Professional Documents
Culture Documents
This guide is delivered subject to the following conditions and restrictions: This guide contains proprietary information belonging to Expand Networks Inc. Such information is supplied solely for the purpose of assisting explicitly and properly authorized users of the Expand product series. No part of its contents may be used for any other purpose, disclosed to any person or firm or reproduced by any means, electronic, photographic or mechanical, without the express prior written permission of Expand Networks, Inc. The text and graphics are for the purpose of illustration and reference only. The specifications on which they are based are subject to change without notice. The software described in this guide is furnished under a license. The software may be used or copied only in accordance with the terms of that agreement. Information in this guide is subject to change without notice. Corporate and individual names and data used in examples herein are fictitious unless otherwise noted. Copyright 2011 Expand Networks Inc. All rights reserved.AcceleratorOS, Accelerator 9920/6800/6810/6920/ 6950/6850/6930/6830/6840/4800/4810/4820/4920/4830/4930/3930/3830/1610/1800/1810/1820/1920 and ECT are trademarks of Expand Networks Inc. Flex 2.5 includes software developed by the University of California, Berkeley and its contributors. Copyright 1990, The Regents of the University of California. All rights reserved. Other company and brand product and service names are trademarks or registered trademarks of their respective holders.
Contents
Chapter 1: Introducing the Accelerator................................... 1
Features and Benefits ........................................................................................ 2 Virtual Bandwidth Management ................................................................. 2 Easy Management and Configuration ........................................................ 2 Redefining Application Traffic Management............................................... 2 Next-generation WAN Compression .......................................................... 3 Application-specific Acceleration ........................................................ 3 Layer-7 QoS and Bandwidth Management ................................................ 4 Layer-7 Monitoring and Reporting ...................................................... 5 Branch Office Features ....................................................................... 5 Rapid Deployment/Dependable Results............................................. 5 Maximum Uptime and Reliability ........................................................ 6 The Accelerator Product Line ............................................................................ 7 How the Accelerator Works................................................................................ 8 IP-Based Network ...................................................................................... 8 On-Path .............................................................................................. 8 On-LAN............................................................................................... 9 Configuration and Management......................................................................... 11
ii
C o nt e nts
Configuring Basic Accelerator Details........................................................ 23 Setting Links via the Wizard....................................................................... 24 Setting the Time ......................................................................................... 26 Modifying the Password ............................................................................. 27 Reviewing Wizard Configuration ................................................................ 28 Accelerator Main Menu ...................................................................................... 29 Modifying the Basic Configuration ..................................................................... 30 Setting Routing Strategy ............................................................................ 31 Defining Advanced Settings ....................................................................... 32 About the AcceleratorOS License...................................................................... 34 Viewing the License Status ........................................................................ 35 Reviewing the Licensing Procedure........................................................... 36 Licensing a Physical Accelerator ............................................................... 37 Activating the I-Key in the Portal ........................................................ 37 Applying an Accelerator Feature License Key.................................... 38 Licensing a Virtual Accelerator................................................................... 38 Activating the Licensing Server Dongle via the Portal ........................ 38 Configuring the Licensing Server via the Accelerator......................... 39 Logging On and Off the Accelerator .................................................................. 41 Integrating the Accelerator into Your Network.................................................... 42 Integrating into Networks that use Dynamic Routing ................................. 42 Networks Using External QoS or Monitoring Devices................................ 43 Working in Noisy Link Environments.......................................................... 43 Installing On-LAN at a Data Center............................................................ 43 Installing in a High Latency Environment ................................................... 44 Installing in a Web-Intensive Environment ................................................. 44
Co n t en ts
iii
Understanding Acceleration................................................................ 51 Viewing Compression Statistics per Link.................................................... 53 Viewing Statistics per Link .......................................................................... 54 Discovering Traffic.............................................................................................. 57 Viewing Detected Applications ................................................................... 57 Viewing Detailed Traffic Discovery ............................................................. 57 Creating a New Application from Discovered Traffic .................................. 59 Viewing Monitored Applications.................................................................. 60 Discovering Layer-7 Applications ............................................................... 60 Viewing Statistics and Graphs for Specific Applications..................................... 62 Setting up Graphs ............................................................................... 63 Viewing Utilization Statistics per Application .............................................. 63 Viewing Throughput Statistics per Application............................................ 63 Viewing Acceleration Statistics per Application .......................................... 64 Viewing Compression Statistics per Application......................................... 64 Viewing Bandwidth Distribution Statistics per Application .......................... 65 Monitoring Applications .............................................................................. 65 Viewing Statistics for Applications .............................................................. 67 Viewing Summary Graphs.................................................................................. 68 Viewing Ethernet Statistics ................................................................................. 69 Configuring the Ethernet Statistics Display Fields ...................................... 69 Configuring NetFlow Support ............................................................................. 71 Identifying the Traffic .................................................................................. 72 Enabling NetFlow ....................................................................................... 72
iv
C o nt e nts
Using Dynamic Bandwidth.................................................................. 89 Configuring Link Subnets ........................................................................... 90 Creating Link Templates............................................................................. 92 Using a Virtual IP Address ................................................................................. 93 Setting Subnet Routing ...................................................................................... 94 Configuring Subnets Manually ................................................................... 95 Editing a Subnet ................................................................................ 96 Adding Static Routes.......................................................................................... 97 Setting Dynamic Routing ................................................................................... 98 Working with OSPF.................................................................................... 98 Configuring OSPF .............................................................................. 99 Working with Router Polling ....................................................................... 101 Enabling Packet Interception ............................................................................. 102 Working with RIP........................................................................................ 102 Configuring RIP .................................................................................. 102 RIP Route Injection............................................................................. 103 Using RIP for Packet Interception ...................................................... 104 Working with WCCP................................................................................... 104 Using WCCP for Packet Interception ................................................. 105 Adding a Dynamic Service ................................................................. 107 Editing a Dynamic Service.................................................................. 108 Setting WCCP on the Router.............................................................. 108 Working with PBR ...................................................................................... 108 Setting the Date and Time on the Accelerator ................................................... 109 Configuring DHCP Servers ................................................................................ 110 Activating DHCP Relay Agent.................................................................... 110 Setting ExpandView Connectivity Parameters................................................... 111
Co n t en ts
Authentication............................................................................................. 117 Getting Started with WAFS................................................................................. 118 Overview..................................................................................................... 118 Enabling WAFS Configuration............................................................................ 119 Configuring the File Server/Domain Controller........................................... 119 Defining Shared Directories ................................................................ 119 Defining User Permissions.................................................................. 120 Defining Network Settings .......................................................................... 121 Enabling WAFS Operation Mode ............................................................... 124 Excluding Servers or Subnets from WAFS................................................. 126 Configuring the Data Center and Branch Office................................................. 127 Setting Up the File Bank Director ............................................................... 127 File Server Settings............................................................................. 128 Summary............................................................................................. 129 Confirmation and Application .............................................................. 130 Setting Up the File Bank............................................................................. 130 Overview ............................................................................................. 131 Domain Settings.................................................................................. 132 File Bank Director Settings ................................................................. 133 Summary............................................................................................. 134 Confirmation and Application .............................................................. 134 WAFS Management and Operation Modes ....................................................... 136 The WAFS Management Screen................................................................ 136 FileBank Director Categories...................................................................... 137 FileBank Director System ........................................................................... 137 File Services ............................................................................................... 137 FileBank Director Utilities ........................................................................... 138 FileBank Categories ................................................................................... 138 FileBank System ................................................................................. 138 FileBank Services ............................................................................... 139 Additional Services ............................................................................. 140 FileBank Utilities ................................................................................. 140 Managing the Data Center ................................................................................. 141 Starting the Data Center ............................................................................. 141 Managing File Services .............................................................................. 142 Defining FileBank Director Settings .................................................... 142 Managing System Users..................................................................... 144 Adding File Servers............................................................................. 145
4. 0
vi
C o nt e nts
Managing the Compression Filters List .............................................. 147 Configuring FileBank Services ................................................................... 149 FileBank Directors .............................................................................. 149 Virtual Servers .................................................................................... 150 Windows Domain................................................................................ 151 Cache Settings ................................................................................... 152 Time to Live (TTL) settings ................................................................. 152 Invalidate Cache................................................................................. 153 System Users ..................................................................................... 153 STF Filters .......................................................................................... 154 Setting Advanced FileBank Features................................................................. 155 Configuring the Fetch Mechanism ............................................................. 155 Fetch Mechanism Overview ............................................................... 155 Fetch User .......................................................................................... 156 Fetch Jobs .......................................................................................... 156 Fetch Settings..................................................................................... 157 Fetch Activation.......................................................................................... 157 Creating Fetch Jobs ........................................................................... 158 Replication Service .................................................................................... 159 Replication User ................................................................................. 160 Replication File Types ........................................................................ 160 Replication Schedule.......................................................................... 160 Replication Paths................................................................................ 161 Replication Service Activation.................................................................... 161 Service Activation on FileBank Director ............................................. 161 Service Activation on FileBank ........................................................... 162 Initial Pre-population of Large Files on FileBank ................................ 162 Configuring Replication Services ............................................................... 162 Replication User ................................................................................. 163 Kerberos Configuration .............................................................................. 165 Enabling and Disabling Kerberos on the FB....................................... 165 Enabling and Disabling Kerberos on the FBD .................................... 165 Auto Kerberos Configuration .............................................................. 166 Enabling Kerberos per Server ............................................................ 166 Printing Services for the FileBank...................................................................... 168 Configuring Additional Services ................................................................. 168 Print Services ..................................................................................... 168 Configuring Print Services (FileBank) ........................................................ 169 Adding a Network Printer to FileBank................................................. 169
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
Co n t en ts
vii
Assigning Printing Administrators ....................................................... 170 PointNPrint Configuration.................................................................. 170 Uploading Printer Drivers.................................................................... 171 First Client Driver Installation .............................................................. 172 Verifying PointNPrint Installation ....................................................... 173 Manual Client Driver Installation ......................................................... 173 Verifying Driver Installation ................................................................. 174 Connecting the Printer to the FileBank Server.................................... 176 Printing Setup Troubleshooting........................................................... 176 Using WAFS Printing Services........................................................................... 178 Adding a WAFS Printer via Windows ......................................................... 178 WAN-OUT Operation ......................................................................................... 180 About WAN-OUT ........................................................................................ 180 Detecting a WAN-OUT Event ..................................................................... 180 FileBank WAN-OUT Detection Mechanism ........................................ 181 FBD WAN-OUT Detection Mechanism ............................................... 181 Working with Files while in WAN-OUT Mode ............................................. 181 Cache.................................................................................................. 181 File Access.......................................................................................... 182 File Security ........................................................................................ 182 Replication files and Short-Term files.................................................. 183 Partially Completed Transactions ....................................................... 183 Partial Disconnection .......................................................................... 183 WAN-OUT Known Limitations .................................................................... 183 DNS Masquerading ............................................................................................ 184 DNS Masquerading Benefits ...................................................................... 184 DNS Masquerading Configuration.............................................................. 185 Monitoring WAFS Functionality .......................................................................... 189 Running System Diagnostics...................................................................... 189 Viewing Logs .............................................................................................. 189 Troubleshooting.................................................................................................. 191 Troubleshooting Tools ................................................................................ 191 Networking.................................................................................................. 191 Windows Domain Join ................................................................................ 193 Service........................................................................................................ 194 Possible Error Messages............................................................................ 195 Access denied..................................................................................... 195 Performance ............................................................................................... 197
4. 0
viii
C o nt e nts
Advanced Expand Services ....................................................................... 199 DHCP Services................................................................................... 199 DNS Services ..................................................................................... 199
Co n t en ts
ix
Editing an Application ................................................................................. 217 Creating New Applications ......................................................................... 219 Layer-7 Applications ................................................................................... 222 Creating Web Applications ......................................................................... 222 Creating Citrix Applications ........................................................................ 224 Citrix Benefits...................................................................................... 226 Creating Remote Desktop Services ........................................................... 226 Setting QoS Rules.............................................................................................. 229 Setting Inbound QoS .................................................................................. 229 Viewing QoS Rules..................................................................................... 229 Creating QoS Rules.................................................................................... 230 Editing QoS Rules ...................................................................................... 234 Making Decisions for Specific Applications ........................................................ 235 Creating a New Application Decision ......................................................... 236 External QoS ...................................................................................................... 237 QoS Troubleshooting ......................................................................................... 238
C o nt e nts
Clearing HTTP Cache ................................................................................ 257 Returning to Default Settings ..................................................................... 257 Setting Advanced HTTP Parameters ......................................................... 258 Setting HTTP Acceleration Rules............................................................... 259 Excluding from HTTP Caching................................................................... 260 Working with Fetch Jobs ............................................................................ 261 FTP Acceleration ............................................................................................... 264 Enabling and Disabling FTP Caching ........................................................ 264 Setting the Cache Size............................................................................... 265 Setting Cache Content ............................................................................... 265 Clearing FTP Cache................................................................................... 265 Returning to Default Settings ..................................................................... 265 Setting Advanced FTP Parameters............................................................ 266 Excluding from FTP Caching ..................................................................... 267 Configuring DNS Acceleration ........................................................................... 268 Enabling Aggregation......................................................................................... 271 Enabling Traffic Encryption ................................................................................ 273 Configuring an IKE Policy .......................................................................... 273 Defining Crypto Mode ................................................................................ 274 Configuring IPsec Policies ......................................................................... 275 Applying IPsec Policies on a Link .............................................................. 276 Remote Desktop Protocol Services ................................................................... 278 Configuring Terminal Services ................................................................... 278 Collecting RDP Proxy Statistics ................................................................. 279 Excluding Terminal Services ...................................................................... 280
Co n t en ts
xi
xii
C o nt e nts
Monitoring Collective Branch Statistics .............................................................. 330 Viewing Collective Branch Throughput Statistics ....................................... 330 Viewing Collective Branch Utilization Statistics .......................................... 330 Viewing Collective Branch Acceleration Statistics...................................... 331 Viewing Collective Branch Compression Statistics .................................... 331 Viewing Collective Branch Statistics .......................................................... 332
Co n t en ts
xiii
Checking Warning Events .......................................................................... 352 Checking Error Events................................................................................ 352 Checking Fatal Events................................................................................ 353 Studying Log Message Formats ................................................................. 353 Displaying Information for Troubleshooting........................................................ 355 Displaying Statistics in a Compressed, Archived File................................. 355 Checking the Link Status.................................................................................... 356 Checking Ethernet Settings................................................................................ 357 Checking Lack of Acceleration ........................................................................... 360 Accessing Remote Devices........................................................................ 360 Checking Link Malfunction ................................................................................. 361 Checking for a Corrupted Terminal..................................................................... 362 Checking HSRP Malfunction .............................................................................. 363 Checking QoS Malfunction................................................................................. 364
xiv
C o nt e nts
Defining Settings on the Server.......................................................... 394 Setting/checking ICA or RDP listener traffic ....................................... 394 Speed Screen Latency Reduction Manager ....................................... 397 Defining Settings on the Client For Citrix ................................................... 397 Turning Compression off in the PNAgent Client......................................... 398 Understanding the PNA Problem ....................................................... 398 Resolving the PNA Problem ............................................................... 398 Identifying Citrix Layer-7 Applications ........................................................ 399 Configuring NetFlow .......................................................................................... 401 Studying Traffic Measurement.................................................................... 401 Studying Traffic Monitoring......................................................................... 402 Configuring Accelerator NetFlow ............................................................... 402 Disabling Compression on SAP......................................................................... 404 Calculating Acceleration using other Applications ............................................. 406
Appendix D: Contacting TAC ................................................... 423 Appendix E: TCPDump Optional Flags ................................... 425 Appendix F: Command Line Interface..................................... 439
Getting Started ................................................................................................... 440 Understanding the CLI Documentation ...................................................... 440 Accessing the CLI ..................................................................................... 441 Login and Logout Commands .................................................................... 442 Basic CLI Actions ....................................................................................... 443 Licensing Commands................................................................................. 444 Basic Setup Commands............................................................................. 447 Configuration Settings Commands ............................................................ 448 Customizing the CLI................................................................................... 450 Configuration Commands .................................................................................. 452
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
Co n t en ts
xv
General Commands ................................................................................... 453 Local Interface Commands......................................................................... 454 Link Commands.......................................................................................... 458 Bandwidth Adjust Commands .................................................................... 499 Crypto Commands...................................................................................... 503 Subnet Commands..................................................................................... 504 Alias Commands ........................................................................................ 507 OSPF Commands ...................................................................................... 509 Router Polling Commands.......................................................................... 514 RIP Commands .......................................................................................... 517 WCCP Commands ..................................................................................... 522 SNTP Server Commands ........................................................................... 527 DHCP Server Commands .......................................................................... 528 DHCP Relay Commands............................................................................ 531 WEB Acceleration Commands ................................................................... 533 HTTP Acceleration Commands .................................................................. 536 Fetch Job Commands ................................................................................ 568 TCP Acceleration Commands .................................................................... 572 Keep Alive Commands ............................................................................... 579 FTP Acceleration Commands..................................................................... 581 Studying a Subnet Configuration Network.................................................. 587 Ethernet Statistics Display Commands ...................................................... 588 NetFlow Commands ................................................................................... 593 QoS Commands ......................................................................................... 594 RAID Commands........................................................................................ 614 Aggregation Class Commands................................................................... 617 DNS Acceleration Commands.................................................................... 624 Traffic Encryption Commands .................................................................... 632 ARP Commands......................................................................................... 638 Additional Commands ................................................................................ 640 Link Commands.......................................................................................... 646 Expand View Commands ........................................................................... 653 SNMP Commands...................................................................................... 655 Log Commands .......................................................................................... 658 Log Archives Commands ........................................................................... 665 Configuration Tool Commands ................................................................... 667 Accdump Commands ................................................................................. 671 RDP Proxy Commands .............................................................................. 676 Mobile Accelerator Commands .................................................................. 680
4. 0
xvi
C o nt e nts
Configuring WAFS ............................................................................................. 683 Basic Operation Commands ...................................................................... 684 Cache Commands ..................................................................................... 687 Print Administration Commands................................................................. 688 Printer Driver Commands........................................................................... 690 CUPS Commands...................................................................................... 692 Printer Port Commands.............................................................................. 693 Printer Management Commands ............................................................... 696 WAFS Transparency Commands............................................................... 698 Excluded Server Commands ..................................................................... 699 CIFS Commands........................................................................................ 700 Compression Filter Commands.................................................................. 701 Time and Date Commands ........................................................................ 702 Additional Commands ................................................................................ 703 Fetch Commands....................................................................................... 706 FileBank Director Commands .................................................................... 707 WAFS Help Commands ............................................................................. 711 WAFS Licensing Commands ..................................................................... 712 WAFS Log File Commands........................................................................ 713 Replication Service Commands ................................................................. 718 Replication User Commands ..................................................................... 725 Event Scheduling Commands.................................................................... 731 Service Management Commands.............................................................. 734 Software Commands.................................................................................. 738 Statistic Commands ................................................................................... 739 Stf_filter Commands................................................................................... 740 Transaction Monitoring Commands ........................................................... 742 TTCP Commands ...................................................................................... 743 User Commands ........................................................................................ 745 Virtual Memory Statistic Commands .......................................................... 746 Wins Commands........................................................................................ 747 Configuring Security........................................................................................... 748 Transport Type Commands........................................................................ 748 Server Configuration Commands............................................................... 750 User Account Configuration Commands.................................................... 754 Software OS Upgrade Commands............................................................. 761 Technical Information and Trouble Shooting Tools ............................................ 762 By-pass Mode Commands......................................................................... 762 show tech-support continuous ................................................................... 765
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
Co n t en ts
xvii
4. 0
Fe at u r es a nd B en e fi ts
which enable network managers to align network resources with business priorities. Acceleration of application response times is achieved through next-generation WAN compression, application-specific acceleration, Layer-7 QoS capabilities and sophisticated monitoring and reporting.
Application-specific Acceleration
Application-specific acceleration is a breakthrough approach that works in combination with next-generation compression for improving application response times. Improves application response times by 100% to 400%, peaks of 1000%+ Extensible architecture based on application acceleration plug-ins for additional application support TCP acceleration enables TCP transfer speeds in excess of WAN link speed, even under challenging latency and packet loss
conditions. The TCP acceleration plug-in is standards-based, meeting the SCPS standard (www.scps.org) that was developed by NASA and the DoD for performance optimization in high latency links. HTTP acceleration provides faster web application response times for chatty HTTP transactions by eliminating repetitive download of frequently accessed objects, applets, and so on. FTP acceleration provides faster response times due to elimination of long FTP transactions by keeping local copies of frequently accessed files. DNS acceleration eliminates DNS wait times for applications (for example: web portals) by keeping copies of frequently accessed DNS translations cached at the edge Accelerator. The Accelerator's full-scale WAFS and CIFS acceleration optimizes file access over the WAN, solving remote server data access from the data center over the WAN. Server consolidation is made possible without paying the price in WAN application performance. Expand Networks enhanced WAFS offering addresses the key performance, availability and management issues raised by server consolidation: LAN-like application performance: Expand Networks acceleration architecture replicates files and keeps them on the remote sites cache, thereby maintaining LAN-like performance for future file transfers. Virtual-Server: Expand Networks enhanced WAFS offering retains critical remote branch system services such as: DNS, DHCP, and print. Addressing WAN-Outs: In the event of a network outage, remote users can continue working because files are served from a local cache.
Fe at u r es a nd B en e fi ts
Bandwidth limits can be set to a maximum amount or an optimal amount Burst-ability control Strict priority for real-time traffic Allows traffic shaping with high, medium, and low attributes Discards rogue applications Packet fragmentation assures VoIP/video latency budget Integrates with existing environments Marks, honors and preserves QoS based on application or QoS markings Extensible architecture Additional application classification QoS troubleshooting/diagnostics mode
2 minute configuration via front panel keypad Up and running in minutes with environment auto-detection Easy-to-use WebUI and central deployment stations Familiar Cisco-like CLI minimizes staff retraining Secure management with HTTPS, SSH, SNMP (v2c/v3) Integrates with existing user authentication and administration systems RADIUS, TACACS+, and Windows Directory Validated in over 1,000 enterprise and service provider networks
T h e A cc el er a to r P r o d uc t L in e
The Accelerator product line consists Accelerators that will cater to a range of facilities from the small office to the Enterprise Network. Check the corporate web site (www.expand.com) for new hardware releases.
IP-Based Network
In an IP network, you can position the Accelerator on the LAN-side of the router or directly on the LAN. The Accelerator can be located either On-Path, on page 8 or On-LAN, on page 9.
On-Path
On-Path configuration places the Accelerator between the LAN and the router on both sides of the IP network. The data from the LAN segment passes through the Accelerator that performs traffic optimization, including compression and QoS, before the data reaches the router. See the sample On-Path application in Figure 1.
In this configuration, internal by-pass circuitry ensures the Accelerator fails-to-wire, enabling invisible protection of the network in the unlikely event of failure. If the Accelerator fails-to-wire, traffic will continue passing, but will not be accelerated (by-pass mode).
H o w t h e A cc el er a t o r Wo r k s
On-LAN
On-LAN configuration places the Accelerator directly on the LAN as a host. The Accelerator becomes the next hop for traffic on the LAN destined to the WAN. The accelerated data is redirected to the far-end Accelerator (On-LAN or On-Path) where the data is reconstructed before reaching its destination IP address. Usually, one Accelerator is installed on the LAN segment. However, if resilience is to be enhanced, you can install two or more Accelerators for redundancy purposes. The most common configuration up to Version 6.1.2 involves creating two links (two Accelerators), one of which is assigned a higher priority (metric - ranging from 11 to 10,000), so it will be used as the default link for the connection. If this link fails, traffic switches to the other link. See Figure 2.
If all transparent Proxy services (such as HTTP acceleration or TCP acceleration) are disabled, you can assign incoming traffic through one link and outgoing traffic through the other link. Another optional configuration is shown in Figure 3:
In this configuration, Hot Standby Routing Protocol (HSRP) or Virtual Router Redundancy Protocol (VRRP) enables the Accelerator to take part in HSRP/VRRP
10
groups. Starting from Version 6.1.2, a link can be destined to an HSRP/VRRP virtual IP, providing redundancy in cases where an active Accelerator fails. If an AcceleratorOS link is established, and the Source IP of this link is defined to be the HSRP Groups Virtual IP, the link switches to the next Accelerator in the rare case of primary Accelerator failure, and all of this links services are kept. When the primary Accelerator is available again, the link switches back to it.
Co n fi g ur at io n an d M an ag em e nt
11
You can configure and monitor the AcceleratorOS via a user-friendly Web User Interface (WebUI). The WebUI is accessible from Microsoft Internet Explorer via the HTTP protocol or the secured HTTPS protocol. Console-based administration can be accomplished using a directly connected terminal or terminal software using a serial connection, a Telnet session, or a secured SSH-based connection. You can carry out initial configuration by using the front-panel LCD. The Accelerator operating system, AcceleratorOS, provides a wide range of management features. Like most networking equipment, the Accelerator requires some basic initial configuration in order to function. This configuration is performed locally by using the front-panel LCD, or an RS-232 console, Telnet console or browser-based management console, and includes specifying the Accelerators IP address. The initial configuration also involves defining passwords, and the time and date at the Accelerator site. The Accelerators user-friendly Installation Wizard guides you through the steps necessary to get your Accelerator up and running. For Quick Installation Instructions, see the Accelerator Quick Installation Guide.
12
14
C h ap t er 2: Getting Started
C on n ec t in g an d C on f ig u r in g M ul ti - P o r t Ac ce ler at o r s
15
Link LED
Definition 1000 MB link 100 MB link 10 MB link
Definition
There is traffic 100MB link 1G Link By-pass is activated
5. If there is an error or the LEDs light incorrectly, see the troubleshooting information for your specific device.
16
C h ap t er 2: Getting Started
Re vie w in g t h e S et u p Ch ec kl ist
17
Follow this checklist to ensure that you have all of the information necessary to complete Accelerator setup:
Network Checklist
What are the port settings of the devices that will be attached to the Accelerator (switch/router)? What is the IP address of the Default Gateway? What will the IP address of the Accelerator be? Will there be secondary IP addresses or VLAN IP Addresses? Does this Accelerator have more than one subnet in its network?
HSRP, on page 316 (config-ospf) ospf-mode enable, on page 512 RIP Commands, on page 517
IP address of the remote Accelerator? WAN bandwidth? Does your network include VLAN 802.1q trunking? Does your network use external traffic monitoring software on the router? Do you have any ToS implementation? MPLS? Diffserv? Any kind of applications that modify the ToS field?
Performing Setup via the Wizard, on page 22 Performing Setup via the Wizard, on page 22
Yes / No Yes / No
Working with VLAN, on page 297 Encapsulation, on page 25 MPLS, on page 77 Creating QoS Rules, on page 230
18
C h ap t er 2: Getting Started
Information Needed
Yes / No If Yes, what is the community name? Yes / No If Yes, what is the IP address of the trap receiver? Yes / No If Yes, what is the IP address of the Syslog Daemon? Yes / No Yes / No If yes, enable TCP Acceleration
Do you currently use NetFlow? Does your network have high latency lines above 40 ms?
P er f o r m in g S e tu p v ia t he L C D
19
Accelerator configuration is made simple with the front-panel LCD. AcceleratorOS v6.xx should be displayed, where xx is the maintenance release number (for example 7.0.1) in addition to a status display (Ready, By-pass, or various error messages). Press Enter to start configuration.
20
C h ap t er 2: Getting Started
When asked if you want to Save the setup, select Yes or No and press Enter. At this point, management can be performed via the Accelerators Web UI, via the CLI, Telnet, SSH, or via ExpandView- Centralized Management. To work with ExpandView, you will need to define the ExpandView server IP address via the CLI. For other LCD settings, see section Locking and Unlocking the Keypad, on page 344.
P er f o r m in g S e tu p v ia t he Web U I
21
The Accelerators Web User Interface (WebUI) provides you with a user-friendly interface for configuring the Accelerator.
1. The Accelerator comes pre-configured with the IP address: 10.0.99.99 255.255.255.0 If no other IP address was assigned via the LCD, use this default address to access the Accelerator. If the Accelerator is connected directly to a management PC, ensure that you set the PC to the same subnet as the Accelerators IP address. 2. In the Address field of your web browser, enter the Accelerators IP Address. Alternatively, the Accelerator WebUI supports access via Secure HTTP, by typing https:// before the Accelerator IP address. 3. The Accelerators WebUI opens and prompts you to log in to use the WebUI. When prompted, log in to the Accelerator by entering a user name and password. The default user name and password (both case sensitive) that must be used on initial login are as follows: user name: expand password: Expand The first time you access the WebUI, the Setup Wizard automatically opens and guides you through the steps of basic Accelerator configuration.
22
C h ap t er 2: Getting Started
P er fo r m in g S et up via t h e Wi z ar d
23
Licensing
Advanced Settings
24
C h ap t er 2: Getting Started
P er fo r m in g S et up via t h e Wi z ar d
25
Parameter
Destination IP Name Bandwidth
Description
Enter the IP Address of the remote device. Set a name for the link that will let you identify it in the future. Up to 31 characters, no spaces, no special characters. Set the speed of the link that connects the local Accelerator to the remote Accelerator. This should be either the local WAN bandwidth or the remote WAN bandwidth - whichever is lower. To accomplish asymmetrical bandwidth settings, use either the advanced link parameters or the CLI. Choose one of the following options, by clicking on the relevant radio button: IPComp: IPComp encapsulation (tunneled encapsulation) compresses the entire packet. This means that the IP header, the transport header and the payload are compressed and the packet traversing the network will have an IPComp header. IPComp is the default setting, which enables the best compression rate. Router Transparency (RTM): In Router Transparency encapsulation, only the packets payload is compressed, leaving the original IP header and the original TCP/UDP header in their original forms so that their information is available across the network. Router Transparency encapsulation is appropriate in an environment where header preservation is necessary, including QoS deployments, monitoring (NetFlow), Load Balancing, Billing, encryption, MPLS networks and certain firewall environments. UDP: UDP encapsulation allows for more compatibility with firewalls that use encapsulated packets.
Encapsulation
Note: When using router transparency mode, the payload of packets destined to the router (SNMP requests, Telnet, and so on) will be compressed, making them unreadable by the router. In this event, it is necessary to set up a decision policy that does not tunnel specific applications, (like SNMP see Working with Applications, on page 215), or excludes specific subnets or IP addresses from being accelerated on the link (see Configuring Link Subnets, on page 90). Note: Encapsulation settings can be asymmetric. This means that you can set one Accelerator to Router Transparency while setting the other Accelerator to IPComp in the opposite direction. This is useful for setting RTM mode when one of the Accelerators is On-LAN and the other is On-Path. However, IPComp encapsulation will not function if the IPComp protocol is blocked by a firewall. Therefore, ensure that the IPComp protocol is not blocked before selecting either IPComp or RTM encapsulation
26
C h ap t er 2: Getting Started
Note: TCP port 1928 is needed for establishing a connection between Accelerators. Ensure that this port is not blocked by a firewall that is installed between the Accelerators. Note: Deleting the non-link is impossible, because this link name is a logical entity that represents all un-specified traffic in the QoS and Monitoring engines
P er fo r m in g S et up via t h e Wi z ar d
27
To enter a password:
1. Type the current password in the Current Password field. If you are logging in for the first time, the default password is Expand. 2. Type a new password (context sensitive) in the New Password field. 3. Confirm this password by typing the same password you typed in step 2. 4. Click Next to move to the next screen.
28
C h ap t er 2: Getting Started
A cc el era to r Mai n Me nu
29
The following buttons, which are common to all WebUI menu screens, let you carry out basic operations as follows:
WebUI Menu Item
Setup Wizard Write Change Password
Description
Click the Setup Wizard link at any time to open the Setup Wizard. Click the Write link at any time to write the current configuration. This must be done when specified. Click the Change Password link at any time to modify your login password. The password is case sensitive, but the number of characters is not limited. For information on choosing a proper password, see Choosing a Legal Password, on page 349. If you have forgotten your password, you will need to reset the Accelerator to factory default settings, see Resetting the Password, on page 349. Click the Logout link at any time to log out of the Accelerator. Clicking on this button at any time on any page in the interface will set that page as the default startup page home page each time you log into the WEB/UI. There is no confirmation to this action. Click the Refresh button at any time to refresh the data in the WebUI. Any change not saved will be deleted. Click the Help button at any time to open the Accelerators online help. This help is pop-up based so make sure your browsers settings allow pop-ups.
Logout
30
C h ap t er 2: Getting Started
Description
Accelerator type The product ID is the unique number identifying the Accelerator, and is used when licensing the product Software (AcceleratorOS) version running on the Accelerator The last time the device was rebooted, and how much time has elapsed since. Time set in the Accelerator
If you need help with the AcceleratorOS interface, see Accelerator Main Menu, on page 29.
M o d if yin g t h e Ba sic C o nf ig u r a ti on
31
3. For advanced configurations, click Advanced Settings Configuration and see Defining Advanced Settings, on page 32.
Device Name Description IP Address Subnet Mask Routing Strategy Default Gateways Set a name for the Accelerator of up to 60 characters, without spaces and special characters. Type a description that is relevant for your use. For example, 3F ACC Type a valid IP address for this Accelerator. Type a Subnet Mask to identify this Accelerators local subnet. See Setting Routing Strategy, on page 31. Enter the networks Default Gateway to which the Accelerator will forward the traffic it intercepts. You can add more than one gateway, by typing the IP address in the field and clicking Add. The maximum number of gateways that you can add is 5. See Defining Advanced Settings, on page 32
Advanced Settings
32
C h ap t er 2: Getting Started
Deployment Size
CAUTION! The WAN bandwidth setting is used by the Accelerators QoS ! mechanism. Ensure that the WAN bandwidth is not set too low, otherwise the ! Accelerators QoS mechanism may drop packets and cause applications to disconnect. Note: For the Accelerators application optimization to work properly, you are advised to set an accurate WAN bandwidth defining the physical link that the Accelerator sits on. Either select the WAN Bandwidth from the pull-down menu or select Other and enter a specific figure into the provided field along with its correct unit (bps, Kbps, Mbps, Gbps). If you are unsure of your WAN bandwidth setting, use the default setting of 100 Mbps.
M o d if yin g t h e Ba sic C o nf ig u r a ti on
33
34
C h ap t er 2: Getting Started
A Note about Bandwidth Licensing: the bandwidth license specifies the maximum amount of traffic that will be accelerated. Any remaining traffic will pass-through. For example, if you have a license for 2MB and the network has more than 2MB of traffic, the maximum amount of traffic up to 2MB is accelerated, the remaining will pass through. To see if a particular link has exceeded the licensed bandwidth allowance, look at the My Links screen and a partial icon will be displayed next to the link. If you are concerned about exceeding your license limit, you can monitor it within the Links Statistics Data Table (see Figure 11). If packets are exceeding the license or if the license is expired, you are notified with a warning message
Ab o u t th e A cce le r at o r O S Li ce ns e
35
Additional topics in this section include: Viewing the License Status, on page 35 Reviewing the Licensing Procedure, on page 36 To load a new license, see Applying an Accelerator Feature License Key, on page 38 To configure the Licensing Server information, see Configuring the Licensing Server via the Accelerator, on page 39
36
C h ap t er 2: Getting Started
See one of the following topics for more information: Applying an Accelerator Feature License Key, on page 38for loading a new license file Configuring the Licensing Server via the Accelerator, on page 39for configuring the Licensing Server information.
Ab o u t th e A cce le r at o r O S Li ce ns e
37
38
C h ap t er 2: Getting Started
Ab o u t th e A cce le r at o r O S Li ce ns e
39
Dongle ID number in order to register the Dongle. This number is supplied to you within the Confirmation Letter you received when you purchased the Virtual Accelerator. 1. Go to www.expand.com. Click the My Expand Link. Customers are to go to the Extranet site by clicking the Here to Login button on the right. 2. Enter your login information and click Log In. If you have not yet registered click First Time Here to do so and then log in. 3. Click on the Accelerator Licensing tab. 4. Click the Add Product link. 5. In the popup window, enter the Site Name, and the Reseller. Enter the Dongle ID Number. Re-enter the Dongle ID Number. Click the Submit button and a new popup window opens. 6. Download the Licensing Deployment File (.lic) by clicking the underlined hyperlink. 7. The individual Virtual Accelerator License Keys are also displayed. Download the Excel spreadsheet and save it for your records. 8. Go to Configuring the Licensing Server via the Accelerator, on page 39, to continue.
Note: In order to use the Virtual Accelerator, you will need to install the Licensing Server and Dongle. For additional information about the Licensing Server Installation or Licensing Server Dongle, see the documentation included on the Virtual Accelerator Accessories DVD.
40
C h ap t er 2: Getting Started
L o g gi n g O n an d O f f t he A cc ele r a to r
41
In the setup of the Accelerator, you set a password. You will need this password to log into the software.
2. Enter the IP address of the Accelerator. The login screen appears. 3. If your browser has pop-ups disabled, change the properties so that pop-ups are enabled. 4. Verify that the platform and software version shown on the screen are correct. 5. In the User Name field, enter the user name you used in the Setup Wizard. This is case sensitive. 6. In the Password field, enter the password you used in the Setup Wizard. This is case sensitive. If this is your first time logging in, the default user name is expand and the default password is Expand. Both are case sensitive. 7. Click Submit.
42
C h ap t er 2: Getting Started
In te g r at in g t h e A cc el er a to r in t o Yo u r N et w o r k
43
44
C h ap t er 2: Getting Started
46
Introduction to Monitoring
All statistics generated for these graphic reports are saved in the Accelerator history log, so that if Windows closes or if an Accelerator reboots, you can easily re-access the chart or graph via the Accelerator WebUI. The graphs are automatically updated, according to a set frequency. The Accelerator samples the data behind-the-scenes and stores it in a compact way, which lets you view data up to the minute over a period of up to a year. This sampled data represents the average over the selected period of time. Expand recommends that you open a maximum of five charts per-Accelerator simultaneously. The monitoring feature, available via the Monitor tab, lets you view statistics and graphs for the following: From WAN, To LAN, To WAN, and From LAN traffic, as described in the following figure:
Note: In a non-link environment, if a local subnet is not defined as LOCAL, the Accelerator QoS and Monitoring features do not function properly. Ensure that all Local subnets are defined as local.
Wo r k in g w i th M on i to r i ng
47
To work with monitoring, you first need to take several steps, defined in the following sections:
Note: The Accelerators graphic reporting feature works with the Java-Applet (JRE 1.4 and up, recommended to use the Java-Applet provided on the Expand Networks<> Extranet). The PC used for viewing the graphs must support Java runtime environments and a Java plug-in must be installed in order to view the Accelerators graphs
48
Description
The Accelerators monitoring feature lets you view statistics for inbound or outbound traffic on the Accelerator. The Accelerators monitoring feature lets you view statistics, for the following: A specific link All of the Accelerators links All compressible links The non-link All virtual links Scroll down in the View Last drop-down menu to select the period for which the graph is displayed. The default period is 30 minutes. You can set the link speed in the fields above the graph to add a line to the displayed graph, enabling you to see the limit of throughput that can actually traverse the link. By default, when Auto is selected in the link speed column, the link speed is set to the bandwidth set for the link selected. When Total is selected in the Link column, the default link speed (when Auto is selected in the Link speed column) is set to either the total bandwidth set for all links or the sum of all WAN bandwidths; total is the lower value of the two. Select the Show checkbox if you want to see the peak lines representing the highest statistics achieved for the reported period. All graphs displayed give an average of the performance for any given interval. Therefore, viewing Peaks is necessary for understanding the Accelerators overall performance. Click the Save button to save the generated graphs as a JPG or a PDF file. You are then directed to browse to a location in which to save the file. The PDF file created displays each graph in the selected Monitoring window and a brief description of each. Click the Export to CSV button to save the generated graphs as a CSV file. You will be directed to browse to a location in which to save the file. The file created generates a table with the following fields: Name, Description, Period, Interval, Sample Time, In, Peak In, Effective In, Effective Peak In, Inbound Acceleration, Inbound Peak Acceleration, Inbound Compression, Inbound Peak Compression, Out, Peak Out, Effective Out, Effective Peak Out, Outbound Acceleration, Outbound Peak Acceleration, Outbound Compression, Outbound Peak Compression For a description of these fields, see section Viewing Statistics for Applications, on page 67.
Peak Data
Save
Export to CSV
49
The link statistics and graphs let you monitor the performance of the Accelerator and its links. Alternatively, you can monitor the Accelerator based on the Applications traversing its links. Topics covered include: Viewing Viewing Viewing Viewing Viewing Throughput Statistics per Link, on page 50 Utilization Statistics per Link, on page 50 Acceleration Statistics per Link, on page 51 Compression Statistics per Link, on page 53 Statistics per Link, on page 54
50
51
Understanding Acceleration
The Acceleration percentage describes how effectively the Accelerator is processing and compressing the traffic. This statistic does not take into account traffic that bypasses the acceleration mechanism. Acceleration percentages are calculated as follows:
To calculate acceleration:
Refer to the Monitor > Links > Statistics menu for data to be used in the following procedure. 1. Multiply the number of In Packets by 14. 2. 3. 4. 5. This accounts for the Ethernet Layer-2 header. Subtract this number from the number of In Bytes. Divide this number by the sum of the Out Packets multiplied by 14 and subtracted from Out bytes. Subtract 1 from the sum. Multiply the ratio by 100 to arrive at the acceleration percentage.
52
InBytesIncoming bytes (from LAN) - Do not tunnel bytesRouting bytes- Passthrough bytes InPacketsIncoming packets (from LAN) - Do not tunnel packets Routing packets - Passthrough packets OutBytesOutgoing bytes (to the WAN) - Do not tunnel bytes Routing bytes - Passthrough bytes - System messages bytes OutPacketsOutgoing packets (to the WAN) - Do not tunnel packets - Routing packets - Passthrough packets - System messages packets.
Parameter Item
Do Not Tunnel Routing
Description
Traffic set with the Do Not Tunnel decision, Non-link traffic, Virtual link traffic Traffic between the Accelerator and the local router to retrieve routing information for the local LAN Traffic set with the Do Not Accelerate decision, overload traffic Keepalives and so on.
53
For example: in a simple scenario in which the packet size is 1000 bytes: If InBytes = 300,000 and OutBytes = 100,000 then: 300000 14 X 300 -------------- 1 X 100 = 208 ------------100000 14 X 300
Figure 5:Calculating Acceleration Example
54
Description
Packets
In Packets Out Packets Number of input packets Number of outgoing packets
55
Description
Number of input packets sent over a secure link Number of outgoing packets sent over a secure link Incoming packets that were discarded by a rule with discard policy Outgoing Packets that were discarded by a rule with discard policy Incoming packets that were dropped by QoS enforcements, such as queues and obsolete Outgoing Packets that were dropped by QoS enforcements, such as queues and obsolete Outgoing Packets that were dropped by QoS enforcements, such as queues and obsolete on a secure link. Outgoing Packets that were not optimized due to being sent through the Traffic-Gauge mechanism in order to enhance performance Number of small packets aggregated, or combined, after transmission Number of small packets aggregated, or combined, before transmission Incoming packets that were aggregated as part of the default postacceleration aggregation policy. Outgoing Packets that were aggregated as part of the default postacceleration aggregation policy Incoming Packets that were aggregated as part of the user defined-1 post-acceleration aggregation policy. Outgoing Packets that were aggregated as part of the user defined-1 post-acceleration aggregation policy. Incoming Packets that were aggregated as part of the user defined-2 post-acceleration aggregation policy. Outgoing Packets that were aggregated as part of the user defined-2 post-acceleration aggregation policy Incoming Packets that were aggregated as part of the Thin Client post-acceleration aggregation policy Outgoing Packets that were aggregated as part of the Thin Client post-acceleration aggregation policy Number of packets sent out marked as Do not Accelerate. Number of packets sent out marked not to be routed into the link. Number of packets that are not optimized because the bandwidth limit as set by the AcceleratorOS license is exceeded
Poly In Packets Poly Out Packets Agg Default In Packets Agg Default Out Packets Agg User-Defined 1 In Packets Agg User-Defined 1 Out Packets Agg User-Defined 2 In Packets Agg User-Defined 2 Out Packets Agg Thin Client In Packets Agg Thin Client Out Packets Do Not Acc Packets Do Not Tunnel Packets Exceeded License Packets
Errors
CRC Errors Other Errors Number of CRC-errored packets received Unexpected errors received
56
Description
Errors resulting from Decryption Errors resulting from Encryption Number of errored packets received that were not caused by decryption Number of errored packets transmitted that were not caused by encryption Number of Authentication Header failures. This occurs when there is an authentication mismatch Number of Replay Window errors. This is generated when a duplicate packet is received by the replay window
Acceleration
In Acceleration Out Acceleration In Actual Acceleration Out Actual Acceleration In Compression Out Compression Inbound Acceleration percentage Outbound Acceleration percentage Acceleration that considers all incoming throughput Acceleration that considers all outgoing throughput Inbound compression percentage Outbound compression percentage
Note: This will clear all of the statistics counters, so make sure you want to do this before proceeding. 1. Click the Clear Counters button. 2. Click Yes when prompted.
