Page is loading ...
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1721R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the
document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
Cisco Wide Area Application Services Configuration Guide
© 2006-2019 Cisco Systems, Inc. All rights reserved.
iii
Cisco Wide Area Application Services Configuration Guide
CONTENTS
Preface 21
Audience 21
Document Organization 21
Document Conventions 23
Related Documentation 24
Obtaining Documentation and Submitting a Service Request 24
PART
1Cisco WAAS Introduction and Planning
CHAPTER
1Introduction to Cisco WAAS 1-1
About Cisco WAAS 1-1
Cisco WAAS Overcomes Common WAN Challenges 1-2
Key Services of Cisco WAAS 1-3
Traffic Optimization Process 1-3
Transport Flow Optimization 1-5
Window Scaling 1-5
TCP Initial Window Size Maximization 1-5
Increased Buffering 1-6
Selective Acknowledgment 1-6
Binary Increase Congestion TCP 1-6
Compression Technologies in Cisco WAAS 1-6
Application-Specific Acceleration Features in Cisco WAAS 1-7
Cisco WAAS Application Accelerators 1-7
File Services for Desktop Applications 1-8
File Services Features 1-8
Role of the Edge WAE 1-8
Role of the Core WAE 1-9
WAAS Print Services 1-9
Overview of Cisco WAAS Interfaces 1-9
WAAS Central Manager GUI 1-9
Accessing the WAAS Central Manager GUI 1-10
Components of the WAAS Central Manager GUI 1-11
WAAS Central Manager Menus 1-14
Contents
iv
Cisco Wide Area Application Services Configuration Guide
WAAS Central Manager Taskbar Icons 1-15
WAAS Central Manager Monitoring API 1-17
WAAS CLI 1-17
Benefits of Cisco WAAS 1-18
Preservation of Source TCP/IP Information 1-19
Autodiscovery of WAAS Devices 1-19
Centralized Network Monitoring and Management 1-19
Optimized Read and Write Caching 1-20
WCCP Support 1-20
PBR Support 1-21
Inline Interception Support 1-21
Failure Resiliency and Protection 1-21
RAID Compatibility 1-22
Streamlined Security 1-22
SNMP Support 1-22
IPv6 Support 1-23
CHAPTER
2Planning Your WAAS Network 2-1
Checklist for Planning Your WAAS Network 2-1
Planning Checklist 2-2
Site and Network Planning 2-4
Windows Network Integration 2-5
Data Center WAE Integration 2-5
Branch WAE Integration 2-5
UNIX Network Integration 2-6
SMB-Related Ports in a WAAS Environment 2-6
Ports 139 and 445 2-6
Ports 88 and 464 2-7
Firewalls and Standby Central Managers 2-7
Performance Tuning for High WAN Bandwidth Branch Offices 2-7
Overview of Autoregistration and WAEs 2-7
Selecting Static IP Addresses or Using Interface-Level DHCP 2-9
Interoperability and Support 2-10
Unicode Support for WAAS GUI Interfaces 2-10
WAAS and Cisco IOS Interoperability 2-10
WAAS and the Cisco IOS QoS Classification Feature 2-11
WAAS and the Cisco IOS NBAR Feature 2-11
WAAS and Cisco IOS Marking 2-13
WAAS and Cisco IOS Queuing 2-13
Contents
v
Cisco Wide Area Application Services Configuration Guide
WAAS and Cisco IOS Congestion Avoidance 2-13
WAAS and Cisco IOS Traffic Policing and Rate Limiting 2-13
WAAS and Cisco IOS Signaling 2-13
WAAS and Cisco IOS Link-Efficiency Operations 2-13
WAAS and Cisco IOS Provisioning, Monitoring, and Management 2-13
WAAS and Management Instrumentation 2-14
WAAS and MPLS 2-14
WAAS Application Accelerators Interoperability with Third-Party Load Balancers 2-14
WAAS Compatibility with Other Cisco Appliances and Software 2-15
WAAS Devices and Device Mode 2-15
Changing Device Mode 2-17
Calculating the Number of WAAS Devices Required 2-18
Supported Methods of Traffic Redirection 2-19
Advantages and Disadvantages of Using Inline Interception 2-20
Advantages and Disadvantages of Using WCCP 2-21
Advantages and Disadvantages of Using PBR 2-21
Configuring WCCP or PBR Routing for WAAS Traffic 2-22
Configuring WAEs as Promiscuous TCP Devices in a WAAS Network 2-25
Using Tertiary Interfaces or Subinterfaces to Connect WAEs to Routers 2-25
