address
•
Date
•
Time
•
File generation number
For example, the filename for a Web Engine access log would be the following:
we_accesslog_apache_192.0.2.22_20091207_065624_00001where we_accesslog_apache is the module name, 192.0.2.22 is the IP address of the device, 20091207 is the date of the log file (December 7, 2009), and 065624_00001 is the file generation number. The file generation number ranges from 00001 to 99999.
Exporting and Archiving Intervals
The transaction log archive and export functions are configured with the following commands:
•
The transaction-logs archive interval command in global configuration mode allows the administrator to specify when the working.log file is archived.
•
The transaction-logs export interval command in global configuration mode allows the administrator to specify when the archived transaction logs are exported.
The following limitations apply:
•
When the interval is scheduled in units of hours, the value must divide evenly into 24. For example, the interval can be every 4 hours, but not every 5 hours.
•
When the interval is scheduled in units of minutes, the value must divide evenly into 60.
•
Only the more common choices of minutes are supported. For example, the interval can be 5 minutes or 10 minutes, but not 6 minutes.
•
Selection of interval alignment is limited. If an interval is configured for every 4 hours, it aligns with midnight. It cannot align with 12:30 or with 7 a.m.
•
Feature does not support different intervals within a 24-hour period. For example, it does not support an interval that is hourly during regular business hours and then every 4 hours during the night.
Transaction Log Archive Filenaming Convention
The archive transaction log file is named as follows for HTTP caching:
celog_10.1.118.5_20001228_235959.txtmms_export_10.1.118.5_20001228_235959If the export compress feature is enabled when the file is exported, then the file extension is .gz after the file is compressed for the export operation, as shown in the following example:
celog_10.1.118.5_20001228_235959.txt.gzmms_export_10.1.118.5_20001228_235959.gzTable 2-72 describes the name elements.
Table 2-73 lists the directory names and the corresponding examples of the archive filenames.
Compressing Archive Files
The transaction-logs export compress option compresses an archive into a gzip file format before exporting it. Compressing the archive file uses less disk space on both the SE and the File Transfer Protocol (FTP) export server. The compressed file uses less bandwidth when transferred. The archive filename of the compressed file has the extension .gz.
Exporting Transaction Logs to External FTP Servers
The transaction-logs export ftp-server option can support up to four FTP servers. To export transaction logs, first enable the feature and configure the FTP server parameters. The following information is required for each target FTP server:
•
FTP server IP address or the hostname
The SE translates the hostname with a Domain Name System (DNS) lookup and then stores the IP address in the configuration.
•
FTP user login and user password
•
Path of the directory where transferred files are written
Use a fully qualified path or a relative path for the user login. The user must have write permission to the directory.
Use the no form of the transaction-logs export enable command to disable the entire transaction logs feature while retaining the rest of the configuration.
Exporting Transaction Logs to External SFTP Servers
Use the transaction-logs export sftp-server option to export transaction logs. First enable the feature and configure the Secure File Transfer Protocol (SFTP) server parameters. The following information is required for each target SFTP server:
•
SFTP server IP address or the hostname
The SE translates the hostname with a DNS lookup and then stores the IP address in the configuration.
•
SFTP user login and user password
•
Path of the directory where transferred files are written
Use a fully qualified path or a relative path for the user login. The user must have write permission to the directory.
Use the no form of the transaction-logs export enable command to disable the entire transaction logs feature while retaining the rest of the configuration.
Receiving a Permanent Error from the External FTP Server
A permanent error (Permanent Negative Completion Reply, RFC 959) occurs when the FTP command to the server cannot be accepted, and the action does not take place. Permanent errors can be caused by invalid user logins, invalid user passwords, and attempts to access directories with insufficient permissions.
When an FTP server returns a permanent error to the SE, the export is retried at 10-minute intervals or sooner if the configured export interval is sooner. If the error is a result of a misconfiguration of the transaction-logs export ftp server command, then re-enter the SE parameters to clear the error condition. The show statistics transaction-logs command displays the status of logging attempts to export servers.
The show statistics transaction-logs command shows that the SE failed to export archive files.
The transaction-logs format command has three options: extended-squid, apache, and custom.
Use the no form of the transaction-logs export enable command to disable the entire transaction logs feature while retaining the rest of the configuration.
Configuring Intervals Between 1 Hour and 1 Day
The archive or export interval can be set for once a day with a specific time stamp. It can also be set for hour frequencies that align with midnight. For example, every 4 hours means archiving occurs at 0000, 0400, 0800, 1200, and 1600. It is not possible to archive at half-hour intervals such as 0030, 0430, or 0830. The following intervals are acceptable: 1, 2, 3, 4, 6, 8, 12, and 24.
Configuring Intervals of 1 Hour or Less
The interval can be set for once an hour with a minute alignment. It can also be set for frequencies of less than an hour; these frequencies align with the top of the hour. Every 5 minutes means that archiving occurs at 1700, 1705, and 1710.
Configuring Export Interval on Specific Days
The export interval can be set for specific days of the week at a specific time. One or more days can be specified. The default time is midnight.
Archived logs are automatically deleted when free disk space is low. It is important to select an export interval that exports files frequently enough so that files are not automatically removed before export.
Monitoring HTTP Request Authentication Failures in Real Time
HTTP transaction log messages are sent to a remote syslog server so that you can monitor the remote syslog server for HTTP request authentication failures in real time. This real-time transaction log allows you to monitor transaction logs in real time for particular errors such as HTTP request authentication errors. The existing transaction logging to the local file system remains unchanged.
![]()
Note
Because system logging (syslog) occurs through UDP, the message transport to the remote syslog host is not reliable.