Discovering Traffic
57
The Traffic menu lets you view applications running on the network. Traffic is divided into the following categories: Detected traffic (all other applications detected on the network - non-classified traffic that is not part of a predefined or user-configured application type), Monitored traffic (all applications set to enable collect statistics), and Layer-7 discovery (the application properties discovered on the network). This section contains the following topics: Viewing Detected Applications, on page 57 Viewing Detailed Traffic Discovery, on page 57 Creating a New Application from Discovered Traffic, on page 59 Viewing Monitored Applications, on page 60 Discovering Layer-7 Applications, on page 60
58
This window contains the following items: The Clear Counters button - lets you clear all counters for the discovered application. This is useful in case you want to start collecting new statistics without restarting the system. The Inbound section - details data regarding the inbound traffic. All data items detailed here can be seen since the system was last started (System up), since the last time the counters were cleared (Since Clear) or in the last five seconds. The Outbound section - details data regarding the outbound traffic. All data items detailed here can be seen since the system was last started (System up), since the last time the counters were cleared (Since Clear) or in the last five seconds. The Inbound section details the following data items: In Bytes - the amount of compressed bytes that entered the link in this specific system. Raw In Bytes - the amount of pre-compressed bytes that entered the link in this specific system. Queued in bytes - the amount of bytes waiting to enter the system. In Packets - the amount of compressed packets that entered the link in this specific system. Dropped In Packets - the amount of packets that were not accelerated. Discarded In Packets - the amount of packets that were discarded before passing through the link. In Acceleration - how effectively the Accelerator is processing and compressing the traffic. In Compression - the amount by which traffic was reduced by the Accelerator. The Outbound section details the same data items, in the outbound direction.
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
59
60
61
62
Description
Select an application to view, or select Top 10 or From List. Top 10 displays results for the ten applications that are most prevalent on your network. From List displays the ten applications selected in the Monitored Applications window. The Accelerators monitoring feature lets you view data for From WAN, To LAN, To WAN and From LAN traffic on the Accelerator. The Accelerators monitoring feature lets you view data per link or for the total for all of the Accelerators links. Scroll down in the View-last drop-down menu to select the period for which the graph is displayed. The default period is 30 minutes. You can set the link speed in the fields above the graph to add a line to the displayed graph, which lets you see the limit of throughput that can actually traverse the link. Select the Peak Data checkbox if you want to see the peak lines representing the best statistics achieved for the reported period. Because all graphs displayed give an estimate of the performance for any given interval, viewing the peaks is necessary for getting a full picture of the Accelerators overall performance.
Peak Data
63
Setting up Graphs
Only applications defined as monitored applications are displayed in the application graphs. The Traffic Discovery menu lets you view all applications traversing the network.
64
The Compression Statistics per Application graph display, in percents, the amount by which data traffic over the physical link was reduced, presented in distribution per single applications.
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
65
Monitoring Applications
This section explains how to use and understand the Accelerators advanced graphic reporting and statistics feature that enables monitoring of accelerated applications. Applications are either predefined or user-defined. By default, 50 of the predefined applications are considered Monitored applications (see Pre-Defined Applications, on page 381), and all user-defined applications are Monitored by default. Monitored applications are applications for which statistics are saved in the Accelerator to be displayed in graphs and charts. You can monitor simultaneously up to 50 applications on each Accelerator, and up to 10 applications on each link. Applications can be can be monitored on a per-link basis or globally on all links.
66
67
Description
Outbound
Out Bytes Raw Out Bytes Queued Out Bytes Out Packets Dropped Out Packets Discarded Out Packets Out Acceleration Out Compression Number of outgoing bytes Total outgoing bytes being accelerated using this link Number of outgoing bytes that are in the queue. Number of outgoing packets Outgoing Packets that were dropped by QoS enforcements (queues, obsolete and so on.) Outgoing Packets that were discarded by a rule with discard policy (discard all P2P). Outbound Acceleration percentage Outbound compression percentage
68
View i n g Et he rn et Sta ti st ic s
69
The Accelerator lets you view a statistic detailing of the data displayed on the monitoring graphs. Refer to one of the following sections for details regarding the configuration of Ethernet statistics: Configuring the Ethernet Statistics Display Fields, on page 69, for WebUI configuration. Ethernet Statistics Display Commands, on page 588 for configuration with the CLI.
2. In the Ethernet Statistics screen, select the relevant Ethernet card in the Interface field. The Interface drop-down menu shows all detected Accelerator interfaces. Additional ports are shown only for platforms which support multi-port. If optional panels are used, 4 pairs are shown, otherwise 2 pairs. In other words, the UI shows only the amount of available ports, as indicated in the following figure:.
70
The buttons near the Interface field let you clear either the counters of the currently selected interface or all counters of all interfaces. All statistic items, in both inbound and outbound directions, are displayed according to:
DataLists type of statistic gathered System UpData transferred over the selected link, which was collected since the Accelerator was powered on. Data is listed in KB, in percentages, or in number of packets. Since ClearData transferred over the selected link, which was collected since the Accelerators counters were last cleared. Data is listed in KB, in percentages, or in number of packets. Last 5 SecondsData transferred over the selected link, which was collected over the last 5 seconds. Data is listed in Kbps or in percentages.
Co n f ig u r in g N et Fl o w S u p p or t
71
The Accelerator supports Ciscos NetFlow protocol (version 5), which enables collecting traffic flow statistics on routing devices. NetFlow is based on identifying packet traffic and reporting the traffic statistics to the collector. The traffic reported is traffic before acceleration, which lets you receive data regarding real traffic (not encrypted, tunneled or accelerated). NetFlow does not: Involve setting any connection-setup protocol either between routers or to any other networking device or end station Require any change externally either to the traffic or packets themselves or to any other networking device. NetFlow does provide various statistical data items (WAN-to-LAN or LAN-to-WAN), in addition to the items generated by the Accelerator. NetFlow uses the following SNMP names: eth 1 (for ETH 0/0) eth 2 (for ETH 0/1) By using these names, the Collector receives on-path indication even when on-LAN deployment is used. In the Collector, eth 2 is used as the Out port and eth 1 as the In port in LAN-toWAN deployment, while the opposite happens in WAN-to-LAN deployment (eth 1 is used as the Out port and eth 2 as the In port). When using the CLI to configure NetFlow, you have to indicate which port is used for connecting to the LAN. The following traffic types are not reported: WAN-to-WAN LAN-to-LAN (including bridgeless traffic). i Note: The NetFlow collector listening port is needed for establishing a connection between the Accelerator and the collector. Ensure that this port is not blocked by a firewall installed between the Accelerator and the collector.
72
Enabling NetFlow
To enable NetFlow:
1. Click on the Setup tab, followed by Advanced, followed by Netflow. 2. Use the relevant fields to enter the Collector IP address, port number and interface. Alternatively, click the Set Default Values button to reset the Netflow configuration values to factory values. 3. Use the Interface drop-down menu to select one of the detected Accelerator interfaces. Additional ports are shown only for platforms which support multi-port. If optional panels are used, 4 pairs are shown, otherwise 2 pairs. In other words, the UI shows only the amount of available ports, as indicated in the following figure:
Co n f ig u r in g N et Fl o w S u p p or t
73
74
76
C h ap t er 4: Configuring Networking
If the Topology-Size is set to a number that is too large, the Accelerator will not use all its resources, resulting in lower acceleration percentages than would be possible if the Topology-Size were set accurately. If the Topology-Size is set to a number that is too small, too many negotiation messages will be sent between the Accelerator and the network. In addition, the amount of time it takes for the Accelerator to reboot and to recover from a disconnected link will be longer than necessary.
O pt i mi z in g t he N et w o r k Top o lo g y
77
Customized Configuration
Noisy environments are handled automatically via the Accelerator. The Accelerators basic configuration settings can automatically optimize problematic networks of this type. Out-of-order environments are handled automatically via the Accelerator. The Accelerators basic configuration settings can automatically optimize problematic networks of this type. In load-balanced environments, you should set the Accelerator to Source IP preservation (CLI configuration only) to maintain the semblance of a session, or RTM encapsulation if necessary. You can perform load balancing per packet or per session. In a loadbalanced environment you should either enable IPcomp via the CLI, (see (link) encapsulation, on page 474) or use transparent mode to preserve session information. In MPLS networks, enable ToS bit preservation and source IP preservation. Often it is important to enable router transparency instead, to work with the networks QoS deployment (see section (link) encapsulation, on page 474). Enable router transparency, or ToS bit preservation &/or Source IP Preservation (see section (link) encapsulation, on page 474). Depending on the fields in use, enabling one or more of the IPComp preservation modes may be necessary in order to use RTM. Enable router transparency, or ToS bit preservation &/or Source IP Preservation (see section (link) encapsulation, on page 474). Depending on the fields in use, enabling one or more of the IPComp preservation modes may be necessary in order to use RTM.
Out-of-order
Load balancing
MPLS
78
C h ap t er 4: Configuring Networking
Co n f ig u r in g S e co n da r y IP Ad d r es se s
79
You can set on the Accelerator up to 20 Secondary IPs, for connection to multiple subnets on the same network. Out-of-band management is set here. If Out-of-band management is used, it is counted as one of the twenty Secondary IP addresses available. Starting from Version 6.1.2, you can set several IPs on the same subnet, whereas prior to this version, a secondary IP address belonged to a different subnet.
80
C h ap t er 4: Configuring Networking
When a link is first created or re-established, auto-negotiation occurs between the local and remote ends of the link and uses the inbound and outbound bandwidth settings to determine the resources to be allocated for each link. This section contains the following topics: Studying the Links Screen, on page 81 Adding Links, on page 82 Advanced Link Configurations, on page 84 Editing Links, on page 89 Using Dynamic Bandwidth, on page 89 Configuring Link Subnets, on page 90 Creating Link Templates, on page 92
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
C r ea ti n g an d E d it in g L i nk s
81
82
C h ap t er 4: Configuring Networking
Note: Packet Fragmentation does not work in RTM mode. The following sections detail the additional operations you can carry out via the Links screen: Adding Links, on page 82 Advanced Link Configurations, on page 84 Editing Links, on page 89 Creating Link Templates, on page 92 The CLI procedure for adding and editing links is the same as for creating the first link. For more information, see Link Commands, on page 458.
Adding Links
Add links to the Accelerator via the Setup - My Links menu. Note that TCP port 1928 is needed for establishing a connection between Accelerators. Ensure that this port is not blocked by a firewall that is installed between the Accelerators.
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
C r ea ti n g an d E d it in g L i nk s
83
Note: When configuring a link, it is advised to set a link metric (in the Advanced menu) for it, which is the actual metric for all the links subnets, with the exception of excluded Subnets. If you do not set a link metric for the link, the system automatically sets a default for the link, which is the current maximum metric +10, starting from 11. Also note that changing the local link metrics or the metrics for redistributed routes on the router, may cause clear traffic to exit the Accelerator even if you are using IPSec enabled links with a Crypto mode configured as Strict.
To add a link:
1. In the Accelerator WebUI, click on the Setup tab, and then the My Links menu. The Links screen opens by default. See Figure 3.
Description
IP address of the sending device. By default, the Accelerators primary IP is displayed. You can either leave this choice or select another source IP address. The Source IP field, lets you define a source IP for each new link you create, and also changes the source link while the link is active. In addition, you may use a virtual IP address for redundancy purposes. In this case the virtual IP will be a link which, in the case of machine failure, will be redirected to another machine, unlike a link whose source is a primary IP address. The valid link source IPs are as follows: Primary IP Secondary IP VLAN IP HSRP IP VRRP IP For more details see Using a Virtual IP Address, on page 93. Set a name for the link to let you identify the link in the future. Up to 32 characters, no spaces. IP address of the remote device.
Name Destination IP
84
C h ap t er 4: Configuring Networking
Property
Bandwidth IPComp
Description
Set the links bandwidth, namely: the maximum throughput allowed to traverse the link. IPComp encapsulation enables the best compression rate. IPComp encapsulation (tunnelled encapsulation) defines complete compression of the packets intercepted by the Accelerator. This means that the IP header, the TCP/UDP header and the payload are compressed and the packet traversing the network will have an Accelerator-proprietary IPComp header. In Router Transparency encapsulation, only the packets payload is compressed, leaving the original IP header and the original TCP/UDP header in their original forms so that their information is available across the network. Router Transparency encapsulation is appropriate in an environment where header preservation is necessary, including QoS deployments, monitoring (NetFlow), load balancing, billing, encryption, MPLS networks and certain firewall environments. RTM support for On-LAN deployments is available in AcceleratorOS 5.0(6) and higher. UDP encapsulation allows for more compatibility with firewalls that use encapsulated packets.
UDP
Note: If you leave the Source IP field empty, the default value is the machines primary IP address. 3. If you are finished, click the Add button. For particularly complex networks, the Accelerator enables advanced link configuration, as shown Advanced Link Configurations, on page 84.
C r ea ti n g an d E d it in g L i nk s
85
3. Open the different sections by clicking on the + sign next to the section title. After you have made changes, save the settings by clicking Submit and then click Back to Links to return to the My Link screen. For Advanced Configuration options using the CLI, see Additional Commands, on page 640. See the following table for specific parameter information:
Section/Parameter Title Parameters
Link Name Source IP Destination IP Bandwidth Out Bandwidth In MSS
Description
Use the Parameters section to edit parameters such as Link Name, Destination IP, Source IP, Link Metric, Bandwidth Out and MTU (Maximum Transmission Unit). Supply a logical name for the link. This name is used in the Links Table. Enter the IP address of the Accelerator that you are configuring or another source. Enter the IP address of the destination Accelerator. This is the Accelerator the source will establish a connection with. Select an Outbound Bandwidth. Choose one from the scroll down menu, or select Other and supply your own. Select an Inbound Bandwidth. Choose one from the scroll down menu, or select Other and supply your own. This sets the Maximum Segment Size in bytes of a TCP packet that the Accelerator will accept in a single, unfragmented piece, excluding the TCP and IP headers. For maximum efficiency, the MTU should never be more than the MSS + the headers. MSS can be configured on a per-link basis or globally on all links. You can either choose Auto (Link Specific) which lets the Accelerator decide, or choose Other and enter your own value. By default the setting is None. Maximum Transmission Unit. This is the largest packet size (in bytes) that will be transmitted. Accepted values are 68-6000 bytes. The actual metric for all the links subnets, with the exception of excluded Subnets. If you do not set a link metric for the link, the system automatically sets a default for the link, which is the current maximum metric +10, starting from 11. Also note that changing the local link metrics or the metrics for redistributed routes on the router, may cause clear traffic to exit the Accelerator even if you are using IPSec enabled links with a Crypto mode configured as Strict. Assigns the link to work on a specific pre-defined WAN. To choose the WAN, use the scroll down menu. To create a WAN, see Adding WANs, on page 292. Select this check box to use fragmentation on packets larger than the amount of bytes that you enter into the field. Check the box and then put the byte amount in the field, as long as it is within the accepted range (68-6000). Select this box to aggregate packets smaller than the amount of bytes you enter in the field. Check the box then put celibate amount in the field, as long as it is within the accepted range (68-2500).
MTU Metric
WAN
Fragmentation
Aggregation
86
C h ap t er 4: Configuring Networking
Description
Use the Acceleration section to define whether to accelerate the link and to use header compression Select the check box to accelerate the link, clear the check box to not accelerate the link. Check the Header Compression checkbox to compress the header, clear the checkbox to not compress it. Use the Tunneling section to define parameters such as the encapsulation type, preservation and checksum Choose the encapsulation type - IPComp, UDP, or Transparent. If choosing UDP, enter the destination and source port IP addresses in the relevant fields. Choose Auto, IPComp, or UDP. If choosing UDP, enter the destination and source port IP addresses in the relevant field. Type of Service - select either Preserve to preserve the ToS value, or Set to pick your own and put this value in the field. Preserves the TTL information as used in the original packet header before it was compressed. Check to enable, clear to disable. Preserves the port numbers used in the packet header. Note that if you selected UDP encapsulation the port information you entered (above) for UDP will not be used. Preserves the source information. Note that if you selected UDP encapsulation, the source information you entered for UDP (above) will not be used. When selected, includes checksum information within the compressed packet header. Check to enable, clear to disable. In the TCP Acceleration settings section, select whether to use the Global TCP acceleration settings or Link Specific. In addition, you need to input the Typical Acceleration Rate, as well as choosing the type of Congestion Control you want to use. To have TCP Acceleration on a specific link, choose Link Specific, otherwise choose Global. The round trip time is the amount of time for one packet to travel from an Accelerator to a destination and back. Choose Auto to allow the Accelerator to automatically adjust, or choose Other and input a time amount in milliseconds in the field. The rate is the rate at which the TCP sender injects packets into the network.
Tunneling
Encapsulation
SRC Preservation
Include checksum
TCP Acceleration
TCP Acceleration Typical Round Trip
C r ea ti n g an d E d it in g L i nk s
87
Section/Parameter Title
Congestion Control
Description
Choose from one of the following: Noneno congestion avoidance is used Standardthe congestion avoidance conforms to the standard TCP/ IP protocol (Reno) VegasTCP Vegas reduces latency and increases overall throughout, by carefully matching the sending rate to the rate at which packets are successfully being transmitted by the network. The Vegas algorithm maintains shorter queues, and is therefore suitable either for low-bandwidth-delay paths, such as DSL, where the sender is constantly over-running buffers, or for high-bandwidth-delay WAN paths, where recovering from losses is an extremely time-consuming process for the sender. The shorter queues should also enhance the performance of other flows that traverse the same bottlenecks. Hyblareduces penalization of TCP connections that incorporate a high-latency terrestrial or satellite radio link, due to their longer round trip times. It consists of a set of procedures which includes, among others: - An enhancement of the standard congestion control algorithm - The mandatory adoption of the SACK policy - The use of timestamps In the TCP Acceleration Advanced section, select the type of acceleration you want to implement (Global, link specific, or none). If you choose link specific, you will need to fill in additional fields. Restricts the size of packets sent to X amount (if entered) before sending an ACK request. You can either select Other and enter your own amount, or select Auto and the value will dynamically change depending on network and bandwidth conditions. Restricts the size of packets received to X amount (if entered) before sending an ACK request. You can either select Other and enter your own amount, or select Auto and the value will dynamically change depending on network and bandwidth conditions. Enter the number of packets that will be sent before an ACK request is sent to the destination. Choose a value between 2-8 packets. Check this checkbox to enable Keep Alive, which ensures that the connection will not close until the time out interval has passed. This value determines how long to wait before sending out the first message. Choose a value between 1-10000 seconds LAN, WAN or both This value determines how many times a keep alive message will be sent. Choose a value between 1-10000 probes. This value determines the waiting time between messages. Choose a value between 1-500000 seconds. In the Post Acceleration Aggregation section, select whether to enable the Default class, a User Defined class, or the Thin client class, which can be set on a per link basis. Each link can have aggregation acceleration enabled or disabled independently of other links. The values you set here Shows the PoA status. Select Enable to enable, Disable to disable.
Acknowledge Packet Rate Keep Alive Keep Alive Time Keep Alive Direction Keep Alive Probes Keep Alive Interval
88
C h ap t er 4: Configuring Networking
Section/Parameter Title
Threshold
Description
Sets the targeted size of the aggregated packet. PoA will not output packets that are not at least the threshold byte size. It will queue the packets until the threshold is reached or the window size has been reached. Select Auto to have the Accelerator automatically select the threshold or select Other to input your own value in the field as long as it is within the acceptable range 40-3000 bytes. Defines the maximal size a packet can be (in bytes) and still be eligible for PoA. Any packet greater than this amount is not aggregated. Select Auto to have the Accelerator automatically select the limit or select Other to input your own value in the field as long as it is within the acceptable range 40-3000 bytes This dictates how long the PoA will hold the packets in the queue (in 10 millisec units). Small packets enter PoA queues and wait there until either the aggregate packet becomes large enough (i.e. reaches the threshold size), or too much time elapses (window size * 10 ms). When either of these limits is reached, the packet is released. Select Auto to have the Accelerator automatically select the size or select Other to input your own value in the field as long as it is within the acceptable range (between 10 and 1500 msecs). In the Bandwidth Adjustment section, select the Enable Bandwidth Adjustment check box and fill in the percentage and interval rates. For details see Using Dynamic Bandwidth, on page 89 Select the checkbox to enable, clear to disable. Defines the minimum value to which the bandwidth will be reduced as a result of congestion. This value is calculated as percentage of the userdefined outgoing bandwidth size. Default: 50%. Choose from the drop-down box Other to enter a percentage of reduction, or select None. Defines the rate by which the links bandwidth will be gradually restored to its former size. Increasing the bandwidth is much less critical than decreasing it in case of congestion, and therefore the default set of the increase is 2%. Type a time interval (1-20 seconds) which will be used to base the increase rate. (i.e. X% every Y seconds). To detect a congestion state more accurately, set longer decrease and increase intervals. Type a time interval (1-20 seconds) which will be used to base the decrease rate. (i.e. X% every Y seconds). In the IPsec section, select the Enable IP Sec checkbox and select a policy name and enter a local and remote IP address. Note that IPsec cannot be set if you do not enable IPsec and make sure that IPsec is also enabled on the other end of the link. In addition you can also select which IPsec policy to apply, out of the policies you configured earlier. You will also have to include a Public IP address for the local and remote machines. For additional details, see Configuring IPsec Policies, on page 275. To enable IPSec, select the checkbox. To disable, clear the checkbox. Select the IPSec policy you want to assign to this link.
Limit
Window Size
Bandwidth Adjustment
Enable Bandwidth Adjustment Minimal Bandwidth
IPsec Encryption
C r ea ti n g an d E d it in g L i nk s
89
Section/Parameter Title
Local NAT IP Address
Description
Enter the local NAT IP address. This IP address is local to the network, and is usually used as an internal IP address or an intranet address. When packets are sent out of the network to the WAN, the Remote IP address (see below) is used. Enter the Remote NAT IP address. This IP address is the published, known IP address. When packets are sent out of the network to the WAN the local IP address (see above) is replaced with the Remote NAT IP address.
Editing Links
You can use the Edit Links screen to fine-tune and modify existing links. This screen lets you set basic link parameters, acceleration, tunneling and TCP Acceleration parameters for the link.
90
C h ap t er 4: Configuring Networking
Note: Bandwidth adjustment is possible only on an accelerating link The bandwidth adjustment mechanism samples internal messages (of the links internal protocol). Based on these messages, the bandwidth adjustment algorithm detects a state of congestion and decreases the user-defined outgoing bandwidth. Once the mechanism detects that the state of congestion no longer exists, the bandwidth is gradually restored to its user-defined size. The bandwidth adjustment parameters are as follows: Minimal BandwidthDefines the minimum value to which the bandwidth will be reduced as a result of congestion. This value is calculated as percentage of the user-defined outgoing bandwidth size. Default: 50% Increase RateDefines the rate by which the links bandwidth will be gradually restored to its former size. Increasing the bandwidth is much less critical than decreasing it in case of congestion, and therefore the default set of the increase is 2% Decrease RateTo detect a congestion state more accurately, set longer decrease and increase intervals After setting all required parameters, click Submit.
C r ea ti n g an d E d it in g L i nk s
91
2. Set the parameters as follows, and click Add to set the parameters:
Parameter Item
IP Address Subnet Mask Exclude
Description
Set the IP address of the Subnet you want to connect to the Accelerator. Set the Subnet Mask of the subnet. If a subnet has already been added, and specific IP address(es) are to be excluded, enter the IP address and mask and select the Exclude checkbox.
CAUTION! The Accelerators remote subnet is automatically detected and added. ! If more than one remote subnet exists, you have to add all additional remote subnets. Ensure that the local subnets appear in the Remote Subnets Table. Otherwise, in a non-link environment, the Accelerator QoS and Monitoring features will not function properly.
92
C h ap t er 4: Configuring Networking
Us in g a Vi rtua l IP Ad d res s
93
As mentioned earlier (see On-LAN, on page 9), in the case of machine failure, a link that uses a Virtual IP can be redirected to another machine. An example of such a case is provided in the figure below.
The source IP (virtual IP) in the sending machine is the destination IP in the receiving machine. If an AcceleratorOS link is established, and the Source IP of this link is defined to be the HSRP Groups Virtual IP, the link switches to the next Accelerator in the rare case of primary Accelerator failure, and all of this links services are kept. When the primary Accelerator is available again, the link switches back to it.
94
C h ap t er 4: Configuring Networking
In Figure 6 above, S1 is Accelerator 2s direct subnet, while S2 and S3 are also subnets of Accelerator 2. Accelerator 1 must forward traffic destined for devices that are part of S2 and S3 to Accelerator 2 via Link1. In order for Accelerator 1 to do this, it must detect S1, S2 and S3 as subnets of Accelerator 2. Accelerator 2 automatically detects S1 and adds it as its local subnet. You can manually add S2 and S3 to Accelerator 2s Subnets list, or use routing protocols to add them dynamically. If the network supports OSPF or RIP the Accelerator can function as an OSPF or RIP device to receive routing information. If other dynamic protocols are in use, the Accelerator can poll routers to learn their routing tables. Then, Accelerator 2 must advertise its subnet list to Accelerator 1, enabling Accelerator 1 to properly route packets destined to S1, S2 and S3 to Accelerator 2 via Link 1. i Note: The Accelerator supports up to 2500 local subnets and up to 2500 remote subnets per link.
S e tt i ng S ub n et R o u ti ng
95
Description
Set the IP address of the Subnet that is connected to the Accelerator. Set the Subnet Mask of the subnet. The metric setting defines the priority of the route or the subnet. Set a lower number for more desirable routes. For example, on a T3 link with 1 hop, set a low metric value, whereas on a long-haul 128 Kbps link with 8 hops you should set a high number. Advertised subnets are the Accelerators subnets that the Accelerator broadcasts to other Accelerators when link negotiations occur. Select whether to advertise this subnet. By default, subnets that are manually added are advertised. When adding a subnet, the Add route rule checkbox lets you create a static route rule to define how to reach the subnet. This will add an entry in the My Routes table, which displays access to the subnet via the next hop. Note: Once the static route is created, no connection exists between the routerule added and the subnet. Any change made in the one will not affect the other. Add a next hop via which the subnet will be accessed. The Edit button lets you modify already added subnets by selecting them in the table and clicking this button. This may be done for manually added subnets as well as dynamically learned subnets. To delete subnets, select them in the table and click this button. When subnets that are set to be advertised are deleted, they are removed from all connected Accelerators.
Advertise
Delete
96
C h ap t er 4: Configuring Networking
CAUTION! The Accelerators local subnet is automatically detected and added. If more than one local subnet exists, you have to add all additional local subnets. Ensure that the local subnets appear in the Local Subnets Table. Otherwise, in a non-link environment, the Accelerator QoS and Monitoring features will not function properly.
Editing a Subnet
Once a subnet has been added to the Accelerator, you can use the following steps to edit it.
To edit a subnet:
1. In the My Subnets screen, highlight one subnet in the Local Subnet table, and click the Edit button. 2. Edit the IP address, Subnet mask, Metric and Advertise status as necessary and click the Submit button. When subnets that are set to be advertised are edited, the change is broadcasted to all connected Accelerators:
Ad d in g Sta ti c Ro u te s
97
Use the following procedure to add static routes to the Accelerator. You can add multiple static routes. The maximum is 1500. To add a dynamic route, see Setting Dynamic Routing, on page 98. To add a static route: 1. Click on the following menu sequence: Setup > My Accelerator > My Routes. 2. In the Dynamic Routing section, enter the subnet IP and Mask, and the next hop to be used for accessing the subnet. 3. Click the Add Routes button. The static route now appears in the Route Rules table. To add another route, repeat from step 2. 4. To add additional Next hops, enter the IP address in the Next Hop table and click Add. You can add up to 5 Next hops entries. To delete a hop, select the hop in the table and click Remove. 5. To remove a route from the table, select the route in the table and click Delete.
98
C h ap t er 4: Configuring Networking
S e tt in g D yn am i c R o u ti ng
99
Configuring OSPF
Configuring OSPF is accomplished via the Setup - My Accelerator - My Routes Menu.
To configure OSPF:
1. Click on the OSPF button. 2. Set the parameters as follows:
Parameter Item
OSPF Model
Description
Enable or Disabled OSPF Mode. Enabling OSPF Mode lets you configure OSPF parameters. Disabling OSPF Mode saves any previously configured OSPF settings, but disables OSPF capabilities. OSPF divides its networks into areas. Therefore, you must set the Accelerator with its OSPF area identification number, which lets the Accelerator identify itself to local routers. To set the Area of the Accelerator within the OSPF group, use its number or its IP Address format number. The default is 0.0.0.0. Determines a range of subnets to be advertised. If a subnet is between the high value and the low value, it should be advertised.
Area ID
100
C h ap t er 4: Configuring Networking
Parameter Item
Authentication
Description
Authentication on the Accelerator must match the OSPF authentication set across the network. Set the Authentication to None, Key, or MD5: None: When no authentication is necessary to communicate with other OSPF devices. Key: When a non-encrypted authentication password is needed to communicate with other devices in the OSPF network, insert the key used. This key is a common string (non-encrypted) that must be set according to what is set across all devices on the network using OSPF. MD5: When an MD5 authentication password is needed to communicate with other OSPF devices, insert the encrypted key used. This must be the password that is set across all devices on the network using OSPF. Set the ID number according to this authentication passwords ID number across the OSPF network. The Accelerator automatically detects neighboring OSPF routers. If a router was not auto-detected, you can manually add up to 20 routers to the Neighbors Table. This is particularly important when connecting to nonbroadcast networks, such as an Accelerator on a subnet that does not use OSPF. This enables the Accelerator to receive OSPF routing information from a neighboring router on a subnet that uses OSPF
Neighbor IP
S e tt in g D yn am i c R o u ti ng
101
Description
Enable or Disable Router Polling. Enables the Accelerator to retrieve route rules from the routers routing table. Sets the frequency with which the router is polled (in seconds). Default is 180 seconds. Selects whether to use the local default gateway or to set an IP address manually. Selects whether not to use a secondary router IP address (default) or to set an IP address manually. Sets the SNMP version to be used for polling the router. Sets the SNMP community to be used for polling the router. Lists the polling protocols used for retrieving the route rules from the routers routing table. Check the checkbox of the route rule you want to apply, or click the checkbox next to status, to select all. The following protocols are supported: BBNSPFIGP BGP CISCO-IGRP EGP ES IS GGP HELLO ICMP IS IS Local OSPF Other RIP Static
Polling Interval Primary Router IP Address Secondary Router IP Address SNMP Version SNMP Community Name Polling Protocols Table
3. After making any change, click Submit. 4. To reset the parameters back to the default value, click Set Default Values and then click Yes, when asked to confirm.
102
C h ap t er 4: Configuring Networking
Configuring RIP
Configuring RIP is accomplished via the My Routes menu.
To configure RIP:
1. Click the following menu sequence Setup > My Accelerators > My Routes. 2. Click on the RIP button. 3. Set the parameters as follows:
Parameter Item
RIP Mode
Description
Set RIP Mode to Enable or Disabled. Enabled Mode allows configuration of RIP parameters. Disabled RIP Mode saves any previously configured RIP settings, but disables RIP capabilities. Set Passive mode to Enable or Disable. Passive mode enables RIP in a listening mode without sending updates. Select the RIP version in use on the network: either RIP version 1 or RIP version 2. Note that in cases where RIP route injection is used, the RIP version should be set to version 2.
En ab li ng P ac ket I n te rce p ti on
103
Description
Authentication on the Accelerator must match the RIP authentication set across the network. When working with RIP version 1, Authentication is automatically disabled. When working with RIP version 2, set the Authentication to None, Key, or MD5: Disable: When no authentication is necessary to communicate with other RIP devices. Enable: When a non-encrypted authentication password is needed to communicate with other devices in the RIP network, insert the key used. This authentication key is a common string (non-encrypted) that must be set according to what is set across all devices on the network using RIP. MD5: When an MD5 authentication password is needed to communicate with other RIP devices, insert the encrypted key used. This must be the password that is set across all devices on the network that use RIP. Set the ID number according to this authentication passwords ID number across the RIP network. The Accelerator automatically detects neighboring RIP routers. If a router was not auto-detected, you can manually add up to 20 routers to the Neighbors Table. This is particularly important if the Accelerator is on a subnet that does not use RIP. The Accelerator can receive its RIP routing information from a neighboring router on a subnet that uses RIP.
Neighbor IP
104
C h ap t er 4: Configuring Networking
En ab li ng P ac ket I n te rce p ti on
105
2. In the WCCP drop-down menu select Enable to enable WCCP. i Note: Enabling WCCP is relevant only with On-LAN deployment. If your currently selected deployment is On-Path, please change it by going to Setup > My Accelerator > Basic > Advanced Settings. Use the Routers Table to add or delete routers to the list of routers to be used for packet interception. When adding a router, you have to indicate its router ID (the IP address used for connecting him to out network, usually the highest value number), as well as the router status (Connected/Disconnected - indicating a connection to the network). If you enable the WCCP Service, and do not set a router IP address, an error will result.
106
C h ap t er 4: Configuring Networking
3. Use the Services Table to manage the list of services to be used for packet interception. It displays by default all of the pre-defined services, which are as follows: Weball TCP traffic that is sent on port 80 (http traffic) ICMPInternet Conreol Management Protocol, services such as ping, and trace-route use this protocol UDPall UDP traffic TCP-Promiscuousall TCP traffic (not port dependent) both inbound (towards the LAN) and outbound (towards the WAN) CIFS - WAFSCommon Internet File System all TCP traffic that is sent on port 445. Additional services can be added or deleted from the Services Table. The same services must be configured on the router that is connected to the Accelerator. 4. To add a service, see Adding a Dynamic Service, on page 107. To delete a service select the table row and click Delete. To enable or disable a service, click the ID of the service and Parameters for the specified service opens. Change the Service Mode to Enable or Disable. To change other parameters see Editing a Dynamic Service, on page 108. i Note: When you enable the WCCP feature, all pre-defined services are enabled by default, except for Web and CIFS. In addition, if you have multiple Accelerators deployed on your network, the same WCCP services should be enabled on each appliance.
En ab li ng P ac ket I n te rce p ti on
107
The Parameters box lets you configure the following parameters: Service ID - any number between 0 and 254 (configurable only on dynamic services; this number is not editable on pre-defined services). Protocol ID - any number between 1 and 255 (again, configurable only on dynamic services). Priority - any number between 0 and 255 (default: 100). Weight - used for load balancing. If you have one or more Accelerators that share the router to which your Accelerator is connected, you can use this field to instruct the router what percentage of the traffic that uses this service is to be directed to the current Accelerator (default: 100). Port Direction - lets you set the port direction used for carrying out load balancing through Hash. This load balancing is configured in the router, according to either subnets (IPs) or ports. This box lets you only enable the Hash-assisted load balancing, through the Destination/Source IP, Port or both. Password - lets you enter a password for using the service. The next time your Accelerator synchronizes with the router, the router
108
C h ap t er 4: Configuring Networking
reads this password and prevents unauthorized access to this services traffic. 2. Use the Ports Table to add a port (optional). 3. Click Submit. Once the new dynamic service is added, you can add it like any other WCCP service. See Editing a Dynamic Service, on page 108.
S et ti ng th e Da t e a n d Tim e o n t he A cc ele ra to r
109
You can alter the time setting manually, or set it to receive time synchronization from a Simple Network Time Protocol server (SNTP).
1. Click on the Setup tab, and then the My Accelerators tab, followed by the Date and Time menu. 2. Select a time zone that matches the location of the Accelerator using the Time zone drop-down box. If you need help locating the time zone in which your Accelerator resides, go to http://www.worldtimezone.com/ and there is a map that can help you. 3. Select how you want to enter the time and date. Select from one of the following radio buttons: Date and Timeto enter the setting manually. or For manual time settings, fill in the local time and date fields. If you decide to enter the time and date settings manually and there are either date or time changes (as in Daylight savings time) you will have to return to this menu and update accordingly, Use SNTPto have the server update the Accelerator automatically. Enter the server IP address and the frequency with which the server is to be polled for time updates. 4. Click the Submit button.
110
C h ap t er 4: Configuring Networking
111
Registered users of ExpandView enjoy the benefit of having ExpandView automatically discover a new registered Accelerator as soon as a link to that Accelerator is established. However, if the default settings of ExpandView are changed (for example, port), or if the auto-discovery fails, you have to update the ExpandView agents parameters accordingly.
112
C h ap t er 4: Configuring Networking
114
Introduction to WAFS
WAFS stands for Wide Area File Service, namely: remote users who access files over a WAN, such as branch office or mobile users accessing centralized storage. Such users often experience poor performance when trying to access files that are stored in a central location. Expand Networks WAFS solution allows users fast and efficient access to centralized storage by using intelligent, dynamic caching.
Note: This feature is only supported on Accelerators with a hard drive. If your Accelerator does not have a hard drive and you want to have WAFS functionality, contact your supplier.
I nt r o d u ct io n t o WAF S
115
The corporate Data Center is equipped with an Expand FileBank Director, and each remote site (requiring access to the center) is equipped with an Expand FileBank. Once these hardware devices are installed, branch office users can immediately work with files located in the Data Center, with the same speed level and efficiency as if they were working on their local file server. Expand uses a patent-pending file system technology that allows direct access to files located in distributed file storage architectures throughout the enterprise. Network architecture can be deployed as a private network of leased lines, or a virtual private network (VPN) that utilizes the public Internet in a secure way. Expand provides the following features and benefits: Centralization of storage and backup resources Synchronous, reliable file operations LAN-like performance WAN Consumption optimization Ease of installation and management Seamless integration Native security support Many-to-many architecture Integrated Branch IT Services High resilience Expand's pass-through authentication technology seamlessly ensures enforcement of enterprise policies such as user authentication, access rights verification and quota management support. Expand devices use regular LAN and power connections. Configuration is simple, and no infrastructure changes are required. No client software is installed on the Data Center file servers or on any of the remote office workstations.
116
Supported Servers
File Servers
Microsoft Windows NT Server 4.0 SP3 and above Microsoft Windows 2000 Server Microsoft Windows 2003 Server Microsoft Windows 2008 Server Network Device Filer series (ONTAP 6.x & 7)
Authentication Servers
Windows NT Server 4.0 Primary Domain Controller (PDC) Windows NT Server 4.0 Backup Domain Controller (BDC) Windows 2000 Server Active Directory Domain Controller Windows 2003 Server Active Directory Domain Controller
Supported Clients
Microsoft Windows NT Workstation 4.0 Microsoft Windows 2000 Microsoft Windows XP Professional
I nt r o d u ct io n t o WAF S
117
to be equal to the size of the total data set. Various approaches exist for estimating optimum FileBank disk capacity, the most common of which are as follows: Complete data set size (migrated from the legacy file server) Working set size (for example: 30% of complete data set) Per number of branch users (for example: 0.5GB x number of branch users) The FileBank Director is connected On-LAN to the file servers, and therefore its cache state is less critical than that of the remote branch FileBank, which is connected over the narrow-bandwidth, high-latency WAN. FileBank Director disk capacity planning should take into account the percentage of data that is shared between branches (that is, the level of inter-branch collaboration), and a size estimation of the working set. As a rule of thumb 10-20% of the accumulated branch FileBank cache is sufficient. Both FileBank and FileBank Director employ LRU (Least Recently Used) cache management, so a dynamic, working-set cache is always maintained.
Domains
The FileBank acts as a server in the Windows Domain hierarchy. Windows Clients at the remote office will see the FileBank as part of this domain when connecting to the network, and after appropriate mapping. When configuring the FileBank for the first time, you are asked which domain to join, so obtain the domain name in advance. In order to perform the join operation, a user with sufficient access rights is required, namely: a user that is part of the domain administrators group.
Authentication
Identify the name of the authentication server. The authentication server must be a Windows NT/2000/2003 server that can authenticate users accessing the domain (Windows NT v4.0 Primary/Backup Domain Controller or Windows 2000/2003 Active Directory Server).
Note: You are advised to utilize the domain controller of the local remote branch office, when applicable.
118
E n ab li ng WA F S C o nf ig u r a ti on
119
There are three steps that need to be done in order to enable WAFS configuration: Configuring the File Server/Domain Controller, on page 119 Defining Network Settings, on page 121 Enabling WAFS Operation Mode, on page 124
120
2. Click the Sharing tab and define share properties. 3. Repeat this procedure for all directories you want to share.
E n ab li ng WA F S C o nf ig u r a ti on
121
2. Add the users who are allowed to access the shared directory and define permissions for each user. 3. Click OK and proceed to the next step, Defining Network Settings, on page 121.
Note: AcceleratorOS v6.xx should be displayed, where xx is the maintenance release number (for example 6.00) in addition to a status display (Ready, Bypass, or various error messages.).
122
3. If you do not intend to define a link on this device (namely, to use the device as an Accelerator), press Cancel and continue with the FBD configuration. 4. In the dialog box that appears, click OK to confirm the closure operation. 5. In the Basic tab of the My Accelerator screen, fill-in the device name as shown below and click Submit.
6. Move to the Time tab to enter your local time settings. You are advised to set the Accelerators time and date manually (default).
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
E n ab li ng WA F S C o nf ig u r a ti on
123
7. Select Setup > Networking, and then go to the DNS tab. This tab lets you configure the domain name server.
8. Fill-in the domain name in the Domain Name field. 9. In the Domain Name Table pane, click Add to add the domain name.
124
In the dialog box that opens now, enter the domain name(s) for the servers in the order of preferential usage and click Submit. 10. Select the IP Domain Lookup type as Enable. 11. Type the domain name server IP address in the field and click Apply.
3. Click Submit. 4. Use the dialog box that appears now to confirm the creation of the WAFS service. 5. The next dialog box prompts you to execute write configuration and perform reboot to enable creation of WAFS service. 6. Click OK and then click the Write command at the top of the screen (encircled below):
E n ab li ng WA F S C o nf ig u r a ti on
125
7. Click Close. 8. Select Tools > General Tools and click the Reboot button to apply your new settings. 9. In the dialog box that appears now, click OK to confirm the reboot operation.
