Administration Guide
Page 9
...a Running Configuration 5-39 Displaying Checkpoint Information 5-39 Reformatting Flash Memory 5-40 Viewing ACE Hardware and Software Configuration Information 6-1 Displaying Software Version Information 6-2 Displaying Software Copyright Information 6-3 Displaying Hardware ...ACE Environment Information 6-5 Displaying System Processes 6-6 Displaying Process Status Information and Memory Resource Limits 6-11 Displaying System Information 6-14 Displaying ICMP Statistics 6-16 Displaying Technical Support Information 6-17 Configuring Redundant ACE Appliances 7-1 Overview of Redundancy 7-1 Cisco...
...a Running Configuration 5-39 Displaying Checkpoint Information 5-39 Reformatting Flash Memory 5-40 Viewing ACE Hardware and Software Configuration Information 6-1 Displaying Software Version Information 6-2 Displaying Software Copyright Information 6-3 Displaying Hardware ...ACE Environment Information 6-5 Displaying System Processes 6-6 Displaying Process Status Information and Memory Resource Limits 6-11 Displaying System Information 6-14 Displaying ICMP Statistics 6-16 Displaying Technical Support Information 6-17 Configuring Redundant ACE Appliances 7-1 Overview of Redundancy 7-1 Cisco...
Administration Guide
Page 10
... 7-2 Stateful Failover 7-5 FT VLAN 7-6 Configuration Synchronization 7-7 Configuration Requirements and Restrictions 7-8 Redundancy Configuration Quick Start 7-8 Configuring Redundancy 7-12 Configuring an FT VLAN 7-12 Creating an FT VLAN 7-13 Configuring an FT VLAN IP Address 7-...Member 7-21 Configuring Preemption 7-22 Placing an FT Group in Service 7-23 Modifying an FT Group 7-23 Forcing a Failover 7-24 Synchronizing Redundant Configurations 7-25 Configuring Tracking and Failure Detection 7-28 Overview of Tracking and Failure Detection 7-28 Configuring Tracking and Failure Detection for a Host...
... 7-2 Stateful Failover 7-5 FT VLAN 7-6 Configuration Synchronization 7-7 Configuration Requirements and Restrictions 7-8 Redundancy Configuration Quick Start 7-8 Configuring Redundancy 7-12 Configuring an FT VLAN 7-12 Creating an FT VLAN 7-13 Configuring an FT VLAN IP Address 7-...Member 7-21 Configuring Preemption 7-22 Placing an FT Group in Service 7-23 Modifying an FT Group 7-23 Forcing a Failover 7-24 Synchronizing Redundant Configurations 7-25 Configuring Tracking and Failure Detection 7-28 Overview of Tracking and Failure Detection 7-28 Configuring Tracking and Failure Detection for a Host...
Administration Guide
Page 11
... 7-41 Displaying FT Group Information 7-41 Displaying the IDMAP Table 7-46 Displaying the Redundancy Internal Software History 7-47 Displaying Memory Statistics 7-47 Displaying Peer Information 7-47 Displaying FT Statistics 7-51 Displaying FT Tracking Information 7-54 Clearing Redundancy Statistics 7-58 Clearing FT Statistics 7-58 Cisco 4700 Series Application Control Engine Appliance Administration Guide xi
... 7-41 Displaying FT Group Information 7-41 Displaying the IDMAP Table 7-46 Displaying the Redundancy Internal Software History 7-47 Displaying Memory Statistics 7-47 Displaying Peer Information 7-47 Displaying FT Statistics 7-51 Displaying FT Tracking Information 7-54 Clearing Redundancy Statistics 7-58 Clearing FT Statistics 7-58 Cisco 4700 Series Application Control Engine Appliance Administration Guide xi
Administration Guide
Page 12
Contents 8 C H A P T E R Clearing the Redundancy History 7-58 Configuring SNMP 8-1 SNMP Overview 8-2 Managers and Agents 8-3 SNMP Manager and Agent Communication 8-4 SNMP Traps and Informs 8-5 SNMPv3 CLI User Management and AAA Integration 8-6 ... Protocol Match Criteria 8-41 Creating a Layer 3 and Layer 4 Policy Map 8-42 Creating a Layer 3 and Layer 4 Policy Map for SNMP Network Management Traffic Received by the ACE 8-42 Specifying a Layer 3 and Layer 4 Traffic Class with the Traffic Policy 8-43 Cisco 4700 Series Application Control Engine Appliance Administration Guide xii OL-11157-01
Contents 8 C H A P T E R Clearing the Redundancy History 7-58 Configuring SNMP 8-1 SNMP Overview 8-2 Managers and Agents 8-3 SNMP Manager and Agent Communication 8-4 SNMP Traps and Informs 8-5 SNMPv3 CLI User Management and AAA Integration 8-6 ... Protocol Match Criteria 8-41 Creating a Layer 3 and Layer 4 Policy Map 8-42 Creating a Layer 3 and Layer 4 Policy Map for SNMP Network Management Traffic Received by the ACE 8-42 Specifying a Layer 3 and Layer 4 Traffic Class with the Traffic Policy 8-43 Cisco 4700 Series Application Control Engine Appliance Administration Guide xii OL-11157-01
Administration Guide
Page 15
... remote access, manage software licenses, configure class maps and policy maps, manage the ACE software, configure SNMP, configure redundancy, configure the XML interface, and upgrade your ACE software. It describes how to Use This Guide • Related Documentation • Symbols... and Conventions • Obtaining Documentation, Obtaining Support, and Security Guidelines • Open Source License Acknowledgements OL-11157-01 Cisco...
