Cisco Systems OL-7029-01 User manual

Corporate Headquarters

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, CA 95134-1706

USA

http://www.cisco.com

Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 526-4100

Catalyst 6500 Series Switch Content

Switching Module with SSL Command

Reference

Software Release 2.1(1)

May, 2005

Text Part Number: OL-7029-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL

STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT

WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT

SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE

OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH

ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT

LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF

DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,

WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO

OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

iii

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

OL-7029-01

CONTENTS

Preface xi

Audience xi

Organization xi

Conventions xii

Related Documentation xiii

Obtaining Documentation xiii

Cisco.com xiii

Documentation DVD xiii

Ordering Documentation xiv

Documentation Feedback xiv

Cisco Product Security Overview xiv

Reporting Security Problems in Cisco Products xv

Obtaining Technical Assistance xv

Cisco Technical Support Website xv

Submitting a Service Request xvi

Definitions of Service Request Severity xvi

Obtaining Additional Publications and Information xvii

CHAPTER

1 Using Content Switching Module Commands 1-1

Using the CSM and CSM-S Commands 1-1

Command Modes 1-2

Regular Expressions 1-3

CHAPTER

2 Content Switching Module with SSL Commands 2-1

arp 2-2

capp udp 2-3

options (CAPP UDP submode) 2-5

port (CAPP UDP submode) 2-6

secure (CAPP UDP submode) 2-7

clear module csm 2-8

dfp 2-9

agent (DFP submode) 2-11

Contents

iv

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

OL-7029-01

manager (DFP submode) 2-12

exit 2-13

ft group 2-14

failover (fault tolerant submode) 2-16

heartbeat-time (fault tolerant submode) 2-17

preempt (fault tolerant submode) 2-18

priority (fault tolerant submode) 2-19

track (fault tolerant submode) 2-20

hw-module csm standby config-sync 2-21

ip slb mode 2-22

map cookie 2-24

match protocol http cookie (cookie map submode) 2-25

map dns 2-26

match protocol dns domain (DNS map submode) 2-27

map header 2-28

insert protocol http header (header map submode) 2-29

match protocol http header (header map submode) 2-30

map retcode 2-31

match protocol http retcode (return code map submode) 2-32

map url 2-33

match protocol http url (URL map submode) 2-34

module csm 2-35

natpool (module CSM submode) 2-36

variable (module CSM submode) 2-37

owner 2-40

billing-info (owner submode) 2-41

contact-info (owner submode) 2-42

maxconns (owner submode) 2-43

policy 2-44

client-group (policy submode) 2-45

cookie-map (policy submode) 2-46

header-map (policy submode) 2-47

nat client (policy submode) 2-48

serverfarm (policy submode) 2-49

set ip dscp (policy submode) 2-51

Contents

v

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

OL-7029-01

sticky-group (policy submode) 2-52

url-map (policy submode) 2-53

probe 2-54

address (probe submode) 2-56

credentials (probe submode) 2-57

description (serverfarm submode) 2-58

expect status (probe submode) 2-59

failed (probe submode) 2-61

header (probe submode) 2-62

interval (probe submode) 2-63

name (probe submode) 2-64

open (probe submode) 2-65

port (probe submode) 2-66

receive (probe submode) 2-67

recover (probe submode) 2-68

request (probe submode) 2-69

retries (probe submode) 2-70

script (probe submode) 2-71

real 2-72

backup real (real server submode) 2-74

health probe (real server submode) 2-75

inservice (real server submode) 2-76

maxconns (real server submode) 2-77

minconns (real server submode) 2-78

redirect-vserver (real server submode) 2-79

weight (real server submode) 2-80

redirect-vserver 2-81

advertise (redirect virtual server submode) 2-82

client (redirect virtual server submode) 2-83

idle (redirect virtual server submode) 2-84

inservice (redirect virtual server submode) 2-85

replicate csrp (redirect virtual server submode) 2-86

ssl (redirect virtual server submode) 2-87

virtual (redirect virtual server submode) 2-88

vlan (redirect virtual server submode) 2-89

Contents

vi

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

OL-7029-01

webhost backup (redirect virtual server submode) 2-90

webhost relocation (redirect virtual server submode) 2-91

reverse-sticky 2-92

script file 2-93

script task 2-95

serverfarm 2-96

bindid (serverfarm submode) 2-97

