Application Control Engine Module Command Reference (Software Version A2(3.0))
Probe Configuration Mode Commands
Download this chapter
Probe Configuration Mode CommandsProbe Configuration Mode Commands
Download the complete book
Cisco Application Control Engine Moduole Command Reference (Software Version A2(3.0))Cisco Application Control Engine Moduole Command Reference (Software Version A2(3.0)) (PDF - 13 MB)
give_us_feedback

Table Of Contents

Probe Configuration Mode Commands

(config-probe-probe_type) community

(config-probe-probe_type) connection term

(config-probe-probe_type) credentials

(config-probe-probe_type) description

(config-probe-probe_type) domain

(config-probe-probe_type) expect address

(config-probe-probe_type) expect regex

(config-probe-probe_type) expect status

(config-probe-probe_type) faildetect

(config-probe-probe_type) hash

(config-probe-probe_type) header

(config-probe-probe_type) interval

(config-probe-probe_type) ip address

(config-probe-probe_type) nas ip address

(config-probe-probe_type) oid

(config-probe-probe_type) open

(config-probe-probe_type) passdetect

(config-probe-probe_type) port

(config-probe-probe_type) receive

(config-probe-probe_type) request command

(config-probe-probe_type) request method

(config-probe-probe_type) script

(config-probe-probe_type) send-data

(config-probe-probe_type) ssl cipher

(config-probe-probe_type) ssl version

(config-probe-probe_type) version

Probe SNMP OID Configuration Mode Commands

(config-probe-snmp-oid) threshold

(config-probe-snmp-oid) type absolute max

(config-probe-snmp-oid) weight


Probe Configuration Mode Commands

Probe configuration mode commands allow you to configure health monitoring on the ACE to track the state of a server by sending out probes. Also referred to as out-of-band health monitoring, the ACE verifies the server response or checks for any network problems that can prevent a client from reaching a server. Based on the server response, the ACE can place the server in or out of service and can make reliable load-balancing decisions. You can also use health monitoring to detect failures for a gateway or host in high availability configurations. The ACE identifies the health of a server in the following categories:

Passed—The server returns a valid response.

Failed—The server fails to provide a valid response to the ACE or the ACE is unable to reach a server for a specified number of retries.

The ACE supports 4096 unique probe configurations, which includes ICMP, TCP, HTTP, and other predefined health probes. The ACE can execute only up to 200 concurrent script probes at a time. The ACE also allows the opening of 1000 sockets simultaneously.

To configure probes and access probe configuration mode for that probe type, use the probe command. The CLI prompt changes to (config-probe-probe_type). For information about the commands in all probe configuration modes, see the commands in this section. See the "Command Modes" section for each command to find out to which probe-type configuration modes a specific command applies.

Use the no form of this command to remove a probe from the configuration.

probe probe_type probe_name

no probe probe_type probe_name

Syntax Description

probe_type

Type of probe to configure. The probe type determines what the probe sends to the server. Enter one of the following types:

 

dns—Sends a request to a DNS server that passes a configured domain to the server (by default, the domain is www.cisco.com). To determine whether the server is up, the ACE must receive one of the configured IP addresses for that domain.

 

echo {tcp | udp}—Sends a specified string to the server and compares the response to the original string. You must configure the string that needs to be echoed. If the response string matches the original string, the server is marked as passed. If you do not configure a string, the probe behaves like a TCP or UDP probe.

 

finger—Uses a Finger query to a server for an expected response string. The ACE searches the response for the configured string. If the ACE finds the expected response string, the server is marked as passed. If you do not configure an expected response string, the ACE ignores the server response.

 

ftp —Establishes a TCP connection to the server and then issues a quit command.

 

http—Establishes a TCP connection and issues an HTTP request to the server for an expected string and status code. The ACE can compare the received response with configured codes, looking for a configured string in the received HTTP page, or verifying hash for the HTTP page. If any of these checks fail, the server is marked as failed.

For example, if you configure an expected string and status code and the ACE finds them both in the server response, the server is marked as passed. However, if the ACE does not receive either the server response string or the expected status code, it marks the server as failed.

If you do not configure a status code, any response code from the server is marked as failed.

 

https—Similar to an HTTP probe except that it uses Secure Sockets Layer (SSL) to generate encrypted data.

 

icmp—Sends an ICMP echo request and listens for a response. If a server returns a response, the ACE marks the server as passed. If the server does not send a response, causing the probe to time out, or if the server sends an unexpected ICMP echo response type, the ACE marks the probe as failed.

 

imap—Makes a server connection and sends user credential (login, password, and mailbox) information. The ACE can send a configured command. Based on the server response, the ACE marks the probe as passed or failed.

 

pop—Initiates a session and sends the configured credentials. The ACE can send a configured command. Based on the server response, the ACE marks the probe as passed or failed.

 

radius—Sends a query using a configured username, password, and shared secret to a RADIUS server. If the server is up, it is marked as passed. If you configure a Network Access Server (NAS) address, the ACE uses it in the outgoing packet. Otherwise, the ACE uses the IP address associated with the outgoing interface as the NAS address.

 

rtsp—Establishes a TCP connection and sends a request packet to the server. The ACE compares the response with the configured response code to determine whether the probe has succeeded.

 

scripted—Allows you to run a script to execute the probe that you created for health monitoring. You can author specific scripts with features not present in standard health probes.

 

sip {tcp | udp}—Establishes a TCP or UDP connection and sends an OPTIONS request packet to the user agent on the server. The ACE compares the response with the configured response code or expected string, or both, to determine whether the probe has succeeded. If you do not configure an expected status code, any response from the server is marked as failed.

 

smtp—Initiates an SMTP session by logging into the server, sends a HELLO message, and then disconnects from the server.

 

snmp—Establishes a UDP connection and sends a maximum of eight SMNP OID queries to probe the server. The ACE weighs and averages the load information that is retrieved and uses it as input to the least-loaded algorithm for load-balancing decisions. If the retrieved value is within the configured threshold, the server is marked as passed. If the threshold is exceeded, the server is marked as failed.