Access Lists on Routers and WAEs 2-26
IP ACLs on WAEs 2-26
Interception ACLs on WAEs 2-26
WAAS Login Authentication and Authorization 2-26
WAAS Administrator Accounts 2-27
Logically Grouping Your WAEs 2-28
Data Migration Process 2-29
PART
2Installing and Configuring Cisco WAAS
CHAPTER
3Using Device Groups and Device Locations 3-1
About Device Groups 3-1
Working with Device Groups 3-2
Creating a Device Group 3-2
Creating a New Device Group 3-3
Configuring the Settings for a Device Group 3-4
Assigning Devices to a Configuration Device Group 3-5
Deleting a Device Group 3-6
Viewing Device Group Assignments 3-6
Contents
vi
Cisco Wide Area Application Services Configuration Guide
Viewing the Device Groups List 3-7
Enabling or Disabling Device Group Overlap 3-7
Overriding Group Configuration Settings 3-8
Forcing Device Group Settings on All Devices in the Group 3-8
Selecting Device Group Precedence 3-9
Overriding the Device Group Settings on a Device 3-9
Understanding the Impact of Assigning a Device to Multiple Device Groups 3-10
Moving a Device Between Device Groups 3-10
Working with Device Locations 3-11
Creating Locations 3-11
Deleting Locations 3-12
Viewing the Location Tree 3-12
CHAPTER
4Configuring AppNav 4-1
Information About Cisco AppNav 4-1
System Components 4-1
AppNav Controller Deployment Models 4-3
AppNav Controller Interface Modules 4-5
AppNav Policy 4-6
Class Maps 4-6
Policies 4-7
Nested Policies 4-8
Site and Application Affinity 4-8
Default Policy Behavior 4-11
Prerequisites for AppNav Deployment 4-11
Guidelines and Limitations for AppNav Deployment 4-12
Configuring an AppNav Cluster 4-13
Task Flow for Configuring an AppNav Cluster 4-13
Configuring WAAS Device Interfaces 4-14
Interface Configuration with a Separate Management Interface 4-14
Interface Configuration with a Shared Management Interface 4-15
Interface Configuration Considerations 4-16
Creating a New AppNav Cluster with the AppNav Cluster Wizard 4-17
Creating a WAAS Appliance AppNav Cluster 4-18
Prerequisites for Creating an AppNav-XE Cluster 4-20
Configuring Interfaces with the Graphical Interface Wizard 4-22
Configuring AppNav Policies 4-24
Configuring a Class Map on a WAAS Appliance AppNav Cluster 4-24
Configuring Rules Within an AppNav Policy 4-30
Contents
vii
Cisco Wide Area Application Services Configuration Guide
Managing AppNav Policies 4-35
Configuring WAAS Node Optimization Policy 4-38
Configuring AppNav Controller ACLs 4-39
Configuring AppNav Cluster Settings 4-39
Configuring AppNav Controller Settings 4-41
Configuring AppNav Controller Settings for a WAAS Appliance 4-41
Configuring ANC Settings for an AppNav-XE Device 4-42
Configuring AppNav Contexts 4-43
Configuring WAAS Node Settings 4-44
Configuring WAAS Node Group Settings 4-45
Configuring AppNav Cluster Settings for a WAAS Node 4-46
Adding and Removing Devices from the AppNav Cluster 4-47
Adding an ANC to a Cluster 4-47
Removing or Disabling an ANC from a Cluster 4-49
Adding a New WAAS Node to the Cluster 4-49
Removing a WAAS Node from a Cluster 4-50
Adding a New WAAS Node Group to the Cluster 4-51
Removing a WAAS Node Group from a Cluster 4-51
Monitoring an AppNav Cluster 4-52
AppNav Connection Tracing 4-55
AppNav Connection Statistics 4-55
CHAPTER
5Configuring Traffic Interception 5-1
Overview of Traffic Interception Methods 5-1
About Traffic Interception Methods 5-2
Guidelines for Configuring Traffic Interception 5-3
Overview of WCCP Interception 5-3
Guidelines for Configuring WCCP 5-5
Guidelines for File Server Access Methods 5-7
Configuring Advanced WCCP Features on Routers 5-7
Information About Configuring a Router to Support WCCP Service Groups 5-7
Configuring IP Access Lists on a Router 5-9
Setting a Service Group Password on a Router 5-10
Configuring a Loopback Interface on the Router 5-10