Summary Line
The transaction logs include a summary line as the last line in the transaction log, which includes a summary of all the requests that appear in the transaction log.
Examples
The following example shows how to configure an FTP server:
ServiceEngine(config)#
transaction-logs export ftp-server 10.1.1.1 mylogin mypasswd /ftpdirectoryServiceEngine(config)#
transaction-logs export ftp-server myhostname mylogin mypasswd /ftpdirectoryThe following example shows how to delete an FTP server:
ServiceEngine(config)#
no transaction-logs export ftp-server 10.1.1.1ServiceEngine(config)#
no transaction-logs export ftp-server myhostnameUse the no form of the command to disable the entire transaction log export feature while retaining the rest of the configuration:
ServiceEngine(config)#
no transaction-logs export enableThe following example shows how to change a username, password, or directory:
ServiceEngine(config)#
transaction-logs export ftp-server 10.1.1.1 mynewname mynewpass /newftpdirectory![]()
Note
For security reasons, passwords are never displayed.
The following example shows how to restart the export of archive transaction logs:
ServiceEngine(config)# transaction-logs export ftp-server 172.16.10.5 goodlogin pass /ftpdirectory
The following example shows how to delete an SFTP server from the current configuration:
ServiceEngine(config)#
no transaction-logs export sftp-server sftphostnameThe following examples show how to configure the archiving intervals:
ServiceEngine(config)# transaction-logs archive interval every-dayat Specify the time at which to archive each dayevery Specify the interval in hours. It will align with midnightServiceEngine(config)# transaction-logs archive interval every-day at<0-23>: Time of day at which to archive (hh:mm)ServiceEngine(config)# transaction-logs archive interval every-day every<1-24> Interval in hours: { 1, 2, 3, 4, 6, 8, 12 or 24 }
The following example shows that the SE has failed to export archive files:
ServiceEngine# show statistics transaction-logsTransaction Log Export Statistics:Server:172.16.10.5Initial Attempts:1Initial Successes:0Initial Open Failures:0Initial Put Failures:0Retry Attempts:0Retry Successes:0Retry Open Failures:0Retry Put Failures:0Authentication Failures:1Invalid Server Directory Failures:0The following example shows how to correct a misconfiguration:
ServiceEngine(config)#
transaction-logs export ftp-server 10.1.1.1 goodlogin pass /ftpdirectoryThe working.log file and archived log files are listed for HTTP.
The following example shows how to export transaction logs to an SFTP server:
ServiceEngine(config)# transaction-logs export sftp-server 10.1.1.100 mylogin mypasswd /mydirThe following example shows how to archive every 4 hours and align with the midnight local time (0000, 0400, 0800, 1200, 1600, and 2000):
ServiceEngine(config)# transaction-logs archive interval every-day every 4The following example shows how to export once a day at midnight local time:
ServiceEngine(config)# transaction-logs export interval every-day every 24The following example shows how to configure export intervals:
ServiceEngine(config)# transaction-logs archive interval every-hour ?at Specify the time at which to archive each dayevery Specify interval in minutes. It will align with top of the hourServiceEngine(config)# transaction-logs archive interval every-hour at ?<0-59> Specify the minute alignment for the hourly archiveServiceEngine(config)# transaction-logs archive interval every-hour every ?<2-30> Interval in minutes: { 2, 5, 10, 15, 20, 30 }
Related Commands
type
To display the contents of a file, use the type command in EXEC configuration mode.
type filename
Syntax Description
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use this command to display the contents of a file within any SE file directory. This command may be used to monitor features such as transaction logging or system logging (syslog).
Examples
The following example shows how to display the syslog file on the SE:
ServiceEngine# type /local1/syslog.txtJan 10 22:02:46 (none) populate_ds: %SE-CLI-5-170050: VDS-OS Software starts bootingJan 10 22:02:47 (none) create_etc_hosts.sh: %SE-CLI-5-170051: HOSTPLUSDOMAIN: NO-HOSTNAMEJan 10 22:02:47 NO-HOSTNAME : %SE-CLI-5-170053: Recreated etc_hosts (1, 0)Jan 10 22:02:48 NO-HOSTNAME Nodemgr: %SE-NODEMGR-5-330082: [ CLI_VER_NTP ] requests stop service ntpd
Jan 10 22:02:49 NO-HOSTNAME Nodemgr: %SE-NODEMGR-5-330082: [ ver_tvout ] requests stop service tvoutsvr
Jan 10 22:02:50 NO-HOSTNAME Nodemgr: %SE-NODEMGR-5-330084: [ ver_rtspg ] requests restart service rtspg
Jan 10 22:02:50 NO-HOSTNAME Nodemgr: %SE-NODEMGR-5-330082: [ ver_iptv ] requests stop service sbss
Jan 10 22:02:51 NO-HOSTNAME Nodemgr: %SE-NODEMGR-5-330080: [ ver_telnetd ] requests start service telnetd
Jan 10 22:02:55 NO-HOSTNAME Nodemgr: %SE-NODEMGR-5-330082: [ Unknown ] requests stop service mcast_sender
Jan 10 22:02:55 NO-HOSTNAME Nodemgr: %SE-NODEMGR-5-330082: [ Unknown ] requests stop service mcast_receiver
Jan 10 22:02:56 NO-HOSTNAME Nodemgr: %SE-NODEMGR-5-330024: Service 'populate_ds' exited normally with code 0Jan 10 22:02:56 NO-HOSTNAME Nodemgr: %SE-NODEMGR-5-330040: Start service 'parser_server' using: '/ruby/bin/parser_server' with pid: 1753Jan 10 22:02:56 NO-HOSTNAME Nodemgr: %SE-NODEMGR-5-330040: Start service 'syslog_bootup_msgs' using: '/ruby/bin/syslog_bootup_msgs' with pid:1754Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4>Linux version 2.4.16 (cnbuild@builder2.cisco.com) (gcc version 3.0.4) # 1SMP Fri Jan 7 19:26:58 PST 2005Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <6>setup.c: handling flash window at [ 15MB. .16MB)Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <6>BIOS-provided physical RAM map:Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4> BIOS-e820: 0000000000000000 - 000000000009ec00 (usable)Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4> BIOS-e820: 000000000009ec00 - 00000000000a0000 (reserved)Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4> BIOS-e820: 00000000000e0800 - 0000000000100000 (reserved)Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4> BIOS-e820: 0000000000100000 - 0000000000f00000 (usable)Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4> BIOS-e820: 0000000000f00000 - 0000000001000000 (reserved)Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4> BIOS-e820: 0000000001000000 - 0000000010000000 (usable)Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4> BIOS-e820: 00000000fff00000 - 0000000100000000 (reserved)Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <6>setup.c: reserved bootmem for INITRD_START = 0x6000000, INITRD_SIZE = 11709348Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4>On node 0 totalpages: 65536Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4>zone(0): 4096 pages.Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4>zone(1): 61440 pages.Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4>zone(2): 0 pages.Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4>Local APIC disabled by BIOS -- reenabling.Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4>Found and enabled local APIC!Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4>Kernel command line: root=/dev/ram ramdisk_size=100000 ramdisk_start=0x6000000 console=ttyS0,9600n8Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <6>Initializing CPU# 0<output truncated>Related Commands