126
C on f ig u r in g t h e D ata C en t er an d B r an ch O f f ic e
127
There are two components to the Data Center: the File Bank Director, and the File Bank. When put on the network, they work together to create a virtual file server system, in order to accelerate company file sharing as shown in the diagram below. The WAFS screen lets you view the current WAFS operation mode: either FB (FileBank) or FBD (FileBank Director). In addition, this screen lets you select whether to enable WAFS transparency. If you enable this feature, the FB will poll the FBD for all file servers it recognizes, as well as each server that is added or removed. All IP addresses of these file servers are resolved, and all traffic destined to the servers is redirected to the Accelerator. In order for the data center to function, the following steps need to be done: Setting Up the File Bank Director, on page 127 Setting Up the File Bank, on page 130
Note: WAFS Management is a pop-up window, and therefore you need to allow blocked content (pop-up) to be able to display it.
128
5. Click Setup Wizard in the Left Window Pane to invoke the Setup Wizard. The wizard has the following screens: File Server Settings, on page 128 - the one that is open now Summary, on page 129 Confirmation and Application, on page 130 6. Proceed to the next section, File Server Settings, on page 128.
C on f ig u r in g t h e D ata C en t er an d B r an ch O f f ic e
129
Summary
In this section you see the settings that you made from the previous section, File Server Settings, on page 128, as shown here in the diagram.
At this stage the wizard displays a summary of all parameters entered during setup, prior to applying them to the FileBank Director.
130
2. Make sure you have a valid WAFS FB license as explained in Viewing the License Status, on page 33. 3. Once the license is installed go to the machine that will be the File Bank and follow the directions as described in Setting Up the File Bank, on page 130.
C on f ig u r in g t h e D ata C en t er an d B r an ch O f f ic e
131
The Setup Wizard lets you set up a FileBank in several simple steps. (In the last step, you have the option of modifying parameters before accepting them.) Once Setup is complete, make sure you have a valid FB license. To check if the license is valid, see Viewing the License Status, on page 33.
Overview
To configure the branch office:
1. Connecting the FileBank device to the branch office LAN. 2. Setting up the FileBank device. For details, see Setting Up the File Bank, on page 130. 3. Configure the client computers.
Note: WAFS Management is a pop-up window, and therefore you need to allow blocked content (pop-up) to be able to display it.
132
1. Click Setup Wizard in the Left Window Pane to invoke the Setup Wizard. The wizard has four main screens: File Server Settings, on page 128 File Bank Director Settings, on page 133 Summary, on page 129 Confirmation and Application, on page 130 2. Proceed to the next section, File Server Settings, on page 128.
Domain Settings
In this section you will set the Domain Settings.
C on f ig u r in g t h e D ata C en t er an d B r an ch O f f ic e
133
Virtual Server SuffixIf you are not using WAFS transparency, you should add a suffix to the servers name so that all requests to the file bank (FB) are directed to the VFS and not to the actual server. You may also add a prefix. Note that this suffix is added to all servers. 2. Once you have filled in these fields, click Next >> and proceed to the next section, File Bank Director Settings, on page 133.
134
Summary
Figure 19:Summary
At this stage the wizard displays a summary of all parameters entered during setup, prior to applying them to the FileBank Director.
Figure 20:Confirmation
C on f ig u r in g t h e D ata C en t er an d B r an ch O f f ic e
135
3. Go to the next section, WAFS Management and Operation Modes, on page 136.
136
WA FS M a n ag em en t a n d O pe r at i on M o de s
137
File Services
This section describes the following functions offered by FileBank Director:
138
FileBank Director Settingslets you define the Listen Port Assignments settings and set the FileBank Director ID. The TCP (data transfer) and UDP (keep alive) ports are set to 4049 by default, but can be changed if necessary. System Usersused for managing internal users that are used by specific Expand services (for example: Replication Service). File Serversto add file severs to be exported through the Expand WAFS solution and the FileBank Director, enter the file server name, and optionally an alias, in this screen. Filtersallow Expand to avoid unnecessary compression attempts on files that are already compressed, thereby improving overall system performance. Replication Servicesthe method by which the system can be set to optimize the handling of very large files over the bandwidth-limited WAN link.
FileBank Categories
The following sections describe the WAFS management screen work categories, as viewed when the WAFS operation mode is FB (FileBank): FileBank System, on page 138 File Services, on page 137 Additional Services, on page 140 FileBank Utilities, on page 140
FileBank System
The System category includes the following subsections:
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
WA FS M a n ag em en t a n d O pe r at i on M o de s
139
Setup Wizardlets you set up FileBank in several simple steps. Once Setup is complete, the FileBank can function. You should run the Setup Wizard prior to activating FileBank. All parameters set via the Setup Wizard can be modified within the GUI. Boot serviceslets you control FileBank service and device status. Controlling the service status lets you start, stop, or restart FileBank service. Controlling the device status lets you reboot or shut down the FileBank device.
FileBank Services
This section describes FileBank File Services functions, which are as follows: FileBank Directorsdisplays the current FileBank Director(s) for the FileBank, and lets you add or delete FileBank Directors as necessary. Virtual Serverslets you configure FileBank to automatically add a prefix and/or suffix to the original file server name defined at the FileBank Director site, to represent the local virtual server. This helps distinguishing the local virtual server name from the Central File Server name. Windows Domainlets you join the FileBank to the domain, use domain administrator credentials (Username and Password), set the domain name, and add or delete authentication servers. Cache Settingsgives you cache statistics, and lets you control basic cache functionality: cache validation frequency, and manual cache invalidation. Fetch Settingslets you define which data will be fetched from the Data Center for pre-population of the Cache. Once fetched, this data resides in the Cache and can be accessed immediately. Thus prepopulation optimizes first-time access to this data. System Userslets you add and delete FileBank system users. Filtersprovides smart filters to enhance performance and bandwidth optimization over the WAN. Replication Servicesthe method by which the system can be set to optimize the handling of very large files over the bandwidth-limited WAN link. Kerberos Configurationallows nodes communicating in a nonsecure network the ability to identify each other in a secure manner.
140
Additional Services
This section describes the FileBank Additional Services, which are: Print Servicesyou can configure FileBank to serve as the local branch print server. This screen lets you add network printers, view a list of already existing printers, and delete printers, as required.
FileBank Utilities
This section describes the FileBank utilities, which are as follows: System Diagnosticslets you run a diagnostic test on the FileBank device to ensure that the device is working properly. The results of the test will be displayed in the Results area of this screen. Logslets you generate FileBank activity logs for monitoring, optimization, and troubleshooting purposes. System Statisticsdisplays a list of connected users, with their Session ID, Username, Group and Machine. To update the list, use the Refresh button.
M a n ag in g t h e D ata C en t er
141
142
2. Perform one of the following actions: Start the File Bank Director ServiceClick Start Stop the File Bank Director ServiceClick Stop (See warning!) Restart the File Bank Director ServiceClick Restart (See warning!) Reboot the File Bank Director DeviceClick Reboot (See warning!) Shutdown the File Bank Director DeviceClick Shutdown (See warning!)
CAUTION! Stopping or Restarting the device while users are connected will interfere with their work in progress.
CAUTION! If you click Reboot or Shutdown, there is no confirmation dialog so ! the operation is carried out immediately. Make sure you want to do this before clicking! Note too that if you reboot or shutdown while users are connected their work progress will be affected.
M a n ag in g t h e D ata C en t er
143
cache optimization state (namely, the cache associated with the initial ID will become obsolete). Also, if the ID is changed and matches the ID of another machine, errors will result.
144
To add a user:
1. From the WAFS left menu pane, under File Services select System Users. 2. Fill in the new user's Domain Name, Username and Password. Verify the password by typing in the same password you entered in the Password field. 3. Click Add and the Users information is added to the list at the bottom.
M a n ag in g t h e D ata C en t er
145
146
To add a user:
1. Make sure that you entered the WAFS menu using FileBank Director Operation Mode. 2. Fill in File Server Name, and optionally an Alias 3. Click Add.
To delete servers:
1. Make sure that you entered the WAFS menu using FileBank Director operation mode. 2. From the Exported File Servers section, select one or more checkboxes. 3. Click Delete.
M a n ag in g t h e D ata C en t er
147
148
To add a filter:
1. From the WAFS left menu pane, under File Services select Filters. 2. Type in the file extension in the form *.xxx (where xxx is a three or four-letter fileextension). 3. Click Add.
To delete filters:
1. From the WAFS left menu pane, under File Services select Filters. 2. Select one or more filter checkboxes. 3. Scroll down to the bottom of the Compression Filters list. 4. Click Delete
.
CAUTION! Do not delete filters that were included in the list provided by Expand. Files of these types are known to be compressed and do not require further compression. You should only delete a filter if was added by mistake.
M a n ag in g t h e D ata C en t er
149
FileBank Directors
To access the FileBank Directors screen, click File Services > FileBank Directors in the Navigation Pane (see figure below). This screen displays the current FileBank Director(s) for the FileBank, and lets you add or delete FileBank Directors as necessary.
150
Note: You may leave the TCP and UDP fields blank, in which case the default value - port 4049 - is applied to both.
Virtual Servers
You can configure FileBank to automatically add a prefix and/or suffix to the original file server name defined at the FileBank Director site, used for representing the local virtual server (File Services > Virtual Servers). This helps distinguishing the local virtual server name from the Central File Server name. CAUTION! Virtual Server Name = File Server Alias + any prefix/suffix added here. If neither a prefix nor a suffix is defined, DNS Masquerading or WAFS ! Transparency must be activated, to avoid name resolution conflicts. For details regarding DNS Masquerading, see DNS Masquerading, on page 184. For details regarding WAFS Transparency, see section WAFS Transparency Commands, on page 698. CAUTION! If you plan to use WAFS transparency, do not use an Alias name. Also ! if you need to use an Alias name, you must block WAFS transparency. The lower half of the screen lists Exported Virtual Servers and their connection status (Connected/Disconnected).
M a n ag in g t h e D ata C en t er
151
Windows Domain
The Windows Domain screen (File Services > Windows Domain) is used for carrying out the following tasks: Joining the FileBank to the domain. Using domain administrator credentials (Username and Password) Setting the domain name Adding or deleting authentication servers.
152
Cache Settings
The Cache Management screen (File Services > Cache Settings) provides you with cache statistics, and lets you control basic cache functionality: cache validation frequency, and manual cache invalidation.
M a n ag in g t h e D ata C en t er
153
Invalidate Cache
The Invalidate button resets the TTL for the cached information, thereby forcing the FB to validate the updated information with the EFS. ii Note: Access to Data Center versions of cached files is verified prior to the invalidation. Cache files are not invalidated if Data Center versions are not available.
System Users
The System Users screen (File Services > System Users) lets you add and delete FileBank system users.
154
STF Filters
Short Term Files (STFs) are files that are saved locally on the FileBank and not sent to the central server. Use the STF Filter for files that exist for a short term and for any other files you do not want to be backed up on the central file server (for example: photos and media files). The STF Filter list displays all file extensions that the system is currently configured not to back up. You can add to or delete from this list as necessary. ii Note: All Files that match the STF filter extensions selected are not backed up.
S e t ti ng Ad va n ced Fi leB an k F ea tu r e s
155
S e t t i n g A d va n c e d F i l e B a n k Fe a t u r e s
This section covers advanced features that you can configure to the FileBank for added functionality. Topics covered include: Configuring the Fetch Mechanism, on page 155 Replication Service, on page 159 Replication Service Activation, on page 161 Configuring Replication Services, on page 162 Configuring Additional Services, on page 168
156
Fetch User
The fetch user is the internal user that performs the data pre-population on the cache. The fetch user must have sufficient security permissions to traverse the file system and read permissions for the files being transferred. You can configure the fetch user on the FileBank using the user CLI command, or the System Users option in the management web interface.
Fetch Jobs
The term Fetch jobs describes the entities that will be pre-populated onto the FileBank cache. A fetch job is defined by the path and the fetch user that will be used for fetching that path. The path is expressed in UNC format (starting with virtual server name), and the user command argument is entered in {domain\user} format. A fetch job can aggregate multiple paths under one entity (see the fetch jobs paths option). Activating a multiple path job effectively creates a fetch instance for each specific path.
S e t ti ng Ad va n ced Fi leB an k F ea tu r e s
157
Fetch Settings
The Fetch Settings screen (File Services > Fetch Settings) controls the prepopulation of the Cache with specific data from the Data Center. Once fetched, this data resides in the Cache and can be accessed immediately. Thus pre-population optimizes first-time access to this data. The Fetch Settings screen lets you define which data will be fetched for pre-population. This screen lists Fetch Jobs and their current status.
Fetch Jobs describe the entity that should be fetched (namely, a specific directory on a file server). For details, see section Creating Fetch Jobs, on page 158. Fetch Instances represent Job runs. For details, see section Creating Fetch Jobs, on page 158.
Fetch Activation
Once configuration is complete, you can activate the Fetch mechanism by running fetch jobs, and subsequently manage it by running fetch instances. Fetch Jobs are created with a single path. You can add paths as necessary, as described below.
158
4. Add one or more paths to this Fetch Job, as required, by typing the requested UNC path and priority, and then clicking Add. The paths are added to the Fetching Paths list, and are now part of this Job. 5. When you have added all necessary paths, click the Back to Fetch Settings link at the bottom of the screen. This link takes you back to the general Fetch Settings screen, for all Fetch Jobs.
S e t ti ng Ad va n ced Fi leB an k F ea tu r e s
159
Replication Service
One of the main challenges resulting from the consolidation of file services in a data center, is how to grant users efficient access to very large files over the WAN, despite limited bandwidth and high latency. The Expand replication service addresses this challenge, by reducing bandwidth consumption at peak hours. With this feature, administrator-defined file types (such as. *.PST, *.GHO) are served locally at the branch by the FileBank virtual server, while a recurring replication process handles daily synchronization with the data center file server (at times of low WAN bandwidth consumption).
160
When you create a new file (of a type that is replicated), this file is synchronously created on the central file server with its security metadata (namely ACLs), but without the actual file data. The file data is then updated asynchronously by the recurring replication process. The same principle applies to changes made to existing files. ! ! CAUTION! Replication is an asynchronous process, and as such, should be activated only for files used exclusively by the branch. Sharing replication files between branches can result in data loss. Replication service configuration includes the following parameters: Replication Replication Replication Replication User, on page 160 File Types, on page 160 Schedule, on page 160 Paths, on page 161(optional)
Replication User
The Replication User is an internal user that performs file replication for the system. The replication user must have sufficient security permissions for traversing the file system and writing permissions to replicate to the file server. The replication user is set both on the FileBank and on the FileBank Director.
Replication Schedule
Replication is programmed to run once a day to synchronize changes between the FileBank and the Data Center file server. You are advised to run replication at offpeak hours, when WAN bandwidth is least utilized. You define the time of day
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
S e t ti ng Ad va n ced Fi leB an k F ea tu r e s
161
(UTC value) that replication starts, and you can also force a stop time (namely: stop the process even if replication is not complete). You can also run a non-scheduled replication at any time by using the Replication Start and Stop options, either over the web or through the CLI. ii Note: AcceleratorOS supports only DNS masquerading and not WINS masquerading. Therefore, all clients who have NT 4.0 or earlier systems, which use WINS servers, need to have DNS servers as well to let us support them. Note: Replication Start and End times are defined as UTC values.
ii
Replication Paths
By default, the Replication Service searches the entire file system for files that correlate to the Replication File Types list. Alternatively, you may define specific paths to be searched (instead of the entire file system). The replication path can point either to a share or to a directory within a share. Defining replication paths results in a faster replication process. When using this option, files outside the specified paths are not replicated. ii Note: When no replication paths are defined, the replication feature searches the entire file system for files to be replicated. However, once one or more replication paths are defined, the feature searches only on the defined paths.
162
S e t ti ng Ad va n ced Fi leB an k F ea tu r e s
163
ii
Note: Before you can start the Replication Service for the first time, you must define a valid Replication User. For more details, see section Replication User, on page 163.
Replication User
The Replication User is an internal user that performs file replication for the system. The Replication User Screen (Replication Services > Replication User) displays the currently defined user, and lets you clear (in other words, delete) the current user, and/or set a different user.
164
ii
Note: The Replication Service cannot function unless a valid Replication User is set. This user must have sufficient security permissions for traversing the file system and writing permissions to replicate to the file server.
ii
S e t ti ng Ad va n ced Fi leB an k F ea tu r e s
165
ii
Kerberos Configuration
Kerberos is a computer network configuration protocol which allows nodes communicating over a non-secure network to prove their identity in a secure manner. When used in a client-server model, Kerberos provides mutual authentication, whereby both the user and the server verify each other's identity. Kerberos Protocol messages are protected against eavesdropping and replay attacks. The following configurations are possible: Enabling or Disabling Kerberos - available on the FB and FBD Enabling Kerberos on a Specific Server - FBD only Auto Configuration - FBD only ii Note: It is important to make sure that the time of the Accelerator is synchronized with all other points on the network. If the time is not synchronous, it may result in Kerberos failure. To check the Accelerators time, see Setting the Date and Time on the Accelerator, on page 109.
166
S e t ti ng Ad va n ced Fi leB an k F ea tu r e s
167
168
Print Services
You can configure FileBank to serve as the local branch print server. The Print Services screen (Additional Services > Print Services) lets you add network printers, view a list of already existing printers, and delete printers, as required. For additional information about print functions, see section Setting Advanced FileBank Features, on page 155.
169
To add a printer:
1. Type in the printer name (preferably a descriptive name such as Konica 7022, frontdesk or floor5). 2. Type the printer URI (an identifying string such as socket://192.168.1.21:9100/.) 3. Enter a brief description to help other users identify the printer. 4. Click Add. The printer is added to the list of printers available to branch users (this list displays Name, Description, and URI).
To delete a printer:
1. Select the checkbox near the name of the printer you want to delete. 2. Click Delete.
170
PointNPrint Configuration
Once you have defined printers, printing mode and printing administrators on FileBank, you can upload printer drivers to the print server. This Enables clients to use the Point'n'Print feature, which automatically installs the associated printer driver the first time they access a particular printer. Uploaded drivers are stored on the central file server and cached on the local FileBank (a valid network connection between the FileBank and the FileBank Director is required).
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
P ri nt i ng S erv ice s fo r th e F il eB an k
171
The initial listing of printers in the FileBank Printers and Faxes folder, accessed from a Client, has no real printer driver assigned to it. The standard Windows Add Printer Wizard (APW), run from NT/2000/XP clients, is used for printer driver upload. Note: The existence of PRINT$share on the central file server is a prerequisite for uploading/downloading printers drivers (PointNPrint).
ii
CAUTION! Do not click Yes. 4. Click No. 5. Do one of the following: Install a new printer driver (thereby activating the Add Printer Wizard, see next step). OR If one or more drivers have already been installed, you can select one of these drivers from the drop-down list. (If no drivers have been installed this list will be empty.) 6. If installing a new driver, follow the Windows Add Printer Driver Wizard.
172
7. After driver upload is complete, perform the first client driver installation, as described in the next section.
P ri nt i ng S erv ice s fo r th e F il eB an k
173
At this stage you may also want to set other printing defaults that will apply to all future clients wanting to carry out PointNPrint driver installation. From now on, any client wanting to install this printer can just Point'N'Print.
174
4. Click Yes. The Add Printer Wizard (APW) opens. 5. Select the driver to associate with the printer, install it and connect.
175
6. Select the radio-button Connect to a printer on the Internet or on a home or office network. 7. In the URL field, enter the URL for the printer in the following format: http://<FileBank's hostname>:631/printers/<printers name> 8. Click Next. 9. Select the appropriate driver to install, and use the wizard for completing the installation. 10. When done, print out a test page. ii Note: Installing the IPP printer drivers to a workstation does not require additional settings on the FileBank other than adding the IPP printer URL to the FileBank. Note: Client side IP configuration does not support PointNPrint.
ii
176
177
1. Ensure that a PRINT$share is defined on the central file server. 2. Verify that you are logged in as a printing administrator, with full read and write access to the PRINT$share. 3. Ensure that this user is defined as a printing administrator (see section Assigning Printing Administrators, on page 170.) I get an Access Denied message when trying to upload drivers 1. Verify that PRINT$share exists on the target's central file server. 2. Verify that you are logged in as a printing administrator with full read/write access on the PRINT$share. 3. Verify that you have set the printing driver to server at the FileBank: > printing drivers set server and then repeat the driver upload procedure (see Uploading Printer Drivers, on page 171). When I try to print out a test page I get one of the following errors: Operation could not be completed Could not add a print job Print test page failed 4. Ensure that you have initialized the printer by performing the first Client driver installation, before trying to print (see First Client Driver Installation, on page 172). 5. If the printer driver is not yet installed on the workstation, Ensure that you are logged in as an administrator for this workstation. 6. Verify that the printer is connected and operational (look for errors such as network connection problems, paper jam and out of paper). Print jobs are not cleared from the queue (even after refreshing the queue) and are not printed 7. Verify that the printer is connected and operational ((look for errors such as network connection problems, paper jam and out of paper). 8. Verify that the printers URI is defined correctly on the FileBank, and that the printer supports the protocol given and is configured to acknowledge on the specific protocol (IP, port, protocol).
178
3. The next screen lets you either select the port you want your printer to use or create a new port:
Us in g WAF S P r in t in g S e r vi ce s
179
4. Select the option of creating a standard TCP/IP port. 5. Use the following dialog box to add a printer name or IP address and a port name.
180
WAN-OUT Operation
This section presents the following topics: About WAN-OUT, on page 180 Detecting a WAN-OUT Event, on page 180 Working with Files while in WAN-OUT Mode, on page 181 WAN-OUT Known Limitations, on page 183
About WAN-OUT
Expand's WAFS solution comprises of two parts that communicate with one another: a FileBank (FB) installed at the Remote Branch Office (RBO), and a FileBank Director (FBD) installed at the Data Center. Expand's WAFS solution lets users at the RBO optimize their use of shared contents on a File Server installed at the Data Center. Expands WAFS solution includes support for WAN-OUT mode, thus providing necessary business continuity for cases of temporary WAN outage, or when the FileBank Director is temporarily unavailable. When a WAN-OUT event is identified, the system automatically switches to WAN-OUT Mode, allowing users at the RBO to open, with READ-ONLY permissions, cached share content stored on the FileBank. A WAN-OUT event can be triggered by any of the following scenarios: The RBO's WAN link is down. The FBD is inaccessible to the FileBank:. The FBD is totally inaccessible (disconnected from the network). The FBD is frequently inaccessible (some network disconnections). The FBD's WAFS services are down.
Note: If the File Server goes down prior to the communication being cut between the FB and FBD, a WAN-OUT event will not be triggered
WA N - O U T O p e r a ti on
181
Cache
When working in WAN-OUT mode, end-users at the RBO can work only with cached share content stored on the FB. The entire cache content on the FB is treated as valid. This means that when consulting the FB's cache, all cache TTL timers are ignored.
182
File Access
When an user tries to open a file, READ ONLY (RO) access is granted (provided applicable security). Any other access flags - such as WRITE, DELETE, TRUNCATE, CREATE are denied. Users opening files receive a notification as if they have a read-only permission to the file. Copying a file to the Clients harddrive is possible, along with all security and permission data, provided that the user has the applicable security to do so. In WAN-OUT mode all operations that attempt to change a file, a file system structure, or data are immediately responded with Access Denied by the FileBank. For security reasons, the time frame granted to the users to access the cached share content stored on the remote accelerator is limited to the 10 minutes prior to the WAN-OUT mode initiation. This means that any files that were not opened by a specific user within 10 minutes prior to the WAN-OUT event initiation, are blocked and the user will not be able to open them during the WAN-OUT period. The file access is granted on a per-user basis, so if one user has the file open, but another user does not, after a WAN-OUT, only the user who opened the file will be able to access it.
File Security
The way end-users at the RBO work when the FB is in WAN-OUT mode, changes with respect to whether a Domain Controller is accessible to the FB. Two possibilities are available: For a remote site with a local Domain Controller (the Domain Controller is still reachable by the accelerator while the site is in WAN-OUT mode): Users will be able to continue to work on the files opened at the time the link is lost. Users that will need to save their work while the link is down would not be able to do it on Expand cache, but they will be requested to use an alternative local storage. Users will be able to open files or folders that were previously accessed during the time frame defined in the AcceleratorOS (10 minutes). Only those files will only be accessible and will be limited to READ-ONLY permission. For a remote site without a local Domain Controller (the Domain Controller is not reachable by the Accelerator while the site is in WAN-OUT mode): Users will be able to continue to work on the files opened at the time the WAN link is lost.
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
WA N - O U T O p e r a ti on
183
Users that will need to save their work while in WAN link is down would not be able to do it on the Accelerators cache, but will need to use an alternative local storage. No other files or folders can be opened from the shared cache on the Accelerator.
Partial Disconnection
In some cases, a single FileBank is connected to multiple FileBank Directors at different physical locations. A failure in one or several of these FileBank Directors is possible, resulting in a situation where only a part of the files accessed by the RBO are now under disconnection. As the FileBank has the notion of the origin of each file (namely: the specific FileBank Director that manages the file), the system selectively enters the WAN-OUT mode for files from FileBank Directors that are disconnected and operates normally with files from FileBank Directors that have valid connection.
184
DNS Masquerading
One primary objective of the Expand solution is to provide a truly dynamic global file system. To ensure that data is always accessible across the distributed organization, Expand must anticipate and overcome challenges introduced by common network issues and user usage patterns. Some key requirements of a global file system include: Common name space the solution must be fully coherent with the existing naming convention used across different branch offices. For example, a file server named efs should be accessible, using this name, to branch offices with or without Expand FileBank. Direct access on failure users in branch offices should be able to access the file server at the data center should the FileBank at their location become unavailable. Roaming user support supports mobile users travelling between different branch offices. The system should automatically redirect users to the nearest FileBank according to the user's current location. To meet these requirements, Expand supports DNS Masquerading. Using DNS Masquerading, Expand becomes part of the DNS scheme in the organization, and uses DNS to overcome challenges associated with the above requirements.
D NS Ma sq ue rad i ng
185
reboots or wakes the computer from hibernation, the DHCP server pushes a new DNS server list. If the office uses FileBank, the FileBank will be listed as the primary DNS as described above.
5. In the Services screen go to the DNS Acceleration tab. 6. Set the DNS Masquerade status to Enabled. Fill-in the relevant IP Address (the FileBank IP Address) and Host Name (Fully qualified domain name)
186
7. In the Services screen go to WAFS. Click on WAFS Configuration. 8. In the WAFS Management screen select System>Setup wizard. Ensure that the virtual server name includes no prefix, suffix or alias, and is identical to the file server name. At the end of the process, the WAFS details should be similar to the following:
D NS Ma sq ue rad i ng
187
9. Use the WAFS CLI to verify that spnego option is on. (using the _auth spnego on command). This setting is essential in order for DNS Masquerading to function correctly. Do not use the DNS Masquerading option from the Additional Services menu. Do not change any settings on the client. There is no need to change the primary DNS server. When the FileBank reboots, the client is immediately connected to the Fileserver. When the FileBank is up, the client continues to be connected to the original Fileserver. You are advised to reboot the client after the configuration
188
record. You should set the TTL of the file server record to the minimum in order to shorten the fail-over time. The DNS client service does not revert to using the primary DNS serverThe Windows 2000 Domain Name System (DNS) Client service (DNSCache) follows an algorithm when it decides the order of the DNS servers configured in the TCP/IP properties. Refer to Microsoft Knowledge Base for more information http:// support.microsoft.com/default.aspx?scid=kb;EN-US;286834 CIFS session time outIn some cases, the client will fall back from the EFS to the FileBank only after its CIFS session with the EFS terminates. The time this takes is influenced by the session time out on the EFS, and can be configured by using the following command on the Windows file server: net config server /autodisconnect:<minutes>
M o ni t or in g WAF S Fu n ct io n al it y
189
Viewing Logs
The Logs screen lets you generate activity logs of the FileBank Director for monitoring, optimization, and troubleshooting purposes. Generating a log archive may take several minutes. When finished, the log file is saved in a default system location, and a link to the log archive appears in the Log Archives section of the screen (newest on top).
190
Troubleshooting
In this troubleshooting section it is assumed that: configured
Tro ub le sh o o ti ng
191
1. A complete end-to-end Expand WAFS installation has been set up and 2. Devices are connected to the network (L1, L2) correctly and the right network (L3) settings have been applied
Troubleshooting Tools
Internal Diagnostics: An automated internal utility that provides an immediate indication of the Expand device performance and issues. This is the first tool that should be used when troubleshooting is necessary. You should run this tool at both branch and data center ends. For details, see Running System Diagnostics, on page 189 (FileBank), and Running System Diagnostics, on page 189 (FileBank Director). Logs: The internal system logs that can be viewed, archived and uploaded. For details, see Viewing Logs, on page 189 (FileBank) and (FileBank Director). Statistics: An internal tool that provides FileBank service statistics (see DNS Masquerading, on page 184). Status: The status CLI command reports on the current system running status. General Network Utilities: Ping, traceroute, ttcp, ifconfig, route, and netstat.
Networking
No route/connection to the Expand devices Check that the device is operational and is connected correctly to the network (both Ethernet cable ends should be firmly in place). Verify that the green light at the cable socket of each side is on. Verify that network settings are correct, by examining the output of the ifconfig CLI command. Pay particular attention to IP address and netmask.
192
Use the route CLI command to verify that routing tables are correct. Try to ping a machine in the same subnet (typically the gateway, depending on your network topology). No route/connection to the Domain Controller (authentication server) Use the domain controller's IP address to check connectivity. If this fails, refer to the previous section and correct networking/routing problems. Verify the name set for the authentication server. Use the CLI authsrv command, or the relevant Web Interface page. Try to ping the domain controller by its name. Failure to do so indicates a name resolution issue. To resolve this issue, either add the domain controller to the static hosts list (using the hosts add CLI command), or verify correct DNS settings. Ensure that you have applied valid DNS servers. Use the CLI prompt command dns, or the relevant web interface page, to assign/delete/list DNS servers. Ensure that you have added the DNS suffix required to complete the FQDN of the authentication server. Use either the CLI prompt command dns search, or the relevant web page, to apply the required suffix. If the FileBank has not been configured with DNS servers, add the authentication server name under the static hosts. Use the hosts CLI prompt command, or the relevant web interface page, and repeat a connectivity check to the authentication server. No route/connection to Fileserver(s) Ensure that you have correctly defined the server(s) that needs to be exported by FileBank Director. Verify that the file servers NetBIOS names are the names you have defined to be exported by FileBank Director. Try to ping the file server's NetBIOS names. Failure to do so indicates a name resolution issue. Verify correct DNS settings, including DNS search path. Alternatively, use 'hosts' static entry to add them to the list, as described in the previous section. FileBank Director cannot access the file server on port 139 or 445 FileBank Director requires active ports 139 or 445 on the fileserver. If port 139 (SMB over NetBIOS) is disabled, enable the NetBIOS port as follows: browse the
Tro ub le sh o o ti ng
193
file servers TCP/IP network properties, select the Enable NetBIOS over TCP/IP checkbox and apply changes. If NetBIOS is to remain disabled on the fileserver, please consult the Expand support team support@expand.com for additional configuration settings. No route/connection from FileBank to the FileBank Director Expand utilizes TCP connection to transfer the data between FileBank and FileBank Director. The UDP port is set to keep alive acknowledgements between the two. Connection ports between FileBank and FileBank Director are set by default to 80. Ensure that the connection ports between the FileBank Director and the FileBank match each other. Use the FileBank Director CLI listenport command, or the relevant web interface page, to verify/alter listen ports. Use FileBank CLI fport command, or the relevant web interface page, to verify/alter connection ports. Ensure that the designated ports (UDP and TCP) are opened on the firewall (if applicable), and that corresponding settings are applied. Check MTU (Maximum Transfer Units) consistency along the network path. This check is especially needed with DSL connections. Inconsistency may result in lack of communication. Test different values for MTU using ifconfig CLI command. Try to reduce the MTU gradually, and find the largest MTU value that works for you (ping to verify). If the problem persists, contact Expand support at support@expand.com for additional information.
194
The user that is entered upon joining the domain must have adequate permissions on the domain to join computer objects. Ensure that the hostname of the FileBank is a valid NetBIOS name, and does not exceed 15 characters. If necessary, redefine the hostname and rejoin the FileBank to the domain. If the problem persists, contact Expand support at: support@expand.com.
Service
System status: Not Running Verify the system was started, and try to start it again using restart CLI command. Run the status CLI command, and check reported errors in command output. Run the diagnostics CLI command, and check reported errors in command output. Ensure that the AcceleratorOS license is installed and valid. If the problem persists, contact Expand support at: support@expand.com System is running, no virtual servers appear on FileBank Run the diagnostics CLI command on the FileBank Director to verify connectivity to the file server/s, and that FileBank Director is able to read file server shares. If FileBank Director cannot read shares, verify the existence of shares by accessing the file server directly from a workstation (namely, not via Expand), and define a share listing user (when necessary) using the FileBank Director cifs user CLI command. Run the diagnostics CLI command on FileBank to verify connectivity to FileBank Director. Run the gns refresh CLI command on FileBank. Verify that the defined connection ports associated with the various FileBank Directors match the FileBank Directors listen ports (the listen port can be explored at the FileBank Director end, by issuing the listenport CLI command or the relevant Web Interface page). Verify that no firewall is blocking the FileBank Director/FileBank connection ports. Workstations cannot connect to FileBank virtual server(s)
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
Tro ub le sh o o ti ng
195
Access denied
Continue troubleshooting by verifying user permission to access the central server resource, and the existence of necessary domain trust when applicable. Try to connect directly to the central file server (meaning, not via Expand) by using the same domain user. Run the diagnostic command via CLI or the web interface, to validate that FileBank is joined to the domain. Verify that FileBank is joined to the correct domain. If the FileBank is joined to a different domain than the centralized file server, ensure that a trust exists from the central domain to the FileBank domain. Cache pre-population failure Examine the errors in the fetch log. Validate the correctness of the path given to the fetch job. From a workstation browse directly to the FileBank giving the same fetch job path.
196
i i
Note: Fetch paths are case-sensitive. Ensure that a valid domain user is assigned to all fetch jobs. From a workstation, log in as the same user defined in the fetch job, and browse directly to FileBank. Verify that this user has read credentials by trying to read a file whose fetch has failed, according to the logs. If DFS is in use, ensure that the fetch job path is not a DFS path (namely, //<virtual server name>/<DFS root>/<path>), but instead points to the linked virtual server (namely, //<virtual server name>/<share name>/<path>). To view the FileBank virtual server names, use the CLI status command or the relevant web interface page. Replication failure The replication service requires the definition of a replication user. The replication user must have read and write permissions on the paths where files are to be replicated. The same replication user should be used for both FileBank Director and FileBank. Ensure that you set a valid domain user as the replication user. From a workstation, log in as the replication user, and browse directly to the FileBank. Verify that this user has read and write credentials by copying files to a replication folder. Validate the defined replication paths. From a workstation, browse directly to the FileBank, using the defined replication UNC path(s). If DFS is in use, ensure that the replication paths are not DFS paths (i.e. //<virtual server name>/<DFS root>/<path>), but instead point to the linked virtual server (namely, //<virtual server name>/<share name>/<path>). To view the FileBank virtual server names, use the CLI status command or the relevant web interface page. Some of the DFS shares/folders are inaccessible Find the physical server name that contains the inaccessible shares/folders. Ensure that it appears in the exported file server list (using FileBank Director cifs show CLI command or via FileBank Director web interface).
Tro ub le sh o o ti ng
197
Performance
If the Expand network environment has not been deployed/configured correctly, users may experience the following problems: Long delays while opening and saving cached files (WAN like) Mapped network drive disconnections Network Interfaces View the NIC settings (use the CLI command ifconfig). Verify that no errors have accumulated on the interface. Errors may indicate a duplex/speed mismatch. Check the Switch/Hub port settings to which the Expand device is connected. The port settings must match the NIC settings of the Expand device. In the case of a mismatch, use the CLI command ifconfig to force settings on the NIC, such as the auto-negotiation mode, speed and duplex settings. For optimum performance, ensure that the Link supports 100Mbps FD settings. Quality of Service (QoS) Branch offices that utilize QoS should prioritize the DSFS protocol between FileBank and FileBank Director. This will generally result in an immediate and marked improvement in user experience. The protocol uses by default port 4049, but for QoS you are advised to use a different, distinguishable port. You can change protocol port by using listenport/fport commands on the FileBank Director/ FileBank respectively. Ensure that you change all communicating devices at the same time. Route Investigate the route legs along the communication path from a workstation to the FileBank to the FileBank Director, terminating at the file server. Network location Ensure that there is no significant latency (latency greater than 1ms) between the FileBank Director and its associated file servers. Improved performance may be achieved if the file servers and the FileBank Directors reside on the same LAN segment. Ensure that there is no significant latency (latency greater than 1ms), or any link mismatch, between the FileBank and the workstations. Improved performance may be achieved if the workstations and the FileBank reside on the same LAN segment Bandwidth issues
198
Use the ttcp command (for more details, refer to the Expand CLI Reference Guide) to check the available bandwidth between the FileBank and the FileBank Director. Ensure that you compare both directions (the FileBank should be the Client at the first check, the Server at the second). This check can reveal bottlenecks and bad settings along the network path. Name resolution: Failover (WAN) issues Several name resolution techniques, such as DNS masquerading and DFS, can add seamless failover capabilities to the Expand solution. For more details see section DNS Masquerading, on page 184. With DNS masquerading in place, in the case of a failure, workstations are automatically switched to resolve the virtual server name as the centralized file server name. Failover lets the user continue to work without interruption, though there may be a deterioration in user experience. Ensure that workstations resolve the correct virtual server name. You are advised to execute the nslookup command from the workstations command prompt, giving the virtual server name as a parameter. Verify that the IP returned is the same as the IP of the FileBank. Ensure that FileBank is defined as the workstation's primary DNS (use ipconfig /all at the workstation command prompt).
To regain the correct name resolution of the virtual server, execute the following steps from all workstation involved in the failover:
1. From each workstation's command prompt execute the following commands (you may want to aggregate the scenario in a batch process during workstations boot): ipconfig /flushdns nbtstat R nbtstat RR 2. Validate that the IP of the FileBank is returned upon querying the virtual server name (use the nslookup command). 3. If the problem persists, contact Expand support at: support@expand.com.
Tro ub le sh o o ti ng
199
DNS Services
Workstations cannot browse the Internet or network mapping when using the FileBank as a DNS proxy Verify that DNS masquerading is running (for more details see DNS Masquerading, on page 184). Ensure that the FileBank is defined as the workstation's primary DNS (use ipconfig /all at the workstation command prompt). Use the CLI dns command (or the relevant web interface page) to verify that the primary corporate DNS server is properly set on the FileBank. DNS lookup failed for branch workstations Ensure that the FileBank is defined as the primary DNS for that client, and that a secondary DNS points to an corporate DNS. Use the CLI prompt dns command (or the relevant Web Interface page) to verify that DNS servers are set onto the FileBank. Ensure that a search path (DNS suffix) is configured for the workstations. Duplicate IP error appeared when connecting in file server Error message: System error 52 has occurred: A duplicate name exists on the network. Global Name-Space support (exported virtual servers equals file server alias name): DNS masquerading might generate this error. To resolve, see Microsoft Knowledge Base 281308 http://support.microsoft.com/default.aspx?scid=kb;enus;281308.
200
202
C h ap t er 6: Applying QoS
Accelerator QoS
QoS, or Quality of Service, is designed to help manage traffic across the network in order to combat the congestion, latency and greedy and rogue applications that all contribute to poor application and network performance. Organizations need to be able to allocate bandwidth to mission-critical applications, slow down non-critical applications, and stop bandwidth abuse in order to efficiently deliver networked applications to the branch office. This section contains the following topics: About QoS, on page 202 How to Know What is on Your Network, on page 203 How to Prioritize Applications, on page 203 Studying the QoS Solution, on page 203
About QoS
QoS (Quality of Service) is a general term for the control mechanisms that can assign different priorities to different users, applications, or data flows. These control mechanisms or priority levels guarantee a certain level (or quality) of performance of the data flow (service) and simultaneously addresses the requests from the application. Quality of Service guarantees are important if the network capacity is limited, especially for real-time multimedia streaming applications, such as VoIP and IPTV. Such applications often require a fixed bit rate, are delaysensitive, and cannot tolerate packets dropping or being delivered in the wrong order. You can use the QoS feature to prevent such factors and to accelerate packets passing through the Accelerator based on your policy and reservation criteria. QoS allows you to maximize the bandwidth you pay for more effectively. The key to managing the traffic and achieving bandwidth effectiveness, is closely tied to your knowledge of the type of traffic that is on your network and to the demands of your users.
Ac ce le rator QoS
203
204
C h ap t er 6: Applying QoS
what should be traversing the network. Once a clear picture of the current network and the ideal network is attained, easy to understand shaping policies like realtime or block govern the flow of traffic. The Accelerators QoS mechanism is single-sided, in that it can also work across a Virtual Link, in which the Local Accelerator does not work opposite a Remote Accelerator. For a complete explanation as to how the QoS mechanism functions and is implemented, see Setting QoS Rules, on page 229. For additional QoS Benefits see the following: Automatic Traffic Discovery, on page 204 End-to-end application performance monitoring, on page 205 Transparency to existing QoS infrastructure, on page 205 Priority treatment for critical applications, on page 205 Guaranteed bandwidth for specific applications, on page 205 Restricting rogue and greedy applications, on page 205 Seamless integration with compression, on page 205
Ac ce le rator QoS
205
206
C h ap t er 6: Applying QoS
to traffic after the traffic has been compressed, because the important result is enduser experience, not the physical link usage. While basic traffic management is simple via the My Applications menu, you can program complex QoS with nested rules, decision trees and other advanced features.
H o w Q o S Wo r k s
207
The Accelerators QoS mechanism receives packets from the LAN, and passes them to the Accelerators compression mechanism. The QoS mechanism automatically adjusts the throughput it transmits to account for the extra available bandwidth created when traffic is compressed. i Note: While the Accelerator enables the same QoS capabilities on inbound and outbound traffic, most QoS is accomplished on outgoing bandwidth only. Incoming traffic shaping is useful for non-links and virtual links, and instances in which limiting or blocking incoming traffic is desired, for example blocking P2P traffic or limiting incoming Internet traffic. Note: Using inbound traffic shaping when the remote Accelerator uses outbound traffic shaping is not recommended; in such a case, the inbound shaping may have only a partial effect on the traffic. This section contains the following topics: Prerequisites, on page 207 Understanding QoS Rules, on page 208 How Traffic Filtering is Applied, on page 209 Studying QoS Bandwidth Allocation, on page 209 How Traffic Shaping is Applied, on page 209
Prerequisites
Follow these steps before working with QoS:
1. Set an accurate Bandwidth for the WAN. This setting ensures that all traffic shaping applied is relative to the actual physical bandwidth on the WAN pipe. The default bandwidth set for the default WAN is 100 Mbps (fast Ethernet). 2. This bandwidth setting assumes the largest possible bandwidth so that the Accelerator does not limit its throughput over the WAN due to a WAN bandwidth setting lower than the actual bandwidth. However, to get an accurate QoS shaping you are advised to modify the bandwidth setting to its actual rate. For
208
C h ap t er 6: Applying QoS
more information on setting WAN bandwidth see Performing Setup via the Wizard, on page 22. 3. You must set the bandwidth of each link on the WAN. For more information on setting the Link Bandwidth, see Performing Setup via the Wizard, on page 22.
