Administration Guide
Page 6
...Layer 4 Classifications for Network Management Traffic Received by the ACE 4-35 Creating a Layer 3 and Layer 4 Network Management Traffic Class Map 4-35 Defining Network Management Access Match Criteria 4-37 ...Configuring Layer 7 Class Maps 4-38 Defining Layer 7 Classifications for HTTP Server Load Balancing 4-39 Defining Layer 7 Classifications for HTTP Deep Packet Inspection 4-41 Defining Layer 7 Classifications for FTP Command Inspection 4-42 Cisco...
...Layer 4 Classifications for Network Management Traffic Received by the ACE 4-35 Creating a Layer 3 and Layer 4 Network Management Traffic Class Map 4-35 Defining Network Management Access Match Criteria 4-37 ...Configuring Layer 7 Class Maps 4-38 Defining Layer 7 Classifications for HTTP Server Load Balancing 4-39 Defining Layer 7 Classifications for HTTP Deep Packet Inspection 4-41 Defining Layer 7 Classifications for FTP Command Inspection 4-42 Cisco...
Administration Guide
Page 116
..., source or destination port, virtual IP address, IP protocol and port, or management protocol • Layer 7 protocol information-HTTP cookie, HTTP URL, HTTP header, HTTP content, or FTP request commands The traffic classification process consists of the following major sections: •... set of classified inbound traffic. Each class map defines a traffic classification: network traffic that you want applied to , or passing through, the ACE based on a series of actions to you to Layer 3 and Layer 4 traffic classifications or Layer 7 protocol classifications. 2. Class maps enable ...
..., source or destination port, virtual IP address, IP protocol and port, or management protocol • Layer 7 protocol information-HTTP cookie, HTTP URL, HTTP header, HTTP content, or FTP request commands The traffic classification process consists of the following major sections: •... set of classified inbound traffic. Each class map defines a traffic classification: network traffic that you want applied to , or passing through, the ACE based on a series of actions to you to Layer 3 and Layer 4 traffic classifications or Layer 7 protocol classifications. 2. Class maps enable ...
Administration Guide
Page 117
...illustrates how the ACE associates the various components of the process required to all VLAN interfaces associated with each other. OL-11157-01 Cisco 4700 Series Application ...to filter traffic received by the ACE: • Remote access using the following management protocols: HTTP, HTTPS, Internet Control Message Protocol (ICMP), Simple Network Management Protocol (SNMP), Secure Shell (SSH...client) and the HTTP connection (the server) • HTTP deep packet inspection • FTP command request inspection • Application protocol inspection (also known as protocol fixup) • NAT...
...illustrates how the ACE associates the various components of the process required to all VLAN interfaces associated with each other. OL-11157-01 Cisco 4700 Series Application ...to filter traffic received by the ACE: • Remote access using the following management protocols: HTTP, HTTPS, Internet Control Message Protocol (ICMP), Simple Network Management Protocol (SNMP), Secure Shell (SSH...client) and the HTTP connection (the server) • HTTP deep packet inspection • FTP command request inspection • Application protocol inspection (also known as protocol fixup) • NAT...
Administration Guide
Page 119
... Layer 3 and Layer 4 traffic classes contain match criteria that identify the IP network traffic that can pass through the ACE or network management traffic that define the match criteria for classifying Layer 3 and Layer 4 network traffic as well as members of the... the Layer 7 HTTP server load balancing and application protocol-specific fields. The ACE evaluates the packets to meet any , match-all) The ACE supports a system-wide maximum of FTP commands by the ACE. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-5 A traffic class contains the...
... Layer 3 and Layer 4 traffic classes contain match criteria that identify the IP network traffic that can pass through the ACE or network management traffic that define the match criteria for classifying Layer 3 and Layer 4 network traffic as well as members of the... the Layer 7 HTTP server load balancing and application protocol-specific fields. The ACE evaluates the packets to meet any , match-all) The ACE supports a system-wide maximum of FTP commands by the ACE. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 4-5 A traffic class contains the...