... remote access, manage software licenses, configure class maps and policy maps, manage the ACE software, configure SNMP, configure redundancy, configure the XML interface, and upgrade your ACE software. It describes how to Use This Guide • Related Documentation • Symbols... and Conventions • Obtaining Documentation, Obtaining Support, and Security Guidelines • Open Source License Acknowledgements OL-11157-01 Cisco...
Administration Guide
Page 17
... transfer, configure, and monitor objects in XML format to configure the ACE for redundancy, Redundant ACE which provides fault tolerance for Cisco Management Information Bases (MIBs) and to send event notifications to display ACE hardware and software configuration information, and display technical support information. Chapter 6, Viewing ACE Hardware and Software Configuration Information Describes how to a network management...
... transfer, configure, and monitor objects in XML format to configure the ACE for redundancy, Redundant ACE which provides fault tolerance for Cisco Management Information Bases (MIBs) and to send event notifications to display ACE hardware and software configuration information, and display technical support information. Chapter 6, Viewing ACE Hardware and Software Configuration Information Describes how to a network management...
Administration Guide
Page 163
... Series Application Control Engine Appliance Administration Guide (this book) Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide Chapter Chapter 7, Configuring Redundant ACE Appliances Chapter 3, Configuring Application Protocol Inspection Chapter 5, Configuring Network Address Translation...
... Series Application Control Engine Appliance Administration Guide (this book) Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide Chapter Chapter 7, Configuring Redundant ACE Appliances Chapter 3, Configuring Application Protocol Inspection Chapter 5, Configuring Network Address Translation...
Administration Guide
Page 198
...the optional keywords, see the chapters in the ACE documentation set related to view the entire contents of redundancy or fault-tolerance (FT) configurations configured for the current context. Saving Configuration Files Chapter 5 Managing the ACE Software • dhcp-(Optional) Displays Dynamic Host ... 16.1.1.103 inservice rserver type host real3 address 16.1.1.105 Cisco 4700 Series Application Control Engine Appliance Administration Guide 5-8 OL-11157-01 For example, to the specific software functions. The ACE also displays configuration information for each ft configuration listed. ...
...the optional keywords, see the chapters in the ACE documentation set related to view the entire contents of redundancy or fault-tolerance (FT) configurations configured for the current context. Saving Configuration Files Chapter 5 Managing the ACE Software • dhcp-(Optional) Displays Dynamic Host ... 16.1.1.103 inservice rserver type host real3 address 16.1.1.105 Cisco 4700 Series Application Control Engine Appliance Administration Guide 5-8 OL-11157-01 For example, to the specific software functions. The ACE also displays configuration information for each ft configuration listed. ...
Administration Guide
Page 215
...file. The syntax for this command to display the contents of a file residing in the volatile memory file system of the ACE. • cksum-(Optional) Displays the cyclic redundancy check (CRC) checksum for the file. You compare the checksum output for the received file against the checksum output for ... a path to delete a copy of a file in the current directory, enter: host1/Admin# show file disk0:myfile md5sum 3d8e05790155150734eb8639ce98a331 OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 5-25 The checksum values compute a CRC for the file.
...file. The syntax for this command to display the contents of a file residing in the volatile memory file system of the ACE. • cksum-(Optional) Displays the cyclic redundancy check (CRC) checksum for the file. You compare the checksum output for the received file against the checksum output for ... a path to delete a copy of a file in the current directory, enter: host1/Admin# show file disk0:myfile md5sum 3d8e05790155150734eb8639ce98a331 OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 5-25 The checksum values compute a CRC for the file.
Administration Guide
Page 237
...redundancy mode and power usage summary, temperature thresholds and alarm status), use the show inventory Command Field Name Descr PID VID SN Description Name assigned to display the status and alarm states of the temperature sensors in the show environment OL-11157-01 Cisco... 4700 Series Application Control Engine Appliance Administration Guide 6-5 Chapter 6 Viewing ACE Hardware and Software Configuration Information Displaying ACE Environment Information Table 6-2 describes the fields in the ACE, enter: host1/Admin # show inventory...