type-tail
To view a specified number of lines of the end of a log file or to view the end of the file continuously as new lines are added to the file, use the type-tail command in EXEC configuration mode.
type-tail filename [line | follow]
Syntax Description
Defaults
The default is ten lines shown.
Command Modes
EXEC configuration mode.
Usage Guidelines
This command allows you to monitor a log file by letting you view the end of the file. You can specify the number of lines at the end of the file that you want to view, or you can follow the last line of the file as it continues to log new information. To stop the last line from continuously scrolling, press Ctrl-C.
Examples
The following example shows the list of log files in the /local1 directory:
stream-ServiceEngine# ls /local1
WS441WebsenseWebsenseEnterpriseWebsense_config_backupWsInstallLogbadfile.txtcodecoveragecore.stunnel.5.3.0.b100.cnbuild.5381core_dircrashcrka.logcse_livecse_voddbdowngrade.logdbupgrade.logdowngradeerrorloghttp_authmod.unstripindex.htmllogslost+foundnetscape-401-proxynetscape-401-proxy1netscape-dumpnewwebsenseoldWsInstallLogpreload_dirproxy-basic1proxy1proxy2proxy3proxy4proxy5proxy6proxy7proxy8proxyreplyproxyreply-407real_vodruby.bin.cli_fixruby.bin.no_ws_fixruby.bin.ws_edir_fixsaservice_logssmartfiltersmfnaveensuperwebsensesyslog.txtsyslog.txt.1syslog.txt.2temptwo.txturl.txturllist.txtvarvpd.propertieswebsense.pre-200webtarball44webtarball520ws_upgrade.logThe following example shows how to display the last ten lines of the syslog.txt file. In this example, the number of lines to display is not specified; however, ten lines is the default.
stream-ServiceEngine# type-tail /local1/syslog.txt
Oct 8 21:49:15 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:15 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:15 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:17 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:17 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:17 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:19 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:19 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:19 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:21 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0The following example shows how to display the last 20 lines of the syslog.text file:
stream-ServiceEngine# type-tail /local1/syslog.txt 20
Oct 8 21:49:11 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:11 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:13 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:13 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:13 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:15 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:15 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:15 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:17 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:17 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:17 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:19 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:19 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:19 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:21 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:21 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:21 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:23 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:23 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:23 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLThe following example follows the file as it grows:
stream-ServiceEngine# type-tail /local1/syslog.txt ?<1-65535> The numbers of lines from endfollow Follow the file as it grows<cr>stream-ServiceEngine# type-tail /local1/syslog.txt follow
Oct 8 21:49:39 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:41 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:41 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:41 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:43 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:43 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:43 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:45 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:45 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:45 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:47 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:47 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:47 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:49 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:49 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:49 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLundebug
To disable debugging functions, use the undebug EXEC command.
undebug option
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
We recommend that you use the debug and undebug commands only at the direction of Cisco Technical Assistance Center (TAC). See the "debug" section for more information about debug functions.
Valid values for command are as follows:
Related Commands
Command Descriptiondebug
Configures the debugging options.
show debugging
Displays the state of each debugging option.
url-signature
The VDS-OS uses a combination of key owners, key ID numbers, and a word value to generate URL signature keys. To configure the url signature, use the url-signature command in global configuration mode.
url-signature key-id-owner num key-id-number id_num {key keyword | public key url [symmetric key word | private key url]}
no url-signature key-id-owner num key-id-number num
Syntax Description
Command Modes
Global configuration (config) mode.
Usage Guidelines
Service Rules for Directing Requests to a Policy Server
If your network is configured to work with Camiant PCMM-compliant third-party policy servers for servicing requests that require guaranteed bandwidth, you can use the following rule patterns and rule actions to filter the requests and to direct them to the policy server. The rule patterns and rule actions also enable you to generate URL signatures in the response for a valid request for a Windows Media metafile (.asx file extension), and to validate the URL signature on incoming requests to the SE. URL signature key authentication is implemented by using the generate-url-signature and validate-url-signature rule actions that can be applied to specific rule patterns.