Configuring Router QoS for WCCP Control Packets 5-11
Configuring WCCP on WAEs 5-11
Information About Load Balancing and WAEs 5-11
Information About Packet-Forwarding Methods 5-14
Reasons for Packet Rejection and Return 5-15
Contents
viii
Cisco Wide Area Application Services Configuration Guide
Layer 3 GRE as a Packet-Forwarding Method 5-15
Layer 2 Redirection as a Packet-Forwarding Method 5-16
Configuring or Viewing the WCCP Settings on WAEs 5-16
Configuring or Viewing the WCCP Settings on ANCs 5-22
Configuring and Viewing WCCP Router Lists for WAEs 5-25
Configuring WAEs for a Graceful Shutdown of WCCP 5-26
Configuring Static Bypass Lists for WAEs 5-26
Configuring Interception Access Control Lists 5-27
Configuring Egress Methods for WCCP-Intercepted Connections 5-29
Information About Egress Methods 5-29
Configuring the Egress Method 5-31
Configuring a GRE Tunnel Interface on a Router 5-31
Using Policy-Based Routing Interception 5-33
Information About Policy-Based Routing 5-33
Configuring Policy-Based Routing 5-35
Methods of Verifying PBR Next-Hop Availability 5-39
Method 1: Using CDP to Verify Operability of WAEs 5-39
Method 2: Using IP SLAs to Verify WAE Operability Using ICMP Echo Verification 5-40
Method 3: Using IP SLAs to Verify WAE Operability Using TCP Connection Attempts 5-41
Using Inline Mode Interception 5-42
Information About Inline Interception 5-42
Enabling Inline Operation on WAEs 5-44
Configuring Inline Interface Settings on WAEs 5-46
Configuring Inline Operation on ANCs 5-49
Configuring an IP Address on an Inline Interface 5-51
Configuring VLANs for Inline Support 5-53
Information About Clustering Inline WAEs 5-53
Disabling Peer Optimization Between Serial Inline WAEs 5-54
Configuring AppNav Interception 5-56
CHAPTER
6Configuring Network Settings 6-1
Configuring Network Interfaces 6-1
Configuring a Standby Interface 6-3
Configuring a Standby Interface on a Device with Version 5.0 or Later 6-4
Configuring a Standby Interface on a Device Earlier than Version 5.0 6-6
Configuring Multiple IP Addresses on a Single Interface 6-8
Modifying Ethernet Interface Settings 6-8
Modifying Physical Ethernet Interface Settings 6-8
Configuring Flow Control on 1 GB/s and Faster Ethernet Ports 6-11
Contents
ix
Cisco Wide Area Application Services Configuration Guide
Configuring the Default Gateway 6-12
Configuring Port-Channel Settings 6-13
Configuring a Port-Channel Interface on a Device with Version 5.0 or Later 6-14
Configuring a Port-Channel Interface on a Device Earlier than Version 5.0 6-15
Configuring a Load-Balancing Method for Port-Channel Interfaces 6-16
Configuring Interfaces for DHCP 6-17
Modifying Virtual Interface Settings for a vWAAS Device 6-18
Enabling or Disabling Optimization on WAAS Express Interfaces 6-19
Enabling WAAS Service Insertion on AppNav-XE Device Interfaces 6-21
Configuring Management Interface Settings 6-22
Configuring a Jumbo MTU 6-23
Configuring TCP Settings 6-24
Explicit Congestion Notification 6-25
Congestion Windows 6-26
Retransmit Time Multiplier 6-26
TCP Slow Start 6-26
Path MTU Discovery 6-27
Configuring a Static IP Route 6-27
Aggregating IP Routes 6-28
Configuring CDP Settings 6-28
Configuring the DNS Server 6-29
Configuring Windows Name Services 6-29
Configuring NAT Settings 6-30
CHAPTER
7Configuring Administrative Login Authentication, Authorization, and Accounting 7-1
About Administrative Login Authentication and Authorization 7-1
Default Administrative Login Authentication and Authorization Configuration 7-4
Configuring Administrative Login Authentication and Authorization 7-5
Configuring Login Access Control Settings for WAAS Devices 7-7
Configuring Secure Shell Settings for WAAS Devices 7-7
Disabling and Re-enabling the Telnet Service for WAAS Devices 7-10
Configuring Message-of-the-Day Settings for WAAS Devices 7-10