Administration Guide
Page 152
... • ip_address-Source IP address of the client. The match criteria enables the ACE to the ACE from source IP address 192.168.10.1 255.255.255.0, enter: host1/Admin(config)# class-map type management SSH-ALLOW_CLASS host1/Admin(config-cmap-mgmt)# match protocol ssh source-address 192.168.10... the client in the ACE, see the "Class Map and Policy Map Overview" section. Enter the IP address in dotted-decimal notation (for example, 192.168.11.1). • mask-The subnet mask of class maps in dotted-decimal notation (for FTP Command Inspection 4-38 Cisco 4700 Series Application Control ...
... • ip_address-Source IP address of the client. The match criteria enables the ACE to the ACE from source IP address 192.168.10.1 255.255.255.0, enter: host1/Admin(config)# class-map type management SSH-ALLOW_CLASS host1/Admin(config-cmap-mgmt)# match protocol ssh source-address 192.168.10... the client in the ACE, see the "Class Map and Policy Map Overview" section. Enter the IP address in dotted-decimal notation (for example, 192.168.11.1). • mask-The subnet mask of class maps in dotted-decimal notation (for FTP Command Inspection 4-38 Cisco 4700 Series Application Control ...
Administration Guide
Page 157
...Management Traffic Received by the ACE (HTTP, HTTPS, ICMP, SSH, or Telnet) • Server load balancing • Application acceleration and optimization • SSL security services between a web browser (the client) and the HTTP connection (the server) • Static or dynamic NATs • HTTP deep packet inspection • FTP... command inspection • Application protocol inspection • IP, TCP, HTTP, and UDP connection behavior For more information about the role of policy maps in a Layer 3 and Layer 4 Policy Map OL-11157-01 Cisco 4700 Series Application...
...Management Traffic Received by the ACE (HTTP, HTTPS, ICMP, SSH, or Telnet) • Server load balancing • Application acceleration and optimization • SSL security services between a web browser (the client) and the HTTP connection (the server) • Static or dynamic NATs • HTTP deep packet inspection • FTP... command inspection • Application protocol inspection • IP, TCP, HTTP, and UDP connection behavior For more information about the role of policy maps in a Layer 3 and Layer 4 Policy Map OL-11157-01 Cisco 4700 Series Application...
Administration Guide
Page 194
...-configuration file currently residing on the ACE in Exec mode. Cisco 4700 Series Application Control Engine Appliance Administration Guide 5-4 OL-11157-01 Saving Configuration Files Chapter 5 Managing the ACE Software Saving Configuration Files to a ...Remote Server To save the running-configuration file or startup-configuration file to a remote server using File Transfer Protocol (FTP...
...-configuration file currently residing on the ACE in Exec mode. Cisco 4700 Series Application Control Engine Appliance Administration Guide 5-4 OL-11157-01 Saving Configuration Files Chapter 5 Managing the ACE Software Saving Configuration Files to a ...Remote Server To save the running-configuration file or startup-configuration file to a remote server using File Transfer Protocol (FTP...
Administration Guide
Page 195
...config disk0: command in Exec mode. • To save a startup-configuration file to a remote FTP server, enter: host1/Admin# copy running-config ftp://192.168.1.2/running-config_Adminctx Enter username[]? Copying the Configuration File to the disk0: File System After you...file transfer mode is : copy {running-config | startup-config} disk0:[path/]filename OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 5-5 Chapter 5 Managing the ACE Software Saving Configuration Files When you select a destination file system using the following tasks: •...
...config disk0: command in Exec mode. • To save a startup-configuration file to a remote FTP server, enter: host1/Admin# copy running-config ftp://192.168.1.2/running-config_Adminctx Enter username[]? Copying the Configuration File to the disk0: File System After you...file transfer mode is : copy {running-config | startup-config} disk0:[path/]filename OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 5-5 Chapter 5 Managing the ACE Software Saving Configuration Files When you select a destination file system using the following tasks: •...