The following table lists the rule patterns that support the use-icap-service rule action for directing requests that require guaranteed bandwidth to the third-party policy server:
You can set the use-icap-service rule action for any of the rule patterns above. If the request matches the parameters that you have set for the rule pattern, then the SE redirects the request to the third-party policy server using Internet Content Adaptation Protocol (ICAP) services. However, make sure that your network is configured to interoperate with the third-party policy server using ICAP services. You can set up the necessary ICAP configurations from the ICAP Services page. You can also use the rule pattern and rule action to generate URL signatures in the response for a valid request for a Windows Media metafile. You can use the following rule patterns to filter out requests for which you want to generate a URL signature key:
Rule Patern Descriptionurl-regex
Filters the request based on any regular expression in the URL.
domain
Filters the request based on the domain name specified.
For the rule patterns mentioned above, you can set the following rule actions:
![]()
Note
When configuring service rules, you must configure the same service rules on all SEs participating in a delivery service for the service rules to be fully implemented. The rule action must be common for all client requests because the SR may redirect a client request to any SE in a delivery service depending on threshold conditions.
URL Signing Components
However, because any of these strings in the URL could potentially be edited manually and circumvented by any knowledgeable user, it is important to generate and attach a signature to the URL. This can be achieved by attaching a keyed hash to the URL, using a secret key shared only between the signer (the portal) and the validating component (VDS-OS).
The URL signing script offers three different versions:
•
MD5 hash algorithm
•
SHA-1 hash algorithm
•
SHA-1 hash algorithm with the protocol removed from the beginning of the URL
When a URL is signed for Real-Time Streaming Protocol (RTSP) and a player does a fallback to HTTP for the same URL, the validation fails because the URL signature includes RTSP. If the URL signature does not include the protocol, the fallback URL is validated correctly even though the protocol is HTTP.
If you do not specify a version for the script, MD5 is used and the SIGV string in the script is not added.
At the portal, URLs can be signed for a particular user (client IP address) and expiry time using a URL signing script. The URL signing script example included in this section requires Python 2.3.4 or higher.
Following is an example of the URL signing script using the MD5 security hash algorithm:
python vos-ims-urlsign.py http://www.cisco.com/index.html 8.1.0.4 200000 1 2 ciscoAn example of the resulting signed URL follows:
http://www.cisco.com/index.html?IS=0&ET=1241194518&CIP=8.1.0.4&KO=1&KN=2&US=deebacde45bf71 6071c8b2fecaa755b9If you specify Version 1 for the script, SHA-1 is used and the SIGV=1 string is added.
Following is an example of the URL signing script using the SHA-1 security hash algorithm:
python vos-ims-urlsign.py http://www.cisco.com/index.html 8.1.0.4 200000 1 2 cisco 1An example of the resulting signed URL follows:
http://www.cisco.com/index.html?SIGV=1&IS=0&ET=1241194679&CIP=8.1.0.4&KO=1&KN=2&US=8349348 ffac7987d11203122a98e7e64e410fa18If you specify Version 2 for the script, SHA-1 is used. The protocol from the beginning of the URL is also removed before the signature is generated, and the SIGV=2 string is added. The protocol is RTSP, HTTP, or RTMP. The URL is signed without the protocol, but the final signed URL is printed with the protocol.
Following is an example of the URL signing script using the SHA-1 security hash algorithm with Version 2 specified:
python vos-ims-urlsign.py http://www.cisco.com/index.html 8.1.0.4 200000 1 2 cisco 2An example of the resulting signed URL follows:
http://www.cisco.com/index.html?SIGV=2&IS=0&ET=1241194783&CIP=8.1.0.4&KO=1&KN=2&US=68b5f5e d97d1255a0ec42a42a4f779e794df679c![]()
Note
The URL signature key field accepts only printable ASCII characters (alphabetic, numeric, and others) and does not support a space or the following special characters: pipe ( | ), question mark (?), double quotes ("), and apostrophe ('). The following special characters are allowed: {}!#$%&()*+,-./;:<=>@\~^[]_
Examples
Following is an example of generating and encrypting the public key and private key using the url-signature command:
ServiceEngine(config)# url-signature key-id-owner 1 key-id-number 10 public-key http://1.1.1.1/ec_pub_key private-key http://1.1.1.1/ec_pub_key symmetric-keyFollowing is an example of the URL signing script using the MD5 security hash algorithm:
python vos-ims-urlsign.py http://www.cisco.com/index.html 8.1.0.4 200000 1 2 ciscoAn example of the resulting signed URL follows:
http://www.cisco.com/index.html?IS=0&ET=1241194518&CIP=8.1.0.4&KO=1&KN=2&US=deebacde45bf71 6071c8b2fecaa755b9If you specify Version 1 for the script, SHA-1 is used and the SIGV=1 string is added.
Following is an example of the URL signing script using the SHA-1 security hash algorithm:
python vos-ims-urlsign.py http://www.cisco.com/index.html 8.1.0.4 200000 1 2 cisco 1An example of the resulting signed URL follows:
http://www.cisco.com/index.html?SIGV=1&IS=0&ET=1241194679&CIP=8.1.0.4&KO=1&KN=2&US=8349348 ffac7987d11203122a98e7e64e410fa18If you specify Version 2 for the script, SHA-1 is used. The protocol from the beginning of the URL is also removed before the signature is generated, and the SIGV=2 string is added. The protocol is RTSP, HTTP, or RTMP. The URL is signed without the protocol, but the final signed URL is printed with the protocol.