Configuring EXEC Timeout Settings for WAAS Devices 7-11
Configuring Line Console Carrier Detection for WAAS Devices 7-12
Configuring Remote Authentication Server Settings for WAAS Devices 7-12
Configuring RADIUS Server Authentication Settings 7-13
About TACACS+ Server Authentication Settings 7-15
Configuring TACACS+ Server Settings 7-16
Configuring Windows Domain Server Authentication Settings 7-17
Contents
x
Cisco Wide Area Application Services Configuration Guide
LDAP Server Signing 7-25
Enabling Administrative Login Authentication and Authorization Schemes for WAAS Devices 7-28
Configuring AAA Command Authorization 7-33
Configuring Cisco Prime Network Control System Single Sign-On 7-33
Configuring AAA Accounting for WAAS Devices 7-35
Viewing Audit Trail Logs 7-36
CHAPTER
8Creating and Managing Administrator User Accounts and Groups 8-1
Overview of Administrator User Accounts 8-1
Creating and Managing User Accounts 8-2
Overview for Creating an Account 8-2
Working with Accounts 8-3
Creating a New Account 8-4
Modifying and Deleting a User Account 8-5
Changing the Password for Your Own Account 8-6
Changing the Password for Another Account 8-7
Viewing a User Account 8-7
Unlocking a User Account 8-8
Working with Passwords 8-8
Working with Roles 8-9
Creating a New Role 8-10
Assigning a Role to a User Account 8-12
Modifying and Deleting a Role 8-13
Viewing Role Settings 8-13
Working with Domains 8-14
Creating a New Domain 8-14
Adding an Entity to a Domain 8-15
Assigning a Domain to a User Account 8-15
Modifying and Deleting a Domain 8-16
Viewing Domains 8-17
Working with User Groups 8-17
Creating a New User Group 8-18
Assigning Roles to a User Group 8-18
Assigning a Domain to a User Group 8-19
Modifying and Deleting a User Group 8-19
Viewing User Groups 8-20
CHAPTER
9Creating and Managing IP Access Control Lists for Cisco WAAS Devices 9-1
Overview of IP ACLs for WAAS Devices 9-1
Contents
xi
Cisco Wide Area Application Services Configuration Guide
Creating and Managing IP ACLs for WAAS Devices 9-2
List of Extended IP ACL Conditions 9-7
CHAPTER
10 Configuring Other System Settings 10-1
Modifying Device Properties 10-1
Managing Software Licenses 10-3
Enabling FTP Services 10-4
Configuring Date and Time Settings 10-5
Configuring NTP Settings 10-5
Configuring Time Zone Settings 10-5
Configuring Secure Store Settings 10-10
Secure Store Overview 10-10
Enabling Secure Store Encryption on the Central Manager 10-12
Enabling Secure Store Encryption on a Standby Central Manager 10-13
Enabling Secure Store Encryption on a WAE Device 10-14
Changing Secure Store Passphrase Mode 10-14
Changing the Secure Store Encryption Key and Password 10-15
Resetting Secure Store Encryption on a Central Manager 10-16
Disabling Secure Store Encryption on a WAE Device 10-17
Modifying the Default System Configuration Properties 10-18
Configuring the Web Application Filter 10-21
Enabling the Web Application Filter 10-21
Security Verification 10-22
Input Validation 10-22
Sanitization 10-22
Configuring Faster Detection of Offline WAAS Devices 10-23
About Faster Detection of Offline Devices 10-24
Configuring Alarm Overload Detection 10-24
Configuring the E-mail Notification Server 10-25
Using IPMI over LAN 10-26
Configuring BMC for Remote Platform Management 10-27
Enabling IPMI Over LAN 10-28
Enabling IPMI SoL 10-28
Managing Cisco IOS Router Devices 10-29
Registering a Cisco IOS Router Device Using the Central Manager GUI 10-29
Configuring Router Credentials 10-30
Registering a Cisco IOS Router Using the CLI 10-31
Configuring a User 10-32
Contents
xii
Cisco Wide Area Application Services Configuration Guide
Importing the Central Manager Certificate 10-33
Configuring a Router Certificate 10-34
Enabling the HTTP Secure Server on the Router 10-35
Installing a License on the Router 10-35