 

tcp—Initiates a TCP 3-way handshake (SYN, SYN-ACK, ACK) and expects the server to send a response. By default, a successful response causes the probe to mark the server as passed and send a FIN to end the session. If the response is not valid or if there is no response, the probe marks the server as failed.

 

telnet—Establishes a connection to the server and verifies that a greeting from the application was received.

 

udp—Sends a UDP packet to a server and marks the server as failed only if the server returns an ICMP Port Unreachable message. If the ACE does not receive any ICMP errors for the UDP request that was sent, the probe is marked as passed. Optionally, you can configure this probe to send specific data and expect a specific response to mark the server as passed.

If the IP interface of the server is down or disconnected, the UDP probe by itself would not know that the UDP application is not reachable.

probe_name

Identifier for the probe. Use the probe name to associate the probe to the server. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.


Command Modes

Configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.

A2(1.0)

This command was revised.


Usage Guidelines

This command requires the probe feature in your user role. For details about role-based access control (RBAC) and user roles, see the Cisco Application Control Engine Module Virtualization Configuration Guide.

Examples

To define a TCP probe named PROBE, and access its mode, enter: 

host1/Admin(config)# probe tcp PROBE1

host1/Admin(config-probe-tcp)#

To delete the TCP probe named PROBE1 for TCP and access its mode, enter: 

host1/Admin(config)# probe tcp PROBE1

Related Commands

clear stats
show probe
show running-config
show stats

(config-probe-probe_type) community

To change the community string used by an SNMP probe, use the community command. Use the no form of this command to remove the community string.

community text

no community

Syntax Description

text

Name of the SNMP community string for the server. Enter a text string with a maximum of 255 alphanumeric characters.


Command Modes

SNMP probe configuration mode

Admin and user contexts

Command History

Release
Modification

A2(1.0)

This command was introduced.


Usage Guidelines

An ACE Simple Network Management Protocol (SNMP) probe accesses the server through its community string. By default, the community string is not set.

Examples

To configure the private community string, enter: 

host1/Admin(config-probe-snmp)# community private

To reset the community string to its default value of public, enter: 

host1/Admin(config-probe-snmp)# no community

Related Commands

show probe

(config-probe-probe_type) connection term

To configure the ACE to terminate a TCP connection by sending a RST, use the connection term command. Use the no form of this command to reset its default of graceful termination.

connection term forced

no connection term forced

Syntax Description

This command has no keywords or arguments.

Command Modes

ECHO TCP, Finger, FTP, HTTP, HTTPS, IMAP, POP, RTSP, SIP TCP, SMTP, TCP, and Telnet probe configuration modes

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

This command applies only to TCP-based probes. By default, the ACE terminates a TCP connection gracefully by sending a FIN to the server.

Examples

To terminate a TCP connection by sending a RST for a TCP probe, enter: 

host1/Admin(config-probe-tcp)# connection term forced

To reset the method to terminate a connection gracefully, enter: 

host1/Admin(config-probe-tcp)# no connection term forced

Related Commands

show probe

(config-probe-probe_type) credentials

To configure the credentials for username and password authentication of a probe to access a server, use the credentials command. For a Remote Authentication Dial-In User Service (RADIUS) probe, a shared secret may also be required. For an Internet Message Access Protocol (IMAP) probe, you can provide a mailbox username. Use the no form of this command to remove the credentials from the configuration.

For HTTP, HTTPS, and POP probes, the syntax is as follows:

credentials username [password]

For RADIUS probes, the syntax is as follows:

credentials username password [secret shared_secret]

For IMAP probes, the syntax is as follows:

credentials {username password} | {mailbox name}

For HTTP, HTTPS, POP, and RADIUS probes, the syntax is as follows:

no credentials

For IMAP probes, the syntax is as follows:

no credentials {username | mailbox}

Syntax Description

username

User identifier used for authentication. Enter an unquoted text string with a maximum of 64 alphanumeric characters.

password

(Optional except for RADIUS and IMAP probes) Password used for authentication. Enter an unquoted text string with a maximum of 64 alphanumeric characters.

mailbox name

(IMAP probe) Specifies the user mailbox name from which to retrieve e-mail for an IMAP probe. Enter an unquoted text string with a maximum of 64 alphanumeric characters.

secret shared_secret

(RADIUS probe) Specifies the password used for the MD5 hash encryption algorithm. Enter an unquoted text string with a maximum of 64 alphanumeric characters.


Command Modes

HTTP, HTTPS, IMAP, POP, and RADIUS probe configuration modes

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

You must configure the credentials for an IMAP probe using the credentials command before you configure the mailbox or the ACE will ignore the specified user mailbox name.

Examples

To configure the username ENG1 and a password TEST for an HTTP probe, enter: 

host1/Admin(config-probe-http)# credentials ENG1 TEST

To delete the credentials for a probe, enter: 

host1/Admin(config-probe-http)# no credentials

To configure the user mailbox LETTERS for an IMAP probe, enter: 

host1/Admin(config-probe-imap)# credentials mailbox LETTERS

To delete the mailbox for the IMAP probe, enter: 

host1/Admin(config-probe-imap)# no credentials mailbox

Related Commands

show probe

(config-probe-probe_type) description

To provide a description for a probe, use the description command. Use the no form of this command to remove the description for the probe.

description text

no description

Syntax Description

text

Description for the probe. Enter a text string with a maximum of 240 alphanumeric characters.


Command Modes

All probe-type configuration modes

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

This command has no usage guidelines.