Description
The Filter defines what kind of traffic qualifies as part of an application. Filters are generally Layer-4 definitions such as port number, protocol number, and traffic type. For example, the application FTP is defined by the traffic type TCP and the port number 20. You can modify and add traffic type and port number for applications that already exist by default in the Accelerator, as well as defining new applications. The traffic shaper defines how to handle the traffic filtered into this application: what priority the application receives, and how the application is treated by the Accelerator. Shaping the traffic enables setting a desired (or guaranteed) amount of bandwidth to be preserved for a specific application, setting a limit on how much bandwidth an application can consume (to avoid starvation of other applications), and setting the CoS (Class of Service priority) and ToS (Type of Service) values for the application. Shaping is crucial for ensuring application integrity - that critical traffic applications get the bandwidth they need, and that other important applications are not starved completely. An application in the Accelerator can include a marker per application. You can save the ToS marking on the rules, either the original ToS value or a newly defined ToS value. This also means that you can set each application type to be Not-Accelerated or NotTunnelled. This is particularly useful for applications like HTTPS or Encrypted Citrix, whose packets do not compress, and ensures that the Accelerator does not waste resources attempting to process these packets.
Shaper
Marking
H o w Q o S Wo r k s
209
210
C h ap t er 6: Applying QoS
WAN Bandwidth
First, the bandwidth set for the WAN is honored. All further application QoS decisions are based on the WAN bandwidth.
Link Bandwidth
You can set the bandwidth of the Link with a maximum value, limiting the amount of the total throughput of the WAN available to a particular link. All Application decisions based on a particular link are bound by this bandwidth. i Note: Peer oversubscribing is allowed. For example, if the WAN bandwidth is T1 (1.5 Mbps), you can set 10 links at 256 Kbps each, and the bandwidth will be distributed relatively to all links according to the QoS mechanism. Like the WAN bandwidth setting, the bandwidth set for a link can never be exceeded. The bandwidth set for the links is divided by the WAN according to the priority of the traffic coming across the links. This means that if the WAN bandwidth is 128 Kbps, and Link 1 is set to 128 Kbps and Link 2 is set to 128 Kbps, if one link has high priority traffic, the lower priority traffic on the other link could be starved. However, if the Link bandwidth is set to a portion of the WAN bandwidth, then the link does not exceed this portion, and bandwidth is left over for other links.
Bandwidth Limits
Maximum bandwidth limits set for applications are honored and the traffic throughput is limited according to this setting.
H o w Q o S Wo r k s
211
Bursts
In addition to the hierarchy, if, after all bandwidth is allocated, there is spare bandwidth, and an application is set to allow bursts, this application uses all spare bandwidth even if it is set to ordinarily have a maximum bandwidth limit. For example, if on a 64 Kbps link FTP is limited to 16 Kbps, with burst allowed FTP will be able to use the entire 64 Kbps if no other traffic traverses the link, and when there is traffic, the limit of 16 Kbps is enforced on FTP. To allow bursts on applications, you have to ensure that the default setting on the WAN, which allows bursts, is kept. The WAN Burst parameter also lets you set a maximum burst bandwidth, meaning that if the WAN bandwidth is 1 MB, you can set the WAN burst to limit burst traffic to 900 Kbps in order to avoid maximum utilization situations because of burst traffic. By default the WAN bursts are allowed to use the entire WAN bandwidth. In certain environments, lowering the WAN burst by up to 10% may be useful in order to protect the line from congestion caused by bursts. i Note: QoS settings take effect when the WAN link is full. Any limitations and guarantees placed on traffic apply only if not enough bandwidth exists for all traffic to flow freely. Note: In the Accelerator, rule limit and desired shaping are applied to traffic before it is compressed, while link shaping (bandwidth for the link and the WAN) is applied to traffic after the traffic has been compressed.
Desired Bandwidth
Minimum bandwidth Desired set for applications is allocated to all applications on which a desired minimum bandwidth was set. This is true even for low priority applications. For example, in a 64 Kbps link, the applications will divide up the 64 Kbps plus the Acceleration percentage, like a cake, with the desired bandwidth applications reserving the first piece. As long as no congestion exists, all applications set to Desired receive their guaranteed bandwidth. When there is congestion, if high priority applications are guaranteed bandwidth, they will receive it before low priority applications that were guaranteed bandwidth. If there is not enough bandwidth for numerous high priority applications that were guaranteed a desired bandwidth, the desired bandwidth will be divided proportionately between those applications.
212
C h ap t er 6: Applying QoS
Desired bandwidth is useful especially to prevent starvation of lower priority applications. Setting a desired bandwidth for a low priority application ensures that the application receives some small amount of bandwidth even when the high priority applications are consuming the bulk of the bandwidth. While the Minimum bandwidth desired is allocated hierarchically according to the application priority (first to real-time, then to high, then to average, and so on), the desired bandwidth setting is handled before relative spare bandwidth distribution among prioritized applications. For this reason it is important to use the Minimum bandwidth desired setting carefully. For example: If VoIP is prioritized as high priority traffic on a 1 Mbps connection, and HTTP traffic receives low priority, but a minimum desired bandwidth setting of 800 Kbps, these 800 Kbps will be allocated to HTTP traffic and the remaining 200 Kbps is divided proportionally between the VoIP application and the HTTP traffic.
Priority
The relative QoS priority set to the application is considered and bandwidth is divided proportionally among the applications as follows:
Block
Blocked traffic is discarded.
Real-time
Traffic set to real time receives strict priority. This means that as long as real-time traffic is traversing the network it will receive the entire bandwidth. All lower priority traffic types wait until there is free bandwidth, thus starving all lower priority applications (unless a Minimum bandwidth (desired) was set for them). For this reason it is important to use the Real-time setting with great care. If a chatty/ bandwidth-greedy application constantly transmits traffic, it is possible that no other application will receive bandwidth (except those set with a Minimum bandwidth (desired)). High/Average/Low: High, average and low traffic priorities divide the bandwidth that is still available (after desired and real-time traffic) in a proportional method based on time. High priority traffic waits the shortest amount of time before waiting to be sent, average priority traffic waits longer than the high priority and low priority traffic waits longer than the average traffic to be sent. This does not mean that high priority traffic transmits completely before average traffic starts transmitting, rather high traffic transmits at a faster rate.
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
H o w Q o S Wo r k s
213
Setting the priority to high/average/low is appropriate for most traffic types, setting the relative importance between the applications without causing starvation. In advanced configuration, you can set the WAN to handle QoS according to strict-priority. This would set the priorities to act deterministically rather than proportionally: high priority traffic receives all the available bandwidth (after desired and real-time traffic), average priority traffic receives bandwidth only if no high priority traffic exists, and so on. If there is constant high-priority traffic, average and low priority traffic are starved completely. i Note: Traffic that waits too long to be transmitted is discarded as obsolete so as not to cause application problems by transferring stale packets.
214
C h ap t er 6: Applying QoS
Work in g wi th A p pl ic atio n s
215
In order to create a QoS Rule, an application must be defined. Applications should be created for all traffic types that do not already exist in the list of predefined (classified) traffic applications, or as subsets of these applications to further filter the traffic type selected. To see a list of the pre-defined applications (XYZ). Applications are created with either inbound or outbound traffic as follows:
The following applications can be created: General Applications, see Creating New Applications, on page 219 HTTP or Web applications, see Creating Web Applications, on page 222 Citrix applications, see Creating Citrix Applications, on page 224 Remote Desktop services, see Creating Remote Desktop Services, on page 226 The applications table shows the applications that were created. From the Applications table you can: View the defined applications, see Viewing Defined Applications, on page 216 Edit a defined application, see Editing an Application, on page 217 Delete an application, see Deleting an Application, on page 217 Or Create one of the applications listed above.
216
C h ap t er 6: Applying QoS
Work in g wi th A p pl ic atio n s
217
HTTP or Web applications, see Creating Web Applications, on page 222 Citrix applications, see Creating Citrix Applications, on page 224 Remote Desktop services, see Creating Remote Desktop Services, on page 226
Deleting an Application
To remove an application from the Applications Table:
1. Click the application name and then click Delete. 2. There is no confirmation for this action. The application is immediately deleted as well as all of the statistics that were collected for the application. To edit an application click the application name in the table and then click Edit. See Editing an Application, on page 217 to edit an application. To create a new application, see the information according to the application you want to create: General ApplicationsCreating New Applications, on page 219 HTTP or Web applicationsCreating Web Applications, on page 222 Citrix applicationsCreating Citrix Applications, on page 224 Remote Desktop servicesCreating Remote Desktop Services, on page 226
Editing an Application
Selecting an application lets you modify the application definition (the type of traffic, also known as the traffic rule, or filter) and set up the way the traffic is treated (or prioritized, also known as shaping).
To edit an application:
1. In the My Applications menu, click the application name (alternatively, highlight the application line and click the Edit button). The Edit Application menu opens. 2. The Edit Application menu lets you modify all application parameters as listed in Creating New Applications, on page 219. 3. In addition, you can select one or more of the following check boxes:
218
C h ap t er 6: Applying QoS
Collect Statistics - Collects statistics on the specified application for up to one year. Discover - enabled with L7 Applications. Applications that are discovered can also be defined so that their QoS criteria is enabled. Checking this check box allows the L7 Discovery to report this application on the Discovered Applications List in the Monitored Applications report. A list of discovered applications is found in Discovering Layer-7 Applications, on page 60. 4. Click Submit.
Note: When creating an Application Name, spaces are not allowed. You may use an underscore to create a visual space. For example, my_application. The compressed packets are aggregated in the link per class. The classes are defined via the CLI and set the aggregation packet limit, and allows a pre-defined delay (window) before sending the packets. For aggregation class configuration details via the CLI, see Aggregation Class Commands, on page 617. To Delete an application, see Deleting an Application, on page 217. To create a new application, see the information according to the application you want to create: General ApplicationsCreating New Applications, on page 219
Work in g wi th A p pl ic atio n s
219
HTTP or Web applicationsCreating Web Applications, on page 222 Citrix applicationsCreating Citrix Applications, on page 224 Remote Desktop servicesCreating Remote Desktop Services, on page 226
Note: When creating an Application Name, spaces are not allowed. You may use an underscore to create a visual space. For example, my_application. 2. Update the following parameters to define the Application and how it is handled:
Parameter Item
Application name
Description
The default name for a new application is new_application. You have to modify the name of the application to a name indicating the type of traffic considered in this application. Maximum of 31 characters, no spaces. Special characters are allowed. Enabling statistics history saves statistics for this application for up to one year. Click the checkbox to enable, clear to disable. The Application Criteria box lets you set the type of traffic to be considered in an application. These fields define a rule for identifying traffic as part of this application To set the application to be defined on the basis of a TCP port or a span of TCP ports: Select TCP port from the drop-down menu. In the From field enter the first port to be considered, in the To field enter the last port to be considered. For example, to change HTTP application 80 to HTTP application 8080, enter 8080 into the From field. To define a single port, enter the port number into the From field and leave the To field empty. Click the Add button. The Criteria created appears in the Criteria Table.
Collect statistics
Application criteria
TCP Port
220
C h ap t er 6: Applying QoS
Parameter Item
UDP Port
Description
To set the application to be defined on the basis of a UDP port or a span of UDP ports: Select UDP Port from the drop-down menu. In the From field enter the first port to be considered, in the To field enter the last port to be considered. For example, to change the TFTP application from port 69 to port 4444, enter 69 into the From field and 4444 into the To field. To define a single port, enter the port number into the From field and leave the To field empty. Click the Add button. The Criteria created appears in the Criteria Table. To define an application based on a specific protocol: Select Over IP from the drop-down menu. In the From field enter the first protocol number to be considered, in the To field enter the last protocol number to be considered. To define a single protocol, enter the number into the From field and leave the To field empty. Click the Add button. The Criteria created appears in the Criteria Table. The criteria table lists all the criteria that must be met in order for traffic to be considered part of this application. To delete entries in the Criteria Table, highlight them and click the Delete button The Prioritize box lets you set the shaping or prioritization to be applied to the traffic type. The order parameter sets the importance of this rule. Traffic that enters the Accelerator is dealt with by the QoS mechanism based on Prioritization order number. Traffic that matches the Application criteria set in order number 100 is handled according to the setting for this application type, even if it may match the criteria of other Applications with other, less important priority order numbers. If the two applications are set with the same order priority, applications are matched according to the highest level of specificity first. For example, if two applications have a priority of 210, but one application is created for all traffic in ports ranging from 2020 to 2060 and the other application is created for traffic on port number 2062, the 2062 traffic is handled first. Another example of higher specificity is when one application defines Layer-7 values and another application with the same priority order defines values only up to Layer-4 values; the Layer-7 application shaping will be applied to the traffic. Most QoS settings do not necessitate setting the Order field. You can set the order from 100 to 65534. The Minimum bandwidth desired setting should be used carefully. This parameter allocates a certain amount of bandwidth to be saved for a specific application type during periods of congestion. You should set desired bandwidth only for mission-critical, time-sensitive applications, such as VoIP, which need 8 to 16 Kbps allocated throughput to function. The Maximum bandwidth limit setting puts a ceiling on the amount of bandwidth that an application can consume. This is useful for bandwidth-greedy applications such as FTP or P2P, to limit the amount of bandwidth they consume.
Over-IP
Work in g wi th A p pl ic atio n s
221
Parameter Item
ToS
Description
You can either preserve the original ToS setting of the packets or set a new ToS value for this application. To preserve the original ToS value, click the Preserve radio button. By default, ToS preservation is enabled. To set a new ToS value for this traffic, click the Set radio button and select one of the following options: ToS value - lets you select a ToS value (0-254) for the Accelerator. Code point - uses the first 6 bits of the ToS field, thereby giving 26 (= 64, namely: 63) different values. CoS ToS - combines the values of the IP precedence field (otherwise known as CoS, which stands for Class of Service) and the ToS (type of service field). To allow applications to have a burst of additional bandwidth, click the Enable checkbox. This is disabled by default. To disable, clear the checkbox. You can either preserve the original ToS setting of the packets or set a new ToS value for this application. Set the Priority of the application to: Blocked: Traffic set to Blocked is dropped. Low, Average and High: Traffic set to Low, Average and High are assigned bandwidth on a proportional scale: Low receives the lowest proportion of the bandwidth. Average receives a medium proportion of the bandwidth. High receives the greatest proportion of the bandwidth. Real Time: Real-time traffic always receives bandwidth allocation according to strict priority. This means that as long as real-time traffic is traversing the network, all lower priority traffic types waits until there is free bandwidth, thus starving all lower priority applications with the exception of applications that received a Minimum bandwidth (desired) setting. Diagnostic Mode: You should set traffic to Diagnostic Mode only if the Application is not responding at all to QoS settings. This is because Diagnostic Mode traffic overrides all other QoS settings and starves all other applications (including real-time and Desired bandwidth allocated). If a class is not transmitting at all and seems not to be working, set the class to Pass-thru/Diagnostic mode, thereby disabling the QoS from the traffic type. Clicking this button will disable the Priority section.
Burst Priority
Diagnostic Mode
CAUTION! Ensure that you click the Submit button to save configuration changes before exiting the Create Application menu.
222
C h ap t er 6: Applying QoS
Note: If you are running a version of AcceleratorOS previous to 5.0(6), note that two new preconfigured applications were added in this version that may affect user-defined applications on the same ports. If applications have been configured for port of 1928 (saved for the expand-internal application) or 2598 (citrix-ica-sr), rename these applications exactly as in the preconfigured application before performing an upgrade. If an application exists for a list of ports or range of ports that include the specified port numbers (1928 and 2598), remove these ports from the list or range, and create applications expand-internal with port 1928, and citrix-ica-sr with port 2598. Then change the policy rules to match this application as well. CAUTION! Ensure that you click the Submit button to save configuration changes before exiting the Edit Application menu. To edit an application see Editing an Application, on page 217 to delete an application, see Deleting an Application, on page 217.
Layer-7 Applications
The Accelerator lets you filter HTTP web applications, Citrix applications, and Remote Desktop Services at the application layer (Layer-7). This higher level of specification enables specific applications to receive tailored traffic prioritization within the Accelerator. Creating a Layer-7 or L7 application is the same procedure as described in Creating Web Applications, on page 222. Note that traffic is no longer limited to only port 80. Other ports are now used. For information on discovering Layer-7 applications, see Discovering Layer-7 Applications, on page 60. For more information on creating/defining specific Layer7 applications, see one of the following topics: Creating Web Applications, on page 222 Creating Citrix Applications, on page 224 Creating Remote Desktop Services, on page 226
Work in g wi th A p pl ic atio n s
223
Note: When creating an Application Name, spaces are not allowed. You may use an underscore to create a visual space. For example, my_application. 2. The Web application parameters (see Working with Applications, on page 215) are identical to the parameters set for all applications, with the following additions.
Parameter Item
Application Criteria
Description
You cannot modify the Application Criteria box from within the Create Web Application box. The Layer-4 information for this web-based application is taken from the web definition. To modify the Layer-4 criteria, return to the My Applications menu and click on HTTP to edit the web application. This is also disabled for L7 Applications.
224
C h ap t er 6: Applying QoS
Parameter Item
Layer-7 Information
Description
Host Name: the host name of the web application. The Host Name is the internet address up until the first /, for example, for the address http:// 172.10.10.10/loginindex.asp, the Host Name is 172.10.10.10. For the Internet site http://www.expand.com/extranet/support the Host Name is www.expand.com URL Name: the URL name is the internet address after the first /. In the example above, extranet can be used as the URL name. MIME Type: enter the content type. User Agent: enter the name of the HTTP client (Netscape, Mozilla, and so on) All Layer-7 information criteria use pattern matching, meaning that, for example, if the Host Name is www.expand.com, using expand as the host name is sufficient (up to 128 character string for all HTTP Layer-7 parameters). Prioritizing the traffic based on rules is accomplished by setting the same parameters available when creating an application. For more information on available settings, see Working with Applications, on page 215.
Prioritize
CAUTION! Ensure that you click the Submit button to save configuration changes before exiting the Create Web Application menu.
Work in g wi th A p pl ic atio n s
225
Parameter Item
Application Criteria
Description
You cannot modify the Application Criteria box from within the Create Citrix Application box. The Layer-4 information for this Citrix-based application is taken from the Citrix definition. To modify the Layer-4 criteria, return to the My Applications menu and click on Citrix to edit the Citrix application. The Layer-7 information box lets you set the application-specific details necessary for filtering this web application. Enter any or all data to be treated as criteria for matching this web application type. This means that all traffic considered as part of this Citrix application has to meet all the criteria listed in this box, as follows Published application: List the Citrix application type, such as Word, Calc and Notepad. Client: List the user name of the device you want to set as part of this traffic type. For example, to set the priority of the CEOs Citrix Client to Real-time for Excel, enter the name of the CEOs PC into the Client field Layer-7 information for Citrix is not pattern matching, meaning that the published application listed must be the full name of the application traffic that is intended (these parameters can use strings up to 20 characters) Service: choose either Browsing, or Published Application. Priority: choose a priority from 0-3. Prioritizing the traffic based on rules is accomplished by setting the same parameters available when creating an application. For more information on available settings, see Working with Applications, on page 215.
Layer-7 Information
Prioritize
For more information on working with Citrix, see Calculating Acceleration using other Applications, on page 406.
226
C h ap t er 6: Applying QoS
Citrix Benefits
The Citrix Acceleration Plug-in feature has the following benefits: It utilizes network resources more efficiently in LAN-based Accelerator deployments and delivers improved acceleration results for Citrixhosted applications. Citrix MetaFrame users repeatedly access the same content from the network. The Accelerators Citrix Acceleration Plug-in feature enhances support for Citrix MetaFrame applications because, through the use of statistical multiplexing, the Citrix Acceleration plug-in allows more Metaframe data to traverse the WAN. The Accelerator achieves this increase in throughput by: Consolidating Citrix header data in pure IP implementations - IP header represents significant overhead in small packets generated by Citrix. It constitutes almost 30% of the Citrix packet. The Citrix Acceleration plug-in removes repeat header information and sends this data only once across the network. Consolidating Citrix payload in all environments - the Citrix Acceleration plug-in extracts data from small packets originating from different Citrix MetaFrame users, and sends packets optimized for specific WAN conditions. The Citrix Acceleration plug-in eliminates all redundant data transmissions across the WAN. Controlling latency and jitter - the Citrix Acceleration plug-in reduces latency and jitter, especially over slow WAN links that are commonly used for Citrix Metaframe deployments. The end-result is better, more consistent Citrix performance; and support of up to four times more Citrix users on the existing infrastructure. Aggregation is performed at the link-level and improves acceleration for traffic with small to medium packets (like Citrix/ICA traffic or Telnet traffic), and aggregates compressed packets. The Aggregation class sets the class to which this application is related. Aggregation reduces the size of the traffic by aggregating compressed packets, before sending them over the WAN.
Work in g wi th A p pl ic atio n s
227
Description
The default name for a new application is new_application. You have to modify the name of the application to a name indicating the type of traffic considered in this application. Maximum of 31 characters, no spaces. Special characters are allowed. If you want this application to be included when a discovery of applications is run, select this checkbox (selected by default). If not, clear the checkbox. This section is disabled
Prioritize Window
Order Minimum Desired Bandwidth Maximum Bandwidth Limit TOS Either select the default value (200) or select the open radio button, and in the field, type your own (100-65534) Choose a value from the drop-down box, or other and enter your own value, remembering to select the bit speed from the second drop-down box. This amount should be less than the Maximum Bandwidth. Choose a value from the drop-down box, or other and enter your own value, remembering to select the bit speed from the second drop-down box. This amount should be greater than the Minimum Bandwidth amount. You can either preserve the original ToS setting of the packets or set a new ToS value for this application. To preserve the original ToS value, click the Preserve radio button. By default, ToS preservation is enabled. To set a new ToS value for this traffic, click the Set radio button and select one of the following options: ToS value - lets you select a ToS value (0-254) for the Accelerator. Code point - uses the first 6 bits of the ToS field, thereby giving 26 (= 64, namely: 63) different values. CoS ToS - combines the values of the IP precedence field (otherwise known as CoS, which stands for Class of Service) and the ToS (type of service field).
228
C h ap t er 6: Applying QoS
Parameter Item
Burst Priority
Description
To allow applications to have a burst of additional bandwidth, click the Enable checkbox. This is enabled by default. To disable, clear the checkbox. You can either preserve the original ToS setting of the packets or set a new ToS value for this application. Set the Priority of the application to: Blocked: Traffic set to Blocked is dropped. Low, Average and High: Traffic set to Low, Average and High are assigned bandwidth on a proportional scale: Low receives the lowest proportion of the bandwidth. Average receives a medium proportion of the bandwidth. High receives the greatest proportion of the bandwidth. Real Time: Real-time traffic always receives bandwidth allocation according to strict priority. This means that as long as real-time traffic is traversing the network, all lower priority traffic types waits until there is free bandwidth, thus starving all lower priority applications with the exception of applications that received a Minimum bandwidth (desired) setting. Diagnostic Mode: You should set traffic to Diagnostic Mode only if the Application is not responding at all to QoS settings. This is because Diagnostic Mode traffic overrides all other QoS settings and starves all other applications (including real-time and Desired bandwidth allocated). If a class is not transmitting at all and seems not to be working, set the class to Pass-thru/Diagnostic mode, thereby disabling the QoS from the traffic type.
229
Advanced configuration of the Accelerators QoS mechanism is intended for expert users, and networks that are particularly complex. Understanding how QoS works is necessary in order to properly apply advanced QoS settings. The following sections provide an in-depth knowledge regarding the way QoS operates: Setting Inbound QoS, on page 229 Viewing QoS Rules, on page 229 Creating QoS Rules, on page 230 Editing QoS Rules, on page 234 Making Decisions for Specific Applications, on page 235
230
C h ap t er 6: Applying QoS
To create a rule:
1. Click on the QoS tab, and then select QoS Rules. 2. Click the Create New Rule button. The Create Rule menu opens.
3. Use the Define and Prioritize sections to enter the necessary information per your networking requirements
Parameters Define Section
Application Select the Application onto which to apply this rule from the drop-down menu. You can define additional applications via the My Applications menu only. For information, see Working with Applications, on page 215.
Description
231
Parameters
Source IP
Description
If you want to filter the application by its source IP address: Choose from Other, Any, Single IP, Subnet, Range, or List. OtherDisplayed if advanced configuration was made via the CLI, which is more complex than the WebUI display. AnySet the Source IP to Any if the application should consider traffic coming from any device (this is the default). Single IPSelect this option if only traffic coming from a single device should receive the treatment defined in this rule. Enter the IP address Subnet MaskSelect Subnet if only traffic from a particular subnet should receive the treatment defined in this rule. Enter the subnet address and the subnet mask. RangeSelect Range if a particular range of source IP addresses should receive the treatment defined in this rule. Enter the first and last IP address to be considered. ListSelect List and enter up to four IP addresses to receive the treatment defined in this rule. If you want to filter the application by its destination IP address: Choose from Other, Any, Single IP, Subnet, Range, or List. OtherDisplayed if advanced configuration was made via the CLI, which is more complex than the WebUI display AnySet the Source IP to Any if the application should consider traffic coming from any device (this is the default). Single IPSelect single IP if only traffic headed to a single device should receive the treatment defined in this rule. Enter the IP address. SubnetSelect Subnet if only traffic toward a particular subnet should receive the treatment defined in this rule. Enter the subnet address and the subnet mask. RangeSelect range if a particular range of destination IP addresses should receive the treatment defined in this rule. Enter the first and last IP address to be considered. ListSelect List and enter up to four destination IP addresses to receive the treatment defined in this rule. To filter traffic based on its ToS setting, in the drop-down menu select from Other, Any, and Value. OtherDisplayed if advanced configuration was made via the CLI, which is more complex than the WebUI display AnyTo set the rule to apply to the applications traffic, if it has any ToS value set (this is the default). ValueTo set a ToS value, thereby limiting traffic on which this rule is applied to the applications traffic that has a particular ToS value (0 - 255). Traffic rules and shaping are applied per link. Select Global to apply to all links, a specific link to determine how traffic is categorized and prioritized over a specific link, or select Non-link. If a link is selected as a filter for this rule, you can select the direction of the traffic: Inboundtowards the LAN Outboundtowards the WAN
Destination IP
ToS Bits
Links
Direction
232
C h ap t er 6: Applying QoS
Parameters
Scope
Description
This allows you to create a rule on all links, specific links or if you have Mobile Accelerators, rules on a Collective Branch. Select one of the following radio buttons: Globalfor all links Linkfor a specific link. Select the link, using the drop-down menu. Make sure the link you want to set the rule for has already been defined. See Adding Links, on page 82 to add a new link. Collective Branchfor a specific Collective Branch. Choose the Collective Branch from the drop-down menu. Make sure the Collective Branch has already been defined. See Creating a Collective Branch, on page 327, to create a new Collective Branch.
Prioritize Section
Order The order parameter sets the importance of this rule. Traffic that enters the Accelerator is dealt with by the QoS mechanism based on Prioritization order number. If the two applications are set with the same order, applications are matched according to the highest level of specificity first. For example, if two applications have a priority of 210, but one application is created for all traffic in ports ranging from 2020 to 2060 and the other application is created for traffic on port number 2062, the 2062 traffic is handled first, as a specific port is more specific than a port range. Another example of higher specificity is when one application defines Layer-7 values and another application with the same priority order defines values only up to Layer-4 values; the Layer-7 application shaping will be applied to the traffic, as layer 7 is higher on the OSI model than layer 4. Note that, most QoS settings do not require setting the Order parameter. Acceptable values are from 100 to 65534. 200 is the default value. Minimum bandwidth (desired) The Minimum bandwidth desired setting should be used carefully. This parameter allocates a certain amount of bandwidth to be saved for a specific application type during periods of congestion. You should set desired bandwidth only for missioncritical, time-sensitive applications, such as VoIP, which need 8 to 16 Kbps allocated throughput to function. The Maximum bandwidth limit setting puts a ceiling on the amount of bandwidth that an application can consume. This is useful for bandwidth-greedy applications such as FTP or P2P, to limit the amount of bandwidth they consume.
233
Parameters
ToS
Description
You can either preserve the original ToS setting of the packets or set a new ToS value for this application. To preserve the original ToS value, click the Preserve radio button. By default, ToS preservation is enabled. To set a new ToS value for this traffic, click the Set radio button and select one of the following options: ToS value - lets you select a ToS value (0-254) and a ToS Mask (0-254). When entering a number in the ToS Mask field, this value is ANDed to the value entered in the TOS field in the packets header and compared against the TOS entered for this rule. You can use the TOS Mask for comparing specific bits (Precedence/Type of Service) from the TOS field in the packets IP header against the TOS value entered for this rule. Code point - uses the first 6 bits of the ToS field, thereby giving 26 (= 64, namely: 63) different values. CoS ToS - combines the values of the IP precedence field (otherwise known as CoS, which stands for Class of Service) and the ToS (type of service field). To temporarily allow this application to have bursts of bandwidth, click the checkbox to enable or clear the checkbox to disable. By default, this feature is enabled. You can either preserve the original ToS setting of the packets or set a new ToS value for this application. Set the Priority of the application to any of the following options: Blocked: Traffic set to Blocked is dropped. Low, Medium, and High: Traffic set to Low, Average and High are assigned bandwidth on a proportional scale: Low receives the lowest proportion of the bandwidth. Medium receives a medium proportion of the bandwidth. High receives the greatest proportion of the bandwidth. Real Time: Real-time traffic always receives bandwidth allocation according to strict priority. This means that as long as real-time traffic is traversing the network, all lower priority traffic types waits until there is free bandwidth, thus starving all lower priority applications with the exception of applications that received a Minimum bandwidth (desired) setting. Diagnostic Mode: You should set traffic to Diagnostic Mode only if the Application is not responding at all to QoS settings. This is because Diagnostic Mode traffic overrides all other QoS settings and starves all other applications (including real-time and Desired bandwidth allocated). If a class is not transmitting at all and seems not to be working, set the class to Pass-thru/Diagnostic mode, thereby disabling the QoS from the traffic type.
Burst Priority
234
C h ap t er 6: Applying QoS
To edit a rule:
1. Highlight the Rule to be edited in the Rules Table and click . 2. Make the necessary changes. For any necessary explanation, see section Creating QoS Rules, on page 230.
235
The Decision screen lets you set various aggregation and acceleration parameters for a specific application, such as how many small packets to accumulate for one big packet (aggregation class), and whether the application is accelerated and tunneled. To create a new decision for a specific application, see Creating a New Application Decision, on page 236. To delete a decision, click the decision in the table to select it and click Delete. To edit a decision, click the decision in the table to select it and click Edit. The Field names and values are identical to those specified in Creating a New Application Decision, on page 236. Remember to click Submit to implement the changes.
236
C h ap t er 6: Applying QoS
External QoS
To set the Accelerator to enable external QoS:
1. 2. In the WebUI, in the Setup menu, click My Links.
External QoS
237
Select the link to be affected by a QoS device and set it to work in Router Transparency mode. For more information on Router Transparency mode and Link configuration, see Adding Links, on page 82.
3. If all links from the Accelerator are to be affected by the QoS device, you may find it useful to modify the default Link parameters, in order to make all newly created links use Router Transparency Mode as the default setting. To use Router Transparency Mode as the default setting: a. Select the My links command from the Setup menu. b. Click the Advanced button. c. Set the default link parameters as needed. d. Click the Save to template link button.
238
C h ap t er 6: Applying QoS
QoS Tro u b l e s h o o t i n g
If the QoS mechanism does not seem to be functioning properly, it could be a result of the Maximum Queue Length. If there is much latency on the line, the packet drops may be the result of the queue buffer size, which is normally set per link rate, or because the packets are waiting too long and are therefore being considered obsolete packets. By default the packets are considered obsolete after 500 ms. If limits do not seem to be enforced on traffic, check to see if it is because of the Burst status. When Burst is enabled during periods of no congestion, limits will appear not to be enforced properly. If a class is not transmitting properly and problems are encountered after QoS has been applied, try setting the class to Diagnostic mode, thereby disabling QoS for this traffic type. For additional troubleshooting, see Troubleshooting, on page 347 or Contacting TAC, on page 423.
240
16 KB
320 Kbps 160 Kbps
32 KB
640 Kbps 320 Kbps 212 Kbps 160 Kbps 64 Kbps
64 KB
1280 Kbps 640 Kbps 424 Kbps 320 Kbps 128 Kbps 64 Kbps
53 Kbps
106 Kbps
40 Kbps
80 Kbps
16 Kbps
32 Kbps
8 Kbps
16 Kbps
32 Kbps
Topics in this section include: Understanding the Shortcomings of TCP, on page 241 The TCP Acceleration Solution, on page 243
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
St u d yin g T C P A cc el er a ti on
241
Once the connection is established, TCP data packets are sent in accordance with the TCP window set - each time the window threshold is met, the receiver responds with an acknowledge packet, as described in the following figure:
242
The time wasted waiting for ACK packets to be sent in a TCP connection dramatically increases latency. Slow StartBecause TCP transmissions have no way to know the size of the bandwidth over which they are being transmitted, each transmission begins slowly, gradually increasing speed until a packet is dropped - at which point TCP assumes that it has reached the maximum bandwidth. On high-bandwidth long-distance lines, this slow start wastes much expensive bandwidth. The more latency present, the slower the session will start. Congestion AvoidanceTCP assumes that any packet lost is due to congestion. Any time a packet is dropped, TCP reduces transmission rate by half, slowly increasing it until the maximum rate at which no drops are experienced. On long-distance lines over which packet drops are often the result of factors other than congestion, transmission is being slowed down unnecessarily.
St u d yin g T C P A cc el er a ti on
243
While these TCP functions are useful in controlling and managing congestion over the LAN, they cause expensive long-distance links to appear slow.
A larger window enables sending more packets before an acknowledge packet is sent, minimizing the number of acknowledge packets sent and lowering latency.
244
Congestion Avoidance
SCPS enhances flexibility of Congestion avoidance mechanisms. TCP automatically uses congestion avoidance, which is not necessary in networks where drops are not the result of congestion. You can configure SCPS in such a way that congestion avoidance is not used when it is unnecessary. If there is congestion on the line, you can select the method of congestion avoidance and control (standard TCP, Vegas, or Hybla).
St u d yin g T C P A cc el er a ti on
245
No TCP Acceleration
Kbps
Computing Latency
The Accelerator automatically configures TCP Acceleration settings according to the computation that follows.
246
The network in the diagram above will be used for example purposes. The math used for calculating the theoretical maximum throughput is based on this drawing. Substitute the values from your specific network in order to learn the TCP theoretical limitation for a single session in your network. The network poses 150 milliseconds (msec) of latency between the Client (C) and the Server (S). You can use a ping for determining the end-to-end latency between a Client and Server by sending a ping 100 times from the client to the server during business hours with a 750 byte payload. This payload size ensures some stress on the network, and should provide a better measurement for latency than simply sending a 64 or 32 byte ping as some operating systems do. An example of this ping command used on Windows is:
ping x.x.x.x l 750 n 100
(x.x.x.x = the servers IP address, l is the payload size, and -n is the amount of pings) You can use the following formula to calculate the theoretical limitation: Bandwidth equals the window size divided by the round trip time WindowSize -------------- = Bandwidth -------------RoundTripTime
Figure 6: Bandwidth Calculation
of a link is normally represented in bits per second. Window Size (WS the amount of data TCP can send before waiting for an acknowledgement. This value is in bytes; ensure that any values in bytes are converted to bits. Round Trip Time (Rtt though this value is in seconds, most network tools, such as ping, report it in milliseconds. In the network example shown above, the latency was 150 msec, and because 1000 msec equals a full second, then the latency of this network can be represented in a fraction as 150/1000 msec. Always convert this fraction into decimal format when calculating the values. In this case the latency will be represented as.15. The default window size for Microsoft XP is 8 KBytes. For additional window size values please consult your operating system vendor. This example assumes that the client is running Windows XP.
St u d yin g T C P A cc el er a ti on
247
Using the example network provided above, some of the values needed for this formula are known and can therefore be plugged into the formula in order to determine the maximum theoretical bandwidth for a single TCP session. BW = 64000 /.15 After calculating the values, the BW equals 426,666 Bytes. Remember that because this value is in bytes, it should be multiplied by 8 in order to get the bits per second (bps). The product shows that the theoretical maximum bandwidth is 3,413,328 bps. As seen in the example network shown above, the link is a 6 Mb link. 150 msec of latency has limited a session to about half of the link speed. The following Throughput table lists some common Round Trip Times and the effects on TCP:
Window Size
8 KB 16 KB 32 KB 64 KB
640 Kbps 320 Kbps 212 Kbps 160 Kbps 64 Kbps 32 Kbps
1280 Kbps 640 Kbps 424 Kbps 320 Kbps 128 Kbps 64 Kbps
As these calculations demonstrate, the maximum throughput was greatly reduced as the latency increased. The actual maximum throughput that a single TCP session can have in your network may be even lower.
248
C o nf ig u r in g T C P A cc el er a ti on
249
Description
Enter the typical RTT in miliseconds by choosing Other in the drop down menu and enter an amount in the field. Alternatively, you can allow the Accelerator to decide by selecting Auto from the drop down menu. Enter a percentage by selecting Other in the drop-down menu and enter a value in the field. Alternatively, you can allow the Accelerator to decide by selecting Auto from the drop down menu Select from one of the following: Noneno congestion avoidance is used Standardthe congestion avoidance conforms to the standard TCP/ IP protocol (Reno) VegasTCP Vegas reduces latency and increases overall throughout, by carefully matching the sending rate to the rate at which packets are successfully being transmitted by the network. The Vegas algorithm maintains shorter queues, and is therefore suitable either for low-bandwidth-delay paths, such as DSL, where the sender is constantly over-running buffers, or for high-bandwidth-delay WAN paths, where recovering from losses is an extremely timeconsuming process for the sender. The shorter queues should also enhance the performance of other flows that traverse the same bottlenecks. Hyblareduces penalization of TCP connections that incorporate a high-latency terrestrial or satellite radio link, due to their longer round trip times. It consists of a set of procedures which includes, among others: - An enhancement of the standard congestion control algorithm - The mandatory adoption of the SACK policy - The use of timestamps - The adoption of channel bandwidth estimates - The implementation and mandatory use of packet spacing techniques See TCP Acceleration Advanced Settings, on page 252.
250
3. Click the Submit button. Note: When TCP acceleration is enabled, all traffic is transferred through the Accelerator in routing-only mode and is not bridged. For additional information see Setting Routing Strategy, on page 30. If after enabling TCP Acceleration the Accelerator does not perform as expected, you should check the size of the window set by Windows:
C o nf ig u r in g T C P A cc el er a ti on
251
To calculate the necessary send window size and receive window size:
Use the following formula to calculate the required window size as set by the Accelerator:
Outbound Bandwidth in Bytes/Secconvert the outgoing bandwidth to Bytes per second, for example T1 = 1,544 Kbps (193,000 Bytes per second) Compression Ratioexpected acceleration in a compression ratio format (200% acceleration = 3, 350% acceleration = 4.5) Round trip timein seconds (for example 500 ms round trip is 0.5 seconds, 650ms round-trip is 0.65 seconds) For example, a T1 line with 600 ms round trip time with outbound acceleration of 230%: Bandwidth in bytes/sec - 193000 Compression ratio 3.3 193000*3.3*0.6*3 = 1146420
252
Serverexcludes traffic to the Server from the proxy. 3. Using the drop-down menu choose one of the methods to exclude by: IP Addressput a valid IP address in the field. Subnetput a valid IP address and subnet in the fields. Host nameput a valid host name in the field. 4. Click Add and the entry is added to the Exclusion table. 5. To delete an entry from the Exclusion table click Delete.
Value/Description
Choose Auto for the 10MByte default setting or choose Other and enter a different value (from 4Kb-50Mb) and select the byte value (Kbytes or Mbytes) from the drop down list accordingly. Choose Auto for the 10MByte default setting or choose Other and enter a different value (from 4Kb-50Mb) and select the byte value (Kbytes or Mbytes) from the drop down list accordingly. Enter the number of packets that the Accelerator will receive from a source before sending the source a confirmation message (called an Acknowledge Packet) that the packet was received successfully. By default the rate is set to two packets, and the preferred range is between two and eight packets. See Keepalive, on page 253.
Keep Alive
Note: Even though the upper limit for the sizes of the receive and send windows is 50MB, setting the size to a value greater than 10MB may adversely affect the system performance, and therefore a warning message notifying you about such a possibility appears when you select a value that exceeds 10MB.
C o nf ig u r in g T C P A cc el er a ti on
253
Keepalive
If for any reason there is a disconnect between an appliance and a network device (LAN) or between an appliance and another appliance, the keepalive setting ensures that the connection will not close until the time out interval has passed.
6. 7. 8. 9.
254
Co n fi gu r i ng HT T P A cc el er a ti on
255
256
Co n fi gu r i ng HT T P A cc el er a ti on
257
258
Description
The time period (in seconds) that should pass before disconnection (default: 60). To set the Connect time out, fill in a number (between 1 and 600 seconds) in the field Sets the Maximum size an object can be in order to be held in the cache. Object larger than this number are not held. This parameter is set in KB. To set the Maximum Cache Object Size, enter a number between 1 and 1,000,000 KB. By default, the size is 102,400 KB. Note that the Maximum Cache object size must be larger than the Minimum Cache object size. Sets the Minimum size an object can be in order to be held in the cache. Object smaller than this number are not held. This parameter is set in KB. To set the Minimum Cache Object Size, enter a number between 1 and 1,000,000 KB. By default, the size is 102,400 KB. Note that the Minimum Cache object size must be smaller than the Maximum Cache object size. Sets the amount of time the client (browser) can be connected to the cache process before a timeout is initiated. This is merely a safeguard against clients that disappear without properly shutting down. It is designed to prevent a large number of sockets from being tied up in a CLOSE_WAIT state. The default for this option is 1440 minutes, or 1 day. Acceptable values are between 1 and 5,000 minutes. To set the Maximum Client Connect time, enter a number in the field between 1 and 5,000 minutes Sets the amount of time to wait for an HTTP request from the client after the connection was established, or after the last request was finished. It is set in seconds with acceptable values between 1 and 10,000 seconds. To set the Persistent Time out value, enter a number between 1 and 10,000.
Co n fi gu r i ng HT T P A cc el er a ti on
259
Parameter Item
Transparency
Description
This command configures the status of the interception proxy. The interception proxy can be configured as transparent (namely, the proxy servers IP address will not be detected by sniffing). Three statuses are possible: Semiapplying transparency only on the Client side. Fullapplying transparency on both the Client and the server sides. Autosetting the transparency status automatically according to deployment, namely: Semi in On-LAN deployment and Full in On-Path deployment. To set the transparency mode, select one of the options from the drop-down menu When enabled, preserves the original clients source port information. By default, this is disabled. When Transparency (above) is set to either Semi or Auto in an On-Lan deployment scenario, it is not recommended to set this feature to enable. When TCP Acceleration is configured in the TCP Acceleration menu, you must also enable this parameter in order for the acceleration to work correctly. By default, TCP Acceleration is disabled, but to enable TCP Acceleration, select Enable from the drop-down menu. Lets you define whether to cache data that arrives from authenticated servers, such as authentication requests. If you set this option to Enable, the data from such servers is cached even if no Public indication was set in the authenticated server. If any other condition exists, which prevents the data from being cached (for example: a Private flag), the data is not be cached, but it is still accelerated. Lets you start or stop the statistics collection. The list in this table represents the port numbers that will be intercepted by HTTP Acceleration. By default Port 80 is used for HTTP traffic. Using this table, you can add additional non-standard HTTP ports. Make sure the port number you add is not used for other types of traffic. Select this box to enable the proxy server. If this box is selected, you can set manually the proxy IP address and the proxy port number.
260
The expression entered in Direct Rule should be valid on a URL, and determines that all requests that match this expression are always forwarded directly to the origin server, without using the proxy server. For example: if you apply rule direct avaya, all requests that match the avaya regular expression are forwarded directly to the origin server. The expression entered in No Cache rule determines that traffic directed to a specific URL, which matches this specific expression (for example: no cache avaya) is neither cached nor retrieved from the cache, and after the traffic is retrieved from the server it will not be cached. In both cases (Direct and No Cache rules) you can define multiple rules.