Configuring an NTP Server 10-36
Registering the Router 10-36
Reimporting a Router Device Certificate 10-37
Creating a new WAAS Central Manager IOS user on pre-registered IOS devices 10-37
WAAS, ISR-WAAS, and IOS-XE Interoperability 10-38
Configuring the Hostname for ISR-WAAS 10-39
About ISR-WAAS and ISR-WAAS Hostname 10-39
Configuring an ISR-WAAS Hostname with the Cisco WAAS CM 10-40
Configuring the ISR-WAAS Hostname with the CLI 10-40
Resetting an ISR-WAAS Hostname 10-41
PART
2Configuring Cisco WAAS Services
CHAPTER
11 Configuring File Services 11-1
About File Services 11-1
Overview of the File Services Features 11-3
Automatic Discovery 11-3
Data Coherency 11-3
Data Concurrency 11-4
File-Locking Process 11-5
Prepositioning 11-5
Preparing for File Services 11-6
Using File Services on the Cisco WAAS Network Module (NME-WAE) 11-6
Configuring File Services 11-6
Configuring the CIFS Accelerator 11-6
Creating Dynamic Shares for the CIFS Accelerator 11-7
About Preposition Directives 11-9
Creating a New Preposition Directive 11-10
Assigning Edge Devices to a Preposition Directive 11-13
Creating a New Preposition Schedule 11-14
Checking the Preposition Status 11-15
Starting and Stopping Preposition Tasks 11-15
Configuring the SMB Accelerator 11-15
About Preposition Directives 11-16
Creating a New Preposition Directive 11-17
Contents
xiii
Cisco Wide Area Application Services Configuration Guide
Assigning Edge Devices to a Preposition Directive 11-21
Creating a New Preposition Schedule 11-22
Checking the Preposition Status 11-23
Creating Dynamic Shares for the SMB Accelerator 11-24
CHAPTER
12 Configuring Application Acceleration 12-1
About Application Acceleration 12-1
Enabling and Disabling the Global Optimization Features 12-3
Procedure for Enabling and Disabling the Global Optimization Features 12-3
Configuring Individual Features and Application Accelerators 12-8
Configuring DRE Settings 12-8
Configuring HTTP Acceleration 12-9
About HTTP Metadata Caching 12-11
Using an HTTP Accelerator Subnet 12-12
Configuring MAPI Acceleration 12-13
Configuring Encrypted MAPI Acceleration 12-14
MAPI Operating Considerations 12-15
Terms Used with Microsoft Active Directory 12-15
Work flow for Configuring Encrypted MAPI 12-15
Configuring Encrypted MAPI Settings 12-16
Configuring a Machine Account Identity 12-18
Creating and Configuring a User Account 12-20
Configuring Microsoft Active Directory 12-22
Managing Domain Identities and Encrypted MAPI State 12-24
Cisco WAAS MAPI RPC over HTTP(S) 12-26
Microsoft Outlook and Exchange Versions Supported for Cisco WAAS MAPI RPC over
HTTP(S) 12-26
Configuration pre-requisites for optimizing MAPI RPC over HTTP(S) 12-27
MAPI Acceleration Charts for Cisco WAAS MAPI RPC over HTTP(S) 12-27
Configuring SMB Acceleration 12-28
Configuring ICA Acceleration 12-32
Configuring ICA over SSL 12-35
Configuring SSL Acceleration 12-35
Prerequisites for Configuring SSL Acceleration 12-36
Configuring SSL Global Settings 12-38
Configuring a Service Certificate and Private Key 12-40
Working with Cipher Lists 12-44
Working with Certificate Authorities 12-46
Configuring SSL Management Services 12-50
Contents
xiv
Cisco Wide Area Application Services Configuration Guide
Configuring SSL Peering Service 12-52
Using SSL Accelerated Services 12-54
Updating a Certificate/Key in a SSL Accelerated Service 12-58
Configuring SSL Acceleration for SaaS Applications 12-59
Determining Server Domains Used by SaaS Applications 12-60
Configuring SMART-SSL Accelerator 12-61
Preparing to use SMART-SSL acceleration 12-62
Using existing Root CA to sign WAAS accelerated service exported certificate 12-63
Creating Single-Sided SMART-SSL Accelerated Service Certificate 12-64
Configuring and enabling SMART-SSL accelerated services on single-sided device group 12-65