Examples

To configure a description THIS PROBE IS FOR TCP SERVERS for a TCP probe, enter: 

host1/Admin(config-probe-tcp)# description THIS PROBE IS FOR TCP SERVERS

To remove the description THIS PROBE IS FOR TCP SERVERS for a TCP probe, enter: 

host1/Admin(config-probe-tcp)# no description

Related Commands

show probe

(config-probe-probe_type) domain

To configure the domain name that the probe sends to the DNS server to resolve, use the domain command. Use the no form of this command to reset the default domain (www.cisco.com) that the probe sends to the server.

domain name

no domain

Syntax Description

name

Domain that the probe sends to the DNS server. Enter an unquoted text string with a maximum of 255 alphanumeric characters.


Command Modes

DNS probe configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

The DNS probe sends a domain name for the DNS server to resolve. By default, the probe uses the www.cisco.com domain name.

Examples

To configure the domain name of MARKET, enter: 

host1/Admin(config-probe-dns)# domain MARKET

To reset the default domain that the probe sends to the DNS server, enter: 

host1/Admin(config-probe-dns)# no domain

Related Commands

show probe

(config-probe-probe_type) expect address

To configure one or more IP addresses that the ACE expects as a server response to a DNS request, use the expect address command. The probe matches the received IP address with the configured addresses. Use the no form of this command to remove the expected IP address from the configuration.

expect address ip_address

no expect address ip_address

Syntax Description

ip_address

IP address expected from the DNS server in response to the DNS probe request for a domain. Enter a unique IPv4 address in dotted-decimal notation (for example, 192.168.12.15).


Command Modes

DNS probe configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

A DNS probe sends a request for a domain to a DNS server. The ACE uses the IP address specified in the expect address command to decide whether to pass or fail the DNS probe for the server based on the server response. You can specify multiple IP addresses with this command by entering the command with a different address separately.

Examples

To configure expected IP addresses of 192.8.12.15 and 192.8.12.23, enter: 

host1/Admin(config-probe-dns)# expect address 192.8.12.15

host1/Admin(config-probe-dns)# expect address 192.8.12.23

To remove an IP address, enter: 

host1/Admin(config-probe-dns)# no expect address 192.168.12.15

Related Commands

show probe

(config-probe-probe_type) expect regex

To configure what the ACE expects as a response from the probe destination server, use the expect regex command. Use the no form of this command to remove the expectation of a response expression.

expect regex string [offset number]

For TCP and UDP probes, the syntax is as follows:

no expect

For Finger, HTTP, HTTPS, and SIP probes, the syntax is as follows:

no expect regex

Syntax Description

string

Expected response string from the probe destination. Enter an unquoted text string with no spaces. If the string includes spaces, enclose the string in quotes. The string can be a maximum of 255 alphanumeric characters.

offset number

(Optional) Sets the number of characters into the received message or buffer where the probe starts searching for the defined expression. Enter a number from 1 to 4000.


Command Modes

Finger, HTTP, HTTPS, SIP, TCP, and UDP probe configuration modes

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

When you configure a probe to expect a string from a server, it searches the response for a configured string. If the ACE finds the expected string, the server is marked as passed. If you do not configure an expected string, the ACE ignores the server response.

For HTTP or HTTPS probes, the server response must include the Content-Length header for the expect regex command to function. Otherwise, the probe does not attempt to parse the regex.

Examples

To configure a TCP probe to expect an ACK response, enter: 

host1/Admin(config-probe-tcp)# expect regex ack

To remove the expectation of a response expression for a TCP probe, enter: 

host1/Admin(config-probe-tcp)# no expect

To remove the expectation of a response expression for an HTTP probe, enter: 

host1/Admin(config-probe-http)# no expect regex

Related Commands

show probe

(config-probe-probe_type) expect status

To configure a single status code or a range of status code responses that the ACE expects from the probe destination, use the expect status command. You can specify multiple status code ranges with this command by entering the command with different ranges separately. Use the no form of this command to remove the expected status code or codes from the configuration.

expect status min_number max_number

no expect status min_number max_number

Syntax Description

min_number

Single status code or the lower limit of a range of status codes. Enter an integer from 0 to 999.

max_number

Upper limit of a range of status codes. Enter an integer from 0 to 999. When configuring a single code, reenter the min_number value.


Command Modes

FTP, HTTP, HTTPS, RTSP, SIP, and SMTP probe configuration modes

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

When the ACE receives a response from the server, it expects a status code to mark a server as passed. By default, no status codes are configured on the ACE. If you do not configure a status code, any response code from the server is marked as failed.

You can specify multiple status code ranges with this command by entering the command with different ranges one at a time. Both the min_number and the max_number values can be any integer between 0 and 999 if the max_number is greater than or equal to the min_number. When the min_number and max_number values are the same, the ACE uses a single status code number.

Examples

To configure an expected status code of 200 that indicates that the HTTP request was successful, enter: 

host1/Admin(config-probe-http)# expect status 200 200

To configure a range of expected status codes from 200 to 202, enter: 

host1/Admin(config-probe-rtsp)# expect status 200 202

To configure multiple ranges of expected status codes from 200 to 202 and 204 to 205, configure each range separately. Enter: 

host1/Admin(config-probe-http)# expect status 200 202

host1/Admin(config-probe-http)# expect status 204 205

To remove a single expected status code of 200, enter: 

host1/Admin(config-probe-sip-udp)# no expect status 200 200

To remove a range of expected status codes, enter: 

host1/Admin(config-probe-http)# no expect status 200 202

To remove multiple ranges of expected status codes, you must remove each range separately. If you have set two different ranges (200 to 202 and 204 to 205), enter: 

host1/Admin(config-probe-http)# no expect status 200 202

host1/Admin(config-probe-http)# no expect status 204 205

Related Commands

show probe

(config-probe-probe_type) faildetect

To change the number of consecutive failed probes, use the faildetect command. Use the no form of this command to reset the number of probe retries to its default.

faildetect retry-count

no faildetect

Syntax Description

retry_count

Consecutive number of failed probes before marking the server as failed. Enter a number from 1 to 65535. The default is 3.