Administration Guide
Page 201
... to context 1. When you copy the backup configuration file to the ACE, you would copy the backup configuration file startup-config-ctx1 to the ACE, ensure that the configuration file is : copy {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://...remote FTP, SFTP, or TFTP server. See the "Loading Configuration Files from a remote server, use in Exec mode. To configure the ACE using a running -config | startup-config} OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 5-11 Chapter 5 Managing the ACE Software...
... to context 1. When you copy the backup configuration file to the ACE, you would copy the backup configuration file startup-config-ctx1 to the ACE, ensure that the configuration file is : copy {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://...remote FTP, SFTP, or TFTP server. See the "Loading Configuration Files from a remote server, use in Exec mode. To configure the ACE using a running -config | startup-config} OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 5-11 Chapter 5 Managing the ACE Software...
Administration Guide
Page 202
...8226; running-config-Specifies to replace the running-configuration file currently residing on the ACE in RAM (volatile memory). • startup-config-Specifies to the ACE, enter: Host/Admin# copy ftp://192.168.1.2/configs/startup-config-Adm_ctx startup-config Using the File System on the...disk0: and volatile: file systems. 5-12 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 Using the File System on the ACE Chapter 5 Managing the ACE Software The keywords, arguments, and options are erased when the ACE reboots. For example, to copy a startup...
...8226; running-config-Specifies to replace the running-configuration file currently residing on the ACE in RAM (volatile memory). • startup-config-Specifies to the ACE, enter: Host/Admin# copy ftp://192.168.1.2/configs/startup-config-Adm_ctx startup-config Using the File System on the...disk0: and volatile: file systems. 5-12 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 Using the File System on the ACE Chapter 5 Managing the ACE Software The keywords, arguments, and options are erased when the ACE reboots. For example, to copy a startup...
Administration Guide
Page 207
... ACE licenses in .tar format, or a system message log). The copy core: command is : copy {core:filename | disk0:[path/]filename | running -configuration file, or startup-configuration file. OL-11157-01 Cisco... disk0: file system. Copy the complete filename (for example, 0x401_vsh_log.25256.tar.gz) by using FTP, SFTP, or TFTP, use the show capture command to a Remote Server To copy a file ...context. Chapter 5 Managing the ACE Software Using the File System on the ACE The keywords, arguments, and options are : • core:filename-Specifies a core dump residing on the ACE in Flash memory ...
... ACE licenses in .tar format, or a system message log). The copy core: command is : copy {core:filename | disk0:[path/]filename | running -configuration file, or startup-configuration file. OL-11157-01 Cisco... disk0: file system. Copy the complete filename (for example, 0x401_vsh_log.25256.tar.gz) by using FTP, SFTP, or TFTP, use the show capture command to a Remote Server To copy a file ...context. Chapter 5 Managing the ACE Software Using the File System on the ACE The keywords, arguments, and options are : • core:filename-Specifies a core dump residing on the ACE in Flash memory ...
Administration Guide
Page 208
... file currently residing on the ACE in all cases when copying files to a remote FTP server, enter: host1/Admin# copy core:0x401_vsh_log.8249.tar.gz ftp://192.168.1.2 5-18 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 Using the File System on the ACE Chapter 5 Managing the ACE Software • running-config-Specifies...
... file currently residing on the ACE in all cases when copying files to a remote FTP server, enter: host1/Admin# copy core:0x401_vsh_log.8249.tar.gz ftp://192.168.1.2 5-18 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 Using the File System on the ACE Chapter 5 Managing the ACE Software • running-config-Specifies...
