User Guide
Page 1
... 2011 Note The most current Cisco documentation for the Cisco ACE 4700 Series Application Control Engine Appliance. For information on the ACE features and configuration details, see the ACE appliance documentation located on www.cisco.com at: http://www.cisco.com/en/US/products/ps7027/... later for released products is available on Cisco.com from Software Release A4(2.0) or Later • Ordering an Upgrade License and Generating a Key • Upgrading Your ACE Software in a Redundant Configuration • Downgrading Your ACE Software in Software Release A4(1.1), A3(2.7), and...
... 2011 Note The most current Cisco documentation for the Cisco ACE 4700 Series Application Control Engine Appliance. For information on the ACE features and configuration details, see the ACE appliance documentation located on www.cisco.com at: http://www.cisco.com/en/US/products/ps7027/... later for released products is available on Cisco.com from Software Release A4(2.0) or Later • Ordering an Upgrade License and Generating a Key • Upgrading Your ACE Software in a Redundant Configuration • Downgrading Your ACE Software in Software Release A4(1.1), A3(2.7), and...
User Guide
Page 2
...TPS • 20 VCs Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application Control Engine Appliance 2 OL-25719-01 Table 1 Upgrade Scenarios Based on Software Release A4(1.1), A3(2.7), and Earlier Licenses Current License ACE 4710 bundle licenses ACE-4710-0.5F-K9 • 0.5 Gbps throughput • 100 ... TPS • 5 virtual contexts (VCs) Need Increased SSL, compression, and/or VCs ACE-4710-0.5F-K9 • 0.5 Gbps throughput • 100 Mbps compression • 100 SSL TPS • 5 VCs ACE-4710-1F-K9 • 1 Gbps throughput • 500 Mbps compression • 5000 SSL TPS •...
...TPS • 20 VCs Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application Control Engine Appliance 2 OL-25719-01 Table 1 Upgrade Scenarios Based on Software Release A4(1.1), A3(2.7), and Earlier Licenses Current License ACE 4710 bundle licenses ACE-4710-0.5F-K9 • 0.5 Gbps throughput • 100 ... TPS • 5 virtual contexts (VCs) Need Increased SSL, compression, and/or VCs ACE-4710-0.5F-K9 • 0.5 Gbps throughput • 100 Mbps compression • 100 SSL TPS • 5 VCs ACE-4710-1F-K9 • 1 Gbps throughput • 500 Mbps compression • 5000 SSL TPS •...
User Guide
Page 3
...compression and/or VCs Software upgrade to version A4(2.0) • 7500 SSL TPS • 5 VCs ACE-4710-2F-K9 • 2 Gbps throughput Throughput upgrade only Upgrade with ACE-4710-BUN-UP3= • 1 Gbps compression • 7500 SSL TPS • 5 VCs ACE-4710-4F-K9 • 4 Gbps throughput • 2 Gbps compression • 7500 SSL TPS Increased VC Software ...) • 7500 SSL TPS • 20 VCs • 2 Gbps throughput • Retains previous combination of feature licenses OL-25719-01 Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application Control Engine Appliance 3
...compression and/or VCs Software upgrade to version A4(2.0) • 7500 SSL TPS • 5 VCs ACE-4710-2F-K9 • 2 Gbps throughput Throughput upgrade only Upgrade with ACE-4710-BUN-UP3= • 1 Gbps compression • 7500 SSL TPS • 5 VCs ACE-4710-4F-K9 • 4 Gbps throughput • 2 Gbps compression • 7500 SSL TPS Increased VC Software ...) • 7500 SSL TPS • 20 VCs • 2 Gbps throughput • Retains previous combination of feature licenses OL-25719-01 Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application Control Engine Appliance 3
User Guide
Page 4
Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application Control Engine Appliance 4 OL-25719-01 Note Software version A4(2.0) and later contain only license bundles with 0.5 Gbps, 1 Gbps, 2 Gbps, or 4 Gbps of bandwidth and with ACE-AP-04-UP2= • 2 Gbps throughput • 2 Gbps compression •...A3(2.7), and Earlier Licenses (continued) Current License ACE4710 with 1 Gbps throughput: • ACE-AP-01-LIC • Any combination of feature licenses ACE4710 with 2 Gbps throughput: • ACE-AP-02-LIC • Any combination of feature licenses ACE4710 with 2 Gbps throughput: ...
Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application Control Engine Appliance 4 OL-25719-01 Note Software version A4(2.0) and later contain only license bundles with 0.5 Gbps, 1 Gbps, 2 Gbps, or 4 Gbps of bandwidth and with ACE-AP-04-UP2= • 2 Gbps throughput • 2 Gbps compression •...A3(2.7), and Earlier Licenses (continued) Current License ACE4710 with 1 Gbps throughput: • ACE-AP-01-LIC • Any combination of feature licenses ACE4710 with 2 Gbps throughput: • ACE-AP-02-LIC • Any combination of feature licenses ACE4710 with 2 Gbps throughput: ...
User Guide
Page 5
...ACE 4710 bundle licenses ACE-4710-0.5F-K9 • 0.5 Gbps throughput • 100 Mbps compression • 100 SSL TPS • 5 VCs ACE-4710-0.5F-K9 • 0.5 Gbps throughput • 100 Mbps compression • 100 SSL TPS • 5 VCs ACE-4710-1F-K9 • 1 Gbps throughput • 500 Mbps compression • 5000 SSL TPS • 5 VCs ACE-4710-1F-K9... • 1 Gbps throughput • 500 Mbps compression • 5000 SSL TPS • 5 VCs ACE-4710...VCs 4710 Each 4710 ...
...ACE 4710 bundle licenses ACE-4710-0.5F-K9 • 0.5 Gbps throughput • 100 Mbps compression • 100 SSL TPS • 5 VCs ACE-4710-0.5F-K9 • 0.5 Gbps throughput • 100 Mbps compression • 100 SSL TPS • 5 VCs ACE-4710-1F-K9 • 1 Gbps throughput • 500 Mbps compression • 5000 SSL TPS • 5 VCs ACE-4710-1F-K9... • 1 Gbps throughput • 500 Mbps compression • 5000 SSL TPS • 5 VCs ACE-4710...VCs 4710 Each 4710 ...
User Guide
Page 6
...Result ACE-4710-2F-K9 ...ACE-4710-2F-K9 • 2 Gbps throughput Throughput Start upgrade with • 4 Gbps throughput upgrade only ACE-4710... 5 VCs ACE-4710-4F-K9 •...ACE-AP-01-LIC Throughput upgrade to 2 Gbps Start upgrade with ACE-4710...-BUN-UPG2= • 2 Gbps throughput • Up to 2 Gbps of compression • Any combination of feature licenses • 7500 SSL TPS • 20 VCs ACE4710 with 1 Gbps throughput • ACE...-AP-01-LIC • Any combination of feature licenses Throughput upgrade to 4 Gbps Start upgrade with ACE-4710-BUN-UPG2= and then ACE-4710...
...Result ACE-4710-2F-K9 ...ACE-4710-2F-K9 • 2 Gbps throughput Throughput Start upgrade with • 4 Gbps throughput upgrade only ACE-4710... 5 VCs ACE-4710-4F-K9 •...ACE-AP-01-LIC Throughput upgrade to 2 Gbps Start upgrade with ACE-4710...-BUN-UPG2= • 2 Gbps throughput • Up to 2 Gbps of compression • Any combination of feature licenses • 7500 SSL TPS • 20 VCs ACE4710 with 1 Gbps throughput • ACE...-AP-01-LIC • Any combination of feature licenses Throughput upgrade to 4 Gbps Start upgrade with ACE-4710-BUN-UPG2= and then ACE-4710...
User Guide
Page 7
... Appliance for software version A4(2.0). For details about the A4(1.1) features, see the Server Load-Balancing Guide, Cisco ACE Application Control Engine for software version A4(1.1). ACE Appliance with ACE-4710-BUN-UPG3= • 4 Gbps throughput • 2 Gbps compression • 7500 SSL TPS •... you will gain the 20 plus features that is supported in software version A4(1.1). OL-25719-01 Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application Control Engine Appliance 7 Conversely, if you migrate from software version A4(1.1) to software version A4(1.1), you...