Command Modes

All probe-type configuration modes

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

Before the ACE marks a server as failed, it must detect that probes have failed a consecutive number of times. By default, when three consecutive probes have failed, the ACE marks the server as failed.

Examples

To set the number of failed probes to 5 before declaring the server as failed for a TCP probe, enter: 

host1/Admin(config-probe-tcp)# faildetect 5

To reset the number of probe failures to the default of 3, enter: 

host1/Admin(config-probe-tcp)# no faildetect

Related Commands

show probe

(config-probe-probe_type) hash

To configure the ACE to dynamically generate the MD5 hash value or manually configure the value, use the hash command. By default, no hash value is configured on the ACE. Use the no form of this command to configure the ACE to no longer compare the referenced hash value to the computed hash value.

hash [value]

no hash

Syntax Description

value

(Optional) The MD5 hash value that you want to manually configure. Enter the MD5 hash value as a hexadecimal string with exactly 32 characters (16 bytes).


Command Modes

HTTP and HTTPS probe configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

If you do not use this command to configure the hash value, the ACE does not calculate a hash value on the HTTP data returned by the probe.

When you enter this command with no argument, the ACE generates the hash on the HTTP data returned by the first successful probe. If subsequent HTTP server hash responses match the generated hash value, the ACE marks the server as passed. If a mismatch occurs due to changes to the HTTP data, the probe fails and the show probe ... detail command displays an MD5 mismatch error in the Last disconnect error field.

To clear the reference hash and have the ACE recalculate the hash value at the next successful probe, change the URL or method by using the request method command.

The server response must include the Content-Length header for the hash command to function. Otherwise, the probe does not attempt to parse the hash value.

You can configure the hash command on a probe using the HEAD method, however there is no data to hash and has no effect causing the probe to always succeed.

Examples

To configure the ACE to generate the hash on the HTTP data returned by the first successful probe, enter: 

host1/Admin(config-probe-http)# hash

To manually configure a hash value, enter: 

host1/Admin(config-probe-http)# hash 0123456789abcdef0123456789abcdef

To configure the ACE to no longer compare the referenced hash value to the computed hash value, enter: 

host1/Admin(config-probe-http)# no hash

Related Commands

show probe

(config-probe-probe_type) request method

(config-probe-probe_type) header

To configure a header field value for a probe, use the header command. Use the no form of this command to remove the header field from the probe configuration.

For HTTP and HTTPS probes, the syntax is as follows:

header field_name header-value field_value

no header field_name

For RTSP probes, the syntax is as follows:

header {require | proxy-require} header-value field_value

no header {require | proxy-require}

Syntax Description

field_name

(HTTP and HTTPS probes) Identifier for a standard header field. Enter a text string with a maximum of 64 alphanumeric characters. If the header field includes spaces, enclose the string in quotation marks ("). You can also enter one of the following header keywords:

 

Accept—Accept request header

 

Accept-Charset—Accept-Charset request header

 

Accept-Encoding—Accept-Encoding request header

 

Accept-Language—Accept-Language request header

 

Authorization—Authorization request header

 

Cache-Control—Cache-Control general header

 

Connection—Connection general header

 

Content-MD5—Content-MD5 entity header

 

Expect—Expect request header

 

From—From request header

 

Host—Host request header

 

If-Match—If-Match request header

 

Pragma—Pragma general header

 

Referer—Referer request header

 

Transfer-Encoding—Transfer-Encoding general header

 

User-Agent—User-Agent request header

 

Via—Via general header

header-value field_value

(HTTP and HTTPS probes) Specifies the value assigned to the header field. Enter a text string with a maximum of 255 alphanumeric characters. If the value string includes spaces, enclose the string in quotation marks (").

require

(RTSP probes) Specifies the Require header.

proxy-require

(RTSP probes) Specifies the Proxy-Require header.

header-value field_value

(RTSP probes) Specifies the value assigned to the header field. Enter an alphanumeric string with no spaces and a maximum of 255 characters.


Command Modes

HTTP, HTTPS, and RTSP probe configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.

A2(1.0)

This command was revised.


Usage Guidelines

For each HTTP or HTTPS probe in your configuration, you can configure multiple header fields.

Examples

To configure the Accept-Encoding HTTP header with a value of identity, enter: 

host1/Admin(config-probe-http)# header Accept-Encoding header-value identity

To remove the header with the Accept-Encoding field name from the probe, enter: 

host1/Admin(config-probe-http)# no header Accept-Encoding

To configure the RTSP REQUIRE header with a field value of implicit-play, enter: 

host1/Admin(config-probe-rtsp)# header require header-value implicit-play

To remove the header configuration for the RTSP probe, enter: 

host1/Admin(config-probe-rtsp)# no header require

To remove a Proxy-Require header, enter: 

host1/Admin(config-probe-rtsp)# no header proxy-require

Related Commands

show probe

(config-probe-probe_type) interval

To change the time interval between probes, use the interval command. The time interval between probes is the frequency that the ACE sends probes to the server marked as passed. Use the no form of this command to reset the default time interval of seconds.

interval seconds

no interval

Syntax Description

seconds

Time interval in seconds. Enter a number from 2 to 65535. The default is .


Command Modes

All probe-type configuration modes

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

The open timeout value for TCP-based probes and the receive timeout value can impact the execution time for a probe. When the probe interval is less than or equal to these timeout values and the server takes a long time to respond or it fails to reply within the timeout values, the probe is skipped. When the probe is skipped, the No. Probes skipped counter through the show probe detail command increments.

Examples

To configure a time interval of 50 seconds for a TCP probe, enter: 

host1/Admin(config-probe-tcp)# interval 50

To reset the time interval to the default of seconds, enter: 

host1/Admin(config-probe-tcp)# no interval

Related Commands

show probe

(config-probe-probe_type) ip address

To override the destination address that the probe uses, use the ip address command. By default, the probe uses the IP address from the real server or server farm configuration for the destination IP address. Use the no form of this command to reset the default of the probe.

ip address ip_address [routed]

no ip address

Syntax Description

ip_address

Destination IP address. The default is the IP address from the real server or server farm configuration. Enter a unique IPv4 address in dotted-decimal notation (for example, 192.168.12.15).

routed

(Optional) Routes the address according to the ACE internal routing table. Hardware-initiated SSL probes do not support this option.