Co n fi gu r i ng HT T P A cc el er a ti on
261
262
Parameter
Job Name
Description
Type a name for this job. The job name can only contain alphanumeric characters. Special characters and spaces are not permitted You can use an underscore, but other non-alphanumeric characters are not allowed. Using the drop-down menu, decide when the job is to occur. Select from one of the following options: Nonethe job is created, but does not run Once immediatelyoccurs one time, immediately Once atoccurs one time on a specific date at a specific hour Once inoccurs one time at a specific hour in X amount of days Recur dailyoccurs every day at a specific hour Recur weeklyoccurs once very week on a specific day and a specific hour Recur monthly occurs once a month on a specific date and hour (not recommended to set this to 31, as not every month has 31 days). Type the complete URL in the field Dictates the level to go down to for caching the web pages. For example, if your main web site has 3 links that open 3 pages and each of those links has 2 links to open 2 separate pages, a depth of 1 would cache 3 pages and a depth of 2 would cache 9 pages. Note that the higher the number is, the more resources you will consume. To choose a depth select the level from the drop-down menu. Depth values from 1-16 are permitted. Some Web sites have User/Password requirements, if your URL requires it, enter the information in the appropriate field. Allows you to add additional URLs to the same fetch job.
Schedule
URL Depth
Co n fi gu r i ng HT T P A cc el er a ti on
263
264
FTP Acceleration
This section contains the following topics: Enabling and Disabling FTP Caching, on page 264 Setting the Cache Size, on page 265 Setting Cache Content, on page 265 Clearing FTP Cache, on page 265 Returning to Default Settings, on page 265 Setting Advanced FTP Parameters, on page 266 Excluding from FTP Caching, on page 267
F T P A cc el er a ti on
265
266
Description
The time period (in seconds) that should pass before disconnection (default: 600). Lets you enable or disable the option to view files in languages that require Unicode characters, such as Chinese. Lets you set a default for the minimum size of the cache object (05000KB, default: 1024). Ascribes a cache object to a single user. Namely, when a specific user accesses a file from the server, the file is cached per this user, and the next time a user with the same user accesses the file, it is served from the cache. However, for anyone who logs in with a different user name, the file is fetched directly from the origin server and not from the cache. Sets the interception proxy as transparent (namely, the proxy servers IP address will not be detected by sniffing), on both the Client and the Server sides.
Transparency
F T P A cc el er a ti on
267
268
C o n fi gu r i ng DN S A cc el er a ti on
269
Description
DNS masquerading enables the Accelerator to intercept traffic sent from the Client to the DNS server and back, and masquerade the DNS responses address. Select Enable to enable, or Disable to disable. Note that, the translation of host names into the Accelerators user-defined addresses is defined in the next section of this screen - the Static Hosts table. Enabling allows the Accelerator to cache the DNS addresses, thereby eliminating repetitive queries over the WAN. Select Enable to enable, Disable to disable. defining the Accelerator as a DNS client. By so doing, the Accelerator will always intercept traffic and use its setting to process it, even if that traffic was sent to another DNS server. If you enable this option, you have to configure a domain name server under Setup > Networking > DNS. For details, see Configuring DNS, on page 303. Caches DNS queries that were unresolved and will therefore not attempt to resolve them in the future. Select Enable to enable, Disable to disable. Select the appropriate transparency method: Semithe traffic is transparent to the Client, but the server sees it as coming from the Accelerator. Fullthe traffic is transparent to both the Client and the Server. Autothe transparency is determined automatically according to the deployment level: either Semi (in On-LAN deployment) or Full (in On-Path deployment). Determines whether to keep the Time-to-leave settings defined by the DNS server (Preserve TTL) or set your own settings (1-1440 minutes). If the TTL settings you defined here are longer than those set by the DNS Server (for example: 60 minutes compared with 10 minutes, respectively), for any period between these two values (as, in this example, 20 minutes) the Accelerator does not use the DNS Servers address and takes the address from its own cache. To view the statistics for the queries since the last time the DNS Acceleration feature was enabled, use the Statistics (lower most) section of the DNS Acceleration screen Defines the maximum number of records that are to be kept in the cache. You can either select Auto to keep the system-defined default, or select your own value.
DNS Acceleration
Min TTL
Cache Size
270
Enabling Aggregation
E n ab li n g Ag g r eg a ti on
271
Aggregation optimizes applications by using small packets such as Citrix, rdp, and telnet. This menu allows you to configure aggregation, match applications to classes and enable the class on all links.
272
E na bl in g Traf f ic En cry p ti on
273
The IPsec Encryption menu on the Services screen lets you encrypt the Accelerators outgoing traffic, as well as determine the crypto mode and IPsec policies. This menu comprises the following options: Configuring an IKE Policy, on page 273 Defining Crypto Mode, on page 274 Configuring IPsec Policies, on page 275 Applying IPsec Policies on a Link, on page 276 i i Note: When IPsec is enabled on a link, no clear traffic is allowed to pass. Therefore, by-pass mode cannot be enabled. Note: To prevent any option for by-pass mode, connect one cable to ETH 0 port and the other cable to either ETH 0/0 or ETH 0/1 port. However, you may want to use ETH 0 port for Management, in which case both ETH 0/0 and ETH 0/1 ports will be connected to cables, and a by-pass mode may be enabled. To connect cables to both ETH 0/0 and ETH 0/1 ports, and still prevent any option of by-pass mode, ensure that both cables are of the same type (either Cross or Straight), and that none of the devices connected to the ETH 0/0 and ETH 0/1 ports has an MDIX.
274
4.
Set up the parameters of ESP Algorithms 1, 2 and 3, by selecting the requested authentication method (either SHA1 or MD5), encryption method (AES-128, AES-192, AES-256 or 3DES) and Key group (PFS) - 1, 2 or 5. 5. Set up the requested SA lifetime (the time period after which the encryption key will be replaced) You can set this time either by hours or by seconds. 6. Enter the policy name in the Description field. 7. Click Submit.
E na bl in g Traf f ic En cry p ti on
275
276
E na bl in g Traf f ic En cry p ti on
277
To terminate the SA time and replace the encryption key immediately, click the SA Link Renegotiate button. To disable the IPsec on the link, click the Disable IPsec on Link button. 5. Make sure that the remote and local NAT IP address has been configured, by clicking Setup > My Links and the Advanced button and then opening the IPSec Menu, by clicking on the + sign. Make sure that the Enable IPSec checkbox is checked and that the Local and Remote NATIP address fields are complete. For further assistance on the link setup, see Editing Links, on page 89.
278
R em o te D es kt o p Pro t oc ol Se rvi ce s
279
280
282
St u dy in g t h e E xpa nd Vie w Sy st em
283
Such reports are useful in helping IT provision networks to accommodate business growth and expansion.
284
Using SNMP
Us in g SN MP
285
The Accelerator supports SNMP versions 1, 2c and 3, functioning as an SNMP agent for monitoring performance statistics from a Network Management System (NMS). In addition, the Accelerator can send SNMP traps to the NMS and other network devices. To work with the Accelerators SNMP management, you have to update the networks SNMP settings in the Accelerator. Define the following SNMP Communities and enable traps (if requested).
Figure 2: SNMP
286
4. 5. 6. i
The SNMP Version 3 default initial user name is expand_user and the default initial password is expand_initial_password. If you are entering a new password, spaces may not be used.
R ece iv in g L og E r r o r M es sa ge s
287
The Accelerator can send status updates about the Accelerator to a SYSLOG server, to an email address, or to both.
288
Description
The Facility setting sets the Syslog level (0-23), as follows: 0kernel messages 1random user-level messages 2Mail system 3system daemons 4security/authorization messages 5messages generated internally by syslog 6line printer subsystem 7 network news subsystem 8UUCP subsystem 9 clock daemonother codes through 15 reserved for system use 16reserved for local use 17 reserved for local use 18reserved for local use 19reserved for local use 20 reserved for local use 21reserved for local use 22reserved for local use 23reserved for local use Enter the IP address of the Syslog server. Select the maximum severity that you want to be notified about by email, the default is Fatal. Other choices include: Error, Warning, or Information. It is best that the maximum level be higher than the minimum level. The hierarchy of error messages from least to most is information, warning, error and fatal. Select the minimum severity that you want to be notified about by email, the default is Information. Other choices include: Fatal, Error, and Warning. It is best that the minimum level be lower than the maximum level. The hierarchy of error messages from least to most is information, warning, error and fatal.
Severity Minimum
R ece iv in g L og E r r o r M es sa ge s
289
Description
Enter the information you want to appear in the From field of the e-mail when it is received. This can either be text (as in your name) or an e-mail address. Make sure you have checked your spam filter settings if needed. Enter the e-mail address to which the e-mail should be sent. Make sure the e-mail address is valid and correct. Enter the subject that you want to appear in the subject field of the e-mail. This subject will be used each time the mail message is sent. Enter the IP address of the e-mail server Enter the port number that the e-mail server uses. The default is 25 Select the maximum severity about which you want to be notified by email; the default is fatal. Other choices include: Error, Warning, or Information. It is best that the maximum level be higher than the minimum level. The hierarchy of error messages from least to most is information, warning, error and fatal. Select the minimum severity about which you want to be notified by email; the default is Information. Other choices include: Fatal, Error, and Warning. It is best that the minimum level be lower than the maximum level. The hierarchy of error messages from least to most is information, warning, error and fatal.
Severity Minimum
290
292
Adding WANs
The Accelerator arrives preconfigured with one default WAN. To define the bandwidth setting for this default WAN, select Setup >My Accelerator > Basic menu, and then click the Advanced Settings button to open the Advanced Settings screen. See Defining Advanced Settings, on page 32. On large networks (for example in cases where there are two routers or one router with multiple WAN interfaces) in which the Accelerator will optimize the traffic of more than one WAN, you can add additional WANs to the Accelerator.
A d d in g WAN s
:
293
Parameter
Bandwidth Out Strict Priority Out Burst Out
Description
Select the outbound bandwidth maximum value Select Enable to enable encrypted outbound traffic to have priority, Disable to disable. If you want to allow greedier outbound traffic to temporarily take more bandwidth (either fixed amount or auto adjusting) then you have allotted to it (it will only take what hasnt been taken by any other application, up to the fixed amount or up to the maximum available), then do one of the following: Select Always Allow Burst Out to always allow bandwidth bursts on outgoing traffic. This will allow the Accelerator to automatically adjust the bandwidth and to allow bursts in bandwidth where needed. Deselect Always Allow Burst Out and select a limit to the burst, using the Burst Out drop-down menu. This will allow bursts of bandwidth on the outbound traffic up to the amount selected. If there is more bandwidth available the application will not use it. Select the Enable Bandwidth In checkbox to set a bandwidth limit on incoming traffic, then select the Bandwidth In value. Select Enable to enable encrypted inbound traffic to have priority, Disable to disable. If you want to allow greedier inbound traffic to temporarily take more bandwidth (either fixed amount or auto adjusting) then you have allotted to it (it will only take what hasnt been taken by any other application, up to the fixed amount or up to the maximum available), then do one of the following: Select Always Allow Burst In to always allow bandwidth bursts on outgoing traffic. This will allow the Accelerator to automatically adjust the bandwidth and to allow bursts in bandwidth where needed. Deselect Always Allow Burst In and select a limit to the burst, using the Burst In drop-down menu. This will allow bursts of bandwidth on the outbound traffic up to the amount selected. If there is more bandwidth available the application will not use it.
4.
Click Add and the new WAN will appear below the default-WAN in the WAN table.
To delete a WAN:
Highlight a WAN and use the Delete button if at any point you want to delete a WAN.
294
To edit a WAN:
To edit an existing WAN, highlight the WAN in the WAN Table and click the Edit WAN button. The Edit WAN popup appears, letting you modify the fields you set previously (explained in the table above). Click Submit to confirm your changes.
Handling Interfaces
i
H an d lin g I nt e r fa ce s
295
Note: The total WAN bandwidth will always be enforced. It is the sum of all WANs configured for the Accelerator The Accelerator automatically detects the MAC address and Speed and Duplex settings for each of its interfaces. You can perform all required speed and duplex setting modifications via the My Interfaces menu. The interface name corresponds to the name printed on the back panel of the Accelerator and cannot be modified. The MAC address is permanent and cannot be modified. The Speed and Duplex settings let you define the link as either 10 or 100 Mbits (or 1000 Mbits for the Accelerator 6800 series) and as either Half or Full duplex. The Auto setting automatically configures the Accelerator to the detected link speed and duplex setting (this is the default setting).
Note: Setting wrong interface speed and duplex values for the Accelerator may result in many errors on the line towards the router, and even loss of connectivity. If you are uncertain as to the speed and duplex setting required, you can use the Auto setting; however, you are advised to manually set the speed and duplex. Note: When the Accelerator is installed in an On-Path deployment, ensure that both interface 0/0 and 0/1 have the same link speed and duplex settings. If the Accelerator operates in by-pass mode for any reason, this will enable the two devices adjacent to the Accelerator to interact.
296
To edit an interface:
1. Click the following sequence: Setup > Advanced > My Interfaces. 2. In the Interfaces Table, click on the name of the Interface to be modified. 3. The edit dialog box opens. Information about the interface (MAC address, name, hardware type, etc.) is given and cannot be modified. 4. The following parameters however can be modified as follows:
H an d lin g I nt e r fa ce s
297
Parameter
Link Mode Bridged State
Description
Choose the link speed in Mbits and if the link is to be full or half duplex. When enabled, allows all Interfaces to receive the same logical IP as the Accelerator. When disabled, you will have to enter the IP address and subnet mask of the interface in the fields that follow. The IP address of the interface. This is only enabled, when the Bridged state (above) is Disabled. The Subnet mask of the interface. This is only enabled, when the Bridged state (above) is Disabled.
IP Address Mask
5. Click Submit.
298
In the setup depicted, VLAN 1, 2, and 3 are defined in the Accelerator. VLAN 1 is defined as native, meaning that it takes its IP address from the Accelerators Local interface. A second 802.1q trunk is created from the Layer-2 switch to the Accelerator enabling VLAN support in an On-LAN environment.
H an d lin g I nt e r fa ce s
299
The Accelerator is connected directly to a Layer-2 switch via a VLAN (802.1q) trunk. VLAN 1, 2 and 3 are defined in the Accelerator and VLAN 1 is defined as Native.
300
Cre at i n g Stat i c A RP E n t r i e s
301
If you want to make a replacement within the ARP table, you can add a static ARP entry, by mapping a specific IP address to a specific MAC address.
1. Click the Setup tab, followed by Networking, and then ARP. 2. In the ARP menu, add the IP address and MAC address to be mapped. 3. If this change is to be permanent, select the Permanent checkbox. Otherwise, this entry will remain until the next Accelerator reboot, or until it is deleted from the ARP table. 4. Click the Add Static Entry button. The entry appears in the ARP table. If you want to delete the entry, click the Delete button. To delete the entire ARP table, including all its entries, click the Clear All button.
302
3. Enter the local password and re-enter it for confirmation. 4. Click the Submit button.
Configuring DNS
Co n fi g ur in g DN S
303
The Domain Name Server (DNS) Configuration screen lets you manage Domain Name Servers and define domain name, domain name search path and static hosts.
304
Dial-on-Demand
Di al- o n -D em a nd
305
You can deploy the Accelerator in environments that have routers with dial-up (dialon-demand) interfaces. These interfaces initiate a call (dial to) the remote end (typically over ISDN or Satellite links) when interesting traffic is being sent. After a specific quiet period, the link goes down again until new interesting traffic is sent. Link establishment of the dial-up interfaces and connectivity time can be fairly expensive. Therefore you may sometimes want to keep the link down until new interesting traffic is forwarded via the link. The Accelerator poses a problem in these environments as it uses a keep-alive mechanism to check the health of the link between the remote sites. By default, the keep alive messages are considered interesting and will keep the dial-up link alive (and costly). The dial-on-demand solution enables the Accelerator to support dial-on-demand environments by not sending keepalive messages. i Note: Both peers must configure the link in dialup mode with the same time out.
Note: Connecting to a link by using its HSRP address will not work.
306
308
RAID
Topics in this section include: About RAID, on page 308 RAID Support in Accelerators' Hard Drives, on page 308
About RAID
RAID (redundant array of independent disks) is a way of storing the same data in different places (thus, redundantly) on multiple hard disks. By placing data on multiple disks, I/O (input/output) operations can overlap in a balanced way, improving performance. Since multiple disks increases the mean time between failures (MTBF), storing data redundantly also increases fault tolerance. A RAID appears to the operating system to be a single logical hard disk. RAID employs the technique of disk striping, which involves partitioning each drive's storage space into units ranging from a sector (512 bytes) up to several megabytes. The stripes of all the disks are interleaved and addressed in order. In a single-user system where large records, such as medical or other scientific images, are stored, the stripes are typically set up to be small (perhaps 512 bytes) so that a single record spans all disks and can be accessed quickly by reading all disks at the same time. In a multi-user system, better performance requires establishing a stripe wide enough to hold the typical or maximum size record. This allows overlapped disk I/O across drives.
R AI D
309
Figure 1: RAID-1
310
Figure 2:RAID-5
Using the CLI, you can view the list of disk drives, the disk status, and remove faulty disks. To get the CLI commands for these options, click on one of the following links: (RAID) (RAID) (RAID) (RAID) add-disk, on page 614 remove-disk, on page 615 show, on page 616 exit, on page 615
Multi-Port Support
M u lt i- P o r t S u p p or t
311
Specific Accelerator models (6850, 6950, 7930, and 7940) feature ports that are designed with optical or copper fail-to-wire circuitry in order to provide maximum up time for the network. This feature is particularly useful in the event of a host system failure, power off, or upon software request. In such instances, a crossed connection loop-back is created between the Ethernet ports and traffic is not affected. Hence, in by-pass mode all packets received from one port are transmitted to the other port and vice versa. This feature enables the ports to by-pass a failed system and provides maximum up time for the entire network.
Using a multi-port design in your network topology allows you to create more redundancy in networks that are configured in an On-Path deployment scenario (as shown above). In the case of an Accelerator failure, power off, or software requested by-pass, the ports will re-route the traffic as shown.
312
In addition, you can create groups or specify a maintenance/management link. Using the CLI, you can manually set one pair or all port pairs to by-pass mode. The by-pass status is reflected in the LED next to the port pair. Green indicates that by-Pass is disabled. Red indicates by-pass is enabled.
M u lt i- P o r t S u p p or t
313
Accelerator models 6850, 6950, 7930 and 7940 have port pairs. In the 6x50, the port number is the numerator (the top of the fraction) and you should make sure to use both ports from the same pair. For example, ETH0/0 and ETH0/1 are pairs. The port pairs are shown in below:
Theseportsarea pair
Theseportsarea pair
314
Your Accelerator may not be configured with these ports. In the 7930 and 7940, the ports not labeled. The ports may be a pair or set of 2 pairs depending on which card you ordered. In the case of a 4 port pair the first two are a pair and the second two are a pair.
Go to
Connecting and Configuring Multi-Port Accelerators, on page 14 Handling Interfaces, on page 295 Enabling NetFlow, on page 72 Configuring the Ethernet Statistics Display Fields, on page 69 Accdump, on page 377 Working with By-pass Mode, on page 16 and in the CLI, By-pass Mode Commands, on page 762.
R o ut e r R ed u nd a nc y Pro to c ol s
315
Hot Standby Router Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP) are router redundancy protocols that provide network resilience for IP networks, ensuring that user traffic immediately and transparently recovers from first-hop failures in network edge devices or access circuits. In HSRP and VRRP, multiple network devices can act in concert to present the illusion of a single virtual router to the hosts on the LAN, by sharing an IP address (known as a Virtual IP Address or VIP) and a MAC address. HSRP is a Router Protocol developed by Cisco (RFC 2281), while VRRP is the IETF standard for redundancy protocols (RFC 2338). The main differences between the two are that HSRP requires you to dedicate an extra IP address as a virtual IP address for the group, while VRRP takes up less network overhead by letting you use the IP address of one of the devices already in the group, or set a dedicated VIP. In HSRP the devices are all configured with a priority status within the group. In general, the device with the highest priority is naturally the Active device; the device with the next-highest priority is the Standby device that takes over in the event of Active device failure or unavailability. Dominant devices in the virtual HSRP group continually exchange status messages, enabling one device to assume the routing responsibility of another, should it stop operating for either planned or unplanned reasons. If the Active device fails, the Standby device assumes the packet-forwarding duties of the Active device. If the Standby device fails or becomes the Active device, another device is selected as the Standby device.
VRRP works in much the same way. In general, the Master device is configured to have the highest priority and is active in the group. It acquires the Virtual IP address of the group, but does not have management functionality of the Virtual IP, only the transfer capabilities. The Backup devices perform the standby function. The VRRP can include many backup devices, and this protocol does not support knowing, at any given time, which backup device takes over in the event of failure. Hosts continue to forward IP packets to a consistent IP and MAC address, and the changeover of devices is transparent. The recovery time of the VRRP is about three
316
times faster than HSRP (the HSRP default is 10 seconds instead of 3 seconds in VRRP).
Accelerators can take part in HSRP and VRRP and work in tandem with the routers that provide backup for the network. The following figures display an Accelerator application working with routers in a virtual HSRP and VRRP group. The Accelerator and routers are configured with the MAC address and the IP network address of the virtual HSRP/VRRP group. The Accelerator is configured to have the highest priority and work as the Active/ Master device. It is configured with the IP address and MAC address of the virtual router and forwards any packets addressed to the virtual router. In HSRP, one of the routers acts as the Standby router, so that if, due to severe power failure or any other unlikely event, the Accelerator stops transferring packets, the router protocol gets into effect and the router assumes the duties of the Accelerator and becomes the Active device. In VRRP, both routers are configured as backup routers. Therefore, if due to severe power failure or any other unlikely event the Accelerator stops transferring packets, one of the backup routers assumes the duties of the Accelerator.
HSRP
The AcceleratorOS lets you set up HSRP groups, either manually or by automatic detection. The following sections describe the options for configuring HSRP groups. Enabling HSRP Automatic Detection, on page 317 Setting Manual HSRP Configuration, on page 318 (config) HSRP autodetect, on page 641
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
R o ut e r R ed u nd a nc y Pro to c ol s
317
318
Parameter Item
Group ID Virtual IP Address
Priority
Force Priority
R o ut e r R ed u nd a nc y Pro to c ol s
319
Parameter Item
Preempt
Description
Used for determining how to react when a higher priority router joins the group. When enabled, the higher priority router prevails; when disabled, the higher priority router assumes the Standby mode until the current Active router experiences a failure. Setting the Accelerator to enable preempt is useful when you want the Accelerator to remain active as much as possible. On the other hand, the change-over between one device and another can take two to three seconds, during which the network has no default gateway, so you have to use preempt carefully. Set the packet rate between the devices in the HSRP group. Hello time is the interval between Hello messages (an exchange of HSRP priority and state information) and the Hold Time is the interval between a receipt of a Hello message and the presumption that the sending router/Accelerator has failed. You are advised not to change the default timer setting: 3 seconds Hello Time and 10 seconds Hold Time. These definitions comply with the recommended settings of having the Hold Time length more than three times the length of the Hello Time. Decreasing timer-default rates shortens the time that the network has without a default gateway during Active router changeover, but increases the protocol bandwidth overhead and conversely. If the Accelerator is not currently the Active device in the HSRP group, Timer settings are derived from the Active device and any timer configurations that you set in the Accelerator are not saved. All members of the HSRP group must have the same Hello Time and Hold Time. If you change the default parameters, ensure that you update all members of the HSRP group with the new parameters. If the Accelerator is part of a VLAN, operating with HSRP requires updating the VLAN group number (1 to 4094).
320
VRRP
Unlike HSRP, you cannot configure VRRP automatically and must add it manually.
Description
You must enter a group number, even if the target group is group 0. Accelerator VRRP does not have a default group number. All devices in the VRRP group must have the same Virtual IP address. Setting the Accelerators priority lets you select its status in the VRRP group. If two devices in the VRRP group have the same priority, the Active router is set according to IP address. Expand does not recommend this setup. Once the Accelerator is set to have the highest priority, it becomes the active router in the VRRP group.
R o ut e r R ed u nd a nc y Pro to c ol s
321
Parameter Item
Preempt
Description
Preempt is used for determining how to react when a higher priority router joins the group. When enabled, the higher priority router will prevail, when disabled, the higher priority router will assume the Standby mode until the current Active router experiences a failure. Setting the Accelerator to enable preempt is useful when you want the Accelerator to remain active as much as possible. On the other hand, the change-over between one device and another can take two to three seconds, during which the network has no default gateway, so you have to use preempt carefully. Sets the interval between the Hello messages sent between VRRP group members. All devices in the VRRP group must have the same Timer setting. If for some reason you have to modify this setting, you should modify it for all devices in the group. The default setting is 1. If the Accelerator is part of a VLAN, operating with VRRP requires updating the VLAN group number (1 to 4094).
Timer
322
324
Overview
If this is your first time working with the Mobile Accelerator Client, a basic understanding of the terminology may prove to be helpful. See the diagram below.
In the above network scenario, there is a datacenter, which houses the Accelerators and ExpandView Server. There is a remote office, that has a small group of users. In addition, there are mobile users who enter and exit the network as needed and are not part of the same subnet as the small office. When a Mobile Accelerator (MACC) connects to the network, it will connect first with ExpandView. It will receive from ExpandView its configuration settings and will also be associated with the appropriate Accelerator in the Datacenter. This configuration setting can either be a Default configuration, a Unique User configuration, or a Collective Branch configuration as dictated below: Collective Branch refers to the group of MACCs that are a members of the same subnet as a defined remote branch (Collective Branch). Members of the Collective Branch will adhere to the same QoS rules and configuration settings as dictated in the Collective Branch templates.
Ove rvi ew
325
Mobile User refers to a MACC that registers with ExpandView using the Default Configuration setting. This user connects to the network in a subnet that is not part of the Collective Branch and will by default, be associated to the Default Associated Set. Unique Mobile User refers to a MACC that registers with ExpandView using a unique user-defined setting. Associated Set refers to a group of Accelerators to which the Mobile Accelerator Client will connect. Currently, only one Accelerator is supported in an Associated Set. Default Associated Set refers to the Associated Set which all Mobile Users that are not pre-registered will connect to using the Default Configuration settings from ExpandView. Only one Accelerator in the network can be set as the Default Associated Set.
326
Co n f ig u r in g t he M ob il e Ac ce ler a t or Cl ie nt
327
328
Description
Co n f ig u r in g t he M ob il e Ac ce ler a t or Cl ie nt
329
To create a Mobile Accelerator Link Template for stand-alone MACCs that will use the default configuration:
1. Select the following menu sequence: Setup > My Links > Link Templates 2. In the Template Type drop-down menu, select MACC. 3. Fill in the parameters as described in the table:
Parameter Name
Parameters Section Link Name Remote Name Collective Branch name Source IP Destination IP MTU Metric Fragmentation Acceleration Section Tunneling Section TCP Acceleration Section Post Acceleration Aggregation Section Bandwidth Adjustment Section Give a name for the Link. Spaces are not valid This field cannot be edited. This is the name you set when you created the Collective Branch The Accelerator IP The Subnet the Collective Branch belongs to See Advanced Link Configurations, on page 84 See Advanced Link Configurations, on page 84 See Advanced Link Configurations, on page 84 See Advanced Link Configurations, on page 84 See Advanced Link Configurations, on page 84 See Advanced Link Configurations, on page 84 See Advanced Link Configurations, on page 84 See Advanced Link Configurations, on page 84
Description
330
M o ni to ri ng Co ll ec ti ve Br an ch Sta ti st ic s
331
332
Description
Packets
In Packets Out Packets Number of input packets Number of outgoing packets
Packets
Discarded In Packets Incoming packets that were discarded by a rule with discard policy
M o ni to ri ng Co ll ec ti ve Br an ch Sta ti st ic s
333
Parameter Item
Discarded Out Packets Dropped In Packets Dropped Out Packets Dropped Out IPsec Packets Traffic-Gauge Packets
Description
Outgoing Packets that were discarded by a rule with discard policy Incoming packets that were dropped by QoS enforcements, such as queues and obsolete Outgoing Packets that were dropped by QoS enforcements, such as queues and obsolete Outgoing Packets that were dropped by QoS enforcements, such as queues and obsolete on a secure link. Outgoing Packets that were not optimized due to being sent through the Traffic-Gauge mechanism in order to enhance performance Number of small packets aggregated, or combined, after transmission Number of small packets aggregated, or combined, before transmission Incoming packets that were aggregated as part of the default postacceleration aggregation policy. Outgoing Packets that were aggregated as part of the default postacceleration aggregation policy Incoming Packets that were aggregated as part of the user defined-1 post-acceleration aggregation policy. Outgoing Packets that were aggregated as part of the user defined-1 post-acceleration aggregation policy. Incoming Packets that were aggregated as part of the user defined-2 post-acceleration aggregation policy. Outgoing Packets that were aggregated as part of the user defined-2 post-acceleration aggregation policy Incoming Packets that were aggregated as part of the Thin Client post-acceleration aggregation policy Outgoing Packets that were aggregated as part of the Thin Client post-acceleration aggregation policy Number of packets sent out marked as Do not Accelerate. Number of packets sent out marked not to be routed into the link. Number of packets that are not optimized because the bandwidth limit as set by the AcceleratorOS license is exceeded
Poly In Packets Poly Out Packets Agg Default In Packets Agg Default Out Packets Agg User-Defined 1 In Packets Agg User-Defined 1 Out Packets Agg User-Defined 2 In Packets Agg User-Defined 2 Out Packets Agg Thin Client In Packets Agg Thin Client Out Packets Do Not Acc Packets Do Not Tunnel Packets Exceeded License Packets
Errors
CRC Errors Other Errors Number of CRC-errored packets received Unexpected errors received
Errors Acceleration
In Acceleration Out Acceleration Inbound Acceleration percentage Outbound Acceleration percentage
334
Parameter Item
In Actual Acceleration Out Actual Acceleration In Compression Out Compression
Description
Acceleration that considers all incoming throughput Acceleration that considers all outgoing throughput Inbound compression percentage Outbound compression percentage
Note: This will clear all of the statistics counters, so make sure you want to do this before proceeding. 1. Click the Clear Counters button. 2. Click Yes when prompted.
336
C h ap t er 12: Security
337
Setting different user roles, allowing different access levels to the system is supported with pre-defined roles available in the system. Definition of new roles is user-configurable. AAA includes auditing of all major operations performed on the Accelerator into log entries saved in the system log files and routable to email message, syslog server and SNMP trap.
338
C h ap t er 12: Security
Configuring AAA
The following Configuration options are available: Configuring Users, on page 338 Viewing the Authentication Servers, on page 340 Defining the Security Settings, on page 342
Configuring Users
C o nf i gu ri ng A A A
339
keyboard sequences (qwertyu, 123456), palindromes, or simple recognized dictionary words. i 5. Click the Add button to apply settings. Note: when working with a TACACS server, you must add each user name into the Accelerator.
Deleting Users
To delete an Accelerator user:
1. Click on Setup followed by Security. 2. In the Users menu, highlight the line in the Users Table that includes the name of the user to be deleted. Click the Delete button. 3. Click the Submit button to apply settings.
340
C h ap t er 12: Security
C o nf i gu ri ng A A A
341
Note: If you select Radius or TACACS+ as the Server Authentication Method, you will need to add all of the users you wish to allow access to the Accelerator on the Local Accelerator. Though the users credentials exist on the Authentication Server, as all users must have local identification in order to be authenticated. See Configuring Users, on page 338, for information on adding new users. 3. In the Add New Authentication Server dialog box, enter the following information:
Name
Server Name Server Type IP Address Server Port Server Order Encryption Key Server Time out
Description
The name of the server you want to add. The server type (Radius or Tacacs). The new servers IP address. The servers port. Defines whether the server is the first, second or third to be addressed. The servers encryption key Time period after which the connection times out.
4. Click Submit.
342
C h ap t er 12: Security
In the Authentication menu, scroll down in the 1 field to set the first level of Authentication. In the 2 field set the second level of Authentication and so on. It is recommended that the first level be set to Local. 2. Click the Submit button.
Au d it in g A dm in i st r at io n A ct iv it ie s
343
The Audit screen lets you select which administration activities to audit (for example: changing the configuration, creating links and adding users.)
344
C h ap t er 12: Security
345
1. In the Keypad screen, in the Unlock Sequence fields, scroll down in the fields to select the button to be pressed in the order intended. 2. Click the Submit button.
You can lock the Accelerators keypad via the LCD, the WebUI or the CLI. To unlock the keypad, enter the unlock sequence. The default unlock sequence is Right button, Left button, Up button, Down button, Enter. You can modify the lock sequence via the WebUI as described in section Locking and Unlocking the
346
C h ap t er 12: Security
Keypad, on page 344, or via the CLI, as described in section (config) lcd lock, on page 755.
Product ID
Management IP
Management Mask
348
C h ap t er 13: Troubleshooting
Password Issues
Topics in this section include: Resetting the Password, on page 349 Choosing a Legal Password, on page 349
P as sw o r d I ss ue s
349
Note: You must connect to the Accelerator you want to reset using a Console connection.
350
C h ap t er 13: Troubleshooting
Password Strength
A password that is strong enough is considered to be valid. A strong password has the following: At least 6 characters if in mixed character types At least 8 characters if in the same character type Is not composed of a dictionary word (meaning a string of letters that can be recognized as an English word) or a reverse dictionary word (in either mixed case or with letters separated by other characters) Is not a keyboard sequence Is not a numerical sequence Is not a palindrome Is not considered to be too simplistic or too systematic There are no maximum limits for character length, but it is not advised to make the password too long, which increases the possibility of a typographical error.
Good/Bad
Bad Good Good Good Bad Bad Good Bad Bad Bad Good
Comments
characters in all the same character type. This password is too short if it is to be of the same character type 7 characters, but it is combined of two character types Only 6 characters but it has 3 character types 8 characters in length meets the minimum for a single character type password Although this password is appropriate in length, it is a palindrome. Although it is appropriate in length and is mixed case, it is a dictionary word. Contains mixed text of appropriate length. Contains a dictionary word Contains keyboard sequence Too simplistic and too sequential Meets minimum length, is complex, and does not contain any dictionary words or palindromes. Contains a reverse dictionary word (Left)
Pas sw o rd I ss ue s
351
352
C h ap t er 13: Troubleshooting
Ch e cki n g th e Ev en t L og
353
The Accelerator event log records changes in the state of Accelerator links and changes to configuration, saving them in a list format. In the CLI, use the following commands to view events.
ACC1# show events 06-Jun-07 10:29:07 <WARNING> #1 HSRP Message authentication has failed due t11, 06-Jun-07 10:29:07 <WARNING> #1 _peer.cppLink 222.0.0.1 status changed from acc 29-Jun-07 10:19:19 <INFO> #2 Link ID 1 was Updated 29-Jun-07 10:20:51 <INFO> #1 Subnets for Remote link CP Id 1 changed 29-Jun-07 10:38:41 <INFO> #1 Link 1 was Added 29-Jun-07 10:38:41 <INFO> #1 Add QoS global rule, rule id=1, direction outbound 29-Jun-07 10:38:41 <ERROR> #1 Configuration-load: 'Line# 16, Error:Warning
Timestamp: Log date and time, in the following format: dd/mmm/ yy hh:mm:ss Level of Severity: Debug, information, warning, error, or fatal. Occurrence: The number of times this log has been recorded. Message-text: Text string containing detailed information about the event being reported. Check the Accelerators system time when viewing any event the Accelerator generates. All events are given a timestamp relative to the Accelerators local time.
354
C h ap t er 13: Troubleshooting
D is p lay in g I nf o r m at io n f o r Tro ub le sh o o ti ng
355
The Accelerators Show Tech-Support command lets you aggregate all necessary troubleshooting information in the Accelerator via one simple command - providing a window into the Accelerators inner workings and configuration. See Gathering Statistics for Technical Support, on page 372 for information on gathering and saving information that the technical support team will require prior to opening a case. To create a compressed archived file, see Displaying Statistics in a Compressed, Archived File, on page 355.
356
C h ap t er 13: Troubleshooting
---------------------------------------------------------
Status
The remote Accelerator is initializing. The remote Accelerator is not active. Link is establishing connection. Link parameters are being negotiated (cache size, and so on). Link is active. Link is active and acceleration is on. Link is active and the link is tunnelling but not accelerating traffic. Active can be either No local license, meaning that the link is inactive because the local Accelerator is not properly licensed; or No remote license, meaning that the remote Accelerator is not properly licensed. Communication has been lost. Internal error occurred during definition of the link in the system. A Virtual link (no far-end Accelerator). Remote Accelerator is not available.
C h eck in g E t h er n e t S et t in g s
357
Although Ethernet level compatibility is not an issue unique to the Accelerator, it should be considered in all hardware installations. If an Accelerator goes into hardware by-pass, the two devices that are cabled to the Accelerator are directly connected, and any incompatibilities between them may cause problems. Ensure that Ethernet settings are correct.
As a symptom of incorrect Ethernet settings, discarded packets and loss of connectivity may be experienced on the Accelerator. You can check this by using the appropriate show interface ethernet commands, as follows. ACC1# show interface ethernet 0/0? <cr> continuous output ACC1# show interface ethernet 0/0 Description.............................ethernet 0/0 MAC.....................................00:02:B3:C8:4E:9C Hardware type...........................mii Link mode...............................auto (100Mbit-Full) link is up Link detected...........................yes Supports auto-negotiation...............yes Supports link modes.....................10baseT/Half 10baseT/ Full 100baseT/Half 100baseT/Full
358
C h ap t er 13: Troubleshooting
System Up
3826461 23240 0 159363519 1723079 0
Since Clear
N/A N/A N/A N/A N/A N/A
Last 30 Secs
N/A N/A N/A N/A N/A N/A
System Up
0 0 0 0 0 92 0 92
Since Clear
N/A N/A N/A N/A N/A N/A N/A N/A
Last 30 Secs
N/A N/A N/A N/A N/A N/A N/A N/A
Ensure that Speed and Duplex settings are set correctly. Expand recommends using the following command to manually set Speed and Duplex values:
Command
l i nk -m o de 1 0 0M bi t -f u ll 1 0 0 Me g a b it f u ll d u pl e x 1 00 Mb i t- h al f 1 00 M e ga bi t h al f d up l ex 1 0M bi t -f u ll 1 0 M eg a b i t fu l l du p le x 1 0M bi t -h a lf 1 0 M eg a b i t ha l f du p le x a ut o A u to
C h eck in g E t h er n e t S et t in g s Description Parameters Example with Syntax Enters the mode to set Ethernet interface 0 parameters. No additional parameters necessary
359
A CC 1 # c on fi g ur e A CC 1 (c o nf ig ) # in t er f ac e e th er n et 0 A CC 1 (i n te rf a ce )# li n k- mo d e 10 M bi t- h al f
360
C h ap t er 13: Troubleshooting
C he ck in g L in k M a lf un c ti on
361
If the link is not operating as expected, ensure that the Accelerator configuration reflects the hardware and software infrastructure. Some external devices may require that the Accelerator be transparent - consider using RTM encapsulation. Perhaps performance is being affected by misapplied MPLS or load balancing in the network. Consider the following: Is by-pass disabled on the other side of the link? Are the bandwidth settings correct? Is Acceleration enabled on both sides of the link? Is the MTU size set correctly and not larger than the maximum MTU of the link path? Are the correct subnets advertised to the remote site? Is there bandwidth oversubscription on the WAN or on a link? Are packets being dropped on the link? In case there is a firewall in the path, are IPComp and TCP port 1928 open? Is the correct link destination address configured?
362
C h ap t er 13: Troubleshooting
Ch e ck in g HS RP Ma lf un c ti on
363
Ensure that you join the HSRP group. In AcceleratorOS 5.0 and above, after HSRP group parameters are updated, the Accelerator must join the group. In the CLI this is accomplished using the join command. Ensure that the correct HSRP group is configured - check the configuration on the other units in the group. Ensure that the correct Priority is configured so the Accelerator does not conflict with the same priority on another unit in the group. Ensure that the correct virtual IP address is configured. If authentication is used, ensure that you use the same password (default cisco)
364
C h ap t er 13: Troubleshooting
366
To upgrade software:
1. Click on the Tools tab, followed by Upgrade. 2. Scroll down in the Copy method field, to select the way the file will be copied (FTP, TFTP or HTTP). 3. In the fields provided, enter the User Name, Password and IP address of the device from which the files are to be copied. 4. Enter the path to the file, followed by the file name (the file will be a *.tgz file). 5. Click the Submit button to copy the file to the user area. 6. Reboot the Accelerator with the new file name. After rebooting, the Accelerator extracts the file and runs it. 7. Select Locally stored on Accelerator to upgrade to an AcceleratorOS version that is stored locally on the Accelerator, in case of a hard drive-based Accelerator. Alternatively, if your Accelerator uses a Compact Flash card, at least 10 MB of free space is provided on the card for file extraction.
367
Note: If you are running a version of AcceleratorOS previous to 5.0(6), note that two new preconfigured applications were added in this version that may affect user-defined applications on the same ports. If applications have been configured for port of 1928 (saved for the expand-internal application) or 2598 (citrix-ica-sr), rename these applications exactly as in the preconfigured application before performing an upgrade. If an application exists for a list of ports or range of ports that include the specified port numbers (1928 and 2598), remove these ports from the list or range, and create applications expand-internal with port 1928, and citrix-ica-sr with port 2598. Then change the policy-rules to match also this application.
368
U sin g t h e Co n fi g ur at io n To ol s
369
370
The general tools are as follows: Sending a Ping to the Remote Accelerator, on page 371 Sending a Traceroute Packet, on page 371 Rebooting the Accelerator, on page 372 Gathering Statistics for Technical Support, on page 372
U si n g th e G en e ral To ol s
371
To send a traceroute:
1. Click Tools followed by General Tools. 2. Under Traceroute, in the Destination IP Address field, enter the IP address of the device to which the traceroute is to be sent. 3. In the Maximum Number of Hops field, enter the maximum length the packet can travel before arriving at the designated destination (default is 30). 4. Click the Trace Route button.
372
U si n g th e G en e ral To ol s
373
3. Click the Save button to save this data in the requested location, as either a text or an HTML file. 4. Send an E-mail to technical support at TAC@expand.com and attach the file. Alternatively, you can contact customer support in the methods described in Contacting TAC, on page 423. 5. Click the Print button to print the data. 6. Click Close to close the pop-up.
374
Vie w in g Sy st em In fo rm a ti on
375
The System Information screen lets you view information regarding several aspects of the system, such as the CPU operating frequency and model name as well as CPU and Memory Utilization Information. To display system information in the Accelerators WebUI, click Tools followed by System Information.
Almost all parameters shown in this screen are for display only and cannot be changed. The only parameter that you can set is Requested Maximum Links.
376
2. Use the Log Archive Prefix field to set the prefix for the log file you want to create (default: acclog). The suffix is predetermined by the system (time stamp). 3. Click the Create Log Archive button to create a new log archive. The newly created log file now appears in the log archive files table. To download one file or more, select these files in the table and click the Download button. To delete one file or more, select these files in the table and click the Delete button.
Accdump
i
Ac cd u mp
377
Note: This feature is only available to Accelerators that are configured with a hard drive. The Accdump feature lets you download and display tcpdump information from the system, namely: to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is connected. You can capture the tcpdump information from various sources, and select whether to receive this information from all these sources or only from a single source. Note that once the Accdump is activated a new file will be created for approximately every 10MB of data. This data is stored in the user area of the Accelerator as a zip file in the following format/location: /user_area/ACCDumpfiles*.zip. See the following for more information: Enabling Accdump, on page 378 Deleting Accdump Files, on page 380 Downloading Accdump Files, on page 380
378
Enabling Accdump
For more information on Accdump, see Accdump, on page 377. To download an Accdump file, see Downloading Accdump Files, on page 380. To delete an Accdump file, see Deleting Accdump Files, on page 380.