Administration Guide
Page 209
... a list of Flash memory. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 5-19 If you want to overwrite?[y/n]: [y] y Enter username[]? For example, to copy a startup-configuration file from which the ACE can boot at startup. • running-config-...file currently residing on various devices from a remote FTP server to the disk0: file system, enter: host1/Admin# copy ftp://192.168.1.2/ startup-config Enter source filename[]? Chapter 5 Managing the ACE Software Using the File System on the ACE Copying Files from a Remote Server To copy a...
... a list of Flash memory. OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 5-19 If you want to overwrite?[y/n]: [y] y Enter username[]? For example, to copy a startup-configuration file from which the ACE can boot at startup. • running-config-...file currently residing on various devices from a remote FTP server to the disk0: file system, enter: host1/Admin# copy ftp://192.168.1.2/ startup-config Enter source filename[]? Chapter 5 Managing the ACE Software Using the File System on the ACE Copying Files from a Remote Server To copy a...
Administration Guide
Page 210
... the ACE Chapter 5 Managing the ACE Software Note The bin (binary) file transfer mode is available only in the Admin context. The default selection of the ACE system software image. • ftp://server/path[/filename]-Specifies the FTP network ...server and, optionally, the renamed software system image. • sftp://[username@]server/path[/filename]-Specifies the SFTP network server and, optionally, the renamed software system image. • tftp://server[:port]/path[/filename]-Specifies the TFTP network server and, optionally, the renamed software system image. 5-20 Cisco...
... the ACE Chapter 5 Managing the ACE Software Note The bin (binary) file transfer mode is available only in the Admin context. The default selection of the ACE system software image. • ftp://server/path[/filename]-Specifies the FTP network ...server and, optionally, the renamed software system image. • sftp://[username@]server/path[/filename]-Specifies the SFTP network server and, optionally, the renamed software system image. • tftp://server[:port]/path[/filename]-Specifies the TFTP network server and, optionally, the renamed software system image. 5-20 Cisco...
Administration Guide
Page 211
... image:sb-ace.NOV_11 ftp://192.168.1.2 Uncompressing Files in the disk0: File System To uncompress (unzip) LZ77 coded files in Exec mode. To display a list of the destination file system if you select a destination file system using the gunzip command. Chapter 5 Managing the ACE Software Using ...system (for the command is useful in the disk0: file system, enter: host1/Admin# gunzip disk0:PROBE_SCRIPTS.gz OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 5-21 This command is : gunzip disk0:filename The filename argument identifies the name of ...
... image:sb-ace.NOV_11 ftp://192.168.1.2 Uncompressing Files in the disk0: File System To uncompress (unzip) LZ77 coded files in Exec mode. To display a list of the destination file system if you select a destination file system using the gunzip command. Chapter 5 Managing the ACE Software Using ...system (for the command is useful in the disk0: file system, enter: host1/Admin# gunzip disk0:PROBE_SCRIPTS.gz OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 5-21 This command is : gunzip disk0:filename The filename argument identifies the name of ...
Administration Guide
Page 216
...specify. • last-Displays the last few lines of the output. • more }] [> {filename | {disk0:| volatile}:[path/][filename] | {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]} The arguments, keywords, and options include: • |-(... the File System on the ACE Chapter 5 Managing the ACE Software Saving show Command Output to a File You can enter show screen output to be directed to a file by appending > filename to the disk0: or volatile: file system. 5-26 Cisco 4700 Series Application Control Engine Appliance...
...specify. • last-Displays the last few lines of the output. • more }] [> {filename | {disk0:| volatile}:[path/][filename] | {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]} The arguments, keywords, and options include: • |-(... the File System on the ACE Chapter 5 Managing the ACE Software Saving show Command Output to a File You can enter show screen output to be directed to a file by appending > filename to the disk0: or volatile: file system. 5-26 Cisco 4700 Series Application Control Engine Appliance...