Command Modes

All probe-type configuration modes except scripted probe configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

This command has no usage guidelines.

Examples

To configure a TCP probe destination IP address 192.168.12.15, enter: 

host/Admin1(config-probe-tcp)# ip address 192.168.12.15

To reset the default of the probe using the IP address from the real server or server farm configuration, enter: 

host1/Admin(config-probe-tcp)# no ip address

Related Commands

show probe

(config-probe-probe_type) nas ip address

To configure a Network Access Server (NAS) address, use the nas ip address command. Use the no form of this command to remove the NAS address.

nas ip address ip_address

no nas ip address

Syntax Description

ip_address

NAS IP address. Enter a unique IPv4 address in dotted-decimal notation (for example, 192.168.12.15). By default, if a NAS address is not configured for the Remote Authentication Dial-In User Service (RADIUS) probe, the ACE uses the IP address associated with the outgoing interface as the NAS address.


Command Modes

RADIUS probe configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

If a NAS address is not configured for the RADIUS probe, the ACE performs a route lookup on the RADIUS server IP address.

Examples

To configure a NAS address of 192.168.12.15, enter: 

host1/Admin(config-probe-radius)# nas ip address 192.168.12.15

To remove the NAS IP address, enter: 

host1/Admin(config-probe-radius)# no nas ip address

Related Commands

show probe

(config-probe-probe_type) oid

To configure an Object Identifier (OID) for an SNMP probe, use the oid command. When you enter this command, the CLI prompt changes to (config-probe-snmp-oid). For information about the commands available in probe SNMP OID configuration mode, see the Probe SNMP OID Configuration Mode Commands section. Use the no form of this command to remove the OID from the probe configuration.

oid string

no oid string

Syntax Description

string

OID that the probe uses to query the server for a value. Enter an unquoted string with a maximum of 255 alphanumeric characters in dotted-decimal notation. The OID string is based on the server type.


Command Modes

SNMP probe configuration mode

Admin and user contexts

Command History

Release
Modification

A2(1.0)

This command was introduced.


Usage Guidelines

When the ACE sends a probe with an SNMP OID query, the ACE uses the retrieved value as input to the least-loaded algorithm for load-balancing decisions. Least-loaded load balancing bases the server selection on the server with the lowest load value. If the retrieved value is within the configured threshold, the server is marked as passed. If the threshold is exceeded, the server is marked as failed.

You can configure a maximum of eight OID queries to probe the server.

Examples

To configure the OID string .1.3.6.1.4.1.2021.10.1.3.1 and access probe SNMP OID configuration mode, enter: 

host1/Admin(config-probe-snmp)# oid .1.3.6.1.4.1.2021.10.1.3.1

host1/Admin(config-probe-snmp-oid)#

To remove the OID string, enter: 

host1/Admin(config-probe-snmp)# no oid .1.3.6.1.4.1.2021.10.1.3.1

Related Commands

show probe
(config-probe-snmp-oid) threshold
(config-probe-snmp-oid) type absolute max
(config-probe-snmp-oid) weight

(config-probe-probe_type) open

To configure the time interval for a connection to be established through a TCP three-way handshake, use the open command. By default, when the ACE sends a probe, it waits 10 seconds to open and establish the connection with the server. Use the no form of this command to reset its default of .

open timeout

no open

Syntax Description

timeout

Time in seconds. Enter an integer from 1 to 65535. The default is .


Command Modes

Echo TCP, Finger, FTP, HTTP, HTTPS, IMAP, POP, RTSP, scripted, SIP TCP, SMTP, TCP, and Telnet probe configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

The open timeout value for TCP-based probes and the receive timeout value can impact the execution time for a probe. When the probe interval is less than or equal to these timeout values and the server takes a long time to respond or it fails to reply within the timeout values, the probe is skipped. When the probe is skipped, the No. Probes skipped counter increments through the show probe detail command.

Examples

To configure the wait time interval to 25 seconds for a TCP probe, enter: 

host1/Admin(config-probe-tcp)# open 25

To reset the time interval to its default of , enter: 

host1/Admin(config-probe-tcp)# no open

Related Commands

show probe

(config-probe-probe_type) passdetect

To configure the time interval to send a probe to a failed server and the number of consecutive successful probe responses required to mark the server as passed, use the passdetect command. Use the no form of this command to reset the default of waiting seconds before sending out a probe to a failed server and marking a server as passed if it receives 3 consecutive successful responses.

passdetect {interval seconds | count number}

no passdetect {interval | count}

Syntax Description

interval seconds

Specifies the wait time interval in seconds. Enter a number from 2 to 65535. The default is .

count number

Specifies the number of successful probe responses from the server. Enter a number from 1 to 65535. The default is 3.


Command Modes

All probe-type configuration modes except scripted probe configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

For best results, we recommend that you do not configure a passdetect interval value of less than 30 seconds. If you configure a passdetect interval value of less than 30 seconds, the open timeout and receive timeout values are set to their default values, and a real server fails to respond to a probe, overlapping probes may result, which can cause management resources to be consumed unnecessarily and the No. Probes skipped counter to increase.

After the ACE marks a server as failed, it waits a period of time and then sends a probe to the failed server. When the ACE receives a number of consecutive successful probes, it marks the server as passed. By default, the ACE waits seconds before sending out a probe to a failed server and marks a server as passed if it receives 3 consecutive successful responses.

The receive timeout value can impact the execution time for a probe. When the probe interval is less than or equal to this timeout value and the server takes a long time to respond or it fails to reply within the timeout value, the probe is skipped. When the probe is skipped, the No. Probes skipped counter increments through the show probe detail command.