Following is an example of the URL signing script using the SHA-1 security hash algorithm with Version 2 specified:
python vos-ims-urlsign.py http://www.cisco.com/index.html 8.1.0.4 200000 1 2 cisco 2An example of the resulting signed URL follows:
http://www.cisco.com/index.html?SIGV=2&IS=0&ET=1241194783&CIP=8.1.0.4&KO=1&KN=2&US=68b5f5e d97d1255a0ec42a42a4f779e794df679cusername
To establish username authentication, use the username command in global configuration mode.
username name {cifs-password | samba-password} {0 plain_word | 1 lan_crypto nt_crypto | clear_text} | password {0 plain_word | 1 crypto_word | clear_text} [uid u_id] | privilege {0 | 15}}
no username name
Syntax Description
Defaults
The password value is set to 0 (cleartext) by default.
Default administrator account:
•
Uid: 0
•
Username: admin
•
Password: default
•
Privilege: superuser (15)
Command Modes
Global configuration (config) mode.
Usage Guidelines
The username command changes the password and privilege level for existing user accounts.
![]()
Note
The following characters are not permitted in a username or password: ? . / ; [ ] { } " @ = |.
User Authentication
User access is controlled at the authentication level. For every HTTP or HTTPS request that applies to the administrative interface, including every CLI and API request that arrives at the VDS-OS network devices, the authentication level has visibility into the supplied username and password. Based on CLI-configured parameters, a decision is then made to either accept or reject the request. This decision is made either by checking local authentication or by performing a query against a remote Authentication Server. The authentication level is decoupled from the authorization level, and there is no concept of role or domain at the authentication level.
When local CLI authentication is used, all configured users can be displayed by entering the show running-config command. Normally, only administrative users need to have username authentication configured.
![]()
Note
Every VDS-OS network device should have an administrative password that can override the default password.
User Authorization
Domains and roles are applied by the VOSM at the authorization level. Requests must be accepted by the authentication level before they are considered by the authorization level. The authorization level regulates the access to resources based on the VOSM GUI role and domain configuration.
Regardless of the authentication mechanism, all user authorization configuration is visible in the GUI.
Examples
When you first connect a VDS-OS device to a VDS-OS network, you should immediately change the password for the username admin, which has the password default, and the privilege-level superuser.
The following example shows how to change the password:
ServiceEngine(config)# username admin password yoursecretThe following example shows how passwords and privilege levels are reconfigured:
ServiceEngine# show user username abeddoeUid : 2003Username : abeddoePassword : ghQ.GyGhP96K6Privilege : normal userServiceEngine# show user username bwhidneyUid : 2002Username : bwhidneyPassword : bhlohlbIwAMOkPrivilege : normal userServiceEngine(config)# username bwhidney password 1 victoriaServiceEngine(config)# username abeddoe privilege 15User's privilege changed to super user (=15)ServiceEngine# show user username abeddoeUid : 2003Username : abeddoePassword : ghQ.GyGhP96K6Privilege : super userServiceEngine# show user username bwhidneyUid : 2002Username : bwhidneyPassword : mhYWYw.7P1Ld6Privilege : normal userRelated Commands
Command Descriptionshow user
Displays the user identification number and username information for a particular user.
show users
Displays the specified users.
vosm
To configure the VDS-OS IP address to be used for the SEs or SRs, or to configure the role and GUI parameters on a VOSM device, use the vosm command in global configuration mode. To negate these actions, use the no form of this command.
vosm {ip {hostname | ip-address | role {primary | standby} | ui port port-num}}
no vosm {ip | role {primary | standby} | ui port}
Syntax Description
Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
You can use the vosm ui port command to change the VOSM GUI port from the standard number 8443 as follows:
VOSM(config)# vosm ui port 35535
![]()
Note
The role and ui options are only available on VOSM devices. Changing the VOSM GUI port number automatically restarts the Centralized Management System (CMS) service if this has been enabled.
The vosm ip command associates the device with the VOSM so that the device can be approved as a part of the network.
After the device is configured with the VOSM IP address, it presents a self-signed security certificate and other essential information, such as its IP address or hostname, disk space allocation, and so forth, to the VOSM.
Configuring Devices Inside a Network Address Translation (NAT) Firewall
In a VDS-OS network, there are two methods for a device registered with the VOSM (SEs, SRs, or standby VOSM) to obtain configuration information from the primary VOSM. The primary method is for the device to periodically poll the primary VOSM on port 443 to request a configuration update. You cannot configure this port number. The backup method is when the VOSM pushes configuration updates to a registered device as soon as possible by issuing a notification to the registered device on port 443. This method allows changes to take effect in a timelier manner. You cannot configure this port number even when the backup method is being used. VDS-OS networks do not work reliably if devices registered with the VOSM are unable to poll the VOSM for configuration updates. Similarly, when a receiver SE requests content and content metadata from a forwarder SE, it contacts the forwarder SE on port 443.
All the above methods become complex in the presence of NAT firewalls. When a device (SEs at the edge of the network, SRs, and primary or standby VOSMs) is inside a NAT firewall, those devices that are inside the same NAT use one IP address (the inside local IP address) to access the device and those devices that are outside the NAT use a different IP address (the inside global IP address) to access the device. A centrally managed device advertises only its inside local IP address to the VOSM. All other devices inside the NAT use the inside local IP address to contact the centrally managed device that resides inside the NAT. A device that is not inside the same NAT as the centrally managed device is not able to contact it without special configuration.