... Appliance for software version A4(2.0). For details about the A4(1.1) features, see the Server Load-Balancing Guide, Cisco ACE Application Control Engine for software version A4(1.1). ACE Appliance with ACE-4710-BUN-UPG3= • 4 Gbps throughput • 2 Gbps compression • 7500 SSL TPS •... you will gain the 20 plus features that is supported in software version A4(1.1). OL-25719-01 Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application Control Engine Appliance 7 Conversely, if you migrate from software version A4(1.1) to software version A4(1.1), you...
User Guide
Page 8
...for example, to transfer the license to another ACE). For information on installing and managing ACE licenses: • Using the ACE ACE CLI, see Chapter 3, Managing ACE Software Licenses, in the Administration Guide, Cisco ACE Application Control Engine. • Using the ACE Device Manager, see Chapter 2, Configuring Virtual Contexts...capabilities for example, A4(1.1) or one of the available licenses using any of the available Cisco ordering tools on cisco.com. Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application Control Engine Appliance 8 OL-25719-01 When you need it in the User ...
...for example, to transfer the license to another ACE). For information on installing and managing ACE licenses: • Using the ACE ACE CLI, see Chapter 3, Managing ACE Software Licenses, in the Administration Guide, Cisco ACE Application Control Engine. • Using the ACE Device Manager, see Chapter 2, Configuring Virtual Contexts...capabilities for example, A4(1.1) or one of the available licenses using any of the available Cisco ordering tools on cisco.com. Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application Control Engine Appliance 8 OL-25719-01 When you need it in the User ...
User Guide
Page 9
... Guidelines and Limitations • Before You Begin • Upgrade Procedure Upgrade Guidelines and Limitations When you must make configuration changes while the ACEs are in the Administration Guide, Cisco ACE Application Control Engine. When you make any configuration changes that you must reconfigure it to 100 connections. Do not make on the active...
... Guidelines and Limitations • Before You Begin • Upgrade Procedure Upgrade Guidelines and Limitations When you must make configuration changes while the ACEs are in the Administration Guide, Cisco ACE Application Control Engine. When you make any configuration changes that you must reconfigure it to 100 connections. Do not make on the active...
User Guide
Page 10
... preemption can still occur while the standby is in version A1(8.0), the ACE introduced the STANDBY_WARM and WARM_COMPATIBLE redundancy states to the standby ACE even though the standby ACE may not recognize or understand the CLI commands or state information. When ...flows) Operation Upgrade Upgrade Upgrade Downgrade Downgrade Downgrade Comments - - - Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application Control Engine Appliance 10 OL-25719-01 A failover from the active ACE to come up with a different software version, the STANDBY_WARM and WARM_COMPATIBLE states allow the standby...
... preemption can still occur while the standby is in version A1(8.0), the ACE introduced the STANDBY_WARM and WARM_COMPATIBLE redundancy states to the standby ACE even though the standby ACE may not recognize or understand the CLI commands or state information. When ...flows) Operation Upgrade Upgrade Upgrade Downgrade Downgrade Downgrade Comments - - - Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application Control Engine Appliance 10 OL-25719-01 A failover from the active ACE to come up with a different software version, the STANDBY_WARM and WARM_COMPATIBLE states allow the standby...
User Guide
Page 11
Table 4 Software Release Compatibility Matrix Active ACE Standby ACE Software Version Software Version A3(2.1) A3(2.2) A3(2.3) A3(2.4) A3(2.5) A3(2.6) A3(2.7) A4(1.0) A4(1.1) A4(2.0) A4(2.1) A4(2.2) A5(1.0) A3(2.1) C C WC WC WC WC WC WC WC ... C WC A5(1.0) WC WC WC WC WC WC WC WC WC WC WC WC C OL-25719-01 Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application Control Engine Appliance 11 Upgrading Your ACE Software in a Redundant Configuration The following software version combinations in Table 4 indicate whether the SRG compatibility field displays WARM_COMPATIBLE (WC) or...
Table 4 Software Release Compatibility Matrix Active ACE Standby ACE Software Version Software Version A3(2.1) A3(2.2) A3(2.3) A3(2.4) A3(2.5) A3(2.6) A3(2.7) A4(1.0) A4(1.1) A4(2.0) A4(2.1) A4(2.2) A5(1.0) A3(2.1) C C WC WC WC WC WC WC WC ... C WC A5(1.0) WC WC WC WC WC WC WC WC WC WC WC WC C OL-25719-01 Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application Control Engine Appliance 11 Upgrading Your ACE Software in a Redundant Configuration The following software version combinations in Table 4 indicate whether the SRG compatibility field displays WARM_COMPATIBLE (WC) or...