Examples

To configure a wait interval of 10 seconds for a TCP probe, enter: 

host1/Admin(config-probe-tcp)# passdetect interval 10

To configure five success probe responses from the server before declaring it as passed, enter: 

host1/Admin(config-probe-tcp)# passdetect count 5

To reset the wait interval to its default, enter: 

host1/Admin(config-probe-tcp)# no passdetect interval

To reset the successful probe responses to its default, enter: 

host1/Admin(config-probe-tcp)# no passdetect count

Related Commands

show probe

(config-probe-probe_type) port

To configure the port number that the probe uses, use the port command. Use the no form of this command to reset the port number based on the probe type.

port port-number

no port

Syntax Description

port-number

Port number for the probe. Enter an integer from 1 to 65535.


Command Modes

All probe-type configuration modes except ICMP probe configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

Table 2-20 lists the default port numbers for each probe type.

Table 2-20 Default Port Numbers for Probe Types

Probe Type
Default Port Number

DNS

53

Echo

7

Finger

79

FTP

21

HTTP

80

HTTPS

443

ICMP

Not applicable

IMAP

143

POP

110

RADIUS

1812

RTSP

554

SIP (TCP and UDP)

5060

SMTP

25

Telnet

23

TCP

80

UDP

53


Examples

To configure a port number of 88 for an HTTP probe, enter: 

host1/Admin(config-probe-HTTP)# port 88

To reset the port number to its default, in this case, port 80 for an HTTP probe, enter: 

host1/Admin(config-probe-HTTP)# no port

Related Commands

show probe

(config-probe-probe_type) receive

To configure the time period that the ACE expects to receive a server response to the probe, use the receive command. Use the no form of this command to reset its default of 10 seconds.

receive seconds

no receive

Syntax Description

seconds

Time to wait in seconds. Enter an integer from 1 to 65535. The default is 10.


Command Modes

All probe-type configuration modes

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

By default, when the ACE sends a probe, it expects a response within a time period of 10 seconds. For example, for an HTTP probe, the timeout period is the number of seconds to receive an HTTP reply for a GET or HEAD request. If the server fails to respond to the probe, the ACE marks the server as failed.

The open timeout value for TCP-based probes and the receive timeout value can impact the execution time for a probe. When the probe interval is less than or equal to these timeout values and the server takes a long time to respond or it fails to reply within the timeout values, the probe is skipped. When the probe is skipped, the No. Probes skipped counter increments through the show probe detail command.

Examples

To configure the timeout period for a response at 5 seconds for a TCP probe, enter: 

host1/Admin(config-probe-TCP)# receive 5

To reset the time period to receive a response from the server to its default of 10 seconds, enter: 

host1/Admin(config-probe-TCP)# no receive

Related Commands

show probe

(config-probe-probe_type) request command

To configure the request command used by an Internet Message Access Protocol (IMAP) or POP probe, use the request command command. Use the no form of this command to remove the request command from the configuration.

request command command

no request

Syntax Description

command

Request command for the probe. Enter a text string with a maximum of 32 alphanumeric characters with no spaces.


Command Modes

IMAP and POP probe configuration modes

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.

A2(1.0)

This command was revised.


Usage Guidelines

You must configure the name of the mailbox using the (config-probe-probe_type) credentials command before you configure the request command used by an IMAP probe or the ACE will ignore the specified request command.

Examples

To configure the last request command for an IMAP probe, enter: 

host1/Admin(config-probe-imap)# request command last

To remove the request command for the probe, enter: 

host1/Admin(config-probe-imap)# no request

Related Commands

show probe

(config-probe-probe_type) request method

To configure the request method and URL used by a probe, use the request method command. Use the no form of this command to reset the default request method.

For HTTP and HTTPS probes, the syntax is as follows:

request method {get | head} [url url_string]

no request method {get | head} [url url_string]

For RTSP probes, the syntax is as follows:

request method {options | describe url url_string}

no request method

For SIP probes, the syntax is as follows:

request method options

no request method

Syntax Description

get

(HTTP or HTTPS probe) Configures the HTTP GET request method to direct the server to get the page. This method is the default.

head

(HTTP or HTTPS probe) Configures the HTTP HEAD request method to direct the server to get only the header for the page.

url url_string

(HTTP or HTTPS probe) Specifies the URL string used by the probe. Enter an alphanumeric string with a maximum of 255 characters. The default string is a forward slash (/).

options

(RTSP or SIP probe) Specifies the OPTIONS request method. This is the default method. The ACE uses the asterisk (*) request URL for this method.

describe url url_string

(RTSP probe) Specifies the DESCRIBE request method. The url_string is the URL request for the RTSP media stream on the server. Enter an alphanumeric string with a maximum of 255 characters.


Command Modes

HTTP, HTTPS, RTSP, and SIP probe configuration modes

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.

A2(1.0)

This command was revised.


Usage Guidelines

By default, the HTTP request method is a GET with the URL of a forward slash (/). If you do not configure a URL, the HTTP or HTTPS probe functions as a TCP probe.

By default, the RTSP request method is the OPTIONS method. You can also configure the DESCRIBE method.

By default, the SIP request method is the OPTIONS method; this method is the only method available for SIP probes.

Examples

To configure the HTTP HEAD request method and the /digital/media/graphics.html URL used by an HTTP probe, enter: 

host1/Admin(config-probe-http)# request method head url /digital/media/graphics.html

To reset the HTTP method for the probe to HTTP GET with a URL of "/", enter: 

host1/Admin(config-probe-http)# no request method head url /digital/media/graphics.html

To configure an RTSP probe to use the URL rtsp:///media/video.smi, enter: 

host1/Admin(config-probe-rtsp)# request method describe url 
rtsp://192.168.10.1/media/video.smi

To reset the default RTSP request method (OPTIONS), use the no request method or the request method options command. For example, enter: 

host1/Admin(config-probe-rtsp)# no request method

Related Commands

show probe

(config-probe-probe_type) hash

(config-probe-probe_type) script

To specify the script name and the arguments to be passed to a scripted probe, use the script command. Use the no form of this command to remove the script and its arguments from the configuration.

script script_name [script_arguments]

no script

Syntax Description

script_name

Name of the script. Enter an unquoted text string with no spaces and a maximum of 255 alphanumeric characters.

script_arguments

(Optional) Data sent to the script. Enter a text string with a maximum of 255 alphanumeric characters including spaces and quotes. Separate each argument by a space. If a single argument contains spaces, enclose the argument string in quotes.