description (serverfarm submode) 2-98

failaction (serverfarm submode) 2-99

health (serverfarm submode) 2-100

nat client (serverfarm submode) 2-101

nat server (serverfarm submode) 2-102

predictor (serverfarm submode) 2-103

probe (serverfarm submode) 2-106

retcode-map (serverfarm submode) 2-107

show module csm 2-108

show module csm arp 2-109

show module csm capp 2-110

show module csm conns 2-112

show module csm dfp 2-114

show module csm ft 2-116

show module csm map 2-117

show module csm memory 2-119

show module csm natpool 2-120

show module csm owner 2-121

show module csm policy 2-122

show module csm probe 2-123

show module csm probe script 2-125

show module csm pvlan 2-126

show module csm real 2-127

show module csm real retcode 2-129

show module csm script 2-130

show module csm script task 2-131

show module csm serverfarm 2-132

show module csm static 2-134

Contents

vii

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

OL-7029-01

show module csm static server 2-135

show module csm stats 2-137

show module csm status 2-139

show module csm sticky 2-140

show module csm tech-script 2-142

show module csm tech-support 2-143

show module csm variable 2-146

show module csm vlan 2-148

show module csm vserver redirect 2-150

show module csm xml stats 2-152

snmp enable traps slb ft 2-153

static 2-154

real (static NAT submode) 2-155

sticky 2-156

cookie offset (sticky submode) 2-158

cookie secondary (sticky submode) 2-159

header (sticky submode) 2-160

static (sticky submode) 2-161

vserver 2-162

advertise (virtual server submode) 2-163

client (virtual server submode) 2-164

description (virtual server submode) 2-165

domain (virtual server submode) 2-166

idle (virtual server submode) 2-167

inservice (virtual server submode) 2-168

owner (virtual server submode) 2-169

parse-length (virtual server submode) 2-170

pending (virtual server submode) 2-171

persistent rebalance (virtual server submode) 2-172

replicate csrp (virtual server submode) 2-173

reverse-sticky (virtual server submode) 2-174

serverfarm (virtual server submode) 2-175

slb-policy (virtual server submode) 2-177

ssl-sticky (virtual server submode) 2-178

status-tracking (virtual server submode) 2-179

Contents

viii

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

OL-7029-01

sticky (virtual server submode) 2-180

unidirectional (virtual server submode) 2-182

url-hash (virtual server submode) 2-183

virtual (virtual server submode) 2-184

vlan (virtual server submode) 2-187

vlan 2-188

alias (VLAN submode) 2-189

description (VLAN submode) 2-191

gateway (VLAN submode) 2-192

ip address (VLAN submode) 2-193

route (VLAN submode) 2-194

xml-config 2-195

client-group (XML submode) 2-196

credentials (XML submode) 2-197

inservice (XML submode) 2-198

port (XML submode) 2-199

vlan (XML submode) 2-200

CHAPTER

3 Commands Specific to the Content Switching Module with SSL 3-1

clear ssl-proxy conn 3-5

clear ssl-proxy session 3-6

clear ssl-proxy stats 3-7

crypto ca export pem 3-8

crypto ca import pem 3-10

crypto ca export pkcs12 3-12

crypto ca import pkcs12 3-14

crypto key export rsa pem 3-16

crypto key import rsa pem 3-18

debug ssl-proxy 3-20

do 3-23

show ssl-proxy admin-info 3-24

show ssl-proxy buffers 3-25

show ssl-proxy certificate-history 3-26

show ssl-proxy conn 3-29

show ssl-proxy crash-info 3-32

show ssl-proxy mac address 3-34

Contents

ix

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

OL-7029-01

show ssl-proxy natpool 3-35

show ssl-proxy policy 3-36

show ssl-proxy service 3-38

show ssl-proxy stats 3-40

show ssl-proxy status 3-43

show ssl-proxy version 3-45

show ssl-proxy vlan 3-46

show ssl-proxy vts 3-47

snmp-server enable 3-48

ssl-proxy crypto selftest 3-49

ssl-proxy mac address 3-50

ssl-proxy natpool 3-51

ssl-proxy pki 3-52

ssl-proxy policy http-header 3-54

ssl-proxy policy ssl 3-56

ssl-proxy policy tcp 3-60

ssl-proxy policy url-rewrite 3-63

ssl-proxy pool ca 3-65

ssl-proxy service 3-66

ssl-proxy service client 3-70

ssl-proxy ssl ratelimit 3-73

ssl-proxy vlan 3-74

standby authentication 3-78

standby delay minimum reload 3-79

standby ip 3-81

standby mac-address 3-83

standby mac-refresh 3-85

standby name 3-86

standby preempt 3-87

standby priority 3-89

standby redirects 3-91

standby timers 3-93

standby track 3-95

standby use-bia 3-97

Contents

x

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

OL-7029-01

APPENDIX

A Acronyms A-1

I

NDEX

xi

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

OL-7029-01

Preface

This preface describes the audience, organization, and conventions of this publication, and provides

information on how to obtain related documentation.