office365 optimization using Azure vWAAS 12-66
Cisco Support for Microsoft Windows Update 12-69
Benefits of Cisco Support for Microsoft Windows Update 12-70
Viewing Statistics for Cisco Support for Microsoft Windows Update 12-70
Cisco Support for Microsoft Windows Update and Akamai Cache Engine 12-71
Creating a New Traffic Optimization Policy 12-71
Preparing to Create an Optimization Policy 12-72
Creating an Application Definition 12-72
Creating an Optimization Policy 12-73
Creating an Optimization Class Map 12-77
Managing Application Acceleration 12-79
Modifying the Accelerator Load Indicator and CPU Load-Monitoring Threshold 12-79
Viewing a List of Applications 12-81
Viewing a Policy Report 12-81
Viewing a Class Map Report 12-82
Restoring Optimization Policies and Class Maps 12-82
Monitoring Applications and Class Maps 12-82
Defining Default DSCP Marking Values 12-83
Defining the Default DSCP Marking Value 12-83
Modifying the Position of an Optimization Policy 12-84
Modifying the Acceleration TCP Settings 12-86
Calculating the TCP Buffers for High BDP Links 12-87
Modifying the TCP Adaptive Buffering Settings 12-88
CHAPTER
13 Configuring Cisco WAAS with Akamai Connect 13-1
Benefits of Cisco WAAS with Akamai Connect 13-2
Deployment Options for Cisco WAAS with Akamai Connect 13-2
Dual-Sided Deployment 13-2
Single-Sided Deployment 13-3
Contents
xv
Cisco Wide Area Application Services Configuration Guide
Operating Considerations for Cisco WAAS with Akamai Connect 13-3
Supported WAAS Platforms for Akamai Connect 13-4
Supported WAAS Platforms for Akamai Connect up to 6,000 Connections 13-4
Supported WAAS Platforms for Akamai Connect beyond 6,000 Connections 13-5
WAVE and vWAAS Models for Akamai Connect beyond 6,000 Connections 13-5
Configuring HTTP-OC on WAVE-7541/7571/8541 13-6
Configuring HTTP-OC on vWAAS-12000/50000 13-8
Workflow for Enabling and Using Akamai Connect 13-10
Enabling Akamai Connect and Activating Akamai Connect License 13-10
Prerequisites for WAAS with Akamai Connect 13-11
Enabling Akamai Connect 13-11
Confirming Akamai License and Verifying Customer ID 13-12
Activating the Akamai Connect License 13-12
Deregistering and Reregistering a WAAS Device 13-15
Replacing an Inactive or Expired Akamai Connect License 13-15
Enabling Akamai Connected Cache 13-16
About Akamai Connected Cache 13-16
Akamai Connected Cache Requirements 13-17
Procedure for Enabling Akamai Connected Cache 13-17
Enabling OTT Caching 13-17
Overview of OTT Caching 13-17
About OTT Caching 13-18
Sites that Support OTT Caching 13-18
Workflow for OTT Caching with WAAS and Akamai Connect 13-19
Procedure for Enabling OTT Caching 13-19
Caching Types and Setting Caching Policies 13-19
Transparent Caching 13-20
Overview of Transparent Caching 13-20
Four Modes of Transparent Caching 13-20
Order of Preference for Caching Types 13-22
Setting Caching Policies 13-23
Server Address Validation 13-24
About Server Address Validation 13-24
Configuring Server Address Validation 13-24
Alarms Used with Server Address Validation 13-26
Upgrade/Downgrade Considerations for Server Address Validation 13-26
Using HTTP Proxy for Connections to the Akamai Network 13-27
Overview of HTTP Proxy Connections to the Akamai Network 13-27
Using the WAAS Central Manager as HTTP Proxy 13-28
Contents
xvi
Cisco Wide Area Application Services Configuration Guide
Configuring External HTTP Proxy 13-28
Configuring External HTTP Proxy for a Device or Device Group 13-28
Configuring External HTTP Proxy for All Devices 13-29
Cisco Cloud Web Security and Force IMS Features 13-29
Configuring Cache Prepositioning for Akamai Connect 13-30
Overview of Cache Prepositioning for Akamai Connect 13-30
Configuring a Cache Preposition Task 13-31
Viewing Cache Prepositioning Task Status 13-34
Copying Cache Prepositioning Tasks 13-35