User Guide
Page 12
...8226; From the CLI, see Chapter 1, Setting Up the ACE, in the Administration Guide, Cisco ACE Application Control Engine. • From the Device Manager GUI, see Chapter 1, Overview, in the Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance. For details on the standby... the standby and are not synchronized to A3(2.6). Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application Control Engine Appliance 12 OL-25719-01 Then, upgrade software version A3(2.6) to ACE software version A3(1.0) or higher, configuration synchronization may fail and the context...
...8226; From the CLI, see Chapter 1, Setting Up the ACE, in the Administration Guide, Cisco ACE Application Control Engine. • From the Device Manager GUI, see Chapter 1, Overview, in the Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance. For details on the standby... the standby and are not synchronized to A3(2.6). Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application Control Engine Appliance 12 OL-25719-01 Then, upgrade software version A3(2.6) to ACE software version A3(1.0) or higher, configuration synchronization may fail and the context...
User Guide
Page 13
... password, see the Administration Guide, Cisco ACE Application Control Engine. See Chapter 1, Configuring Ethernet Interfaces, in the Routing and Bridging Guide, Cisco ACE Application Control Engine. Removing the Underscore Character from a Hostname Before you upgrade the ACE appliance software from A3(2.0) to A4... create command in Exec mode in each context in your ACE. For details about creating a checkpoint and rolling back a configuration, see Chapter 2, Configuring Virtualization, in the Virtualization Guide, Cisco ACE Application Control Engine. As a result of this case, the...
... password, see the Administration Guide, Cisco ACE Application Control Engine. See Chapter 1, Configuring Ethernet Interfaces, in the Routing and Bridging Guide, Cisco ACE Application Control Engine. Removing the Underscore Character from a Hostname Before you upgrade the ACE appliance software from A3(2.0) to A4... create command in Exec mode in each context in your ACE. For details about creating a checkpoint and rolling back a configuration, see Chapter 2, Configuring Virtualization, in the Virtualization Guide, Cisco ACE Application Control Engine. As a result of this case, the...
User Guide
Page 14
For more information about the copy command, see the Administration Guide, Cisco ACE Application Control Engine. Upgrade Procedure To upgrade your ACE, we also strongly recommend that you use the show running configurations of every context to verify ...Admin context. Having a backup of the startup configuration of each ACE. The Exec mode prompt appears. ACE-1/Admin# checkpoint create ADMIN_CHECKPOINT ACE-1/Admin# changeto C1 ACE-1/C1# checkpoint create C1_CHECKPOINT Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application Control Engine Appliance 14 OL-25719-01 Checking Your...
For more information about the copy command, see the Administration Guide, Cisco ACE Application Control Engine. Upgrade Procedure To upgrade your ACE, we also strongly recommend that you use the show running configurations of every context to verify ...Admin context. Having a backup of the startup configuration of each ACE. The Exec mode prompt appears. ACE-1/Admin# checkpoint create ADMIN_CHECKPOINT ACE-1/Admin# changeto C1 ACE-1/C1# checkpoint create C1_CHECKPOINT Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application Control Engine Appliance 14 OL-25719-01 Checking Your...
User Guide
Page 15
...commands in Exec mode. For example, to copy the image with CNTL/Z. ACE-1/Admin(config)# no ]: [yes] OL-25719-01 Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application Control Engine Appliance 15 Upgrading Your ACE Software in a Redundant Configuration Step 4 Copy the new software image to ...the image directory of each ACE (active and standby) by entering the copy ftp, copy...
...commands in Exec mode. For example, to copy the image with CNTL/Z. ACE-1/Admin(config)# no ]: [yes] OL-25719-01 Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application Control Engine Appliance 15 Upgrading Your ACE Software in a Redundant Configuration Step 4 Copy the new software image to ...the image directory of each ACE (active and standby) by entering the copy ftp, copy...
User Guide
Page 16
... with a higher priority and preempt is synchronized from ACE-2, making ACE-2 the new standby. ACE-1 becomes the active ACE again. To make any changes to the ACE-1 configuration. The configuration is configured on ACE-1 and manually synchronize the changes to reach the STANDBY_WARM state again. Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application Control Engine Appliance 16 OL...