If the primary VOSM is inside a NAT, you can allow a device outside the NAT to poll it for getUpdate requests by configuring a static translation (inside global IP address) for the VOSM's inside local IP address on its NAT, and using this address, rather than the VOSM's inside local IP address, in the vosm ip ip-address command when you register the device to the VOSM. If the SE or SR is inside a NAT and the VOSM is outside the NAT, you can allow the SE or SR to poll for getUpdate requests by configuring a static translation (inside global IP address) for the SE or SIR's inside local address on its NAT and specifying this address in the Use IP Address field under the NAT Configuration heading in the Device Activation window.
![]()
Note
Static translation establishes a one-to-one mapping between your inside local address and an inside global address. Static translation is useful when a host on the inside must be accessible by a fixed address from the outside.
Standby VOSMs
The VDS-OS software implements a standby VOSM. This process allows you to maintain a copy of the VDS-OS network configuration. If the primary VOSM fails, the standby can be used to replace the primary.
For interoperability, when a standby VOSM is used, it must be at the same software version as the primary VOSM to maintain the full VOSM configuration. Otherwise, the standby VOSM detects this status and does not process any configuration updates that it receives from the primary VOSM until the problem is corrected.
![]()
Note
We recommend that you upgrade your standby VOSM first and then upgrade your primary VOSM. We also recommend that you create a database backup on your primary VOSM and copy the database backup file to a safe place before you upgrade the software.
Switching a VOSM from Warm Standby to Primary
If your primary VOSM becomes inoperable for some reason, you can manually reconfigure one of your warm standby VOSMs to be the primary VOSM. Configure the new role by using the global configuration vosm role primary command as follows:
ServiceEngine# configure
ServiceEngine(config)# vosm role primary
This command changes the role from standby to primary and restarts the management service to recognize the change.
![]()
Note
Check the status of recent updates from the primary VOSM. Use the show cms info command in EXEC configuration mode and check the time of the last update. To be current, the update time should be between 1 and 5 minutes old. You are verifying that the standby VOSM has fully replicated the primary VOSM configuration. If the update time is not current, check whether there is a connectivity problem or if the primary VOSM is down. Fix the problem, if necessary, and wait until the configuration has replicated as indicated by the time of the last update. Make sure that both VOSMs have the same Coordinated Universal Time (UTC) configured.
If you switch a warm standby VOSM to primary while your primary VOSM is still online and active, both VOSMs detect each other, automatically shut themselves down, and disable management services. The VOSMs are switched to halted, which is automatically saved in flash memory.
Examples
The following example shows how to configure an IP address and a primary role for a VOSM:
VOSM(config)# vosm ip 10.1.1.1VOSM(config)# vosm role primaryThe following example shows how to configure a new GUI port to access the VOSM GUI:
VOSM(config)# vosm ui port 8550
The following example shows how to configure the VOSM as the standby VOSM:
VOSM(config)# vosm role standbySwitching VOSM to standby will cause all configuration settings made on this VOSMto be lost.Please confirm you want to continue [ no ] ?yes
Restarting CMS servicesThe following example shows how to configure the standby VOSM with the IP address of the primary VOSM by using the vosm ip ip-address command. This command associates the device with the primary VOSM so that it can be approved as a part of the network.
VOSM# vosm ip 10.1.1.1web-engine (EXEC configuration)
To configure the Web Engine, use the web-engine command in EXEC configuration mode.
web-engine {debug-module {all | ContentStore | datasource | dataxferengine | httpcache | httpclient | httpsessionmgr | none} | trace-flow url [add-header string] | transaction-monitor {write-to-file | filename} | undebug-module {datasource | dataxferengine | httpcache | httpclient | httpsessionmgr}
Syntax Description
Defaults
Realtime Monitor interval: 10 seconds
Command Modes
EXEC configuration mode.
Usage Guidelines
See the "web-engine (global configuration)" section for information on configuring caching parameters.
The web-engine transaction-monitor command monitors the transaction logs and publishes the statistics and information regarding latency. For this command to work, transaction logs have to be enabled and must be in apache format or extended squid format. There should be at least one transaction every 10 second, and the output of the command can be logged to a file or printed in the console.
Transaction logs must be enabled to see this command. Enable Transaction logs by entering the transaction-logs enable command in global configuration mode.
The logs are written to /local/local1/<dirname>. The logs are consumed by a GUI that displays this information as charts. There should be at least one transaction every interval.
![]()
Note
If the transaction monitor is only run for a short duration, the script is killed before the block has been filled or flushed to a disk, and the output file is empty.