...redundancy mode and power usage summary, temperature thresholds and alarm status), use the show inventory Command Field Name Descr PID VID SN Description Name assigned to display the status and alarm states of the temperature sensors in the show environment OL-11157-01 Cisco... 4700 Series Application Control Engine Appliance Administration Guide 6-5 Chapter 6 Viewing ACE Hardware and Software Configuration Information Displaying ACE Environment Information Table 6-2 describes the fields in the ACE, enter: host1/Admin # show inventory...
Administration Guide
Page 253
... Requirements and Restrictions • Redundancy Configuration Quick Start • Configuring Redundancy • Configuring Tracking and Failure Detection • Example of a Redundancy Configuration • Displaying Redundancy Information • Clearing Redundancy Statistics Overview of Redundancy Redundancy (or fault tolerance) uses a maximum of two ACE appliances to configure the Cisco 4700 Series Application Control Engine (ACE) appliance for redundancy, which provides fault tolerance for...
... Requirements and Restrictions • Redundancy Configuration Quick Start • Configuring Redundancy • Configuring Tracking and Failure Detection • Example of a Redundancy Configuration • Displaying Redundancy Information • Clearing Redundancy Statistics Overview of Redundancy Redundancy (or fault tolerance) uses a maximum of two ACE appliances to configure the Cisco 4700 Series Application Control Engine (ACE) appliance for redundancy, which provides fault tolerance for...
Administration Guide
Page 254
... Configuration Guide. Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-2 OL-11157-01 Redundancy must be of the same ACE device type and software release. The format of the VMAC is associated with each FT group. Overview of Redundancy Chapter 7 Configuring Redundant ACE Appliances Note Redundancy is not supported between an ACE appliance and an ACE module operating...
... Configuration Guide. Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-2 OL-11157-01 Redundancy must be of the same ACE device type and software release. The format of the VMAC is associated with each FT group. Overview of Redundancy Chapter 7 Configuring Redundant ACE Appliances Note Redundancy is not supported between an ACE appliance and an ACE module operating...
Administration Guide
Page 255
... (see the "Forcing a Failover" section). When a switchover occurs, the active member in each redundancy group, while the primed letters (A', B', C', and D') are evenly distributed between the two ACEs. Figure 7-1 Even Distribution of Contexts N=2 A B' # redundant groups =2 B A' A N=2 # redundant groups =4 C B C' D' D A' B' 153639 OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-3 You always configure the active and...
... (see the "Forcing a Failover" section). When a switchover occurs, the active member in each redundancy group, while the primed letters (A', B', C', and D') are evenly distributed between the two ACEs. Figure 7-1 Even Distribution of Contexts N=2 A B' # redundant groups =2 B A' A N=2 # redundant groups =4 C B C' D' D A' B' 153639 OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-3 You always configure the active and...
Administration Guide
Page 256
... 7 Configuring Redundant ACE Appliances Figure 7-2 shows the uneven distribution of Contexts N=2 # redundant groups =6 AB E C D F E' F' A' B' C' D' 153640 To outside nodes (clients and servers), the active and standby FT group members appear as part of heartbeat packets for normal traffic. Figure 7-2 Uneven Distribution of contexts between the two ACEs. The ACE sends heartbeat packets over UDP. Cisco 4700 Series...
... 7 Configuring Redundant ACE Appliances Figure 7-2 shows the uneven distribution of Contexts N=2 # redundant groups =6 AB E C D F E' F' A' B' C' D' 153640 To outside nodes (clients and servers), the active and standby FT group members appear as part of heartbeat packets for normal traffic. Figure 7-2 Uneven Distribution of contexts between the two ACEs. The ACE sends heartbeat packets over UDP. Cisco 4700 Series...
Administration Guide
Page 257
...active context to take over the flow if the active member becomes unresponsive. Entering this default behavior by the ACE OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-5 Note By default, connection replication is available on the former... Control Protocol (TCP) and User Datagram Protocol (UDP) connections not terminated by disabling preemption. Chapter 7 Configuring Redundant ACE Appliances Overview of Redundancy The election of the context. This behavior is based on information synchronized with the higher priority always to the ...
...active context to take over the flow if the active member becomes unresponsive. Entering this default behavior by the ACE OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-5 Note By default, connection replication is available on the former... Control Protocol (TCP) and User Datagram Protocol (UDP) connections not terminated by disabling preemption. Chapter 7 Configuring Redundant ACE Appliances Overview of Redundancy The election of the context. This behavior is based on information synchronized with the higher priority always to the ...