Command Modes

Scripted probe configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

Scripted probes run probes from a configured script to perform health probing. You can also configure arguments that are passed to the script. Before you can associate a script file with a probe, you must copy and load the script on the ACE. For information about TCL scripts and instructions for copying and loading script files on the ACE, see the Cisco Application Control Engine Module Server Load-Balancing Configuration Guide.

The ACE allows the configuration of 256 unique script files.

The ACE can simultaneously execute only 200 scripted probe instances. When this limit is exceeded, the show probe detail command displays the "Out-of Resource: Max. script-instance limit reached" error message in the Last disconnect err field and the out-of-sockets counter increments.

Examples

To configure the script name of PROBE-SCRIPT and arguments of double question marks (??), enter: 

host1/Admin(config-probe-scrptd)# script PROBE-SCRIPT ??

To remove the script and its arguments from the configuration, enter: 

host1/Admin(config-probe-scrptd)# no script

Related Commands

show probe
show script
(config) script file

(config-probe-probe_type) send-data

To configure the ASCII data that the probe sends when the ACE connects to the server, use the send-data command. Use the no form of this command to remove the data from the configuration.

send-data expression

no send-data

Syntax Description

expression

ASCII data that the probe sends. Enter an unquoted text string with no spaces and a maximum of 255 alphanumeric characters.


Command Modes

ECHO, Finger, TCP, and UDP probe configuration modes

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

If you do not configure the send-data command for a UDP probe, the probe sends one byte, 0x00.

Examples

To configure a TCP probe to send TEST as the data, enter: 

host1/Admin(config-probe-tcp)# send-data TEST

To remove the data, enter: 

host1/Admin(config-probe-tcp)# no send-data

Related Commands

show probe

(config-probe-probe_type) ssl cipher

To configure the probe to expect a specific type of RSA cipher suite from the back-end server, use the ssl cipher command. Use the no form of this command to reset its default of accepting any RSA configured cipher suites.

ssl cipher {RSA_ANY | cipher_suite}

no ssl cipher

Syntax Description

RSA_ANY

Specifies that the probe accepts any of the RSA configured cipher suites. This is the default.

cipher_suite

RSA cipher suite that the probe expects from the back-end server. Enter one of the following keywords:

 

RSA_EXPORT1024_WITH_DES_CBC_SHA

 

RSA_EXPORT1024_WITH_RC4_56_MD5

 

RSA_EXPORT1024_WITH_RC4_56_SHA

 

RSA_EXPORT_WITH_DES40_CBC_SHA

 

RSA_EXPORT_WITH_RC4_40_MD5

 

RSA_WITH_3DES_EDE_CBC_SHA

 

RSA_WITH_AES_128_CBC_SHA

 

RSA_WITH_AES_256_CBC_SHA

 

RSA_WITH_DES_CBC_SHA

 

RSA_WITH_RC4_128_MD5

 

RSA_WITH_RC4_128_SHA


Command Modes

HTTPS probe configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

This command has no usage guidelines.

Examples

To configure the HTTPS probes with the RSA_WITH_RC4_128_SHA cipher suite, enter: 

host1/Admin(config-probe-https)# ssl cipher RSA_WITH_RC4_128_SHA

To reset the default of the HTTPS probes accepting any RSA cipher suite, enter: 

host1/Admin(config-probe-https)# ssl cipher RSA_ANY

To reset the default by using the no ssl cipher command, enter: 

host1/Admin(config-probe-https)# no ssl cipher

Related Commands

show probe

(config-probe-probe_type) ssl version

To configure the version of Secure Sockets Layer (SSL) that the probe supports, use the ssl version command. Use the no form of this command to reset the default to SSL version 3.

ssl version {all | SSLv3 | TLSv1}

no ssl version

Syntax Description

all

Configures the probe to support all SSL versions.

SSLv3

Configures the probe to support SSL version 3. This is the default.

TLSv1

Configures the probe to support TLS version 1.


Command Modes

HTTPS probe configuration mode

Admin and user contexts

Command History

Release
Modification

3.0(0)A1(2)

This command was introduced.


Usage Guidelines

The version in the ClientHello message sent to the server indicates the highest supported version.

Examples

To configure the probe to support all SSL versions, enter: 

host1/Admin(config-probe-https)# ssl version all

To reset the default of SSL version 3, enter: 

host1/Admin(config-probe-https)# no ssl version

Related Commands

show probe

(config-probe-probe_type) version

To configure the version of SNMP that the probe supports, use the version command. Use the no form of this command to reset the version to its default value of SNMP version 1.

version {1 | 2c}

no version

Syntax Description

1

Configures the probe to support SNMP version 1. This is the default.

2c

Configures the probe to support SNMP version 2c.


Command Modes

SNMP probe configuration mode

Admin and user contexts

Command History

Release
Modification

A2(1.0)

This command was introduced.


Usage Guidelines

The version in the SNMP OID query sent to the server indicates the supported SNMP version. By default, the probe supports SNMP version 1.