This guide contains the commands available for use with the Cisco Content Switching Module with SSL

(CSM-S). Use this guide with the Catalyst 6500 Series Switch Content Switching Module with SSL

Installation Note and the Catalyst 6500 Series Switch Content Switching Module with SSL Installation

and Configuration Note.

Audience

This publication is for experienced network administrators who are responsible for configuring and

maintaining Catalyst 6500 series switches and network managers who perform any of the following

tasks:

• Managing network security

• Configuring firewalls

• Managing default and static routes and TCP and UDP services

Organization

This publication is organized as follows:

Chapter Title Description

Chapter 1 Using Content Switching

Module Commands

Introduces you to the CSM commands,

access modes, and common port and

protocol numbers.

Chapter 2 Content Switching Module with

SSL Commands

Provides detailed descriptions of all CSM

commands in an alphabetical listing.

Chapter 3 Commands Specific to the

Content Switching Module with

SSL

Provides detailed descriptions of all SSL

commands used by the CSMS in an

alphabetical listing.

Appendix A Acronyms Lists the acronyms used in this command

reference.

xii

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

OL-7029-01

Preface

Conventions

This document uses the following conventions:

Notes use the following conventions:

Note Means reader take note. Notes contain helpful suggestions or references to material not covered in

the publication.

Cautions use the following conventions:

Caution Means reader be careful. In this situation, you might do something that could result in equipment

damage or loss of data.

Convention Description

boldface font Commands, command options, and keywords are in

boldface.

italic font Arguments for which you supply values are in italics.

[ ] Elements in square brackets are optional. Default responses

to system prompts are in square brackets.

{ x | y | z } Alternative keywords are grouped in braces and separated by

vertical bars. Braces can also be used to group keywords

and/or aguments; for example, {interface interface type}.

[ x | y | z ] Optional alternative keywords are grouped in brackets and

separated by vertical bars.

string A nonquoted set of characters. Do not use quotation marks

around the string or the string will include the quotation

marks.

screen font Terminal sessions and information the system displays are in

screen font.

boldface screen

font

Information you must enter is in boldface screen font.

italic screen

font

Arguments in the screen display for which you supply values

are in

italic screen

font.

^ The symbol ^ represents the key labeled Control—for

example, the key combination ^D in a screen display means

hold down the Control key while you press the D key.

< > Nonprinting characters, such as passwords are in angle

brackets.

!, # An exclamation point (!) or a pound sign (#) at the beginning

of a line of code indicates a comment line.

xiii

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

OL-7029-01

Preface

Related Documentation

For more detailed installation and configuration information for the Content Switching Module with

SSL, refer to the following publications:

• Release Notes for the Catalyst 6500 Series Switch Content Switching Module with SSL

• Catalyst 6500 Series Switch Content Switching Module with SSL Installation Note

• Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

• Regulatory Compliance and Safety Information for the Catalyst 6500 Series Switches

For more detailed installation and configuration information for SSL services, refer to the following

publications:

• Release Notes for Catalyst 6500 Series SSL Services Module Software Release 2.x

• Catalyst 6500 Series Switch SSL Services Module Installation and Verification Note

• Catalyst 6500 Series Switch SSL Services Module Command Reference

• Catalyst 6500 Series Switch SSL Services Module System Messages

Use this document in conjunction with the CSM documentation available online at the following site:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/csm_3_3 /index.htm

Cisco provides CSM technical tips at the following site:

http://www.cisco.com/en/US/products/hw/modules/ps2706/ps780/index.html

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several

ways to obtain technical assistance and other technical resources. These sections explain how to obtain

technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation at this URL:

http://www.cisco.com/univercd/home/home.htm

You can access the Cisco website at this URL:

http://www.cisco.com

You can access international Cisco websites at this URL:

http://www.cisco.com/public/countries_languages.shtml

Documentation DVD

Cisco documentation and additional literature are available in a Documentation DVD package, which

may have shipped with your product. The Documentation DVD is updated regularly and may be more

current than printed documentation. The Documentation DVD package is available as a single unit.

xiv

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

OL-7029-01

Preface

Documentation Feedback

Registered Cisco.com users (Cisco direct customers) can order a Cisco Documentation DVD (product

number DOC-DOCDVD=) from the Ordering tool or Cisco Marketplace.