Configuring HTTP/S Preposition Proxy for Akamai Connect 13-36
Overview of HTTP/S Preposition Proxy for Akamai Connect 13-36
Configuring Global Proxy Host and Port for Preposition Tasks 13-36
Modifying Proxy Settings for an Individual Preposition Task 13-36
Removing Proxy Settings for an Individual Preposition Task 13-37
Cisco Support for Microsoft Windows Update 13-37
Benefits of Cisco Support for Microsoft Windows Update 13-38
Viewing Statistics for Cisco Support for Microsoft Windows Update 13-38
Cisco Support for Microsoft Windows Update and Akamai Cache Engine 13-39
13-39
PART
2Maintaining, Monitoring, and Troubleshooting your Cisco WAAS Network
CHAPTER
14 Maintaining Your WAAS System 14-1
Upgrading the WAAS Software 14-1
Determining the Current Software Version 14-4
Obtaining the Latest Software Version from Cisco.com 14-4
Specifying the Location of the Software File in the WAAS Central Manager GUI 14-4
Upgrading the WAAS Central Manager 14-6
Upgrading Multiple Devices Using Device Groups 14-8
Upgrading Central Manager to New Hardware and Converting an Existing Central Manager to a
WAE 14-9
Deleting a Software File 14-10
Backing Up and Restoring Your WAAS System 14-10
Backing Up and Restoring the WAAS Central Manager Database 14-10
Backing Up and Restoring a WAE Device 14-12
Reinstalling the System Software 14-13
Preparing the USB Flash Drive 14-15
Reinstalling the System Software 14-16
Ensuring that RAID Pairs Rebuild Successfully 14-19
Contents
xvii
Cisco Wide Area Application Services Configuration Guide
Recovering the System Software 14-19
Recovering a Lost Administrator Password 14-22
Recovering from Missing Disk-Based Software 14-23
Recovering WAAS Device Registration Information 14-24
Performing Disk Maintenance for RAID-1 Systems 14-25
Removing and Replacing Disks in RAID-5 Systems 14-26
Configuring the Central Manager Role 14-28
Converting a WAE to a Standby Central Manager 14-28
Converting a Primary Central Manager to a Standby Central Manager 14-29
Converting a Standby Central Manager to a Primary Central Manager 14-30
Switching Both the Central Manager Roles 14-30
Central Manager Failover and Recovery 14-31
Enabling Disk Encryption 14-32
Configuring a Disk Error-Handling Method 14-33
Enabling Data Cache Management 14-34
Activating All Inactive WAAS Devices 14-35
Rebooting a Device or Device Group 14-36
Performing a Controlled Shutdown 14-37
CHAPTER
15 Monitoring Your WAAS Network 15-1
Viewing System Information from the System Dashboard Window 15-1
Monitoring Graphs and Charts 15-2
Viewing Device Information 15-3
Devices Window 15-3
Device Dashboard Window 15-6
Device Status Dashboard Window 15-7
Device Status Report 15-9
Viewing and Unlocking Device Users 15-9
Detecting and Resolving Configuration Conflicts 15-9
Customizing a Dashboard or Report 15-10
The WAAS Central Manager Report Panel 15-10
Adding a Chart or Table 15-12
Configuring Chart Settings 15-13
WAAS Chart Descriptions 15-14
TCP Optimization Charts 15-15
Compression Summary 15-15
Compression Summary Over Time 15-15
Effective WAN Capacity 15-15
Contents
xviii
Cisco Wide Area Application Services Configuration Guide
Throughput Summary 15-16
Traffic Summary 15-16
Traffic Summary Over Time 15-16
Traffic Volume and Reduction 15-17
Acceleration Charts 15-17
HTTP Acceleration Charts 15-17
HTTPS Acceleration Charts 15-18
Secure Sockets Layer (SSL) Acceleration Charts 15-19
Messaging Application Programming Interface (MAPI) Acceleration Charts 15-20
Server Message Block (SMB) Acceleration Charts 15-23
Independent Computing Architecture (ICA) Acceleration Charts 15-24
Akamai Connected Cache Charts 15-25
Connection Trend Charts 15-29
Optimized Connections Over Time 15-29
Optimized vs Pass-Through Connections 15-29
AppNav Charts 15-30
Total AppNav Traffic 15-30
AppNav Policies 15-30
Top 10 AppNav Policies 15-31