Administration Guide
Page 217
Three minutes after the ACE reboots, the saved last core file is for Cisco Technical Assistance Center (TAC) use only. Note Core dump information is restored from the Admin context. We recommend that you can ...; Clearing the Core Directory • Deleting a Core Dump File OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 5-27 Chapter 5 Managing the ACE Software Viewing and Copying Core Dumps • ftp://server/path[/filename]-Specifies the FTP network server and, optionally, a filename. • sftp://[username@]server/path[/filename]-...
Three minutes after the ACE reboots, the saved last core file is for Cisco Technical Assistance Center (TAC) use only. Note Core dump information is restored from the Admin context. We recommend that you can ...; Clearing the Core Directory • Deleting a Core Dump File OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 5-27 Chapter 5 Managing the ACE Software Viewing and Copying Core Dumps • ftp://server/path[/filename]-Specifies the FTP network server and, optionally, a filename. • sftp://[username@]server/path[/filename]-...
Administration Guide
Page 218
Viewing and Copying Core Dumps Chapter 5 Managing the ACE Software Copying Core Dumps You can save a core to a ...0x401_vsh_log.25256.tar.gz) into the copy core: command. When you select a destination file system using ftp:, sftp:, or tftp:, the ACE performs the following tasks: • Prompts you for your username and password if the destination file system.... The syntax for the server information if you do not provide path information. 5-28 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 The copy core: command is : copy ...
Viewing and Copying Core Dumps Chapter 5 Managing the ACE Software Copying Core Dumps You can save a core to a ...0x401_vsh_log.25256.tar.gz) into the copy core: command. When you select a destination file system using ftp:, sftp:, or tftp:, the ACE performs the following tasks: • Prompts you for your username and password if the destination file system.... The syntax for the server information if you do not provide path information. 5-28 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 The copy core: command is : copy ...
Administration Guide
Page 219
...Flash memory, use the clear cores command in Exec mode of the Admin context. Chapter 5 Managing the ACE Software Viewing and Copying Core Dumps For example, to copy a core file from the core:... file system, enter: host1/Admin# delete core:0x401_VSH_LOG.25256.TAR.GZ OL-11157-01 Cisco 4700...core dumps stored in all cases when copying files to a remote FTP server, enter: host1/Admin# copy core:0x401_vsh_log.8249.tar.gz ftp://192.168.1.2 Enter the destination filename[]? [0x401_vsh_log.8249.tar.gz]...
...Flash memory, use the clear cores command in Exec mode of the Admin context. Chapter 5 Managing the ACE Software Viewing and Copying Core Dumps For example, to copy a core file from the core:... file system, enter: host1/Admin# delete core:0x401_VSH_LOG.25256.TAR.GZ OL-11157-01 Cisco 4700...core dumps stored in all cases when copying files to a remote FTP server, enter: host1/Admin# copy core:0x401_vsh_log.8249.tar.gz ftp://192.168.1.2 Enter the destination filename[]? [0x401_vsh_log.8249.tar.gz]...
Administration Guide
Page 231
...the Cisco 4700 Series Application Control Engine Appliance SSL Configuration Guide for details on how to use the copy command to save configuration files or objects, such as follows: format flash: For example, to a remote FTP, SFTP, or TFTP server. Do you copy the following ACE operation ... contexts and reboot the system!! Before you reformat Flash memory, we recommend that you wish to boot after format. Chapter 5 Managing the ACE Software Reformatting Flash Memory - The syntax for all information in the compact flash including startup configs for the command is no image...
...the Cisco 4700 Series Application Control Engine Appliance SSL Configuration Guide for details on how to use the copy command to save configuration files or objects, such as follows: format flash: For example, to a remote FTP, SFTP, or TFTP server. Do you copy the following ACE operation ... contexts and reboot the system!! Before you reformat Flash memory, we recommend that you wish to boot after format. Chapter 5 Managing the ACE Software Reformatting Flash Memory - The syntax for all information in the compact flash including startup configs for the command is no image...