To enable Accdump:
1. Click Tools followed by Accdump. 2. Click on the scroll box near the Accdump field, and select the Enabled option to start the Accdump operation. 3. Under Interface, select whether to enable all interfaces (Any), none available (N/ A) or a particular interface. The Interface drop-down menu shows all detected Accelerator interfaces. Additional ports are shown only for platforms which support multi-port. If optional panels are used, 4 pairs are shown, otherwise 2 pairs. In other words, the UI shows only the amount of available ports, as indicated in the following figure:
4. Under Number of Files, you can select the Auto option, in which case the default number of files (100) and file size (10MB) is used. Alternatively, select Other and insert your customized values. i Note: The number of files cannot exceed 999, and the maximum size of all files combined must not exceed 1GB. Note too, the files are saved in a cyclic manner.
Ac cd u mp
379
5. If you want to use one or more optional flags, enter these flags in the Optional Flags field. For a detailed description of the optional flags, see TCPDump Optional Flags, on page 425. 6. If you do not want to dump all of the packets (default), you can use the Filter Expression field to intercept only packets that come from a specific source or IP address, are destined to a specific port or IP address, or belong to a specific type. For some examples, see the following table which also uses the TCP optional flags as part of the expression for the filter. The entire flag list is found in the section TCPDump Optional Flags, on page 425:
Filter Expression
-e -v -s 0 tcp port 1928 or tcp port 80
Explanation
For all traffic on port 1928 or all TCP traffic on port 80, produce a report that: -e: includes the link-level header on each dump line. -s0 includes all TCP sequence numbers -v produces (slightly more) verbose output. For example, the time to live, identification, total length and options in an IP packet are printed. Also enables additional packet integrity checks such as verifying the IP and ICMP header checksum. For all traffic between the two hosts (1.2.3.4 and 5.6.7.8) produce a report that: -v produces (slightly more) verbose output. For example, the time to live, identification, total length and options in an IP packet are printed. Also enables additional packet integrity checks such as verifying the IP and ICMP header checksum. For all traffic belonging to network 1.2.3.0/24 produce a report that: -q produces a report that includes less protocol information so that the output lines are shorter.
7. Use the File Format scroll box to select in which file format the files are to be saved and downloaded to the local host. The available types are Pcap (saves the default format) and Enc (reformats the file). Having set all the requested definitions, you are now ready to enable Accdump and download the tcpdump files. Alternatively, if you want to
380
revert to default values, click the Set Default Values button and confirm this operation. 8. Click the Submit button. 9. Click OK to confirm the operation. To stop the Accdump operation, click on the scroll box near the Accdump field and select the Disabled option. When you enable the Accdump feature again, all existing Accdump files are deleted. 10. if you want to download the Accdump file, see Downloading Accdump Files, on page 380.
Application
tcpmux compressnet-mgmt compressnet echo discard systat daytime qotd msp chargen ftp-data ftp ssh telnet priv-mail smtp nsw-fe msg-icp msg-auth dsp priv-print time rap graphics nicname
Port/Protocol Number
1 2 3 7 9 11 13 17 18 19 20 21 22 23 24 25 27 29 31 33 35 37 38 41 43
382
A p pe n di x A: Pre-Defined Applications
Application (Continued)
ni-ftp auditd tacacs xns-time domain xns-ch isi-gl xns-auth priv-term xns-mail priv-file ni-mail acas whois++ covia tacacs-ds sql*net gopher priv-dialout deos priv-rje vettcp finger http-www hosts2-ns xfer mit-ml-dev ctf mfcobol priv-termlink su-mit-tg dnsix mit-dov npp dcp objcall dixie
Port/Protocol Number
47 48 49 52 53 54 55 56 57 58 59 61 62 63 64 65 66 70 75 76 77 78 79 80 81 82 83 84 86 87 89 90 91 92 93 94 96
Automatically Monitored?
No No No No Yes No No No No No No No No No No No No No No No No No No Yes No No No No No No No No No No No No No
383
Application (Continued)
swift-rvf tacnews metagram newacct hostname iso-tsap gppitnp acr-nema csnet-ns 3com-tsmux snagas pop2 pop3 mcidas auth audionews ansanotify uucp-path sqlserv nntp erpc smakynet ansatrader locus-map unitary locus-con gss-xlicen pwdgen cisco-fna cisco-tna cisco-sys ingres-net endpoint-mapper profile netbios-ns netbios-dgm netbios-ssn
Port/Protocol Number
97 98 99 100 101 102 103 104 105 106 108 109 110 112 113 114 116 117 118 119 121 122 124 125 126 127 128 129 130 131 132 134 135 136 137 138 139
Automatically Monitored?
No No No No No No No No No No No No Yes No No No No No No No No No No No No No No No No No No No No No Yes Yes Yes
384
A p pe n di x A: Pre-Defined Applications
Application (Continued)
emfis-data emfis-cntl bl-idm imap2 uma uaac iso-tp0 iso-ip jargon aed-512 sql-net bftp netsc-prod netsc-dev sqlsrv knet-cmp pcmail-srv nss-routing snmp snmptrap xns-courier s-net namp rsvd send print-srv multiplex cl-1 xyplex-mux mailq vmnet genrad-mux nextstep bgp ris unify audit
Port/Protocol Number
140 141 142 143 144 145 146 147 148 149 150 152 154 155 156 157 158 159 161 162 165 166 167 168 169 170 171 172 173 174 175 176 178 179 180 181 182
Automatically Monitored?
No No No Yes No No No No No No No No No No No No No No Yes Yes No No No No No No No No No No No No No No No No No
385
Application (Continued)
ocbinder ocserver remote-kis kis aci mumps qft gacp prospero osu-nms srmp irc dn6-nlm-aud dn6-smm-red dls dls-mon smux src at-rtmp at-nbp at-3-5-7-8 at-echo at-zis quickmail z39-50 914c-g anet vmpwscs softpc cai-lic dbase mpp uarps imap3 fln-spx rsh-spx cdc
Port/Protocol Number
18 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 206 209 210 211 212 214 215 216 217 218 219 220 221 222 223
Automatically Monitored?
No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No Yes No
386
A p pe n di x A: Pre-Defined Applications
Application (Continued)
peer-direct sur-meas daynachip link dsp3270 bh-fhs ldap https smtps exec login shell printer talk ntalk ibm-db2 uucp rtsp nntps banyan-vip alternate-http sshell ldaps doom ftps-data ftps telnets ircs pop3s notes timbuktu-srv ms-sql-server ms-sql-monitor ms-sna-server ms-sna-base citrix-ica sybase_sqlany
Port/Protocol Number
242 243 244 245 246 248 389 443 465 512 513 514 515 517 518 523 540 554 563 573 591, 8008, 8080 614 636 666 989 990 992 994 995 1352 1419 1433 1434 1477 1478 1494 1498
Automatically Monitored?
No No No No No No Yes Yes No No No No No No No No No No No No No No No No No No No No No Yes No No No No No Yes Yes
387
Application (Continued)
t-120 oracl-tns ingres-lock oracl-srv oracl-coauthor oracl-remdb oracl-names america-online h323 oracl-em1 oracl-em2 ms-streaming ms-sms ms-mqs oracl-vp2 oracl-vp1 openwindows gupta-sqlbase cvs-pserver citrix-ica-sr sybase-sqlanywhere ccmail ms-terminal-server sap-r3 ibm-db2-conn-svc ibm-db2-int-svc ichat pc-anywhere-data xwin ircu vdolive realaudio cu-seeme alternate-rtsp the-palace quake filenet-RPC
Port/Protocol Number
1503 1521, 1526, 1527 1524 1525 1529 1571 1575 1720 1748 1754 1755 1801, 2101, 2103, 2105 1808 1809 2000 2155 2401 2598 2638 3264 3389 3200 3700 3701 4020 5631
Automatically Monitored?
No No No Yes No No No No No No No No No No No No No No No No No No Yes No No No No No Yes No
No No No No No No No
388
A p pe n di x A: Pre-Defined Applications
Application (Continued)
filenet-NCH kazaa gnutella-svc gnutella-rtr edonkey radius radius-acct groupwise smaclmgr nameserver wins pcanywhere bittorent winmx microsoft-ds rlp re-mail-ck la-maint bootps bootpc tftp kerberos cfdptkt ntp xdmcp ipx-tunnel subnet-bcast-tftp backweb timbuktu biff who syslog ip-xns-rip streamworks-xing-mpeg citrix-icabrowser h323-gatekeeper-disc h323-gatekeeper-stat
Port/Protocol Number
32770 1214 6346 6347 4662 1812 1813 1677 4660 42 1512 65301 6699, 6257 445 39 50 51 67 68 69 88 120 123 177 213 247 370 407 512 513 514 520 1558 1604 1718 1719
Automatically Monitored?
No No No No No No No No No No No No No No Yes No No No No No Yes Yes No Yes No No No No No No No No No No No No No
389
Application (Continued)
ms-mqs-discovery ms-mqs-ping rtp rtcp pc-anywhere-stat ivisit l2tp sgcp hsrp timed nfs dhcp mimix-dr1 mimix-ha1 mimix-rj novel-netware-over-ip icmp igmp ipencap egp igp trunk-1 trunk-2 leaf-1 leaf-2 ipv6 rsvp gre ipv6-crypt ipv6-auth ipv6-icmp eigrp ospf ipip pim scps ipcomp
Port/Protocol Number
1801 3527 5004 5005 5632 9943, 9945, 56768 1701 2427 1985 525 2049 546, 547, 647, 847
Automatically Monitored?
No No No No No No No No No No Yes Yes Yes Yes
Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
390
A p pe n di x A: Pre-Defined Applications
Application (Continued)
ipx-in-ip vrrp l2tp-over-ip stp isis
Port/Protocol Number
111 112 115 118 124
Automatically Monitored?
Yes Yes Yes Yes Yes
392
A p pe n di x B: Accelerator Integration
393
394
A p pe n di x B: Accelerator Integration
Both RDP and Citrix can compress traffic sent to and from the servers. However, these capabilities are limited, and do not perform as well as Expands Accelerator. Both RDP and Citrix can encrypt traffic sent to and from the servers. However, because encryption is random by definition, its very nature limits the ability of the Accelerators to remove repetitive data.
395
4. Under the General Tab, set the encryption level to Low. 5. Click OK, and close the configuration console.
4. Select the option Enabled from the radio button. 5. Set the Encryption Level to Low Level 6. Click OK, and close the configuration console. Once set, the setting will replicate to the environment. To speed up the process, you can manually update the group policy by running the following command from the command line:
gpupdate /force
396
A p pe n di x B: Accelerator Integration
397
encryption for the session. Therefore, disabling encryption requires you to remove SSL.
398
A p pe n di x B: Accelerator Integration
For RDP Only compression can be set on the client and not encryption as previously discussed regarding the Citrix client. The place to set these values depends on how the RDP session is being launched. For most environments this will be done through the Client Connection Manager.
399
[ [ NF us e _A pp N am e ]] A dd re s s= [N F us e _A pp S er ve r Ad d re ss ] I n it ia l Pr og r am = #[ NF u se _A p pN a me ] L o ng Co m ma nd L in e = [N F us e_ A pp C om ma n dL in e ] D e si re d Co lo r =[ N Fu se _ Wi nd o wC o lo rs ] T r an sp o rt Dr i ve r =T CP / IP W i nS ta t io nD r iv e r= IC A 3 .0 A u to Lo g on Al l ow e d= On C o mp re s s= Of f .
When applications are added manually, the Accelerator still has to monitor the control session (UDP), which is never encrypted or compressed.
400
A p pe n di x B: Accelerator Integration
Configuring NetFlow
C o nf i gu ri ng Ne tF lo w
401
The following configuration modifications are needed in order to use NetFlow with the Expand Accelerator. While previous versions of AcceleratorOS included RMON, the AcceleratorOS 6.0 and up integrates NetFlow support for detailed reporting. This combination enables extracting statistics like in RMONs Top Talker. The main focus of NetFlow is Traffic Measurement, Traffic Monitoring, Network Optimization and Planning and Detection of Network Security Violations, as follows.
402
A p pe n di x B: Accelerator Integration
Here is an example of the config needed if 172.16.80.21 is the PC running the NetFlow application:
accelerator(NetFlow) ip flow-export 172.16.80.21 port 2055 version 5 interface ethernet 0/0
C o nf i gu ri ng Ne tF lo w
403
accelerator (NetFlow) # show --------------------------------------------------------# | COLLECTOR IP | PORT | VERSION | INTERFACE --------------------------------------------------------1| 172.16.80.21|2055 | 5 | Ethernet 0/0
Note: In On-Path installations, use Ethernet 0; in On-LAN installations use Ethernet 0/1 when configuring NetFlow. KNOWN LIMITATIONYou can enable NetFlow only on ethernet or bridge and not per link or virtual link. You can configure only one NetFlow probe.
404
A p pe n di x B: Accelerator Integration
3. In the Environment Variables window, click the New button. 4. Type TDW_NOCOMPRESS in the Variable Name field, and 1 in the Variable Value field.
D is ab li n g Co m p r es sio n o n S A P
405
To undo this procedure and restore SAP compression, delete this variable, or set the Variable Value to 0.
406
A p pe n di x B: Accelerator Integration
Full path:
is o( 1 ). or g (3 ) .d od ( 6) .i n te r ne t( 1 ). pr i va t e( 4) . en te r pr i se s( 1 ) . ex pa n dn et w or k s( 34 0 5) .a c ce l er at o rO s( 3 ). a cc In t er fa c es ( 4) .a c c In te r fa ce T ab l e( 2) . ac cI n te r fa ce E nt ry ( 1) . ac cI n te rf a ce P er fo r m an ce I nA cc e le r at io n Pe ri o d( 3 0)
Module: EXPAND-ACCLERETOROS-MIB Description: Inbound traffic acceleration percentage during last sampling period. accInterfacePerformanceOutAccelerationPeriod
OI D: 1. 3. 6 .1 . 4. 1. 3 40 5. 3 .4 . 2. 1. 3 4
Full path:
is o( 1 ). or g (3 ) .d od ( 6) .i n te r ne t( 1 ). pr i va t e( 4) . en te r pr i se s( 1 ) . ex pa n dn et w or k s( 34 0 5) .a c ce l er at o rO s( 3 ). a cc In t er fa c es ( 4) .a c c In te r fa ce T ab l e( 2) . ac cI n te r fa ce E nt ry ( 1) . ac cI n te rf a ce P er fo r m an ce O ut Ac c el e ra ti o nP er i od ( 33 )
Module: EXPAND-ACCLERETOROS-MIB Description: Outbound traffic acceleration percentage during last sampling period. In AcceleratorOS versions lower than 4.0, in which the Private MIB was not supported, using external applications to view acceleration statistics can be complex and it may be necessary to follow the method outlined below to avoid errors being generated by Excel. Use the standard method for calculating the acceleration percentage:
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
407
((Raw Data/Accelerated Data)-1) x 100 In low traffic, when keepalives are sent and no data is transferred, this causes the raw data to be low or the accelerated data to be high, causing Excel to return error messages, or even negative acceleration figures, as seen in the screen capture below: Working with a small amount of data, this does not cause too much of a problem, as it is quite easy to alter the resulting acceleration figure to a zero. However, when working with a large amount of data, it will be almost impossible to remove all these errors, thus resulting in a graph with gaps, and negative acceleration. To avoid this, you can use the following formula: =IF({Accelerated Data}=0,"0",IF({Raw Data}<{Accelerated Data},"0",((({Raw Data}/ {Acc. Data})-1)*100))) Although this looks difficult, the real formula is: =IF(D2=0,"0",IF(C2<D2,"0",(((C2/ D2)-1)*100))) In effect, what this formula tells Excel, is: If the Accelerated Data value is 0, then the output, or acceleration percentage will be 0, if the Raw Data value is less than the Accelerated data, then the output will be 0. Only if neither of these statements is true will Excel calculate the acceleration percentage. Although this may be true in terms of the Accelerated Data value being zero, it is a workaround enabling Excel to calculate the acceleration figures needed to produce a graph.
408
A p pe n di x B: Accelerator Integration
410
A p pe n di x C: MIME Types
Application
Application MIME Types
andrew-inset batch-SMTP cnrp+xml csta+xml dca-rft dicom EDI-Consent epp+xml font-tdpfr iges index.cmd index.vnd isup mac-binhex40 mathematica mpeg4-generic news-transmission octet-stream parityfec pgp-keys pkcs10 pkix-cert pkix-pkipath prs.cww rdf+xml remote-printing rls-services+xml samlmetadata+xml set-payment set-registration-initiation shf+xml simple-messagesummary
applefile beep+xml commonground CSTAdata+xml dec-dx dns EDIFACT eshop http im-iscomposing+xml index.obj iotp kpml-request+xml macwriteii mbox msword ocsp-request oda pdf pgp-signature pkcs7-mime pkixcmp postscript prs.nprend qsig resource-lists+xml rtf sbml+xml set-payment-initiation sgml sieve slate
atomicmail cals-1840 cpl+xml cybercash dialog-info+xml dvcs EDI-X12 fits hyperstudio index index.response ipp kpml-response+xml marc mikey news-message-id ocsp-response ogg pgp-encrypted pidf+xml pkcs7-signature pkix-crl prs.alvestrand.titrax-sheet prs.plucker reginfo+xml riscos samlassertion+xml sdp set-registration sgml-open-catalog simple-filter+xml soap+xml
Ap p li ca ti on
411
spirits-event+xml tve-trigger vnd.3gpp.pic-bw-small vnd.3M.Post-it-Notes vnd.acucobol vnd.aether.imp vnd.anser-web-fundstransfer-initiation vnd.bmi vnd.canon-lips vnd.commerce-battelle vnd.contact.cmsg vnd.cups-postscript vnd.curl vnd.dna vnd.dxr vnd.ecowin.filerequest vnd.ecowin.seriesreques t vnd.epson.esf vnd.epson.salt vnd.eudora.data vnd.fints vnd.fsc.weblaunch vnd.fujitsu.oasys3 vnd.fujixerox.ddd vnd.fut-misnet vnd.groove-account vnd.groove-injector vnd.groove-vcard vnd.hhe.lesson-player vnd.hp-hps vnd.httphone
timestamp-query vemmi vnd.3gpp.pic-bw-var vnd.accpac.simply.aso vnd.acucorp vnd.amiga.ami vnd.audiograph vnd.businessobjects vnd.cinderella vnd.commonspace vnd.criticaltools.wbs+xml vnd.cups-raster vnd.cybank vnd.dpgraph vnd.ecdis-update vnd.ecowin.fileupdate vnd.ecowin.seriesupdate vnd.epson.msf vnd.epson.ssf vnd.fdf vnd.FloGraphIt vnd.fujitsu.oasys vnd.fujitsu.oasysgp vnd.fujixerox.docuworks vnd.genomatix.tuxedo vnd.groove-help vnd.groove-tool-message vnd.hbci vnd.hp-HPGL vnd.hp-PCL vnd.hzn-3d-crossword
timestamp-reply vnd.3gpp.pic-bw-large vnd.3gpp.sms vnd.accpac.simply.imp vnd.adobe.xfdf vnd.anser-web-certificateissue-initiation vnd.blueice.multipass vnd.canon-cpdl vnd.claymore vnd.cosmocaller vnd.ctc-posml vnd.cups-raw vnd.data-vision.rdz vnd.dreamfactory vnd.ecowin.chart vnd.ecowin.series vnd.enliven vnd.epson.quickanime vnd.ericsson.quickcall vnd.ffsns vnd.framemaker vnd.fujitsu.oasys2 vnd.fujitsu.oasysprs vnd.fujixerox.docuworks.bin der vnd.grafeq vnd.groove-identitymessage vnd.groove-tool-template vnd.hcl-bireports vnd.hp-hpid vnd.hp-PCLXL vnd.ibm.afplinedata
412
A p pe n di x C: MIME Types
vnd.ibm.electronicmedia vnd.ibm.rightsmanagement vnd.intercon.formnet vnd.intu.qbo vnd.irepository.package +xml vnd.japannet-jpnstorewakeup vnd.japannetregistrationwakeup vnd.japannetverificationwakeup vnd.kde.kchart vnd.kde.kontour vnd.kde.kword vnd.Kinar vnd.llamagraphics.lifebalance.desktop vnd.lotus-approach vnd.lotus-organizer vnd.mcd vnd.mfmp vnd.mif vnd.Mobius.DAF vnd.Mobius.MQY vnd.Mobius.TXF vnd.motorola.flexsuite vnd.motorola.flexsuite.g otap vnd.motorola.flexsuite.w em vnd.ms-asf
vnd.jisp
vnd.kde.karbon
vnd.kde.kformula vnd.kde.kpresenter vnd.kenameaapp vnd.koan vnd.llamagraphics.lifebalance.exchange+xml vnd.lotus-freelance vnd.lotus-screencam vnd.mediastation.cdkey vnd.micrografx.flo vnd.minisoft-hp3000-save vnd.Mobius.DIS vnd.Mobius.MSL vnd.mophun.application vnd.motorola.flexsuite.adsi vnd.motorola.flexsuite.kmr vnd.mozilla.xul+xml vnd.mseq
vnd.kde.kivio vnd.kde.kspread vnd.kidspiration vnd.liberty-request+xml vnd.lotus-1-2-3 vnd.lotus-notes vnd.lotus-wordpro vnd.meridian-slingshot vnd.micrografx.igx vnd.mitsubishi.mistyguard.trustweb vnd.Mobius.MBK vnd.Mobius.PLC vnd.mophun.certificate vnd.motorola.flexsuite.fis vnd.motorola.flexsuite.ttc vnd.ms-artgalry vnd.ms-excel
Ap p li ca ti on
413
vnd.msign vnd.ms-project vnd.ms-wpl vnd.nervana vnd.noblenet-sealer vnd.nokia.landmark+wbx ml vnd.nokia.radio-presets vnd.novadigm.EXT vnd.omads-file+xml vnd.palm vnd.picsel vnd.powerbuilder6-s vnd.powerbuilder75-s vnd.publishare-deltatree vnd.pwg-xhtml-print+xml vnd.RenLearn.rlprint vnd.sealed.eml vnd.sealed.ppt vnd.sealedmedia.softse al.pdf vnd.shana.informed.for mtemplate vnd.smaf vnd.sss-ntf vnd.svd vnd.syncml.+xml vnd.truedoc vnd.uplanet.alert vnd.uplanet.bearerchoice-wbxml vnd.uplanet.channel vnd.uplanet.listcmd vnd.uplanet.signal
vnd.ms-lrm vnd.ms-tnef vnd.musician vnd.netfpx vnd.noblenet-web vnd.nokia.landmarkcollection+xml vnd.novadigm.EDM vnd.obn vnd.omads-folder+xml vnd.paos.xml vnd.pg.osasli vnd.powerbuilder7 vnd.powerbuilder7-s vnd.pvi.ptid1 vnd.Quark.QuarkXPress vnd.s3sms vnd.sealed.mht vnd.sealed.xls vnd.seemail vnd.shana.informed.interchange vnd.sss-cod vnd.street-stream vnd.swiftview-ics vnd.triscape.mxs vnd.ufdl vnd.uplanet.alert-wbxml vnd.uplanet.cacheop vnd.uplanet.channel-wbxml vnd.uplanet.listcmd-wbxml vnd.vcx
vnd.ms-powerpoint vnd.ms-works vnd.music-niff vnd.noblenet-directory vnd.nokia.landmark+xml vnd.nokia.radio-preset vnd.novadigm.EDX vnd.omads-email+xml vnd.osa.netdeploy vnd.pg.format vnd.powerbuilder6 vnd.powerbuilder75 vnd.previewsystems.box vnd.pwg-multiplexed vnd.rapid vnd.sealed.doc vnd.sealed.net vnd.sealedmedia.softseal.ht ml vnd.shana.informed.formdat a vnd.shana.informed.packag e vnd.sss-dtf vnd.sus-calendar vnd.syncml.ds.notification vnd.trueapp vnd.uiq.theme vnd.uplanet.bearer-choice vnd.uplanet.cacheop-wbxml vnd.uplanet.list vnd.uplanet.list-wbxml vnd.vectorworks
414
A p pe n di x C: MIME Types
vnd.vidsoft.vidconferenc e vnd.vividence.scriptfile vnd.wap.slc vnd.wap.wmlscriptc vnd.wqd vnd.wv.csp+xml vnd.xara vnd.yamaha.hv-script vnd.yamaha.smafphrase whoispp-query wordperfect5.1 xml xmpp+xml
vnd.visio vnd.vsf vnd.wap.wbxml vnd.webturbo vnd.wrq-hp3000-labelled vnd.wv.csp+wbxml vnd.xfdl vnd.yamaha.hv-voice vnd.yellowriver-custom-menu whoispp-response x400-bp xml-dtd xop+xml
vnd.visionary vnd.wap.sic vnd.wap.wmlc vnd.wordperfect vnd.wt.stf vnd.wv.ssp+xml vnd.yamaha.hv-dic vnd.yamaha.smaf-audio watcherinfo+xml wita xhtml+xml xml-external-parsed-entity zip
Audio
3gpp basic clearmode dsr-es201108 dsr-es202212 EVRC0 G.722.1 G726-24 G728 G729E iLBC L20 MPA mpeg PCMA QCELP SMV0 tone vnd.audiokoz vnd.cns.inf1 vnd.lucent.voice vnd.nuera.ecelp4800 vnd.octel.sbc vnd.vmx.cvsd AMR BV16 CN dsr-es202050 DVI4 EVRC-QCP G723 G726-32 G729 GSM L8 L24 MP4A-LATM mpeg4-generic PCMU RED SMV-QCP VDVI vnd.cisco.nse vnd.digital-winds vnd.nokia.mobile-xmf vnd.nuera.ecelp7470 vnd.rhetorex.32kadpcm
Au d io
415
AMR-WB BV32 DAT12 dsr-es202211 EVRC G722 G726-16 G726-40 G729D GSM-EFR L16 LPC mpa-robusta parityfec prs.sid SMV telephone-event vnd.3gpp.iufp vnd.cns.anp1 vnd.everad.plj vnd.nortel.vbk vnd.nuera.ecelp9600 vnd.sealedmedia.softseal. mpeg
416
A p pe n di x C: MIME Types
Im age
cgm gif jpeg naplps prs.pti tiff-fx vnd.dwg vnd.fpx vnd.fujixerox.edm ics-rlc vnd.mix vnd.sealed.png vnd.svf fits ief jpm png t38 vnd.cns.inf2 vnd.dxf vnd.fst vnd.globalgraphics.pgb g3fax jp2 jpx prs.btif tiff vnd.djvu vnd.fastbidsheet vnd.fujixerox.edmics-mmr vnd.microsoft.icon
M e ssage
CPIM external-body partial sip delivery-status http rfc822 sipfrag disposition-notification news s-http tracking-status
Me ss ag e
417
418
A p pe n di x C: MIME Types
Model
iges vnd.flatland.3dml vnd.gtw vnd.parasolid.transmit.text mesh vnd.gdl vnd.mts vnd.vtu vnd.dwf vnd.gs-gdl vnd.parasolid.transmit.binary vrml
Multipart
alternative digest header-set related voice-message appledouble encrypted mixed report
M ul ti part
419
420
A p pe n di x C: MIME Types
Text
calendar directory enriched javascript (obsolete) RED rtx troff vnd.IPTC.NITF [IPTC] xml css dns example parityfec rfc822-headers sgml uri-list xml-external-parsedentity csv ecmascript (obsolete) html plain richtext t140 vnd.IPTC.NewsML [IPTC]
Video
3gpp BMPEG DV H263 H264 MP1S mp4 mpeg parityfec rtx 3gpp2 BT656 example H263-1998 JPEG MP2P MP4V-ES mpeg4generic pointer SMPTE292M 3gpp-tt CelB H261 H263-2000 MJ2 MP2T MPV nv raw vc1
Vid eo
421
422
A p pe n di x C: MIME Types
424
A p pe n di x D: Contacting TAC
426
-O Do not run the packet-matching code optimizer. This is useful only if you suspect a bug in the optimizer. -p Don't put the interface into promiscuous mode. Note that the interface might be in promiscuous mode for some other reason; hence, `-p' cannot be used as an abbreviation for `ether host {local-hw-addr} or ether broadcast'. -q Quick (quiet?) output. Print less protocol information so output lines are shorter. -R Assume ESP/AH packets to be based on old specification (RFC1825 to RFC1829). If specified, tcpdump will not print replay prevention field. Since there is no protocol version field in ESP/AH specification, tcpdump cannot deduce the version of ESP/ AH protocol. -S Print absolute, rather than relative, TCP sequence numbers. -t Don't print a timestamp on each dump line. -u Print undecoded NFS handles. -v When parsing and printing, produce (slightly more) verbose output. For example, the time to live, identification, total length and options in an IP packet are printed. Also enables additional packet integrity checks such as verifying the IP and ICMP header checksum. -w When writing to a file with the -w option, report, every 10 seconds, the number of packets captured. -x Print each packet (minus its link level header) in hex. The smaller of the entire packet or snaplen bytes will be printed. Note that this is the entire link-layer packet, so for link layers that pad (For example Ethernet), the padding bytes will also be printed when the higher layer packet is shorter than the required padding.
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
427
-X Print each packet (minus its link level header) in hex and ASCII. This is very handy for analyzing new protocols. type qualifiers say what kind of thing the id name or number refers to. Possible types are host, net and port. For example, `host foo', `net 128.3', `port 20'. If there is no type qualifier, host is assumed. dir qualifiers specify a particular transfer direction to and/or from id. Possible directions are src, dst, src or dst and src and dst. For example, `src foo', `dst net 128.3', `src or dst port ftp-data'. If there is no dir qualifier, src or dst is assumed. For some link layers, such as SLIP and the ``cooked'' Linux capture mode used for the ``any'' device and for some other device types, the inbound and outbound qualifiers can be used to specify a desired direction. proto qualifiers restrict the match to a particular protocol. Possible protos are: ether, fddi, tr, wlan, ip, ip6, arp, rarp, decnet, tcp and udp. For example, `ether src foo', `arp net 128.3', `tcp port 21'. If there is no proto qualifier, all protocols consistent with the type are assumed. For example, `src foo' means `(ip or arp or rarp) src foo' (except the latter is not legal syntax), `net bar' means `(ip or arp or rarp) net bar' and `port 53' means `(tcp or udp) port 53'. [`fddi' is actually an alias for `ether'; the parser treats them identically as meaning ``the data link level used on the specified network interface.'' FDDI headers contain Ethernet-like source and destination addresses, and often contain Ethernet-like packet types, so you can filter on these FDDI fields just as with the analogous Ethernet fields. FDDI headers also contain other fields, but you cannot name them explicitly in a filter expression. Similarly, `tr' and `wlan' are aliases for `ether'; the previous paragraph's statements about FDDI headers also apply to Token Ring and 802.11 wireless LAN headers. For 802.11 headers, the destination address is the DA field and the source address is the SA field; the BSSID, RA, and TA fields aren't tested.] In addition to the above, there are some special `primitive' keywords that don't follow the pattern: gateway, broadcast, less, greater and arithmetic expressions. All of these are described below.
428
More complex filter expressions are built up by using the words and, or and not to combine primitives. For example, `host foo and not port ftp and not port ftp-data'. To save typing, identical qualifier lists can be omitted. For example, `tcp dst port ftp or ftp-data or domain' is exactly the same as `tcp dst port ftp or tcp dst port ftp-data or tcp dst port domain'. Allowable primitives are: dst host host True if the IPv4/v6 destination field of the packet is host, which may be either an address or a name. src host host True if the IPv4/v6 source field of the packet is host. host host True if either the IPv4/v6 source or destination of the packet is host. Any of the above host expressions can be pre-pended with the keywords, ip, arp, rarp, or ip6 as in: ip host host which is equivalent to: ether proto \ip and host host If host is a name with multiple IP addresses, each address will be checked for a match. ether dst ehost True if the ethernet destination address is ehost. Ehost may be either a name from /etc/ethers or a number (see ethers(3N) for numeric format). ether src ehost True if the ethernet source address is ehost. ether host ehost True if either the ethernet source or destination address is ehost. gateway host True if the packet used host as a gateway. I.e., the ethernet source or destination address was host but neither the IP source nor the IP destination was host. Host must be a name and must be found both by the machine's host-name-to-IPaddress resolution mechanisms (host name file, DNS, NIS, etc.) and by the machine's host-name-to-Ethernet-address resolution mechanism (/etc/ethers, etc.). (An equivalent expression is ether host ehost and not host host
429
which can be used with either names or numbers for host / ehost.) This syntax does not work in IPv6-enabled configuration at this moment. dst net net True if the IPv4/v6 destination address of the packet has a network number of net. Net may be either a name from /etc/networks or a network number (see networks(4) for details). src net net True if the IPv4/v6 source address of the packet has a network number of net. net net True if either the IPv4/v6 source or destination address of the packet has a network number of net. net net mask netmask True if the IP address matches net with the specific netmask. May be qualified with src or dst. Note that this syntax is not valid for IPv6 net. net net/len True if the IPv4/v6 address matches net with a netmask len bits wide. May be qualified with src or dst. dst port port True if the packet is ip/tcp, ip/udp, ip6/tcp or ip6/udp and has a destination port value of port. The port can be a number or a name used in /etc/services (see tcp(4P) and udp(4P)). If a name is used, both the port number and protocol are checked. If a number or ambiguous name is used, only the port number is checked (For example, dst port 513 will print both tcp/login traffic and udp/who traffic, and port domain will print both tcp/domain and udp/domain traffic). src port port True if the packet has a source port value of port. port port True if either the source or destination port of the packet is port. Any of the above port expressions can be prepended with the keywords, tcp or udp, as in: tcp src port port which matches only tcp packets whose source port is port. less length True if the packet has a length less than or equal to length. This is equivalent to: len <= length.
430
greater length True if the packet has a length greater than or equal to length. This is equivalent to: len >= length. ip proto protocol True if the packet is an IP packet (see ip(4P)) of protocol type protocol. Protocol can be a number or one of the names icmp, icmp6, igmp, igrp, pim, ah, esp, vrrp, udp, or tcp. Note that the identifiers tcp, udp, and icmp are also keywords and must be escaped via backslash (\), which is \\ in the C-shell. Note that this primitive does not chase the protocol header chain. ip6 proto protocol True if the packet is an IPv6 packet of protocol type protocol. Note that this primitive does not chase the protocol header chain. ip6 protochain protocol True if the packet is IPv6 packet, and contains protocol header with type protocol in its protocol header chain. For example, ip6 protochain 6 matches any IPv6 packet with TCP protocol header in the protocol header chain. The packet may contain, for example, authentication header, routing header, or hop-by-hop option header, between IPv6 header and TCP header. The BPF code emitted by this primitive is complex and cannot be optimized by BPF optimizer code in tcpdump, so this can be somewhat slow. ip protochain protocol Equivalent to ip6 protochain protocol, but this is for IPv4. ether broadcast True if the packet is an ethernet broadcast packet. The ether keyword is optional. ip broadcast True if the packet is an IPv4 broadcast packet. It checks for both the all-zeroes and all-ones broadcast conventions, and looks up the subnet mask on the interface on which the capture is being done. If the subnet mask of the interface on which the capture is being done is not available, either because the interface on which capture is being done has no netmask or because the capture is being done on the Linux "any" interface, which can capture on more than one interface, this check will not work correctly.
431
ether multicast True if the packet is an ethernet multicast packet. The ether keyword is optional. This is shorthand for `ether[0] & 1 != 0'. ip multicast True if the packet is an IP multicast packet. ip6 multicast True if the packet is an IPv6 multicast packet. ether proto protocol True if the packet is of ether type protocol. Protocol can be a number or one of the names ip, ip6, arp, rarp, atalk, aarp, decnet, sca, lat, mopdl, moprc, iso, stp, ipx, or netbeui. Note these identifiers are also keywords and must be escaped via backslash (\). [In the case of FDDI (For example, `fddi protocol arp'), Token Ring (For example, `tr protocol arp'), and IEEE 802.11 wireless LANS (For example, `wlan protocol arp'), for most of those protocols, the protocol identification comes from the 802.2 Logical Link Control (LLC) header, which is usually layered on top of the FDDI, Token Ring, or 802.11 header. When filtering for most protocol identifiers on FDDI, Token Ring, or 802.11, tcpdump checks only the protocol ID field of an LLC header in so-called SNAP format with an Organizational Unit Identifier (OUI) of 0x000000, for encapsulated Ethernet; it doesn't check whether the packet is in SNAP format with an OUI of 0x000000. The exceptions are: iso tcpdump checks the DSAP (Destination Service Access Point) and SSAP (Source Service Access Point) fields of the LLC header; stp and netbeui tcpdump checks the DSAP of the LLC header; atalk tcpdump checks for a SNAP-format packet with an OUI of 0x080007 and the AppleTalk etype. In the case of Ethernet, tcpdump checks the Ethernet type field for most of those protocols. The exceptions are: iso, sap, and netbeui tcpdump checks for an 802.3 frame and then checks the LLC header as it does for FDDI, Token Ring, and 802.11;
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
432
atalk tcpdump checks both for the AppleTalk etype in an Ethernet frame and for a SNAP-format packet as it does for FDDI, Token Ring, and 802.11; aarp tcpdump checks for the AppleTalk ARP etype in either an Ethernet frame or an 802.2 SNAP frame with an OUI of 0x000000; ipx tcpdump checks for the IPX etype in an Ethernet frame, the IPX DSAP in the LLC header, the 802.3-with-no-LLC-header encapsulation of IPX, and the IPX etype in a SNAP frame. decnet src host True if the DECNET source address is host, which may be an address of the form ``10.123'', or a DECNET host name. [DECNET host name support is only available on ULTRIX systems that are configured to run DECNET.] decnet dst host True if the DECNET destination address is host. decnet host host True if either the DECNET source or destination address is host. ifname interface True if the packet was logged as coming from the specified interface (applies only to packets logged by OpenBSD's pf(4)). on interface Synonymous with the ifname modifier. rnr num True if the packet was logged as matching the specified PF rule number (applies only to packets logged by OpenBSD's pf(4)). rulenum num Synonymous with the rnr modifier. reason code True if the packet was logged with the specified PF reason code. The known codes are: match, bad-offset, fragment, short, normalize, and memory (applies only to packets logged by OpenBSD's pf(4)). rset name True if the packet was logged as matching the specified PF ruleset name of an anchored ruleset (applies only to packets logged by pf(4)).
433
ruleset name Synonymous with the rset modifier. srnr num True if the packet was logged as matching the specified PF rule number of an anchored ruleset (applies only to packets logged by pf(4)). subrulenum num Synonymous with the srnr modifier. action act True if PF took the specified action when the packet was logged. Known actions are: pass and block (applies only to packets logged by OpenBSD's pf(4)). ip, ip6, arp, rarp, atalk, aarp, decnet, iso, stp, ipx, netbeui Abbreviations for: ether proto p where p is one of the above protocols. lat, moprc, mopdl Abbreviations for: ether proto p where p is one of the above protocols. Note that tcpdump does not currently know how to parse these protocols. vlan [vlan_id] True if the packet is an IEEE 802.1Q VLAN packet. If [vlan_id] is specified, only true is the packet has the specified vlan_id. Note that the first vlan keyword encountered in expression changes the decoding offsets for the remainder of expression on the assumption that the packet is a VLAN packet. tcp, udp, icmp Abbreviations for: ip proto p or ip6 proto p where p is one of the above protocols. iso proto protocol True if the packet is an OSI packet of protocol type protocol. Protocol can be a number or one of the names clnp, esis, or isis. clnp, esis, isis Abbreviations for: iso proto p where p is one of the above protocols.
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
434
l1, l2, iih, lsp, snp, csnp, psnp Abbreviations for IS-IS PDU types. vpi n True if the packet is an ATM packet, for SunATM on Solaris, with a virtual path identifier of n. vci n True if the packet is an ATM packet, for SunATM on Solaris, with a virtual channel identifier of n. lane True if the packet is an ATM packet, for SunATM on Solaris, and is an ATM LANE packet. Note that the first lane keyword encountered in expression changes the tests done in the remainder of expression on the assumption that the packet is either a LANE emulated Ethernet packet or a LANE LE Control packet. If lane isn't specified, the tests are done under the assumption that the packet is an LLCencapsulated packet. llc True if the packet is an ATM packet, for SunATM on Solaris, and is an LLCencapsulated packet. oamf4s True if the packet is an ATM packet, for SunATM on Solaris, and is a segment OAM F4 flow cell (VPI=0 & VCI=3). oamf4e True if the packet is an ATM packet, for SunATM on Solaris, and is an end-to-end OAM F4 flow cell (VPI=0 & VCI=4). oamf4 True if the packet is an ATM packet, for SunATM on Solaris, and is a segment or end-to-end OAM F4 flow cell (VPI=0 & (VCI=3 | VCI=4)). oam True if the packet is an ATM packet, for SunATM on Solaris, and is a segment or end-to-end OAM F4 flow cell (VPI=0 & (VCI=3 | VCI=4)). metac True if the packet is an ATM packet, for SunATM on Solaris, and is on a meta signaling circuit (VPI=0 & VCI=1).
435
bcc True if the packet is an ATM packet, for SunATM on Solaris, and is on a broadcast signaling circuit (VPI=0 & VCI=2). sc True if the packet is an ATM packet, for SunATM on Solaris, and is on a signaling circuit (VPI=0 & VCI=5). ilmic True if the packet is an ATM packet, for SunATM on Solaris, and is on an ILMI circuit (VPI=0 & VCI=16). connectmsg True if the packet is an ATM packet, for SunATM on Solaris, and is on a signaling circuit and is a Q.2931 Setup, Call Proceeding, Connect, Connect Ack, Release, or Release Done message. metaconnect True if the packet is an ATM packet, for SunATM on Solaris, and is on a meta signaling circuit and is a Q.2931 Setup, Call Proceeding, Connect, Release, or Release Done message. expr relop expr True if the relation holds, where relop is one of >, <, >=, <=, =, !=, and expr is an arithmetic expression composed of integer constants (expressed in standard C syntax), the normal binary operators [+, -, *, /, &, |, <<, >>], a length operator, and special packet data accessors. To access data inside the packet, use the following syntax: proto [ expr : size ] Proto is one of ether, fddi, tr, wlan, ppp, slip, link, ip, arp, rarp, tcp, udp, icmp or ip6, and indicates the protocol layer for the index operation. (ether, fddi, wlan, tr, ppp, slip and link all refer to the link layer.) Note that tcp, udp and other upperlayer protocol types only apply to IPv4, not IPv6 (this will be fixed in the future). The byte offset, relative to the indicated protocol layer, is given by expr. Size is optional and indicates the number of bytes in the field of interest; it can be either one, two, or four, and defaults to one. The length operator, indicated by the keyword len, gives the length of the packet. For example, `ether[0] & 1 != 0' catches all multicast traffic. The expression `ip[0] & 0xf != 5' catches all IP packets with options. The expression `ip[6:2] & 0x1fff = 0' catches only un-fragmented datagrams and frag zero of fragmented
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
436
datagrams. This check is implicitly applied to the tcp and udp index operations. For instance, tcp[0] always means the first byte of the TCP header, and never means the first byte of an intervening fragment. Some offsets and field values may be expressed as names rather than as numeric values. The following protocol header field offsets are available: icmptype (ICMP type field), icmpcode (ICMP code field), and tcpflags (TCP flags field). The following ICMP type field values are available: icmp-echoreply, icmpunreach, icmp-sourcequench, icmp-redirect, icmp-echo, icmp-routeradvert, icmproutersolicit, icmp-timxceed, icmp-paramprob, icmp-tstamp, icmp-tstampreply, icmp-ireq, icmp-ireqreply, icmp-maskreq, icmp-maskreply. The following TCP flags field values are available: tcp-fin, tcp-syn, tcp-rst, tcppush, tcp-ack, tcp-urg.