Examples
The following example shows how to debug CAL-related issues:
ServiceEngine# debug web-engine trace
ServiceEngine# web-engine debug-module contentStore
ServiceEngine#The following example shows how to debug the DataSource module:
ServiceEngine# web-engine debug-module datasource
ServiceEngine#The following example shows how to debug the DataSource module:
ServiceEngine# web-engine undebug-module datasource
ServiceEngine#The following example shows how to display the Web Engine statistics without a file name:
ServiceEngine# web-engine transaction-monitor
=============================================================================The statistics will be generated every 10 secs if there are any transactions.Please press Ctrl-C to stop monitoring the transactions logs===================== Fri Oct 22 13:58:29 UTC 2010 ===================HTTP Response Code - Statistics-------------------------------200 | 404 |414 | 44 |Cache Access Status - Statistics--------------------------------TCP_HIT ==> 414TCP_MISS ==> 44Average Bitrate ==> 1022.74899 kbpsLongest Latency ==> 0.06369 secs[http://www.testing.com/index.html]=============================================================================The statistics will be generated every 10 secs if there are any transactions.Please press Ctrl-C to stop monitoring the transactions logs===================== Fri Oct 22 13:58:44 UTC 2010 ===================HTTP Response Code - Statistics-------------------------------200 | 404 |606 | 66 |Cache Access Status - Statistics--------------------------------TCP_HIT ==> 606TCP_MISS ==> 66Average Bitrate ==> 1720.00367 kbpsLongest Latency ==> 0.06369 secs[http://www.testing.com/index.html]The following example shows how to display the Web Engine statistics with a file name:
ServiceEngine# web-engine transaction-monitor
=============================================================================The statistics will be generated every 10 secs if there are any transactions.Please press Ctrl-C to stop monitoring the transactions logs===================== Mon May 09 06:00:32 PDT 2011 ===================HTTP Response Code - Statistics-------------------------------200 |12 |Cache Access Status - Statistics--------------------------------TCP_HIT ==> 6TCP_REFRESH_HIT ==> 1TCP_MISS ==> 5Average Bitrate ==> 879.26616 kbpsLongest Latency ==> 0.00627 secs[http://2.225.3.08/index.html]=============================================================================The statistics will be generated every 10 secs if there are any transactions.Please press Ctrl-C to stop monitoring the transactions logsServiceEngine#The following example shows how to write transaction-monitor logs to an external file and issue a request that the statistics be redirected to the specified file:
ServiceEngine# web-engine transaction-monitor write-to-file sree2.txt
=============================================================================The statistics will be generated every 10 secs if there are any transactions.Please press Ctrl-C to stop monitoring the transactions logsThe Statistics are written to the file /local1/logs/sree2.txtServiceEngine#Related Commands
web-engine (global configuration)
To configure the Web Engine, use the web-engine command in global configuration mode. To negate these actions, use the no form of this command.
web-engine {abr-session-log enable | cache {age-multiplier {days num | hours num | minutes num | seconds num} | max-ttl {days num | hours num | minutes num | seconds num}} | min-ttl {days num | hours num | minutes num | seconds num}} | http-ingest-logging enable | max-concurrent-sessions session_num | revalidation {disable | must revalidate}}
no web-engine {abr-session-log enable | cache {age-multiplier {days num | hours num | minutes num | seconds num} | max-ttl {days num | hours num | minutes num | seconds num}} | min-ttl {days num | hours num | minutes num | seconds num}} | http-ingest-logging enable | max-concurrent-sessions session_num | revalidation {disable | must revalidate}}
Syntax Description
Defaults
ABR Session Log: disabled
Age Multiplier: 30
min-ttl: 60
max-ttl: 61
Range Cache Fill: disabled
Revalidation: enabledCommand Modes
Global configuration (config) mode.
Usage Guidelines
The web-engine range-cache-fill command is not supported in VDS-OS 2.0.
During cache-miss scenarios, the web-engine range-cache-fill enable command enables the Web Engine to cache the full content when a client requests a content range where the first byte of the range is zero (0). The full content is cached and only the requested range is sent to the client.
If the first byte of the range is not zero (0), the content is not cached and the client receives only the requested content range from the content origin service.
If this configuration parameter is not enabled and the range request is specified with the first byte of the range being zero and the last byte not specified, the full content is cached on the SE and served to the client.
The request bundling has the following behavior during an active cache-fill session:
•
If a content is not cached, the first client accessing that content goes to the origin service to download the full content. This is the cache-fill period.
•
During the cache-fill period,
–
If other clients request the same content in a GET of the full object, those clients do not go to the origin service, but feed off of the cache-fill session.
–
If there are clients requesting the same content in a range-request (a portion of the file), those clients go to the origin service directly to fetch that range.
For small files, when there is a cache-fill in progress that could satisfy the subsequent request, the clients are served the ongoing cache-fill without initiating a range request to the upstream device.
For large files, if the ongoing cache-fill has not yet been cached, a new feed is immediately initiated for the request range and for subsequent range requests.
•
After the object is fully cached, all future requests (both GET and range request) are served from the local cache.
For request bundling, if the range request portion is already cached, it is served out of the local cache, even if the full file is not finished downloading yet. Only when a portion of the range requested is not yet all on disk does the request follow the VDS-OS hierarchy to locate the cached content, ending at the origin service.
The no web engine range-cache-fill command does not alter the behavior of the range request "bytes=0-" which caches full content and also serves full content to the client.
The show running-config command and the show web-engine all command display the configuration state of this parameter.
For dynamic cached contents, the revalidation command triggers only after the cached object is expired by the min/max ttl values. The must-revalidate command forces the revalidation of cached objects whether or not the cached object is expired.
![]()
Note
Configuring Web Engine Service Rules is done though the VOSM, not the CLI.
The web-engine feature-cachefill command has just one configurable option, enable, which turns it on or off.
When the web-engine abr-session-log enable command is executed, the Web Engine uses Per Session ABR transaction logs. When it is disabled, the Web Engine uses Per Transaction ABR logs. If ABR session framework is not enabled, the Web Engine uses normal HTTP transaction logs disregarding this configuration. This command is disabled by default.
Ingest Transaction Logs
The web-engine http-ingest-logging enable command enables Web Engine ingest transaction logs that are used to log details of every upstream request sent by the Web Engine to the upstream SEs and origin services. Ingest transaction logs only stores request details of cache-miss content and cache-hit content with a revalidation request; details of prefetched content are not stored in the ingest transaction logs.
The Web Engine ingest transaction logs are located in the /local/local1/logs/webengine_ingestlog_clf directory.