Examples

To configure the probe to use SNMP version 2c, enter: 

host1/Admin(config-probe-snmp)# version 2c

To reset the version of SNMP to the default value, SNMP version 1, enter: 

host1/Admin(config-probe-snmp)# no version

Related Commands

show probe

Probe SNMP OID Configuration Mode Commands

Probe SNMP OID configuration mode commands allow you to configure an OID for an SNMP probe. To configure an OID for an SNMP probe and access probe SNMP OID configuration mode, use the oid command in SNMP probe configuration mode. The CLI prompt changes to (config-probe-snmp-oid). For information about the commands in this mode, see the following commands. Use the no form of this command to remove the OID from the SNMP probe configuration.

oid string

no oid string

Syntax Description

string

OID that the probe uses to query the server for a value. Enter an unquoted string with a maximum of 255 alphanumeric characters in dotted-decimal notation. The OID string is based on the server type.


Command Modes

SNMP probe configuration mode

Admin and user contexts

Command History

Release
Modification

A2(1.0)

This command was introduced.


Usage Guidelines

When the ACE sends a probe with an SNMP OID query, the ACE uses the retrieved value as input to the least-loaded algorithm for load-balancing decisions. Least-loaded load balancing bases the server selection on the server with the lowest load value. If the retrieved value is within the configured threshold, the server is marked as passed. If the threshold is exceeded, the server is marked as failed.

You can configure a maximum of eight OID queries to probe the server.

Examples

To configure the OID string .1.3.6.1.4.2021.10.1.3.1 and access probe SNMP OID configuration mode, enter: 

host1/Admin(config-probe-snmp)# oid .1.3.6.1.4.2021.10.1.3.1

host1/Admin(config-probe-snmp-oid)#

To remove the OID string, enter: 

host1/Admin(config-probe-snmp)# no oid .1.3.6.1.4.2021.10.1.3.1

Related Commands

show probe
(config-probe-snmp-oid) threshold
(config-probe-snmp-oid) type absolute max
(config-probe-snmp-oid) weight

(config-probe-snmp-oid) threshold

To specify the threshold value for an OID, use the threshold command. Use the no form of this command to remove the threshold value.

threshold integer

no threshold integer

Syntax Description

integer

Threshold value to take the server out of service. When the OID value is based on a percentile, enter an integer from 0 to 100, with a default value of 100. When the OID is based on an absolute value, the threshold range is from 1 to the maximum value specified using the type absolute max command.


Command Modes

Probe SNMP OID configuration mode

Admin and user contexts

Command History

Release
Modification

A2(1.0)

This command was introduced.


Usage Guidelines

You can configure a threshold for an OID value so that when the threshold is exceeded, the server is taken out of service.

When the ACE sends a probe with an SNMP OID query, the ACE uses the retrieved value as input to the least-loaded algorithm for load-balancing decisions. Least-loaded load balancing bases the server selection on the server with the lowest load value. If the retrieved value is within the configured threshold, the server is marked as passed. If the threshold is exceeded, the server is marked as failed.

By default, the OID value is based on a percentile. If you use the type absolute maximum command to base the OID on an absolute value, the threshold range is from 1 to the maximum value specified with the type absolute maximum command.

Examples

To configure a threshold of 90 for the OID, enter: 

host1/Admin(config-probe-snmp-oid)# threshold 90

To remove the threshold from the OID, enter: 

host1/Admin(config-probe-snmp-oid)# no threshold

Related Commands

show probe
(config-probe-probe_type) oid
(config-probe-snmp-oid) type absolute max
(config-probe-snmp-oid) weight

(config-probe-snmp-oid) type absolute max

To specify that the retrieved OID value is an absolute value, use the type absolute max command. Use the no form of this command to remove the absolute value.

type absolute max integer

no type

Syntax Description

integer

Expected OID value. Enter an integer from 1 through 4294967295.


Command Modes

Probe SNMP OID configuration mode

Admin and user contexts

Command History

Release
Modification

A2(1.0)

This command was introduced.


Usage Guidelines

When the ACE sends a probe with an SNMP OID query, the ACE uses the retrieved value as input to the least-loaded algorithm for load-balancing decisions. By default, the ACE assumes that the retrieved OID value is a percentile value.

Least-loaded load balancing bases the server selection on the server with the lowest load value. If the retrieved value is within the configured threshold, the server is marked as passed. If the threshold is exceeded, the server is marked as failed.

When you configure the type absolute max command, we recommend that you also configure the value for the threshold command because the default threshold value is 100 and is not automatically adjusted with respect to the type absolute max value.

The no type command resets the values of both the type absolute max command and the threshold command to a value of 100.

Examples

To specify that the retrieved maximum OID value is 597, enter: 

host1/Admin(config-probe-snmp-oid)# type absolute max 597

To remove the OID value and reset the expected OID to a percentile, enter: 

host1/Admin(config-probe-snmp-oid)# no type

Related Commands

show probe
(config-probe-probe_type) oid
(config-probe-snmp-oid) threshold
(config-probe-snmp-oid) weight

(config-probe-snmp-oid) weight

To configure the weight to be assigned to this OID for the SNMP probe, use the weight command. Use the no form of this command to remove the weight.

weight number

no weight

Syntax Description

number

Weight value assigned to this OID for the SNMP probe. Enter an integer from 0 to 16000.


Command Modes

Probe SNMP OID configuration mode

Admin and user contexts

Command History

Release
Modification

A2(1.0)

This command was introduced.


Usage Guidelines

If you configure more than one OID and they are used in a load-balancing decision, you must configure a weight value.

When the ACE sends a probe with an SNMP OID query, the ACE uses the retrieved value as input to the least-loaded algorithm for load-balancing decisions. Least-loaded load balancing bases the server selection on the server with the lowest load value. If the retrieved value is within the configured threshold, the server is marked as passed. If the threshold is exceeded, the server is marked as failed.

Examples

To configure a weight of 90 for the OID, enter: 

host1/Admin(config-probe-snmp-oid)# weight 90

To remove the threshold from the OID, enter: 

host1/Admin(config-probe-snmp-oid)# no weight

Related Commands

show probe
(config-probe-probe_type) oid
(config-probe-snmp-oid) threshold
(config-probe-snmp-oid) type absolute max