437
438
440
Getting Started
The following command topics are available: Understanding the CLI Documentation, on page 440 Accessing the CLI, on page 441 Login and Logout Commands, on page 442 Licensing Commands, on page 444 Basic Setup Commands, on page 447 Configuration Settings Commands, on page 448 Customizing the CLI, on page 450
The following conventions are used in examples: The ()# prompt indicates the current command node. For example, the following prompt indicates you are within the global configuration node: Acc1(config)# Non-printing characters, are in angle brackets < >.
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
G et t i n g Start e d /
441
442
login
Logging into the Accelerator is accomplished in a series of steps. When accessing the Accelerator from the CLI, at the login prompt, enter your user name and password. The default user name is expand (case sensitive), and the default password is Expand (case sensitive).
lo g i n: Pa s s wo r d
Logs you into the CLI Both login and password are case sensitive
lo g i n: e x pa n d Pa s s wo r d :E x p an d
exit, on page 442
exit
At any point you can use the Exit command to log out of the Accelerator. The Exit command exits each level of the CLI hierarchy one at a time, so you may need to use the Exit command a number of times to leave the Accelerator session.
ex i t
Logs you out of the CLI No additional parameters are necessary
ex i t
login, on page 442
G et t i n g Start e d /
443
To complete a command:
To complete a command, enter a few known characters followed by a tab. The CLI will fill in the missing letters For example if you type and press the Tab key: Acc1(config)#sh By pressing the Tab key, the CLI will fill in the following: Acc1(config)#show
444
Licensing Commands
Licensing the Accelerator is accomplished by logging into the Accelerator via the enable mode by using the show licensing command, as shown in (config) show licensing, on page 446. This section contains the following commands: (config) (config) (config) (config) (config) activate-license, on page 445 interface link refresh-acceleration, on page 460 licensing server, on page 445 show interface link summary, on page 462 show licensing, on page 446
G et t i n g Start e d /
445
(config) activate-license
You must have a valid license key or file which is supplied to you from Expand Networks<>. If you use a license key copy it from the letter you receive in your email and paste it where shown. If you use a license file, FTP it to the /user_area/ of the Accelerator and note its name.
Command Description Parameters Example Related Commands
AC C1 ( co nf i g) # a c ti v at e- l ic en s e [ ke y| f il e]
Activates an Accelerators license via a license key or file. Key - copy the license key (supplied via e-mail) and paste it File - FTP the file and type its name.
AC C1 ( co nf i g) # a c ti v at e- l ic en s e k ey my LI c en Se K eY 39 2
(config) interface link refresh-acceleration, on page 460 (config) licensing server, on page 445 (config) show interface link summary, on page 462 (config) show licensing, on page 446
A CC 1( c on f ig )# l ic en s in g s er v er [ I P| Ho s t| a ut od is co v er y |f or c e]
Connects to the Licensing server by the method entered. A.B.C.D type the licensing server IP address WORD type the licensing server hostname auto-discovery the Accelerator will automatically discover the Licensing Server (if it is on the same LAN and connected force forces the licensing mechanism activation
A CC 1( c on f ig )# l ic en s in g s er v er 1.1.1.1
(config) activate-license, on page 445 (config) licensing server, on page 445 (config) show interface link summary, on page 462 (config) show licensing, on page 446
446
AC C1 ( co nf i g) # sh ow li ce n si n g
Lets you view the entire details of Accelerators licensing state, such as the licensed features and the maximum possible links. No additional parameters are required.
AC C1 ( co nf i g) # sh ow li ce n si n g
(config) activate-license, on page 445 (config) licensing server, on page 445
A c c2 21 _ 10 (c o nf i g) # s ho w l ic e ns in g D i sp la y w ar n in g s. .. . .. .. . .. . .. .. . .e na b le W a rn in g d ay s .. . .. .. . .. .. . .. . .. .. . .3 0 A l lo ca t ed m a x l in ks . .. .. . .. . .. .. . .3 75 R e qu es t ed m a x l in ks . .. .. . .. . .. .. . .0 M a x po s si bl e l i nk s. . .. .. . .. . .. .. . .4 00
C u rr en t l ic e ns e s ta t e: F e at ur e - - -- -- B a nd wi d th Al l ow an c e I P se c L 7 -Q oS W A FS -F B W A FS -F B D T C P A cc e le ra t io n W e b Ca c hi n g QoS L a st l o ad ed li c en se ke y: L ic e ns e - -- - -- 1 00 Mb p s D i sa bl e d E n ab le d Di s ab l ed Di sa b le d E n ab l ed En a bl ed E na b le d T im e L ef t - -- - -- -- Un li m it e d Un l im i te d Un l im i te d Un l im i te d Un l im it e d U nl i mi te d Un li m it e d U nl i mi te d
G et t i n g Start e d /
447
448
(config) write
Command Description Parameters Example with Syntax Related Commands
ACC1(config)#wr it e
Saves the basic configuration as the startup configuration. [Mandatory] No additional parameters
ACC1(config)#wr it e
(config) show running-config, on page 448
ACC1(config)#s ho w r un n in g- c on fi g
Displays the configuration that was set to the Accelerator. This is optional No additional parameters are required.
ACC1(config)#s ho w r un n in g- c on fi g
(config) write,
o n p ag e 4 48
ACC1(config)#s ho w r un n in g- c on f ig
AcceleratorOS, Accelerator 4900 Series Version: v6.1 (0) (Build 5.29) login: expand Password: Expand Version: 7.0.1 accelerator> enable accelerator# configure terminal accelerator(config)# activate-license key ENX1-FUXF-HBJ2K3Y6 License successfully activated. The new License state is: Feature License Time Left
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
G et t i n g Start e d /
449
------- ------- --------Bandwidth Allowance 45 Mbps Unlimited Last loaded license key: ENX1-FUXF-HBJ2-K3Y6 accelerator(config)# interface local accelerator(local interface)# hostname ACC1 ACC1(local interface)# ip address 10.1.0.6 255.255.0.0 ACC1(local interface)#ip default-gateway 10.1.0.1 ACC1(local interface)#deployment onpath ACC1(local interface)#exit ACC1(config)#wan default ACC1(wan)#bandwidth 256 kbps ACC1(wan)#exit ACC1(config)#interface link ACC1(LINK)#link destination 10.2.0.6 ACC1(LINK)#bandwidth 128 ACC1(LINK)#encapsulation transparent ACC1(LINK)#exit ACC1(config)#write ACC1(config)show running-config
450
copy banner
You can customize the following fields, which can be displayed as part of the banner: Name, Title, URL, Label, Label LTD., Product Name, Extranet, Product ID, Series, Serial Number, Software Version, Time and Date.
G et t i n g Start e d /
451
$OEM_EXTRANET (extranet.expand.com) $PRODUCT_ID (4820) $SERIES (4800) $SERIAL_NUMBER (0030.0257.0005) $SOFTWARE_VERSION (Version v5.0(7) (Build1.03)) $TIME = hh:mm:ss (24-hour format) $DATE = DD-MMM-YYYY (the day-of-month DD is two-digit number, with leading '0' if needed).
ACC1(config)#b an n er a p pl y
Causes the CLI to use the uploaded banner. No additional parameters
ACC1(config)#b an n er a p pl y
copy banner, o n pa g e 4 50
452
Configuration Commands
The following sections are configurable in this section: General Commands, on page 453 Local Interface Commands, on page 454 Link Commands, on page 458 Subnet Commands, on page 504 Alias Commands, on page 507 OSPF Commands, on page 509 Router Polling Commands, on page 514 RIP Commands, on page 517 WCCP Commands, on page 522 SNTP Server Commands, on page 527 DHCP Server Commands, on page 528 DHCP Relay Commands, on page 531 WEB Acceleration Commands, on page 533 HTTP Acceleration Commands, on page 536 TCP Acceleration Commands, on page 572 Keep Alive Commands, on page 579 FTP Acceleration Commands, on page 581 Studying a Subnet Configuration Network, on page 587 Ethernet Statistics Display Commands, on page 588 NetFlow Commands, on page 593 QoS Commands, on page 594 Aggregation Class Commands, on page 617 DNS Acceleration Commands, on page 624 Traffic Encryption Commands, on page 632 ARP Commands, on page 638 Additional Commands, on page 640 Link Commands, on page 646 Expand View Commands, on page 653 SNMP Commands, on page 655 Log Commands, on page 658 Log Archives Commands, on page 665 Configuration Tool Commands, on page 667 Accdump Commands, on page 671 RDP Proxy Commands, on page 676 Mobile Accelerator Commands, on page 680
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
Co n f ig u r at io n C om m an d s /
453
General Commands
The following commands are explained: enable, on page 453 config, on page 453
enable
To make any configuration changes to your Accelerator, you must be in configuration mode. This section describes how to enter configuration mode while using a terminal or PC that is connected to your router CONSOLE port.
Command Description
ac c el er a to r >e na b le [ M an d at or y ]
Enters enable mode. This is necessary for beginning work with the Accelerator. Once you have entered Enable mode, the prompt at the end of the command line changes from > to # No additional parameters
ac c el er a to r > enable
config, on page 453
Enable mode is indicated by the # in the prompt. You can now carry out various operations in the system, such as deleting data, printing and sending messages.
config
To make any configuration changes to your Accelerator, you must be in configuration mode. This section describes how to enter configuration mode while using a terminal or PC that is connected to your router CONSOLE port.
Command Description
ac c 1# co n fi g
Enters enable mode. This is necessary for beginning work with the Accelerator. Once you have entered Enable mode, the prompt at the end of the command line changes from > to # No additional parameters
ac c 1# config
enable,
o n p ag e 4 53
454
ACC1(local interface)#d ep l oy m en t
Set the deployment type to On-Path or On-LAN. Choose the way you want to deploy the Accelerartor. This is dictated by the way you set-up the Accelerator. For information about On Path deployment see, See OnPath, on page 14. For information about On-LAN deployment, see See On-LAN, on page 14. Parameters include: onpath - for On-path deployment onlan - for On-LAN deployment
ACC1(local interface)#deployment[onpath]
(local interface) hostname, on page 455 (local interface) ip address, on page 455 (local interface) ip address secondary, on page 456 (local interface) ip default-gateway, on page 456 (local interface) routing-strategy, on page 457 (wan) bandwidth, on page 457
Co n f ig u r at io n C om m an d s /
455
ACC1(local interface)#h os tn a me
Sets a name for the Accelerator. Changing the hostname will affect the prompt (in the Example, the hostname set is ACC1). The hostname can be up to 60 characters, and cannot contain spaces or special characters. You can also set the hostname from the conf mode. Enter up to a 60 character string with no spaces or special characters.
Command
A C C1 (l o ca l i nt e rf ac e )# IP ad d re ss x. x. x .x x .x .x . x or A C C1 (l o ca l i nt e rf ac e )# IP ad d re ss x. x. x .x / x
Description
Sets an IP address and subnet mask for the Accelerator. You can add the parameter secondary after the command, to set this IP address as the Accelerators secondary IP address. Valid IP address must be supplied
456
AC C1( lo ca l in te rf ac e) # i p d ef au l t- g at ew a y
Sets a default gateway for the Accelerator. Valid IP address must be supplied
AC C1( lo ca l in te rf ac e) # i p d ef au l t- g at ew a y 10.0.99.99/24
(local interface) deployment, on page 454 (local interface) hostname, on page 455 (local interface) ip address, on page 455 (local interface) ip address secondary, on page 456 (local interface) routing-strategy, on page 457 (wan) bandwidth, on page 457
Co n f ig u r at io n C om m an d s /
457
ACC1(local interface)#r ou t in g- s tr a te gy
Set the routing strategy to On-Path or On-LAN. If you select bridge-route, the Accelerator transfers the packets in Layer-2, regardless of the routing tables. This routing strategy is carried out only in On-Path deployment, on non-link and local traffic. auto for automatic, bridge-route for layer 2 (on-path only) and routing-only for
(wan) bandwidth
Command Description Parameters Example with Syntax Related Commands
ACC1(wan)#ba n dw id t h
Set the precise bandwidth (in Kbps) of the WAN. 0 is not a valid bandwidth. A number in Kbps larger than 0 and smaller than 1000000
ACC1(wan)#ba n dw id t h 10000
(local interface) deployment, on page 454 (local interface) hostname, on page 455 (local interface) ip address, on page 455 (local interface) ip address secondary, on page 456 (local interface) ip default-gateway, on page 456 (local interface) routing-strategy, on page 457
458
Link Commands
These commands are link specific commands. If you want to apply global commands on all links, see the specific command within the config menu. Commands within this section include: (config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
Co n f ig u r at io n C om m an d s /
459
(link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
ACC1(config)#i nt e rf ac e l i nk
Creates a link to the remote Accelerator. No additional parameters necessary.
A CC 1( co nf ig )# interface link 1
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
460
A CC 1 (c on f ig ) # in t er fa c e l in k 1 r ef r es h a cc e le ra t io n
Refreshes the interface link. This is necessary when renewing or changing a license. No Additional Parameters Needed
A CC 1 (c on f ig ) # in t er fa c e l in k 1 r ef r es h a cc e le ra t io n
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
Co n f ig u r at io n C om m an d s /
461
ACC1(config)# i nt er f ac e l in k t em p la te
Opens the specified template Template number <0-33> is required. Currently only templates 0 and 1 are supported. Template number 0 is the default Accelerator Link template Template number 1 is the default Mobile Accelerator Client Link template
ACC1(config)# i nt er f ac e l in k t em p la te 0
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
462
A CC 1 (c on f ig ) # sh o w in t er f ac e l in k s um m ar y
Shows the status of all interfaces. No Additional Parameters Needed
A CC 1 (c on f ig ) # sh o w in t er f ac e l in k s um m ar y
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
Co n f ig u r at io n C om m an d s /
463
ACC1(config)# show interface link summary Destination IP Address 28.0.214.6 28.0.224.6 N/A
Link 1 2 non
Once you have Renewed or updated the license, you will need to refresh the link in order to start Accelerating on it. See (config) interface link refresh-acceleration, on page 460.
464
(link) acceleration
Command Description Parameters Example with Syntax Related Commands
ACC1(LINK)# a cc e le ra t io n
Enables or disables acceleration on the specified link. Enable to enable Disable to disable.
ACC1(LINK)# a cc e le ra t io n enable
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
Co n f ig u r at io n C om m an d s /
465
ACC1(LINK)# a gg re g at io n a u to <n u mb er |p o st |
d i sa b le >
Enables or disables aggregation on a specified link. Choose one of the following parameters: For a specific aggregation value, enter a packet size (68-2500) To allow the Accelerator to define and adjust accordingly, do not enter a value To open the Post Acceleration Aggregation menu, use the Post parameter To disable aggregation on this link, type disable.
466
(link) bandwidth
Command Description Parameters Example with Syntax Related Commands
ACC1(LINK)# b an d wi dt h 2000
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
Co n f ig u r at io n C om m an d s /
467
ACC1(LINK)# b an dw i dt h a dj u st
Opens the bandwidth adjust node. No additional parameters necessary
ACC1(LINK)# b an dw i dt h adjust
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
468
ACC1(LINK)# b an d wi dt h u n li mi t ed i n bo u nd
Allocates unlimited inbound bandwidth on the specified link. No additional parameters necessary
Co n f ig u r at io n C om m an d s /
469
(link) cancel
Command Description Parameters Example with Syntax Related Commands
ACC1(LINK)# c an ce l
Exits the Link node and moves to the parent node. No additional parameters necessary
ACC1(LINK)# c an ce l
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
470
(link) checksum
Command Description Parameters Example with Syntax Related Commands
ACC1(LINK)# c he c ks um enable
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
Co n f ig u r at io n C om m an d s /
471
ACC1(LINK)# c le ar co un t er s
Clears the traffic counters on the specified link. There is no confirm. No additional parameters necessary.
ACC1(LINK)# c le ar co un t er s
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
472
(link) crypto
Command Description Parameters Example with Syntax Related Commands
ACC1(LINK)# c ry p to
Opens the IP Sec node. Requires an IPsec License. No additional parameters necessary.
ACC1(LINK)# c ry p to
Crypto Commands, on page 503 for the Crypto node commands (config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
Co n f ig u r at io n C om m an d s /
473
(link) description
Command Description Parameters Example with Syntax Related Commands
ACC1(LINK)# d es cr i pt io n
Gives a description for the link. Provide a description that contains no spaces or special characters
ACC1(LINK)# d es cr i pt io n link_to_branch_office
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
474
(link) encapsulation
Command Description Parameters
ACC1(LINK)# en ca p su la t io n <i p- c om p |t ra n sp ar e nt |
ud p >
Sets the type of encapsulation that is to be done on the specific link. Choose from one of the following: IP-comp Transparent UDP
ACC1(LINK)# e nc a ps ul a ti o n ud p
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
Co n f ig u r at io n C om m an d s /
475
i i
476
ACC1(link)#e nc a ps ul a ti o n tr a ns pa r en t
[ O pt io n al ]
Sets the link to work in router transparent mode. This setting is optional No additional parameters
ACC1(link)#e nc a ps ul a ti o n tr a ns pa r en t
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
Co n f ig u r at io n C om m an d s /
477
(link) exit
Command Description Parameters Example with Syntax Related Commands
ACC1(LINK)# e xi t
Exits the Link node and goes to the parent node. No additional parameters necessary.
ACC1(LINK)# e xi t
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
478
(link) fragmentation
Command Description Parameters
Co n f ig u r at io n C om m an d s /
479
(link) header
Command Description Parameters Example with Syntax Related Commands
480
ACC1(LINK)# k ee p al iv e d i al er
Creates a keepalive value for a specified link. Enter an acceptable keepalive value in seconds (3-86400).
ACC1(LINK)# k ee p al iv e d i al er 10000
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
Co n f ig u r at io n C om m an d s /
481
(link) link
Command Description Parameters
482
(link) metric
Command Description Parameters Example with Syntax Related Commands
ACC1(LINK)# m et r ic 100
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
Co n f ig u r at io n C om m an d s /
483
(link) mss
Command Description Parameters
ACC1(LINK)# m ss auto
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
484
(link) mtu
Command Description Parameters Example with Syntax Related Commands
ACC1(LINK)# m tu 100
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
Co n f ig u r at io n C om m an d s /
485
(link) no
Command Description Parameters Example with Syntax Related Commands
ACC1(LINK)# n o mtu
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
486
(link) ping
Command Description Parameters Example with Syntax Related Commands
ACC1(LINK)# p in g 1.1.1.1
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
Co n f ig u r at io n C om m an d s /
487
(link) priority
Command Description Parameters
ACC1(LINK)# p ri or i ty max-qlen discard 500 ACC1(LINK)# p ri or i ty obsolete auto ACC1(LINK)# p ri or i ty weights discard 800
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
Related Commands
488
(link) remote-unique-id
Command Description Parameters Example with Syntax Related Commands
ACC1(LINK)# r em o te -u n iq u e- id 7a 6b 9 -c 4 5r 56 - b9 j2 3 56 3 0- 63
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
Co n f ig u r at io n C om m an d s /
489
(link) show
Command Description Parameters Example with Syntax Related Commands
ACC1(LINK)# s ho w
Shows the current configuration of the specific link No additional parameters necessary.
ACC1(LINK)# s ho w
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
490
(link) subnet
Command Description Parameters
ACC1(LINK)# s ub n et a d d 1.1.1.1
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
Co n f ig u r at io n C om m an d s /
491
ACC1(LINK)# s ys t em en c ap su l at i on <a u to | i p- c om p
| ud p >
Sets the system encapsulation type. Use one of the following parameters: auto - the Accelerator will decide ip-comp - IP-comp encapsulation udp - UDP encapsulation
ACC1(LINK)# s ys te m e nc a ps u la ti o n udp
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
492
ACC1(LINK)# s ys t em u d p- d es ti n at io n -p o rt 422
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
Co n f ig u r at io n C om m an d s /
493
ACC1(LINK)# s ys te m u dp - so u rc e- p or t 222
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
494
(link) tcp-acceleration
Command Description Parameters Example with Syntax Related Commands
ACC1(LINK)# t cp - ac ce l er a ti on
Opens the TCP acceleration node No additional parameters are necessary
ACC1(LINK)# t cp - ac ce l er a ti on
TCP Acceleration Commands, on page 572, for commands within the TCP acceleration node (config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
Co n f ig u r at io n C om m an d s /
495
(link) traffic-gauge
Command Description Parameters Example with Syntax Related Commands
ACC1(LINK)# t ra ff i c- ga u ge en ab l e
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
496
(link) udp-destination-port
Command Description Parameters Example with Syntax Related Commands
ACC1(LINK)# u dp - de st i na t io n- p or t 422
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
Co n f ig u r at io n C om m an d s /
497
(link) udp-source-port
Command Description Parameters Example with Syntax Related Commands
ACC1(LINK)# u dp -s o ur ce - po r t 222
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
498
(link) wan-id
Command Description Parameters
Co n f ig u r at io n C om m an d s /
499
(BW-ADJ) adjust
Command Description Parameters Example with Syntax Related Commands
ACC1(BW-ADJ)# a dj us t enable
(link) bandwidth adjust, on page 467 (BW-ADJ) adjust, on page 499 (BW-ADJ) decrease interval, on page 499 (BW-ADJ) decrease rate, on page 500 (BW-ADJ) exit, on page 500 (BW-ADJ) increase interval, on page 501 (BW-ADJ) increase rate, on page 501 (BW-ADJ) minimal-bandwidth, on page 502 (BW-ADJ) no, on page 502 (BW-ADJ) show, on page 502
ACC1(BW-ADJ)# d ec re a se i n te r va l 10
500
A p pe n di x F: Command Line Interface Related Commands (link) bandwidth adjust, on page 467 (BW-ADJ) adjust, on page 499 (BW-ADJ) decrease interval, on page 499 (BW-ADJ) decrease rate, on page 500 (BW-ADJ) exit, on page 500 (BW-ADJ) increase interval, on page 501 (BW-ADJ) increase rate, on page 501 (BW-ADJ) minimal-bandwidth, on page 502 (BW-ADJ) no, on page 502 (BW-ADJ) show, on page 502
ACC1(BW-ADJ)# d ec r ea se ra te 10
(link) bandwidth adjust, on page 467 (BW-ADJ) adjust, on page 499 (BW-ADJ) decrease interval, on page 499 (BW-ADJ) decrease rate, on page 500 (BW-ADJ) exit, on page 500 (BW-ADJ) increase interval, on page 501 (BW-ADJ) increase rate, on page 501 (BW-ADJ) minimal-bandwidth, on page 502 (BW-ADJ) no, on page 502 (BW-ADJ) show, on page 502
(BW-ADJ) exit
Command Description Parameters Example with Syntax
ACC1(BW-ADJ)# e xi t
Exits the Bandwidth Adjust node and goes to the parent node No Additional parameters are necessary.
ACC1(BW-ADJ)# e xi t
Co n f ig u r at io n C om m an d s / Related Commands (link) bandwidth adjust, on page 467 (BW-ADJ) adjust, on page 499 (BW-ADJ) decrease interval, on page 499 (BW-ADJ) decrease rate, on page 500 (BW-ADJ) exit, on page 500 (BW-ADJ) increase interval, on page 501 (BW-ADJ) increase rate, on page 501 (BW-ADJ) minimal-bandwidth, on page 502 (BW-ADJ) no, on page 502 (BW-ADJ) show, on page 502
501
ACC1(BW-ADJ)# i nc re a se i n te r va l 10
(link) bandwidth adjust, on page 467 (BW-ADJ) adjust, on page 499 (BW-ADJ) decrease interval, on page 499 (BW-ADJ) decrease rate, on page 500 (BW-ADJ) exit, on page 500 (BW-ADJ) increase interval, on page 501 (BW-ADJ) increase rate, on page 501 (BW-ADJ) minimal-bandwidth, on page 502 (BW-ADJ) no, on page 502 (BW-ADJ) show, on page 502
ACC1(BW-ADJ)# i nc re a se r a te 10
(link) bandwidth adjust, on page 467 (BW-ADJ) adjust, on page 499 (BW-ADJ) decrease interval, on page 499 (BW-ADJ) decrease rate, on page 500 (BW-ADJ) exit, on page 500 (BW-ADJ) increase interval, on page 501 (BW-ADJ) increase rate, on page 501 (BW-ADJ) minimal-bandwidth, on page 502 (BW-ADJ) no, on page 502 (BW-ADJ) show, on page 502
502
(BW-ADJ) minimal-bandwidth
Command Description Parameters Example with Syntax Related Commands
ACC1(BW-ADJ)# m in i ma l- b an dw i dt h 10
(link) bandwidth adjust, on page 467 (BW-ADJ) adjust, on page 499 (BW-ADJ) decrease interval, on page 499 (BW-ADJ) decrease rate, on page 500 (BW-ADJ) exit, on page 500 (BW-ADJ) increase interval, on page 501 (BW-ADJ) increase rate, on page 501 (BW-ADJ) minimal-bandwidth, on page 502 (BW-ADJ) no, on page 502 (BW-ADJ) show, on page 502
(BW-ADJ) no
Command Description Parameters Example with Syntax Related Commands
(BW-ADJ) show
Command Description Parameters
503
Crypto Commands
This section covers the following commands:
504
Subnet Commands
This section describes subnet configuration and management. The section includes the following commands: (link) link source, on page 504 (link) subnet exclude, on page 504 (subnets) advertise, on page 505 (subnets) advertise, on page 505 (subnets) no network, on page 505 (subnets) show, on page 506
ACC1(link)#li n k s ou rc e [ pr i ma r y] [ x .x .x . x]
This command lets you define a link source. The valid link source IPs are as follows: Primary IP, Secondary IP, VLAN IP, HSRP IP and VRRP IP. Use only a valid IP addresses
ACC1(link)#li n k s o ur c e [ pr i ma r y] [ 10.0.99.99]
(link) subnet exclude, on page 504 (subnets) advertise, on page 505 (subnets) advertise, on page 505 (subnets) no network, on page 505 (subnets) show, on page 506
ACC1(LINK)#s ub n et e x cl ud e x . x. x. x x .x . x. x
Excludes the subnet from the interface. Enter the IP address od the subnet
Co n f ig u r at io n C om m an d s /
505
(subnets) advertise
Command Description Parameters Example with Syntax Related Commands
ACC1(SUBNETS)#a d ve rt i se or n o t- ad v er t is e
x. x. x .x x. x. x .x | me t ri c [ number]
Sets the subnet to be advertised or not advertised (can optionally add the subnet mask). Adds a metric value to the subnet. Choose advertise to advertise the subnet and not-advertise to not advertise it.
(subnets) network
Command Description Parameters Example with Syntax Related Commands
ACC1(SUBNETS)#ne tw o rk
Adds a subnet Enter a valid IP address for the subnet, followed by the subnet mask.
(subnets) no network
Command Description Parameters Example with Syntax Related Commands
ACC1(SUBNETS)#n o n et w or k x .x . x. x
Deletes the subnet (can optionally add the subnet mask). Enter the IP address of the subnet
ACC1(SUBNETS)#n o n et w or k 10.0.99.99
(link) link source, on page 504 (link) subnet exclude, on page 504 (subnets) advertise, on page 505 (subnets) advertise, on page 505 (subnets) show, on page 506
506
(subnets) show
Command Description Parameters Example with Syntax Related Commands
ACC1(SUBNETS)#s ho w
Displays the configured subnet. No additional parameters
ACC1(SUBNETS)#s ho w
(link) link source, on page 504 (link) subnet exclude, on page 504 (subnets) advertise, on page 505 (subnets) advertise, on page 505 (subnets) no network, on page 505
Co n f ig u r at io n C om m an d s /
507
Alias Commands
Displays and manages virtual server aliasing. The following commands are available: alias alias alias alias alias show, on page 507 set, on page 507 map, on page 508 map add, on page 508 map delete, on page 508
alias show
Displays alias information and manages prefix/suffix for exported names.
Command Description Parameters Example with Syntax Related Commands
{hostname}:filecontroller0#alias [show]
Shows alias information No additional parameters
{hostname}:filecontroller0#alias [show]
alias set, on page 507 alias map, on page 508 alias map add, on page 508 alias map delete, on page 508
alias set
Command
508
alias map
Command Description Parameters Example with Syntax Related Commands
Co n f ig u r at io n C om m an d s /
509
OSPF Commands
The following commands are available: (config-ospf) (config-ospf) (config-ospf) (config-ospf) (config-ospf) (config-ospf) (config-ospf) (config-ospf) area number, on page 509 authentication-key string, on page 510 authentication-mode enable, on page 510 high locality-metric, on page 511 neighbor, on page 511 network (ip address), on page 512 ospf-mode enable, on page 512 show, on page 513
ACC1(config-ospf)#a r ea n u mb e r or (x.x.x.x)
Sets the Area ID for the OSPF group, either as a decimal value or in IP address format Enter a valid IP address or area ID
ACC1(config-ospf)# 120.129.23.3
(config-ospf) authentication-key string, on page 510 (config-ospf) authentication-mode enable, on page 510 (config-ospf) high locality-metric, on page 511 (config-ospf) neighbor, on page 511 (config-ospf) network (ip address), on page 512 (config-ospf) ospf-mode enable, on page 512 (config-ospf) show, on page 513
510
A CC 1( con fi g- os pf )# a u th en t ic at i on - ke y s tr in g
Sets a non-encrypted authentication password for the Accelerator. No additional parameters
A CC 1( con fi g- os pf )# a u th en t ic at i on - ke y s tr in g
(config-ospf) area number, on page 509 (config-ospf) authentication-mode enable, on page 510 (config-ospf) high locality-metric, on page 511 (config-ospf) neighbor, on page 511 (config-ospf) network (ip address), on page 512 (config-ospf) ospf-mode enable, on page 512 (config-ospf) show, on page 513
ACC1(config-ospf)# a ut he n ti c at io n -m od e e n ab le /
d is a bl e /M D5
Sets the Accelerator to require a password to work with other OSPF devices. Authentication mode enables MD5 encrypted authentication. Enable to enable, disable to disable, MD5 to enable MD5 encrypted authentication
ACC1(config-ospf)# a ut he n ti c at io n -m od e e n ab le
(config-ospf) area number, on page 509 (config-ospf) authentication-key string, on page 510 (config-ospf) high locality-metric, on page 511 (config-ospf) neighbor, on page 511 (config-ospf) network (ip address), on page 512 (config-ospf) ospf-mode enable, on page 512 (config-ospf) show, on page 513
Co n f ig u r at io n C om m an d s /
511
ACC1(config-ospf)# h ig h l o ca li t y- me t ri c [ 10] l o w l oc al i ty -m e tr i c [ 5]
(config-ospf) area number, on page 509 (config-ospf) authentication-key string, on page 510 (config-ospf) authentication-mode enable, on page 510 (config-ospf) neighbor, on page 511 (config-ospf) network (ip address), on page 512 (config-ospf) ospf-mode enable, on page 512 (config-ospf) show, on page 513
(config-ospf) neighbor
Command Description Parameters Example with Syntax Related Commands
AC C1 (c on fi g-o sp f) # ne i gh b or x . x. x. x
Defines an OSPF neighbor for the Accelerator via the IP address. Enter a valid IP address
AA CC 1( co nf ig- os pf )# n e ig hb o r 1 00 .1 0 0. 10 . 3
(config-ospf) area number, on page 509 (config-ospf) authentication-key string, on page 510 (config-ospf) authentication-mode enable, on page 510 (config-ospf) high locality-metric, on page 511 (config-ospf) network (ip address), on page 512 (config-ospf) ospf-mode enable, on page 512 (config-ospf) show, on page 513
512
A CC 1( con fi g- os pf )# network ( ip a d dr e ss )
x .x . x. x ( su bn e t m as k) x. x. x .x
Sets the networks that the Accelerator broadcasts to its OSPF neighbors. Enter a valid IP address
ACC1(config)#ro u te r o sp f AC C1 (c on fi g- os pf )# ospf-mode
Enables OSPF on the Accelerator enable to enable, disable to disable.
Co n f ig u r at io n C om m an d s /
513
(config-ospf) show
Command Description Parameters Example with Syntax Related Commands
A CC 1( co nf ig -o sp f) # sh ow
Displays OSPF settings. No additional parameters
A CC 1( co nf ig -o sp f) # sh ow
(config-ospf) area number, on page 509 (config-ospf) authentication-key string, on page 510 (config-ospf) authentication-mode enable, on page 510 (config-ospf) high locality-metric, on page 511 (config-ospf) neighbor, on page 511 (config-ospf) network (ip address), on page 512 (config-ospf) ospf-mode enable, on page 512
514
(config) router-polling
Command Description Parameters Example with Syntax Related Commands
ACC1(config)# r o u t e r - p o ll i n g
Opens the Router-polling node. No additional parameters
AC C1 (c on fi g) # ro ut e r- p ol li n g
(router-polling) router-polling enable, on page 514 (router-polling) poll [protocol name(s)], on page 515 (router-polling) polling-interval, on page 515 (router-polling) router ip, on page 515 (router-polling) snmp version, on page 516 (router-polling) snmp community, on page 516
ACC1(router-polling)# r ou t er -p o ll i ng [e n ab le |
di sa b le ]
Enables / disables router-polling. Enable to enable, disable to disables
ACC 1( co nf ig )# r o ut er - po ll i ng en ab l e
(config) router-polling, on page 514 (router-polling) poll [protocol name(s)], on page 515 (router-polling) polling-interval, on page 515 (router-polling) router ip, on page 515 (router-polling) snmp version, on page 516 (router-polling) snmp community, on page 516
Co n f ig u r at io n C om m an d s /
515
AC C1 (r ou te r- po ll ing )# p ol l [ p ro t o c o l n a me ( s )]
(config) router-polling, on page 514 (router-polling) router-polling enable, on page 514 (router-polling) polling-interval, on page 515 (router-polling) router ip, on page 515 (router-polling) snmp version, on page 516 (router-polling) snmp community, on page 516
(router-polling) polling-interval
Command Description Parameters Example with Syntax Related Commands
ACC1(router-polling)#p ol l in g- i nt e rv al
Sets the frequency with which the router is polled (in seconds). Default is 180 seconds Enter a frequency in seconds
A CC 1( ro ut er -p ol li ng )# po ll i ng - in te r va l 1 80
(config) router-polling, on page 514 (router-polling) router-polling enable, on page 514 (router-polling) poll [protocol name(s)], on page 515 (router-polling) router ip, on page 515 (router-polling) snmp version, on page 516 (router-polling) snmp community, on page 516
(router-polling) router ip
Command Description Parameters Example with Syntax Related Commands
ACC1(router-polling)# ro ut e r ip ( x.x.x.x)
Sets the IP address of the router to be polled. Enter a valid IP address
AC C1 (r ou te r- po ll in g) # ro ut e r ip ( 1 0 0 . 1 0 0 . 5 0 . 5 )
(config) router-polling, on page 514 (router-polling) router-polling enable, on page 514 (router-polling) poll [protocol name(s)], on page 515 (router-polling) polling-interval, on page 515 (router-polling) snmp version, on page 516 (router-polling) snmp community, on page 516
516
ACC1(router-polling)#s n mp v e rs i on [ 1 | 2 c ]
Sets the SNMP version to be used for polling the router. Enter the SNMP version either 1 or 2c
AC C1 (r ou te r-p ol li ng )# sn m p v er si o n [1 ]
(config) router-polling, on page 514 (router-polling) router-polling enable, on page 514 (router-polling) poll [protocol name(s)], on page 515 (router-polling) polling-interval, on page 515 (router-polling) router ip, on page 515 (router-polling) snmp community, on page 516
ACC1(router-polling)#s nm p c om m un it y [ name]
Sets the SNMP community to be used for polling the router. Enter the name of the SNMP community
A CC 1( ro ut er -p ol li ng )# po ll i ng -i n te r va l 1 80
(config) router-polling, on page 514 (router-polling) router-polling enable, on page 514 (router-polling) poll [protocol name(s)], on page 515 (router-polling) polling-interval, on page 515 (router-polling) router ip, on page 515 (router-polling) snmp version, on page 516
Co n f ig u r at io n C om m an d s /
517
RIP Commands
The following commands are available: (config) router rip, on page 517 (config-rip) authentication-mode enable, on page 518 (config-rip) authentication-key string, on page 518 (config-rip) network, on page 520 (config-rip) neighbor, on page 518 (config-rip) passive-mode enable, on page 520 (config-rip) rip-mode enable, on page 521 (config-rip) show, on page 521
ACC1(config)#r ou t er r i p
Enters the RIP node No additional parameters necessary
ACC1(config)#r ou t er r i p
(config) router rip, on page 517 (config-rip) authentication-mode enable, on page 518 (config-rip) authentication-key string, on page 518 (config-rip) network, on page 520 (config-rip) neighbor, on page 518 (config-rip) passive-mode enable, on page 520 (config-rip) rip-mode enable, on page 521 (config-rip) show, on page 521
518
ACC1(config-rip)# a ut he n ti ca t io n -k ey string
Sets a non-encrypted authentication password for the Accelerator. Enter the name of the authentication key
A CC 1( co nf ig -r ip) # a ut he n ti ca t io n -k ey st ri ng
(config) router rip, on page 517 (config-rip) authentication-mode enable, on page 518 (config-rip) authentication-key string, on page 518 (config-rip) network, on page 520 (config-rip) neighbor, on page 518 (config-rip) passive-mode enable, on page 520 (config-rip) rip-mode enable, on page 521 (config-rip) show, on page 521
ACC1(config-rip)# a ut h en ti c at i on -m o de e n ab l e/
d i sa bl e /M D 5
Sets the Accelerator to need a password to work with other RIP devices. authentication mode enables MD5 encrypted authentication. Enable to enable, disable to disable
A CC 1( co nf ig -r ip )# a ut h en ti c at io n -m o de e n ab le
(config) router rip, on page 517 (config-rip) authentication-mode enable, on page 518 (config-rip) authentication-key string, on page 518 (config-rip) network, on page 520 (config-rip) neighbor, on page 518 (config-rip) passive-mode enable, on page 520 (config-rip) rip-mode enable, on page 521 (config-rip) show, on page 521
(config-rip) neighbor
Command Description Parameters Example with Syntax
ACC1(config-rip)# n ei g hb or x. x. x .x
Defines a RIP neighbor for the Accelerator via the IP address. Enter a valid IP address
ACC1(config-rip)# n ei g hb or x. x. x .x
Co n f ig u r at io n C om m an d s / Related Commands (config) router rip, on page 517 (config-rip) authentication-mode enable, on page 518 (config-rip) authentication-key string, on page 518 (config-rip) network, on page 520 (config-rip) neighbor, on page 518 (config-rip) passive-mode enable, on page 520 (config-rip) rip-mode enable, on page 521 (config-rip) show, on page 521
519
520
(config-rip) network
Command Description Parameters Example with Syntax Related Commands
AC C1 (c on fi g- ri p) # ne tw o rk ( i p a d d r e s s ) x . x. x . x ( s u b n e t m a s k ) x. x . x . x
Sets the networks that the Accelerator broadcasts to its RIP neighbors. Enter a valid IP address and subnet mask
AC C1 (c on fi g- ri p) # network ( i p a d d r e s s ) x . x . x . x ( s u b n e t m a s k ) x. x . x . x
(config) router rip, on page 517 (config-rip) authentication-mode enable, on page 518 (config-rip) authentication-key string, on page 518 (config-rip) network, on page 520 (config-rip) neighbor, on page 518 (config-rip) passive-mode enable, on page 520 (config-rip) rip-mode enable, on page 521 (config-rip) show, on page 521
ACC1(config-rip)# pa s si v e- mo d e [e n ab le |
d is a bl e]
Sets RIP to work in Passive mode. Enable to enable, Disable to disable
ACC1(config-rip)# pa s si v e- mo d e en a bl e
(config) router rip, on page 517 (config-rip) authentication-mode enable, on page 518 (config-rip) authentication-key string, on page 518 (config-rip) network, on page 520 (config-rip) neighbor, on page 518 (config-rip) passive-mode enable, on page 520 (config-rip) rip-mode enable, on page 521 (config-rip) show, on page 521
Co n f ig u r at io n C om m an d s /
521
ACC1(config-rip)#r ip -m o de en a bl e /d is a bl e
Enables RIP on the Accelerator Enable to enable, disable to disable
(config-rip) show
Command Description Parameters Example with Syntax Related Commands
ACC1(config-rip)# s h ow
Displays RIP settings No additional parameters required
ACC1(config-rip)# s h ow
(config) router rip, on page 517 (config-rip) authentication-mode enable, on page 518 (config-rip) authentication-key string, on page 518 (config-rip) network, on page 520 (config-rip) neighbor, on page 518 (config-rip) passive-mode enable, on page 520 (config-rip) rip-mode enable, on page 521
522
WCCP Commands
The following options are available: (config) packet-interception wccp, on page 522 (packet interception WCCP) authentication, on page 523 (packet interception WCCP) priority, on page 523 (packet interception WCCP) router-ip, on page 524 (packet interception WCCP) show, on page 524 (packet interception WCCP) tcp-service id, on page 525 (packet interception WCCP) udp-service id, on page 526 (packet interception WCCP) wccp-mode, on page 526
ACC1(config)#p a ck et - in te r ce p ti on wc cp
Enters the WCCP configuration node. No additional parameters required
ACC1(config)#p a ck et - in te r ce p ti on wc cp
(packet interception WCCP) authentication, on page 523 (packet interception WCCP) priority, on page 523 (packet interception WCCP) router-ip, on page 524 (packet interception WCCP) show, on page 524 (packet interception WCCP) tcp-service id, on page 525 (packet interception WCCP) udp-service id, on page 526 (packet interception WCCP) wccp-mode, on page 526
Co n f ig u r at io n C om m an d s /
523
524
Co n f ig u r at io n C om m an d s /
525
526
Co n f ig u r at io n C om m an d s /
527
ACC1(config)#SNTP en ab l e/ di s ab l e
Enables the SNTP server. Enable to enable, disable to disable
ACC1(config)#SNTP en ab l e
(config) SNTP interval hours, on page 527 (config) SNTP server, on page 527
ACC1(config)#SNTP in te r va l h ou rs [ 1-24] |
m i nu te s [ 1-1440]
Polls the SNTP server for time updates by intervals set by this command. Enter the time in hours from 1-1440
ACC1(config)#SNTP in te r va l h ou rs 24
(config) SNTP enable/disable, on page 527 (config) SNTP server, on page 527
ACC1(config)#SNTP se rv e r [ x.x.x.x]
Enter IP address X.X.X.X as the address of the SNTP server. Enter a valid IP address
ACC1(config)#SNTP se rv e r 100.100.10.5
(config) SNTP enable/disable, on page 527 (config) SNTP interval hours, on page 527
528
(config) dhcp
Command Description Parameters Example with Syntax Related Commands
ACC1(config)#dh cp
Enters the DHCP node Enable to enable, disable to disable
ACC1(config)#dhcp
(DHCP) enable, on page 528 (DHCP) reload, on page 529 (DHCP) show DHCP, on page 529 (DHCP) show lease, on page 529 (DHCP) test, on page 530 (DHCP) upload, on page 530
(DHCP) enable
Command Description
ACC1(DHCP)#en a bl e/ d is ab l e
Enables or disables the DHCP Server. Enabling the Server requires having a DHCP configuration file. If this file does not exist, you are prompted to upload it. The DHCP configuration file should be in the user_area, otherwise you have to use the copy command to copy it. Alternatively, upload the DHCP configuration file via the WebUI, thereby copying it directly to the user_area. Enable to enable, disable to disable
AC C1 (D HC P) # enable
(config) dhcp, on page 528 (DHCP) reload, on page 529 (DHCP) show DHCP, on page 529 (DHCP) show lease, on page 529 (DHCP) test, on page 530 (DHCP) upload, on page 530
Co n f ig u r at io n C om m an d s /
529
(DHCP) reload
Command Description Parameters Example with Syntax Related Commands
ACC1(DHCP)#reload/user_area/dhcp/dhcpfile
(config) dhcp, on page 528 (DHCP) enable, on page 528 (DHCP) show DHCP, on page 529 (DHCP) show lease, on page 529 (DHCP) test, on page 530 (DHCP) upload, on page 530
ACC1(DHCP)#s ho w D H CP
Displays the DHCP status (enabled/disabled). no additional parameters necessary
ACC1(DHCP)#s ho w D H CP
(config) dhcp, on page 528 (DHCP) enable, on page 528 (DHCP) reload, on page 529 (DHCP) show lease, on page 529 (DHCP) test, on page 530 (DHCP) upload, on page 530
530
(DHCP) test
Command Description Parameters Example with Syntax Related Commands
ACC1(DHCP)#test/user_area/dhcp/dhcpfile
(config) dhcp, on page 528 (DHCP) enable, on page 528 (DHCP) reload, on page 529 (DHCP) show DHCP, on page 529 (DHCP) show lease, on page 529 (DHCP) upload, on page 530
(DHCP) upload
Command Description Parameters Example with Syntax Related Commands
ACC1(DHCP)#upload /user_area/dhcp/dhcpfile
(config) dhcp, on page 528 (DHCP) enable, on page 528 (DHCP) reload, on page 529 (DHCP) show DHCP, on page 529 (DHCP) show lease, on page 529 (DHCP) test, on page 530
Co n f ig u r at io n C om m an d s /
531
ACC1(local interface)#d hc re l ay
Enters the DHCP relay node No additional parameters needed
ACC1(local interface)#d hc re l ay
(local interface) dhcrelay enable, on page 531 (local interface) dhcrelay option, on page 532 (local interface) ip helper address, on page 532
ACC1(local interface)#d hc re l ay en ab l e
Enter IP helper address X.X.X.X as the address of the DHCP server Enable to enable, Disable to disable, Option to enable the dhcp relay option
532
ACC1(local interface)#d hc r el ay op t io n [a pp e nd |d i sc a rd |f o rw ar d |r e pl ac e |d ro p -n o ma tc h |m ax - le n gt h]
Enter IP helper address X.X.X.X as the address of the DHCP server Append - if the append flag is set, the relay agent appends an agent option field to each request before forwarding it to the server. Discard - discards all options sent by another DHCP relay. Forward - forwards all options from another DHCP relay. Replace - replaces the options sent by another DHCP relay with options set on the Accelerator. Drop-no-match - drops the options without counting the packets. Max-length - this is the maximum length allowed.