... with a higher priority and preempt is synchronized from ACE-2, making ACE-2 the new standby. ACE-1 becomes the active ACE again. To make any changes to the ACE-1 configuration. The configuration is configured on ACE-1 and manually synchronize the changes to reach the STANDBY_WARM state again. Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application Control Engine Appliance 16 OL...
User Guide
Page 17
...about creating checkpoints and rolling back configurations, see the Administration Guide, Cisco ACE Application Control Engine. In the following conditions exist: - For example: ACE-1/Admin# checkpoint rollback CHECKPOINT_ADMIN ACE-1/Admin# changeto C1 ACE-1/C1# checkpoint rollback CHECKPOINT_C1 Do the same on each context on ... is enabled on the FT group if you plan to downgrade the ACE appliance software, end clients will need to downgrade your ACE includes the 0.5-Gbps bundled license (ACE-4710-0.5F-K9) that is referred to ensure that there is removed from software version...
...about creating checkpoints and rolling back configurations, see the Administration Guide, Cisco ACE Application Control Engine. In the following conditions exist: - For example: ACE-1/Admin# checkpoint rollback CHECKPOINT_ADMIN ACE-1/Admin# changeto C1 ACE-1/C1# checkpoint rollback CHECKPOINT_C1 Do the same on each context on ... is enabled on the FT group if you plan to downgrade the ACE appliance software, end clients will need to downgrade your ACE includes the 0.5-Gbps bundled license (ACE-4710-0.5F-K9) that is referred to ensure that there is removed from software version...
User Guide
Page 18
...configuration register to 1, use the boot system image: and config-register commands in configuration mode. ACE-1 becomes the active ACE again. Step 3 Step 4 Note Use the no ]: [yes] When ACE-2 loads the startup-configuration file, you may observe a few errors if you did not ...software version. ACE-1/Admin# reload After ACE-1 boots up to remove the configured A3(x.x) boot variable. You may observe a few errors as ACE-2. Save? [yes/no boot system image:ACE_image command to two images through the boot system command. Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application...
...configuration register to 1, use the boot system image: and config-register commands in configuration mode. ACE-1 becomes the active ACE again. Step 3 Step 4 Note Use the no ]: [yes] When ACE-2 loads the startup-configuration file, you may observe a few errors if you did not ...software version. ACE-1/Admin# reload After ACE-1 boots up to remove the configured A3(x.x) boot variable. You may observe a few errors as ACE-2. Save? [yes/no boot system image:ACE_image command to two images through the boot system command. Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application...
User Guide
Page 19
... Application Control Engine Appliance Describes how to configure the web optimization features of the ACE appliance. ACE Documentation Set Step 7 Enter the write memory all command in both ACEs to save the running -configuration or startup-configuration files to the ACE. Cisco ACE Application Control Engine Configuration Examples Wiki Provides examples of all configured contexts to...
... Application Control Engine Appliance Describes how to configure the web optimization features of the ACE appliance. ACE Documentation Set Step 7 Enter the write memory all command in both ACEs to save the running -configuration or startup-configuration files to the ACE. Cisco ACE Application Control Engine Configuration Examples Wiki Provides examples of all configured contexts to...
User Guide
Page 20
...protocols. • Routing • Bridging • Dynamic Host Configuration Protocol (DHCP) Security Guide, Cisco ACE Application Control Engine Describes how to perform the following ACE security configuration tasks: • Security access control lists (ACLs) • User authentication and accounting ...8226; Stickiness • Firewall load balancing • TCL scripts SSL Guide, Cisco ACE Application Describes how to configure the following Secure Sockets Layer Control Engine (SSL) features on the ACE: • SSL certificates and keys • SSL initiation • SSL ...
...protocols. • Routing • Bridging • Dynamic Host Configuration Protocol (DHCP) Security Guide, Cisco ACE Application Control Engine Describes how to perform the following ACE security configuration tasks: • Security access control lists (ACLs) • User authentication and accounting ...8226; Stickiness • Firewall load balancing • TCL scripts SSL Guide, Cisco ACE Application Describes how to configure the following Secure Sockets Layer Control Engine (SSL) features on the ACE: • SSL certificates and keys • SSL initiation • SSL ...