Top 10 WAAS Node Group Distribution 15-31
WAAS Node Group Distribution 15-31
Pass-Through Reasons 15-31
Top 10 Pass-Through Reasons 15-31
Platform Charts 15-31
CPU Utilization 15-32
Disk Utilization 15-32
SMB Preposition Chart 15-32
WAAS Table Descriptions 15-32
Traffic Summary Table 15-33
Network Application Traffic Details Table 15-34
HTTP Acceleration Statistics Table 15-34
HTTPS Acceleration Statistics Table 15-35
ICA Acceleration Statistics Table 15-35
MAPI Acceleration Statistics Table 15-36
SMB Acceleration Statistics Table 15-36
SSL Acceleration Statistics Table 15-37
Using Predefined Reports to Monitor WAAS 15-38
Predefined Reports Available by WAAS Level 15-38
Location-Level Reports 15-40
TCP Summary Report 15-40
Contents
xix
Cisco Wide Area Application Services Configuration Guide
HTTP Acceleration Report 15-40
HTTPS Acceleration Report 15-41
SSL Acceleration Report 15-41
MAPI Acceleration Report 15-41
SMB Acceleration Report 15-42
ICA Acceleration Report 15-42
Summary Report 15-42
Topology Report 15-43
Connection Trend Report 15-43
Connections Statistics Report 15-44
Resource Utilization Report 15-45
Disks Report 15-45
AppNav Report 15-45
Exported Reports 15-46
Managing Reports 15-52
Creating a Custom Report 15-52
Viewing and Editing a Report 15-54
Scheduling a Report 15-54
Viewing or Deleting a Scheduled Report 15-56
Configuring Flow Monitoring 15-57
Configuring Flowing Monitoring with NetQoS 15-57
About Flow Monitoring with NetQos 15-57
Configuration Considerations for Flow Monitoring with NetQoS 15-57
Procedure for Configuring Flow Monitoring with NetQos 15-58
Example: Using NetQoS for Flow Monitoring 15-59
Configuring Flow Monitoring with NetFlow v9 15-59
About Flow Monitoring with NetFlow v9 15-60
Configuration Considerations for Flow Monitoring with NetFlow v9 15-60
Procedure for Configuring Flow Monitoring with NetFlow v9 15-60
Disabling NetFlow v9 Monitoring 15-61
NetFlow v9 Exported Fields 15-61
NetFlow v9 Pass-Through Reasons 15-63
Troubleshooting Flow Monitoring Information 15-64
Alarms for Flow Monitoring 15-64
Commands Used to Troubleshoot Flow Monitoring 15-64
CHAPTER
16 Troubleshooting Your WAAS Network 16-1
WAAS Troubleshooting Guidelines 16-1
Gathering WAAS Troubleshooting Information 16-2
Contents
xx
Cisco Wide Area Application Services Configuration Guide
Rebooting the WAAS Device 16-3
Using the copy tech-support Command 16-3
Using show Commands 16-3
Using show Commands for WCCP Deployments 16-3
Generating a System Report 16-4
Capturing and Analyzing Packets 16-4
Verifying the WAAS Image 16-5
Verifying the Current WAAS Image 16-5
Verifying a Pending WAAS Image 16-6
WAAS Central Manager Alarm Panel 16-6
Viewing the Alarm Panel 16-6
Acknowledging an Alarm 16-7
Filtering and Sorting Alarms 16-7
Device Alarms 16-8
Alarm Email Notification 16-8
Troubleshooting Devices Using Alerts 16-10
Confirming Akamai License and Verifying Customer ID 16-11
Using the show and clear Commands from the Central Manager 16-11
Configuring and Viewing Logs 16-12
Configuring System Logging 16-12
Priority Levels 16-14
Multiple Hosts for System Logging 16-15
Configuring Transaction Logging 16-15
Enabling Transaction Logging 16-16
Transaction Logs 16-18
Viewing the System Message Log 16-18
Viewing the Audit Trail Log 16-19
Viewing a Device Log 16-19
CLI Commands for Verifying and Viewing Logs and System Image 16-19
Using Diagnostic Tests 16-20
Device Diagnostics Using the Central Manager 16-20
Device Diagnostics Using the CLI 16-21
Akamai Connect Diagnostics Using the Central Manager 16-22
Using the Kernel Debugger 16-24
Using WAAS TCP Traceroute 16-24
Verifying WAAS Physical Connectivity 16-24
Verifying Physical Connectivity Between Peer WAAS Devices 16-25
Verifying Physical Connectivity Between WAAS Data Center and Application Server Hosts 16-25
/