Cisco Ordering tool:

http://www.cisco.com/en/US/partner/ordering/

Cisco Marketplace:

http://www.cisco.com/go/marketplace/

Ordering Documentation

You can find instructions for ordering documentation at this URL:

http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm

You can order Cisco documentation in these ways:

• Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from

the Ordering tool:

http://www.cisco.com/en/US/partner/ordering/

• Nonregistered Cisco.com users can order documentation through a local account representative by

calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in

North America, by calling 1 800 553-NETS (6387).

Documentation Feedback

You can send comments about technical documentation to bug-doc@cisco.com.

You can submit comments by using the response card (if present) behind the front cover of your

document or by writing to the following address:

Cisco Systems

Attn: Customer Document Ordering

170 West Tasman Drive

San Jose, CA 95134-9883

We appreciate your comments.

Cisco Product Security Overview

Cisco provides a free online Security Vulnerability Policy portal at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

From this site, you can perform these tasks:

• Report security vulnerabilities in Cisco products.

• Obtain assistance with security incidents that involve Cisco products.

• Register to receive security information from Cisco.

A current list of security advisories and notices for Cisco products is available at this URL:

http://www.cisco.com/go/psirt

xv

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

OL-7029-01

Preface

Obtaining Technical Assistance

If you prefer to see advisories and notices as they are updated in real time, you can access a Product

Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL:

http://www.cisco.com/en/US/products/products_psirt_rss_feed.html

Reporting Security Problems in Cisco Products

Cisco is committed to delivering secure products. We test our products internally before we release

them, and we strive to correct all vulnerabilities quickly. If you think that you might have identified a

vulnerability in a Cisco product, contact PSIRT:

• Emergencies— security-alert@cisco.com

• Nonemergencies—p[email protected]

Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product to encrypt any sensitive

information that you send to Cisco. PSIRT can work from encrypted information that is compatible with

PGP versions 2.x through 8.x.

Never use a revoked or an expired encryption key. The correct public key to use in your correspondence

with PSIRT is the one that has the most recent creation date in this public key server list:

http://pgp.mit.edu:11371/pks/lookup?search=psirt%40cisco.com&op=index&exact=on

In an emergency, you can also reach PSIRT by telephone:

• 1 877 228-7302

• 1 408 525-6532

Obtaining Technical Assistance

For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, Cisco

Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical

Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical

Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service

contract, contact your reseller.

Cisco Technical Support Website

The Cisco Technical Support Website provides online documents and tools for troubleshooting and

resolving technical issues with Cisco products and technologies. The website is available 24 hours a day,

365 days a year, at this URL:

http://www.cisco.com/techsupport

Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password.

If you have a valid service contract but do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do

xvi

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

OL-7029-01

Preface

Obtaining Technical Assistance

Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting

a web or phone request for service. You can access the CPI tool from the Cisco Technical Support

Website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product

Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product

Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID

or model name; by tree view; or for certain products, by copying and pasting show command output.

Search results show an illustration of your product with the serial number label location highlighted.

Locate the serial number label on your product and record the information before placing a service call.

Submitting a Service Request

Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3

and S4 service requests are those in which your network is minimally impaired or for which you require

product information.) After you describe your situation, the TAC Service Request Tool provides

recommended solutions. If your issue is not resolved using the recommended resources, your service

request is assigned to a Cisco TAC engineer. The TAC Service Request Tool is located at this URL:

http://www.cisco.com/techsupport/servicerequest

For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone.

(S1 or S2 service requests are those in which your production network is down or severely degraded.)

Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep your business

operations running smoothly.

To open a service request by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)

EMEA: +32 2 704 55 55

USA: 1 800 553-2447

For a complete list of Cisco TAC contacts, go to this URL:

http://www.cisco.com/techsupport/contacts

Definitions of Service Request Severity

To ensure that all service requests are reported in a standard format, Cisco has established severity

definitions.

Severity 1 (S1)—Your network is “down,” or there is a critical impact to your business operations. You

and Cisco will commit all necessary resources around the clock to resolve the situation.

Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your

business operation are negatively affected by inadequate performance of Cisco products. You and Cisco

will commit full-time resources during normal business hours to resolve the situation.

Severity 3 (S3)—Operational performance of your network is impaired, but most business operations

remain functional. You and Cisco will commit resources during normal business hours to restore service

to satisfactory levels.

Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or

configuration. There is little or no effect on your business operations.

xvii

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

OL-7029-01

Preface

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online

and printed sources.

• Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Visit

Cisco Marketplace, the company store, at this URL:

http://www.cisco.com/go/marketplace/

• Cisco Press publishes a wide range of general networking, training and certification titles. Both new

and experienced users will benefit from these publications. For current Cisco Press titles and other

information, go to Cisco Press at this URL:

http://www.ciscopress.com

• Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and

networking investments. Each quarter, Packet delivers coverage of the latest industry trends,

technology breakthroughs, and Cisco products and solutions, as well as network deployment and

troubleshooting tips, configuration examples, customer case studies, certification and training

information, and links to scores of in-depth online resources. You can access Packet magazine at

this URL:

http://www.cisco.com/packet

• iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies

learn how they can use technology to increase revenue, streamline their business, and expand

services. The publication identifies the challenges facing these companies and the technologies to

help solve them, using real-world case studies and business strategies to help readers make sound

technology investment decisions. You can access iQ Magazine at this URL:

http://www.cisco.com/go/iqmagazine

• Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering

professionals involved in designing, developing, and operating public and private internets and

intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/ipj

• World-class networking training is available from Cisco. You can view current offerings at

this URL:

http://www.cisco.com/en/US/learning/index.html

xviii

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

OL-7029-01

Preface

Obtaining Additional Publications and Information

CHAPTER

1-1

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

OL-7029-01

1

Using Content Switching Module Commands

This chapter describes how to use the CSM and CSM-S commands and contains the following sections:

• Using the CSM and CSM-S Commands, page 1-1

• Command Modes, page 1-2

Note Except where specifically differentiated, the term “Content Switching Module” and its acronym “CSM”

includes both the Content Switching Module and the Content Switching Module with SSL.

The term “Content Switching Module with SSL” and its acronym “CSM-S” are used only where the

information presented is specific to the CSMS.

The term SSL daughter card an SSL termination dauthter card for the CSM that accelerates Secure

Socket Layer (SSL) transactions.

Using the CSM and CSM-S Commands

This section provides a brief introduction to using commands and where to go for more information on

configuring and using your CSM or CSM-S.

You will use these commands for basic tasks:

Command Task

write memory Saving the configuration

write terminal Viewing the configuration

logging buffered debugging Accumulating system log (syslog) messages

show logging Viewing system log (syslog) messages

clear logging Clearing the message buffer

1-2

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

OL-7029-01

Chapter 1 Using Content Switching Module Commands

Command Modes

With the command-line interface (CLI), you can do the following tasks:

• Check the syntax before entering a command.

Enter a command and press the ? key to view a quick summary, or precede a command with the help

command (help aaa, for example).

• Abbreviate commands.

You can use the config t command to start configuration mode, the write t command statement to

list the configuration, and the write m commmand to write to Flash memory. In most commands,

the show command can be abbreviated as sh. This feature is called command completion.

• Review possible port and protocol numbers at the following Internet Assigned Numbers Authority

(IANA) websites:

http://www.iana.org/assignments/port-numbers

http://www.iana.org/assignments/protocol-numbers

• Create your configuration in a text editor, and then cut and paste it into the configuration.

You can paste in a line at a time or the whole configuration. Always check your configuration after

pasting large blocks of text to be sure that all of the text was copied.

For information about how to build your CSM and CSM-S configuration, refer to the Catalyst 6500

Series Content Switching Module Installation and Configuration Note and Catalyst 6500 Series Switch

Content Switching Module with SSL Installation and Configuration Note.

CSM and CSM-S technical documentation is located online at the following websites:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/csm

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/csm/csms

Command Modes

The CSM and CSM-S contain a command set based on Cisco IOS technologies and provides

configurable command privilege modes based on the following command modes:

Note When using these modules on a switch running the Catalyst operating system and Cisco IOS, you must

session to the Mutilayer Switch Feature Card (MSFC) for the router prompt.

• Unprivileged mode

The unprivileged mode allows you to view CSM settings. The unprivileged mode prompt appears

as follows when you first access the CSM:

Router>

• Privileged mode

Any unprivileged mode command will work in privileged mode. Use the enable command to start

the privileged mode from the unprivileged mode as follows:

Router> enable

Password:

Router

The # prompt is displayed.

Page is loading ...

Cisco Systems OL-7029-01 User manual

Cisco Systems OL-7029-01 User manual

Related papers

Other documents