Administration Guide
Page 258
...packet to transmit flow-state information and the redundancy heartbeat. Overview of Redundancy Chapter 7 Configuring Redundant ACE Appliances • HTTP connection states (Optional) • Sticky table Note In a user context, the ACE allows a switchover only of the FT group...peer appliances. The two redundant appliances constantly communicate over the switchover link include the following data: • Redundancy protocol packets • State information replication data • Configuration synchronization information • Heartbeat packets Cisco 4700 Series Application Control ...
...packet to transmit flow-state information and the redundancy heartbeat. Overview of Redundancy Chapter 7 Configuring Redundant ACE Appliances • HTTP connection states (Optional) • Sticky table Note In a user context, the ACE allows a switchover only of the FT group...peer appliances. The two redundant appliances constantly communicate over the switchover link include the following data: • Redundancy protocol packets • State information replication data • Configuration synchronization information • Heartbeat packets Cisco 4700 Series Application Control ...
Administration Guide
Page 259
... or 1G) and the same virtual context software license. See the Cisco 4700 Series Application Control Engine Appliance Administration Guide for sending or receiving redundancy protocol state and configuration replication packets. Config sync automatically replicates any changes made to the 1G ACE appliance. If there is a mismatch in the system configuration file. For...
... or 1G) and the same virtual context software license. See the Cisco 4700 Series Application Control Engine Appliance Administration Guide for sending or receiving redundancy protocol state and configuration replication packets. Config sync automatically replicates any changes made to the 1G ACE appliance. If there is a mismatch in the system configuration file. For...
Administration Guide
Page 260
...addresses. The IP address and the peer IP address that you configure redundancy, the ACE keeps all the options associated with the CLI commands, see the Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide. ...and Restrictions Chapter 7 Configuring Redundant ACE Appliances Configuration Requirements and Restrictions Follow these requirements and restrictions when configuring the redundancy feature. • Redundancy is not supported between an ACE appliance and an ACE module operating as peers. Cisco 4700 Series Application Control Engine ...
...addresses. The IP address and the peer IP address that you configure redundancy, the ACE keeps all the options associated with the CLI commands, see the Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide. ...and Restrictions Chapter 7 Configuring Redundant ACE Appliances Configuration Requirements and Restrictions Follow these requirements and restrictions when configuring the redundancy feature. • Redundancy is not supported between an ACE appliance and an ACE module operating as peers. Cisco 4700 Series Application Control Engine ...
Administration Guide
Page 261
...appliance, associate the FT VLAN with the peer, and configure the heartbeat interval and count. Chapter 7 Configuring Redundant ACE Appliances Redundancy Configuration Quick Start Table 7-1 Redundancy Configuration Quick Start Task and Command Example 1. host1/Admin# config host1/Admin(config)# 3. This FT VLAN ...)# heartbeat count 20 host1/Admin(config-ft-peer)# heartbeat interval 200 host1/Admin(config-ft-peer)# exit OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-9 Enter configuration mode. If you are operating in multiple contexts, observe the...
...appliance, associate the FT VLAN with the peer, and configure the heartbeat interval and count. Chapter 7 Configuring Redundant ACE Appliances Redundancy Configuration Quick Start Table 7-1 Redundancy Configuration Quick Start Task and Command Example 1. host1/Admin# config host1/Admin(config)# 3. This FT VLAN ...)# heartbeat count 20 host1/Admin(config-ft-peer)# heartbeat interval 200 host1/Admin(config-ft-peer)# exit OL-11157-01 Cisco 4700 Series Application Control Engine Appliance Administration Guide 7-9 Enter configuration mode. If you are operating in multiple contexts, observe the...
Administration Guide
Page 262
... 1 9. (Optional) Configure the priority of the running -config host1/Admin(config)# ft auto-sync startup-config 7-10 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 Place the FT group in service. and/or startup-configuration ...-ft-track-intf)# exit 13. (Optional) Enable autosynchronization of the FT group on the peer appliance. Redundancy Configuration Quick Start Chapter 7 Configuring Redundant ACE Appliances Table 7-1 Redundancy Configuration Quick Start (continued) Task and Command Example 6. host1/Admin(config-ft-group)# peer priority 200...
... 1 9. (Optional) Configure the priority of the running -config host1/Admin(config)# ft auto-sync startup-config 7-10 Cisco 4700 Series Application Control Engine Appliance Administration Guide OL-11157-01 Place the FT group in service. and/or startup-configuration ...-ft-track-intf)# exit 13. (Optional) Enable autosynchronization of the FT group on the peer appliance. Redundancy Configuration Quick Start Chapter 7 Configuring Redundant ACE Appliances Table 7-1 Redundancy Configuration Quick Start (continued) Task and Command Example 6. host1/Admin(config-ft-group)# peer priority 200...