The ingest log file format is as follows:
Time URL FailOverSvrList ServerIP BytesRead BytesToRead AssetSize %DownloadComplete DownloadTime(Seconds) ReadCallBack Status-Returned MIME-Type Revalidation-Request VOSDomain ConnectionInfo(LocalPort|ConnectTime|Retry|ReUse) IngestStatus
The following are several ingest log file examples:
[26/Aug/2011:04:12:56.429-0700] http://3.1.7.30/error-b404-1170329 3.1.7.35/3.1.7.30/ 3.1.7.35 0 0 0 0 6 0 504 - No spirent.spcdn.com 38694|Fri_Aug_26_04:12:56_2011|0|1 READ_TIMEOUT_HEADER[26/Aug/2011:04:12:55.056-0700] http://3.1.7.30/error-b404-1187409 3.1.7.35/3.1.7.30/ 3.1.7.35 0 0 0 0 3 1 500 - No spirent.spcdn.com 38194|Fri_Aug_26_04:12:55_2011|0|1 NO_NEED_TO_GET_BODY[30/Aug/2011:05:19:02.700-0700] http://os.cdn.we.com/we/test.html 3.1.7.35/7.25.0.20/ 3.1.7.35 18028071 18028071 18028071 100 3 1670 200 text/html;charset=UTF-8 No youtube.cdn.we.com 21449|Tue_Aug_30_05:19:02_2011|0|1 SUCCESS_FINISH[04/Aug/2011:22:24:11.810-0700] http://7.25.0.20/we/index1.html 7.25.0.20/ 7.25.0.20 0 0 0 0 2 0 504 - Yes[If_None_Match:"5a585a1-19-7a6c8580"] - 20345|Thu_Aug__4_22:24:11_2011|1|1 CONNECT_CB_SOCK_ERRTable 2-74 describes the fields for the ingest transaction log.
Examples
The following example shows how to configure caching parameters:
ServiceEngine(config)# web-engine cache min-ttl 20
ServiceEngine(config)#ServiceEngine(config)# web-engine cache max-ttl minutes 50
ServiceEngine(config)#![]()
Note
The web-engine cache command is not supported in VDS-OS 2.0.
The following example shows how to enable http ingest logging for each request to Upstream:
ServiceEngine(config)# web-engine http-ingest-logging enable
ServiceEngine(config)#The following example shows how to enable cache fill (of full content) on range requests when the first byte is 0(zero):
ServiceEngine(config)# web-engine range-cache-fill enable
ServiceEngine(config)#![]()
Note
The web-engine range-cache-fill command is not supported in VDS-OS 2.0.
So the following GET request caches full content (file_cache.html) and serves only 100 bytes (0-99) to the client:
GET http://171.79.89.10/file_cache.html HTTP/1.1Host:171.79.89.10Range:bytes=0-99But the following GET request does not cache the content (here file_no_cache.html) and serves 100 bytes (10-109) to client:
GET http://171.79.89.10/file_no_cache.html HTTP/1.1Host:171.79.89.10Range:bytes=10-109The following example shows how to disable the cache fill option on range request:
ServiceEngine(config)# no web-engine range-cache-fill enable
ServiceEngine(config)#![]()
Note
The web-engine range-cache-fill command is not supported in VDS-OS 2.0.
This GET request does not cache the contents and serves only requested bytes to client(s).
The following example shows how to disable revalidation on the Web Engine:
ServiceEngine(config)# web-engine revalidation disable
![]()
Note
The web-engine revalidation disable command is not supported in VDS-OS 2.0.
The following example shows how to enable ABR per Session logging:
ServiceEngine(config)# transaction-logs enable
ServiceEngine(config)# web-engine abr-session-log enable
Or
ServiceEngine(config)# transaction-logs enable
ServiceEngine(config)# web-engine abr-session-log enable exclusive
Related Commands
Command Descriptionshow statistics web-engine
Displays the Web Engine statistics.
show web-engine
Displays the Web Engine information.
web-engine (EXEC)
Configures the Web Engine module.
whoami
To display the username of the current user, use the whoami command in EXEC configuration mode.
whoami
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use this command to display the username of the current user.
Examples
The following example shows how to display the username of the user who has logged in to the SE:
ServiceEngine# whoamiadminRelated Commands
write
To save startup configurations, use the write command in EXEC configuration mode.
write [erase | memory | terminal]
Syntax Description
Defaults
The configuration is written to NVRAM by default.
Command Modes
EXEC configuration mode.
Usage Guidelines
Use this command to either save running configurations to NVRAM or erase memory configurations. Following a write erase command, no configuration is held in memory, and a prompt for configuration specifics occurs after you reboot the SE.
Use the write terminal command to display the current running configuration in the terminal session window. The equivalent command is show running-config.
The write memory command saves modified Websense configuration files (the eimserver.ini, config.xml, and websense.ini files and the Blockpages directory) across disk reconfiguration and VDS-OS software release upgrades.
![]()
Note
Clicking the Save Changes button from the Websense Enterprise Manager window does not save the Websense configuration modifications across device reboots. You need to use the write memory command to save the Websense configuration changes across reboots.
Execute the write memory command to save the most recent configuration modifications, including websense.ini file modifications and Websense URL filtering configuration changes. The write memory command enables the changes made from the external Websense Manager GUI to be saved across disk reconfiguration and upgrades (which might erase disk content).
The Websense configurations from the last use of the write memory command are retained under the following situations:
•
If the write memory command is not used before a reboot but after a disk reconfiguration or a VDS-OS software upgrade that erases disk content.
•
If you are using the CLI and did not answer Yes when asked if you wanted to save the configurations at the reload prompt.
However, if the write memory command has never been used before, then default configurations are applied when the content in the /local1/WebsenseEnterprise/EIM directory on the SE is erased.
Examples
The following command saves the running configuration to NVRAM:
ServiceEngine# write memoryRelated Commands
Command Descriptioncopy
Copies the configuration or image files to and from the CD-ROM, flash memory, disk, or remote hosts.
show running-config
Displays the current operating configuration.