Description Parameters
Co n f ig u r at io n C om m an d s /
533
(config) web-acceleration
Command Description Parameters Example with Syntax Related Commands
A C C1 (c o nf i g) #w e b- ac c el e ra ti o n
Enters Web-Acceleration configuration mode No additional parameters needed
A C C1 (c o nf i g) # web-acceleration
(web-acceleration) cache clear, on page 533 (web-acceleration) cancel, on page 534 (web-acceleration) exit, on page 534 (web-acceleration) http-acceleration, on page 534 (web-acceleration) show, on page 535 (web-acceleration) tcp-acceleration, on page 535
A C C1 (w e b- ac c el e ra ti o n) #c a ch e c le a r
Clears the HTTP and FTP caches. No additional parameters required
A C C1 (w e b- ac c el e ra ti o n) # cache clear
(config) web-acceleration, on page 533 (web-acceleration) cancel, on page 534 (web-acceleration) exit, on page 534 (web-acceleration) http-acceleration, on page 534 (web-acceleration) show, on page 535 (web-acceleration) tcp-acceleration, on page 535
534
(web-acceleration) cancel
Command Description Parameters Example with Syntax Related Commands
AC C 1( c on fi g )# we b -a c ce le r at io n
Exits without updating web acceleration parameters No additional parameters needed
AC C 1( c on fi g )# web-acceleration
(config) web-acceleration, on page 533 (web-acceleration) cache clear, on page 533 (web-acceleration) exit, on page 534 (web-acceleration) http-acceleration, on page 534 (web-acceleration) show, on page 535 (web-acceleration) tcp-acceleration, on page 535
(web-acceleration) exit
Command Description Parameters Example with Syntax Related Commands
AC C1 ( we b- a cc e le ra t io n) # e x it
Exits the web acceleration node No additional parameters needed
AC C1 ( we b- a cc e le ra t io n) # exit
(config) web-acceleration, on page 533 (web-acceleration) cache clear, on page 533 (web-acceleration) cancel, on page 534 (web-acceleration) http-acceleration, on page 534 (web-acceleration) show, on page 535 (web-acceleration) tcp-acceleration, on page 535
(web-acceleration) http-acceleration
Command Description Parameters Example with Syntax Related Commands
A CC 1 (w eb - ac ce l er a ti on ) #h tt p -a c ce le r at io n
Enters the HTTP acceleration node. No additional parameters are needed.
A CC 1 (w eb - ac ce l er a ti on ) # http-acceleration
(config) web-acceleration, on page 533 (web-acceleration) cache clear, on page 533 (web-acceleration) cancel, on page 534 (web-acceleration) exit, on page 534 (web-acceleration) show, on page 535 (web-acceleration) tcp-acceleration, on page 535 see HTTP Acceleration Commands, on page 536 for the HTTP Acceleration Commands
Co n f ig u r at io n C om m an d s /
535
(web-acceleration) show
Command Description Parameters Example with Syntax Related Commands
AC C1 ( we b- a cc e le ra t io n) # sh ow
Displays Web-Acceleration parameters. No additional parameters required
AC C1 ( we b- a cc e le ra t io n) # show
(config) web-acceleration, on page 533 (web-acceleration) cache clear, on page 533 (web-acceleration) cancel, on page 534 (web-acceleration) exit, on page 534 (web-acceleration) http-acceleration, on page 534 (web-acceleration) tcp-acceleration, on page 535
(web-acceleration) tcp-acceleration
Command Description Parameters Example with Syntax Related Commands
AC C 1( w eb -a c ce le r at i on )# tc p- a cc e le ra t io n
Opens the TCP acceleration node No additional parameters needed
AC C 1( w eb -a c ce le r at i on )# tcp-acceleration
(config) web-acceleration, on page 533 (web-acceleration) cache clear, on page 533 (web-acceleration) cancel, on page 534 (web-acceleration) exit, on page 534 (web-acceleration) http-acceleration, on page 534 (web-acceleration) show, on page 535
536
Co n f ig u r at io n C om m an d s /
537
(web-acceleration) http-acceleration
Command Description Parameters Example with Syntax Related Commands
AC C 1( w eb -a c ce le r at i on )# h tt p- a cc e le ra t io n
Enters the HTTP acceleration node. No additional parameters are needed.
AC C 1( w eb -a c ce le r at i on )# http-acceleration
(http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
538
(http-acceleration) cache-auth-requests
Command Description Parameters Example with Syntax Related Commands
A CC 1 (h tt p -a cc e le r at io n )# ca h ce - au th - re qu e st s
Allows you to enable or disable cache authenticated requests. Enable to enable Disable to disable.
A CC 1 (h tt p -a cc e le r at io n )# cache-auth-requests
enable
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
Co n f ig u r at io n C om m an d s /
539
AC C1 ( ht tp - ac c el er a ti on ) # c a ch e c le ar
Clears the HTTP Acceleration cache. No additional parameters needed.
AC C1 ( ht tp - ac c el er a ti on ) #m a x ca c he d- o bj e ct si ze [n um b er in M B ]
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
540
(http-acceleration) cache-content
Command Description
A CC 1 (h tt p -a cc e le r at io n )# ca c he - co nt e nt [ en t er pr i se | in t er ne t | a l l]
Sets the type of content to be cached: Enterprise caches all traffic from links and virtual links. Internet caches all traffic on the non-link. All caches all link, virtual link and non-link traffic. Enterprise, Internet or All, as described above.
A CC 1 (h tt p -a cc e le r at io n )# ca c he - co nt e nt all
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
Co n f ig u r at io n C om m an d s /
541
(http-acceleration) cache-range
Command Description Parameters Example with Syntax Related Commands
AC C 1( ht t p- a cc el e ra ti o n) #ca ch e -r an g e [ en ab l e | d is ab l e]
Enables or disables (disabled by default) the cache range Enable to enable, Disable to disable
AC C 1( ht t p- a cc el e ra ti o n) #ca ch e -r an g e enable
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
542
(http-acceleration) cache-size
Command Description Parameters Example with Syntax Related Commands
A C C1 (h t tp -a c ce l er at i on )# c ac h e- si z e [n u m b e r i n MB]
Sets the size of the cache (between 1 and 60 GB). Default is 16 GB. Enter a valid size (between 1-60 GB). Note that, Approximately 10 MB of RAM is needed for each 1 GB of data cached.
A C C1 (h t tp -a c ce l er at i on )# c ac h e- si z e 16
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
Co n f ig u r at io n C om m an d s /
543
(http-acceleration) cancel
Command Description Parameters Example with Syntax Related Commands
A CC 1 (h tt p -a c ce le r at io n )# c an ce l
Exits the node without updating the parameters. No additional parameters are necessary
A CC 1 (h tt p -a c ce le r at io n )# c an ce l
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
544
(http-acceleration) connect-timeout
Command Description Parameters Example with Syntax Related Commands
A CC 1 (h t tp -a c ce le r at i on )# c on ne c t- t im eo u t [ nu m be r ]
Sets the amounts of time (in seconds, between 1 and 600) for a client to remain connected with no traffic being cached. Default is 600 seconds. Enter the time amount in seconds, as described above.
A CC 1 (h t tp -a c ce le r at i on )# connect-timeout 600
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
Co n f ig u r at io n C om m an d s /
545
A CC 1( h tt p -a cc e le ra t io n )# co l le ct st a ti st i cs
Enables or disables statistics collection for http acceleration Enable to enable Disable to disable.
A CC 1( h tt p -a cc e le ra t io n )# co l le ct st a ti st i cs
enable
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
546
(http-acceleration) deny-content-encoding
Command Description Parameters Example with Syntax Related Commands
A CC 1 (h t tp -a c ce le r at i on )# d en y- c on t en te nc o di n g
Enables or disables web page content from being encoded. Enable to enable Disable to disable.
A CC 1 (h t tp -a c ce le r at i on )# d en y- c on t en te nc o di n g enable
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
Co n f ig u r at io n C om m an d s /
547
(http-acceleration) exit
Command Description Parameters Example with Syntax Related Commands
A CC 1( h tt p -a cc e le ra t io n )# ex i t
Exits the current node and returns to the node that is the parent node. No additional parameters are necessary
A CC 1( h tt p -a cc e le ra t io n )# ex i t
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
548
A CC 1 (h t tp -a c ce le r at i on )# f et ch jo b
Enters the Fetch node Fetch job number or name
A CC 1 (h t tp -a c ce le r at i on )# f et ch jo b 1
Fetch Job Commands, on page 568, for additional configuration parameters (web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
Co n f ig u r at io n C om m an d s /
549
A CC 1 (h tt p -a cc e le ra t io n )# ht t p- ac c el e ra ti o n [ en a bl e | d is a bl e]
Enables/disables HTTP Acceleration. By default HTTP Acceleration is disabled. Enable to enable, disable to disable.
A CC 1 (h tt p -a cc e le ra t io n )# http-acceleration
enable
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
550
(http-acceleration) ie-refresh
Command Description Parameters Example with Syntax Related Commands
A CC 1 (h t tp -a c ce le r at i on )# i e- re f re s h [e n ab le | d is a bl e ]
Refreshes Internet Explorer. Enable to enable, disable to disable.
A CC 1 (h t tp -a c ce le r at i on )# ie-refresh enable
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
Co n f ig u r at io n C om m an d s /
551
(http-acceleration) log-level
Command Description
A C C1 ( ht tp - ac ce l er a ti on ) #l og - le v el [ a le rt | e r ro r | i n fo | wa r ni ng ]
You can set the Accelerators log file to accumulate events that occur in HTTP Acceleration. To set the type of alerts to be accumulated, set the lowest level of alert to be logged. By default, logging is disabled. When enabled, the default level is Error. Enter the time ammount in seconds, as described above.
A C C1 ( ht tp - ac ce l er a ti on ) #l og - le v el error
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
552
(http-acceleration) max-client-connect-time
Command Description Parameters Example with Syntax Related Commands
AC C 1( ht t p- ac c el e ra ti o n) #m a x- c li en t -c on n ec t ti m e
Sets in minutes the time limit the client will remain connected to the cache process. Enter the time ammount in minutes 1-5000.
AC C 1( ht t p- ac c el e ra ti o n) #m a x- c li en t -c on n ec t ti m e 300
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
Co n f ig u r at io n C om m an d s /
553
AC C1 ( ht tp - ac c el er a ti on ) #m a x ca c he d- o bj e ct si ze [n um b er in M B ]
Sets the maximum size for objects stored in the cache. Default is 4096 KB. Enter a valid size (between 1-60 GB). Note that, Approximately 10 MB of RAM is needed for each 1 GB of data cached.
AC C1 ( ht tp - ac c el er a ti on ) #m a x ca c he d- o bj e ct si ze [n um b er in M B ]
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
554
AC C 1( ht t p- a cc el e ra ti o n) # mi n c ac he d -o b je ct si z e [n u mb e r in KB ]
Sets the maximum size for objects stored in the cache. Enter a valid size (between 0-5000 KB). Note that, Approximately 10 MB of RAM is needed for each 1 GB of data cached. This number should not be bigger than the Max value.
AC C 1( ht t p- a cc el e ra ti o n) # ma x c ac he d -o b je ct si z e 300
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
Co n f ig u r at io n C om m an d s /
555
(http-acceleration) no
Command Description Parameters Example with Syntax Related Commands
A C C1 ( ht tp - ac ce l er a ti on ) #n o
Negates a command within a rule. Enter a configured regular expression
556
(http-acceleration) persistent-timeout
Command Description Parameters Example with Syntax Related Commands
AC C 1( ht t p- ac c el er a ti o n) #p e rs is t en t -t im e ou t <1 - 10 00 0 >
Allows persistent connections to be timed out. Enter a value in seconds. 1-10000 seconds.
AC C 1( ht t p- ac c el er a ti o n) # persistent-timeout 1000
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
Co n f ig u r at io n C om m an d s /
557
(http-acceleration) port
Command Description Parameters Example with Syntax Related Commands
AC C 1( ht t p- a cc el e ra ti o n) # po rt [p or t n u mb er ]
Sets the default port on which HTTP traffic generally arrives. The default is 80. Enter a valid port number
AC C 1( ht t p- a cc el e ra ti o n) # port 80
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
558
(http-acceleration) port-transparency
Note: Preserving the port may have bad implications on outgoing traffic from the Web cache. On the other hand, you cannot activate the QoS mechanism according to the source port, if the source port is not preserved.
Command Description Parameters Example with Syntax Related Commands
AC C 1( ht t p- ac c el er a ti o n) #p o rt -t r an s pa re n cy [e n ab le | di s ab le ]
This command configures whether the Client's original source port will be preserved. By default, port transparency is disabled. Enable to enable, disable to disable
AC C 1( ht t p- ac c el er a ti o n) #p o rt -t r an s pa re n cy
enable
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
Co n f ig u r at io n C om m an d s /
559
Note: After proxy was enabled, disabling DNS requires you to disable proxy first.
Command Description Parameters Example with Syntax Related Commands
<x.x.x.x> <xxx>
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
560
(http-acceleration) read-ahead
Command Description Parameters Example with Syntax Related Commands
AC C 1( ht t p- a cc el e ra ti o n) #re ad - ah ea d
Enables or disables read-ahead Enable to enable Disable to disable.
AC C 1( ht t p- a cc el e ra ti o n) # read-ahead enable
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
Co n f ig u r at io n C om m an d s /
561
AC C1 ( ht t p- ac c el er a ti o n) # r e ad -a h ea d f et c hfu ll - pa g e
When read ahead is enabled, will fetch the entire page including graphics. Enable read ahead in order for this to work No additional parameters are required.
AC C1 ( ht t p- ac c el er a ti o n) # read-ahead fetch-full-
page
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
562
AC C 1( ht t p- a cc el e ra ti o n) #re ad - ah ea d operation-
mode low
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
Co n f ig u r at io n C om m an d s /
563
(http-acceleration) reset-to-default
Command Description Parameters Example with Syntax
AC C1 ( ht t p- ac c el er a ti o n) # r e se t- t o- d ef au l t
Erases the HTTP Acceleration configuration, including statistics, and resets all values to the factory default settings. Y to confirm N to deny.
AC C1 ( ht t p- ac c el er a ti o n) # reset-to-default Th e c on f ig ur a ti on of HT TP ac ce l er a ti on wi ll be e r as e d an d r es e t t o fa c to ry va l ue s. Ar e yo u s ur e ? (Y / N) Y
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
Related Commands
564
(http-acceleration) rule
i i i
Note: You should configure this command only if proxy server is configured. You can
define multiple rules.
Note: The CLI does not allow regular expression using the following characters: # ,. A message error will be displayed as a result of any attempt to insert such a character. Note: Before configuring a rule direct regular expression, you must configure in the
clients browser the same settings configured in the Accelerator. A CC 1( h tt p -a cc e le ra t io n )# ru l e
Defining a regular expression that is valid on a URL. For example: rule direct avaya. When this rule is applied, all requests for the avaya URL will be forwarded directly to the avaya server, without passing through the proxy server. Enter a valid URL
Command Description
Co n f ig u r at io n C om m an d s /
565
(http-acceleration) show
Command Description Parameters Example with Syntax Related Commands
A C C1 ( ht tp - ac ce l er a ti on ) #s ho w
Displays the settings of the specified rule or parameter Enter the name of the rule or setting.
566
(http-acceleration) tcp-acceleration
Command Description Parameters Example with Syntax Related Commands
AC C 1( ht t p- ac c el er a ti o n) #t c p- ac c el e rt io n <e n ab le | di sa b le >
Enables or disables TCP Acceleration Enable to enable, Disable to disable.
AC C 1( ht t p- ac c el er a ti o n) #t c p- ac c el e ra ti o n enable.
TCP Acceleration Commands, on page 572, for additional TCP Acceleration configuration options (web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) transparency, on page 567
Co n f ig u r at io n C om m an d s /
567
(http-acceleration) transparency
Command Description
AC C 1( h tt p- a cc el e ra t io n) # tr an s pa r en cy [a ut o | se m i | f ul l ]
This command configures the status of the interception proxy. You can configure the interception proxy as transparent, thereby preventing the detection of the proxy servers IP address by sniffing). The following statuses are possible: Semi - applying transparency only on the Client side. Full - applying transparency on both the Client and the server sides. Auto - setting the transparency status automatically according to deployment, namely: Semi in On-LAN deployment and Full in On-Path deployment. Semi, Full, or Auto as explained above.
AC C 1( h tt p- a cc el e ra t io n) # transparency full
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566
568
Co n f ig u r at io n C om m an d s /
569
A CC 1( h tt p -a cc e le ra t io n )# fe t ch j o b < nu mb e r| n am e>
Enters the Fetch node, per job name or number Fetch job number or name
A CC 1( h tt p -a cc e le ra t io n )# fe t ch j o b 1
(config-fetch-job) cancel, on page 569 (config-fetch-job) exit, on page 569 (config-fetch-job) no, on page 570 (config-fetch-job) schedule, on page 570 (config-fetch-job) show, on page 571 (config-fetch-job) url, on page 571
(config-fetch-job) cancel
Command Description Parameters Example with Syntax Related Commands
A CC 1( c on f ig -f e tc h- j ob )#c an c el
Exits the current node without updating and returns to the parent node. No additional parameters required.
A CC 1( c on f ig -f e tc h- j ob )#c an c el
(http-acceleration) fetch job, on page 569 (config-fetch-job) exit, on page 569 (config-fetch-job) no, on page 570 (config-fetch-job) schedule, on page 570 (config-fetch-job) show, on page 571 (config-fetch-job) url, on page 571
(config-fetch-job) exit
Command Description Parameters Example with Syntax Related Commands
A CC 1( c on f ig -f e tc h- j ob )#e xi t
Exits the current node and returns to the parent node. No additional parameters required.
A CC 1( c on f ig -f e tc h- j ob )#e xi t
(http-acceleration) fetch job, on page 569 (config-fetch-job) cancel, on page 569 (config-fetch-job) no, on page 570 (config-fetch-job) schedule, on page 570 (config-fetch-job) show, on page 571 (config-fetch-job) url, on page 571
570
(config-fetch-job) no
Command Description Parameters Example with Syntax Related Commands
A CC 1 (c o nf ig - fe tc h -j o b) #n o < co m ma n d>
Removes commands Command that you want to remove
A CC 1 (c o nf ig - fe tc h -j o b) #n o url www.expand.com
To delete an entire fetch job, exit to the HTTP acceleration node and apply the command no fetch job <job number|job name> (http-acceleration) fetch job, on page 569 (config-fetch-job) cancel, on page 569 (config-fetch-job) exit, on page 569 (config-fetch-job) schedule, on page 570 (config-fetch-job) show, on page 571 (config-fetch-job) url, on page 571
(config-fetch-job) schedule
Command Description Parameters
A CC 1 (c o nf ig - fe tc h -j o b) #s c he du l e < im m ed i at e| n on e| o nc e |r ec u rr in g >
Schedules the fetch job according to the parameters defined. Enter one of the following options nonethe job is created, but does not run immediateoccurs one time, immediately once atoccurs one time on a specific date at a specific hour once inoccurs one time at a specific hour in X amount of days recurring dailyoccurs every day at a specific hour recurring weeklyoccurs once very week on a specific day and a specific hour recurring monthly occurs once a month on a specific date and hour (not recommended to set this to 31, as not every month has 31 days).
A CC 1 (c o nf ig - fe tc h -j o b) #s c he du l e once at 11:45
This will run the job one time at 11:45
Co n f ig u r at io n C om m an d s /
571
(config-fetch-job) show
Command Description Parameters Example with Syntax Related Commands
A CC 1( c on f ig -f e tc h- j ob )#s ho w
Shows the parameters for all fetch jobs No additional parameters required
A CC 1( c on f ig -f e tc h- j ob )#s ho w
(http-acceleration) fetch job, on page 569 (config-fetch-job) cancel, on page 569 (config-fetch-job) exit, on page 569 (config-fetch-job) no, on page 570 (config-fetch-job) schedule, on page 570 (config-fetch-job) url, on page 571
(config-fetch-job) url
Command Description Parameters Example with Syntax Related Commands
A CC 1( c on f ig -f e tc h- j ob )#u rl
Defines the URL to use for the fetch job. Enter a valid complete URL. You may add multiple URLs. To delete a URL, use the no command.
A CC 1( c on f ig -f e tc h- j ob )#u rl www.expand.com
(http-acceleration) fetch job, on page 569 (config-fetch-job) cancel, on page 569 (config-fetch-job) exit, on page 569 (config-fetch-job) no, on page 570 (config-fetch-job) schedule, on page 570 (config-fetch-job) show, on page 571
572
(conf) tcp-acceleration
Command Description Parameters Example with Syntax Related Commands
A CC 1( c on f )# tc p -a cc e le r at io n
Opens the TCP acceleration node. No additional parameters needed.
A CC 1( w eb - ac ce l er at i on ) # tcp-acceleration
(tcp-acc) acknowledge packet rate, on page 573 (tcp-acc) congestion-control, on page 574 (tcp-acc) exclude, on page 575 (tcp-acc) show, on page 575 (tcp-acc) tcp-acceleration enable, on page 576 (tcp-acc) typical-acceleration rate, on page 576 (tcp-acc) typical round-trip, on page 577 (tcp-acc) window receive, on page 577 (tcp-acc) window send, on page 578
Co n f ig u r at io n C om m an d s /
573
A CC 1( t cp - ac ce l er at i on )# a ck no w le dg e pa ck e t r at e < 2- 8>
Determines the number of packets transmitted before sending an ACK message. Choose the number of packets within the parameter requirements (between 2 and 8).
A CC 1( t cp - ac c) #ac kn o wl ed g e p ac ke t r at e 3
(conf) tcp-acceleration, on page 572 (tcp-acc) congestion-control, on page 574 (tcp-acc) exclude, on page 575 (tcp-acc) show, on page 575 (tcp-acc) tcp-acceleration enable, on page 576 (tcp-acc) typical-acceleration rate, on page 576 (tcp-acc) typical round-trip, on page 577 (tcp-acc) window receive, on page 577 (tcp-acc) window send, on page 578
574
(tcp-acc) congestion-control
Command Description Parameters
AC C 1( tc p -a c c) # c on ge s ti o n- co n tr ol [n o ne |s t an d ar d| v eg as ]
Selects the type of congestion control to be used. Choose from one of the following: Noneno congestion avoidance is used Standardthe congestion avoidance conforms to the standard TCP/IP protocol (Reno) VegasTCP Vegas reduces latency and increases overall through-out, by carefully matching the sending rate to the rate at which packets are successfully being transmitted by the network. The Vegas algorithm maintains shorter queues, and is therefore suitable either for low-bandwidth-delay paths, such as DSL, where the sender is constantly over-running buffers, or for high-bandwidth-delay WAN paths, where recovering from losses is an extremely time-consuming process for the sender. The shorter queues should also enhance the performance of other flows that traverse the same bottlenecks.
AC C 1( tc p -a c c) # c on ge s ti o n control vegas
(conf) tcp-acceleration, on page 572 (tcp-acc) acknowledge packet rate, on page 573 (tcp-acc) exclude, on page 575 (tcp-acc) show, on page 575 (tcp-acc) tcp-acceleration enable, on page 576 (tcp-acc) typical-acceleration rate, on page 576 (tcp-acc) typical round-trip, on page 577 (tcp-acc) window receive, on page 577 (tcp-acc) window send, on page 578
Co n f ig u r at io n C om m an d s /
575
(tcp-acc) exclude
Command Description Parameters
A CC 1( t cp - ac c) ex cl u de [c li e nt |s e rv e r| wo r d| IP ]
Adds a server or client to the exclude list. Client - choose client to exclude the client Server - choose server to exclude the server Word - servers logical name IP - IP address of the server or subnet
A CC 1( t cp - ac c) # e xc l ud e 120.44.10.2
(conf) tcp-acceleration, on page 572 (tcp-acc) acknowledge packet rate, on page 573 (tcp-acc) congestion-control, on page 574 (tcp-acc) show, on page 575 (tcp-acc) tcp-acceleration enable, on page 576 (tcp-acc) typical-acceleration rate, on page 576 (tcp-acc) typical round-trip, on page 577 (tcp-acc) window receive, on page 577 (tcp-acc) window send, on page 578
(tcp-acc) show
Command Description Parameters Example with Syntax Related Commands
A C C1 (t c p- ac c )# s ho w
Shows the TCP Acceleration data. No additional parameters required.
A C C1 (t c p- ac c )# show
(conf) tcp-acceleration, on page 572 (tcp-acc) acknowledge packet rate, on page 573 (tcp-acc) congestion-control, on page 574 (tcp-acc) exclude, on page 575 (tcp-acc) tcp-acceleration enable, on page 576 (tcp-acc) typical-acceleration rate, on page 576 (tcp-acc) typical round-trip, on page 577 (tcp-acc) window receive, on page 577 (tcp-acc) window send, on page 578
576
AC C 1( tc p -a c c) #t c p- ac c el e ra ti o n [e n ab l e | di s ab le ]
Enables/disables TCP Acceleration. By default TCP Acceleration is disabled. Enable to enable, Disable to disable.
AC C 1( tc p -a c c) # tcp-acceleration disable
(conf) tcp-acceleration, on page 572 (tcp-acc) acknowledge packet rate, on page 573 (tcp-acc) congestion-control, on page 574 (tcp-acc) exclude, on page 575 (tcp-acc) show, on page 575 (tcp-acc) typical-acceleration rate, on page 576 (tcp-acc) typical round-trip, on page 577 (tcp-acc) window receive, on page 577 (tcp-acc) window send, on page 578
A CC 1( t cp -a c c) # typical-acceleration-rate 20000
(conf) tcp-acceleration, on page 572 (tcp-acc) acknowledge packet rate, on page 573 (tcp-acc) congestion-control, on page 574 (tcp-acc) exclude, on page 575 (tcp-acc) tcp-acceleration enable, on page 576 (tcp-acc) typical round-trip, on page 577 (tcp-acc) show, on page 575 (tcp-acc) window receive, on page 577 (tcp-acc) window send, on page 578
Co n f ig u r at io n C om m an d s /
577
AC C1 ( tc p -a cc ) # t yp i ca l r ou n d- tr i p [ au to | <1 -6 0 00 0 >
Configures the RTT in milliseconds. Enter an ammount in milliseconds within the accepted range.
AC C 1( tc p -a cc ) w i nd ow re ce i ve [ a ut o |m ax <4 00 0 50 0 00 00 0 >
Restricts the size of packets received to X ammount (if entered) before sending an ACK request. You can enter your own amount, Max to enter a maximum amount, or enter Auto and the value will dynamically change depending on network and bandwidth conditions. auto - the Accelerator will decide the ammount max - sets the maximum ammount 4000-50000000 the accepted range
Parameters
578
Parameters
Co n f ig u r at io n C om m an d s /
579
(tcp-acceleration) keepalive
Command Description Parameters Example with Syntax Related Commands
A CC 1 (t c p- ac c ) ke e pa l iv e [ di sa b le | en ab l e]
Enables or disables Keep Alive messaging. Choose Enable to enable, Disable to disable.
A CC 1 (t c p- ac c )# k e ep a li ve enable
(tcp-acceleration) keepalive direction, on page 579 (tcp-acc) keepalive interval, on page 580 (tcp-acc) keepalive probes, on page 580 (tcp-acc) keepalive time, on page 580
AC C1 ( tc p- a cc ) k ee p al iv e d i re ct i on [b ot h |l an | wa n ]
Configures the direction of the Keep alive messages. Choose either LAN only, WAN only, or both.
580
A CC 1 (t cp - ac c) ke e pa li v e in t er v al < 1- 5 00 00 >
Configures the ammount of time to wait between sending keep alive messages. Choose a time in seconds (between 1 and 50000).
A CC 1 (t cp - ac c ) ke e pa li v e p ro be s < 1- 1 00 00 >
Configures the ammount of keep alive probes to send before initiating a time out. Choose a time in seconds (between 1 and 10000).
A CC 1 (t cp - ac c )# keepalive probes 10
(tcp-acceleration) keepalive, on page 579 (tcp-acceleration) keepalive direction, on page 579 (tcp-acc) keepalive interval, on page 580 (tcp-acc) keepalive time, on page 580
A CC 1 (t c p- ac c ) ke e pa l iv e t im e < 1- 1 00 00 >
Configures the ammount of time to wait (in seconds) before sending the first keep alive probe. Choose a time in seconds (between 1 and 10000).
Co n f ig u r at io n C om m an d s /
581
(web-acceleration) ftp-acceleration
Command Description Parameters Example with Syntax Related Commands
AC C1 ( we b -a cc e le ra t io n )# ft p -a cc e le r at io n
Enters the FTP acceleration node. No additional parameters are necessary.
AC C1 ( we b -a cc e le ra t io n )# ftp-acceleration
(ftp-acceleration) cache-size, on page 583 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) ftp-acceleration, on page 584 (ftp-acceleration) min cached-object-size, on page 585 (ftp-acceleration) localization, on page 584 (ftp-acceleration) transparency, on page 585 (ftp-acceleration) transparency exclude, on page 586 (ftp-acceleration) transparency excluded-servers, on page 586
582
(ftp-acceleration) cache-content
Command Description
A C C1 ( ft p- a cc el e ra t io n) #ca ch e -c o nt en t [ e nt e rp ri s e | i nt e rn et | al l ]
Sets the type of content to be cached: Enterprise caches all traffic from links and virtual links. Internet caches all traffic on the non-link. All caches all link, virtual link and non-link traffic. Enter a valid content type as described above.
A C C1 ( ft p- a cc el e ra t io n) #ca ch e -c o nt en t a ll
(web-acceleration) ftp-acceleration, on page 581 (ftp-acceleration) cache-size, on page 583 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) ftp-acceleration, on page 584 (ftp-acceleration) min cached-object-size, on page 585 (ftp-acceleration) localization, on page 584 (ftp-acceleration) transparency, on page 585 (ftp-acceleration) transparency exclude, on page 586 (ftp-acceleration) transparency excluded-servers, on page 586
(ftp-acceleration) cache-per-user
Command Description Parameters Example with Syntax Related Commands
AC C1 ( ft p -a cc e le ra t io n) # cache-per-user [enable
| disable]
Enables/disables the allocation of cache memory per a specific user. Enable to enable, Disable to disable
AC C1 ( ft p -a cc e le ra t io n) # cache-per-user enable
(web-acceleration) ftp-acceleration, on page 581 (ftp-acceleration) cache-size, on page 583 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) ftp-acceleration, on page 584 (ftp-acceleration) min cached-object-size, on page 585 (ftp-acceleration) localization, on page 584 (ftp-acceleration) transparency, on page 585 (ftp-acceleration) transparency exclude, on page 586 (ftp-acceleration) transparency excluded-servers, on page 586
Co n f ig u r at io n C om m an d s /
583
(ftp-acceleration) cache-size
Command Description Parameters Example with Syntax Related Commands
A CC 1( f tp -a c ce l er at i on )# c ac h e- si z e [ n um b er i n M B]
Sets the size of the cache (between 1 and 60 GB). Default is 50 GB. Approximately 360 KB + 8 MB of RAM is needed for each 1 GB of data cached Enter a valid size as described above.
A CC 1( f tp -a c ce l er at i on )# cache-size 50
(web-acceleration) ftp-acceleration, on page 581 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) ftp-acceleration, on page 584 (ftp-acceleration) min cached-object-size, on page 585 (ftp-acceleration) localization, on page 584 (ftp-acceleration) transparency, on page 585 (ftp-acceleration) transparency exclude, on page 586 (ftp-acceleration) transparency excluded-servers, on page 586
(ftp-acceleration) connect-timeout
Command Description Parameters Example with Syntax Related Commands
AC C 1( f tp -a c ce le r at i on )# c on ne c t- t im eo u t [n u mb e r]
Sets the amount of time (in seconds, between 1 and 600) for a client to remain connected with no traffic being cached. Default is 60 seconds. Enter a valid time as described above.
AC C 1( f tp -a c ce le r at i on )# c on ne c t- t im eo u t 60
(web-acceleration) ftp-acceleration, on page 581 (ftp-acceleration) cache-size, on page 583 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) ftp-acceleration, on page 584 (ftp-acceleration) min cached-object-size, on page 585 (ftp-acceleration) localization, on page 584 (ftp-acceleration) transparency, on page 585 (ftp-acceleration) transparency exclude, on page 586 (ftp-acceleration) transparency excluded-servers, on page 586
584
(ftp-acceleration) ftp-acceleration
Command Description Parameters Example with Syntax Related Commands
A CC 1( f tp - ac ce l er at i on ) #f tp - ac ce l er a ti on [ en ab l e | d is a bl e]
Enables/disables FTP Acceleration. By default FTP Acceleration is disabled. Enable to enable, Disable to disable.
A CC 1( f tp - ac ce l er at i on ) #f tp - ac ce l er a ti on d is ab l e
(web-acceleration) ftp-acceleration, on page 581 (ftp-acceleration) cache-size, on page 583 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) min cached-object-size, on page 585 (ftp-acceleration) localization, on page 584 (ftp-acceleration) transparency, on page 585 (ftp-acceleration) transparency exclude, on page 586 (ftp-acceleration) transparency excluded-servers, on page 586
(ftp-acceleration) localization
Command Description Parameters Example with Syntax Related Commands
AC C1 ( ft p -a cc e le ra t io n )# lo c al iz a ti o n [e n ab le | di s ab l e]
Lets you enable or disable the option to view files in languages that require Unicode characters, such as Chinese. Enable to enable, Disable to disable.
AC C1 ( ft p -a cc e le ra t io n ) #localization enable
(web-acceleration) ftp-acceleration, on page 581 (ftp-acceleration) cache-size, on page 583 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) ftp-acceleration, on page 584 (ftp-acceleration) min cached-object-size, on page 585 (ftp-acceleration) transparency, on page 585 (ftp-acceleration) transparency exclude, on page 586 (ftp-acceleration) transparency excluded-servers, on page 586
Co n f ig u r at io n C om m an d s /
585
A C C1 ( ft p- a cc el e ra t io n) # mi n c ac h ed -o b je ct s i ze [n um b er i n K B ]
Lets you configure a minimal value for the objects stored in the cache. Enter a number in KB that is smaller than the Max value.
A C C1 ( ft p- a cc el e ra t io n) # mi n c ac h ed -o b je ct s i ze 60
(web-acceleration) ftp-acceleration, on page 581 (ftp-acceleration) cache-size, on page 583 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) ftp-acceleration, on page 584 (ftp-acceleration) localization, on page 584 (ftp-acceleration) transparency, on page 585 (ftp-acceleration) transparency exclude, on page 586 (ftp-acceleration) transparency excluded-servers, on page 586
(ftp-acceleration) transparency
Command Description
AC C 1( f tp -a c ce le r at i on )# t ra ns p ar e nc y [ au to | se m i | f ul l ]
This command configures the status of the interception proxy. You can configure the interception proxy as transparent, thereby preventing the detection of the proxy servers IP address by sniffing). The following statuses are possible: Semi - applying transparency only on the Client side. Full - applying transparency on both the Client and the server sides. Auto - setting the transparency status automatically according to deployment, namely: Semi in On-LAN deployment and Full in On-Path deployment. Semi, Full, or Auto as explained above.
AC C 1( f tp -a c ce le r at i on )# transparency full
(web-acceleration) ftp-acceleration, on page 581 (ftp-acceleration) cache-size, on page 583 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) ftp-acceleration, on page 584 (ftp-acceleration) min cached-object-size, on page 585 (ftp-acceleration) localization, on page 584 (ftp-acceleration) transparency exclude, on page 586 (ftp-acceleration) transparency excluded-servers, on page 586
586
AC C1 ( ft p- a cc e le ra t io n) # tr a ns pa r en cy ex c lu de [s ou r ce | de s ti na t io n | W O RD | ip ]
Excludes servers from caching, as defined by the following parameters: Source - source traffic direction Destination - destination traffic direction WORD - server name IP - server IP or subnet Enter a valid parameter as described above.
AC C1 ( ft p- a cc e le ra t io n) # tr a ns pa r en cy ex c lu de
source
(web-acceleration) ftp-acceleration, on page 581 (ftp-acceleration) cache-size, on page 583 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) ftp-acceleration, on page 584 (ftp-acceleration) min cached-object-size, on page 585 (ftp-acceleration) localization, on page 584 (ftp-acceleration) transparency, on page 585 (ftp-acceleration) transparency excluded-servers, on page 586
AC C1 ( ft p- a cc e le ra t io n) # tr a ns pa r en cy ex cl u de d- s er v er s [ cl ea r ]
Removes all servers from the list of excluded servers. This command does not affect traffic that traversed these servers when they were excluded, but only traffic that passes after the command entered into effect. No additional parameters are necessary
AC C1 ( ft p- a cc e le ra t io n) # tr a ns pa r en cy ex cl u de d- s er v er s clear
(web-acceleration) ftp-acceleration, on page 581 (ftp-acceleration) cache-size, on page 583 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) ftp-acceleration, on page 584 (ftp-acceleration) min cached-object-size, on page 585 (ftp-acceleration) localization, on page 584 (ftp-acceleration) transparency, on page 585 (ftp-acceleration) transparency exclude, on page 586
Co n f ig u r at io n C om m an d s /
587
588
(config) monitored-application
Command Description Parameters Example with Syntax Related Commands
Co n f ig u r at io n C om m an d s /
589
ACC1(config)# sh o w ap p li ca t io n
Displays statistics for all applications. No additional parameters required.
ACC1(config)# sh o w ap p li ca t io n
(config) monitored-application, on page 588 (config) show discovered, on page 589 (config) show interface link, on page 590 (config) show traffic-discovery, on page 590 (statistic) discover, on page 591 (config) [application name] statistics-history, on page 591 (config) clear counters link, on page 592
ACC1(config)# sh o w di s co v er ed ht tp |
c it ri x |m s -t er m in al - se r ve r
Displays list of discovered HTTP or Citrix traffic traversing the network. Http: for HTTP traffic Citrix for Citrix MS-Terminal-Server for RDP
ACC1(config)# sh o w di s co v er ed http
(config) monitored-application, on page 588 (config) show application, on page 589 (config) show interface link, on page 590 (config) show traffic-discovery, on page 590 (statistic) discover, on page 591 (config) [application name] statistics-history, on page 591 (config) clear counters link, on page 592
590
A CC 1 # ( co nf i g) s h ow in te r fa ce li n k
Displays Throughput and Performance statistics for all links since up time, since last cleared and for the last 5 seconds. No additional parameters are necessary
ACC1# ( co n fi g) sh o w in t er fa c e l in k
(config) monitored-application, on page 588 (config) show application, on page 589 (config) show discovered, on page 589 (config) show traffic-discovery, on page 590 (statistic) discover, on page 591 (config) [application name] statistics-history, on page 591 (config) clear counters link, on page 592
ACC1(config)# s h ow tr af f ic -d i sc o ve ry [a ll |
application name]
Displays all applications traversing the network. Enter all for all applications or a specific application name.
ACC1(config)# s h ow tr af f ic -d i sc o ve ry all
(config) monitored-application, on page 588 (config) show application, on page 589 (config) show discovered, on page 589 (config) show interface link, on page 590 (statistic) discover, on page 591 (config) [application name] statistics-history, on page 591 (config) clear counters link, on page 592
Co n f ig u r at io n C om m an d s /
591
(statistic) discover
Command Description Parameters Example with Syntax Related Commands
ACC1(statistic)# d is co v er [ h tt p | c i tr ix ]
[ en a bl e | d i sa bl e ]
Enables traffic discovery of HTTP or Citrix traffic traversing the network. Enter the name of the link.
ACC1(c on f ig )# [ ap pl i ca t io n n am e] s ta t is ti c sh is t or y [ en a bl e/ d is ab l e]
Enables gathering statistics for a particular application. Application Name: choose an application from the list Enable to enable, Disable to disable
592
ACC1# (config) c le ar co u nt er s l in k [ a ll |l i nk
I D| n on - li nk ]
Clears link counters for a specific link as identified by its link ID, all of the links, or the non-link. All - clears counters for all links Link ID - clears counters for a specific link as identified by its link ID non-link - clears counters for the non-link
ACC1# c le a r co u nt er s l i nk all
(config) monitored-application, on page 588 (config) show application, on page 589 (config) show discovered, on page 589 (config) show interface link, on page 590 (config) show traffic-discovery, on page 590 (config) [application name] statistics-history, on page 591
Co n f ig u r at io n C om m an d s /
593
NetFlow Commands
netflow
Command
ACC1# ne tf l ow ACC1(netflow)# i p f l ow -e x po rt [x . x. x. x ] po r t
[1 to 6 5 53 5] ve r si on [5 ]i n te rf a ce et he r ne t [0 , 0 /0 , 0 /1 ] t e mp la t e [f u ll , l on g , sh o rt ]
Description
Sets the Accelerator to forward all statistic information to the NetFlow server for monitoring and analysis. Enter the IP address and port number of the NetFlow collector, as well as the NetFlow version number. In addition, enter the interface ethernet to be monitored (the LAN interface Ethernet). For more information on NetFlow statistics collected, see NetFlow Monitored Statistics, on page 323, on page 357 Enable to enable, Disable to disable
Related Commands
594
QoS Commands
The following lists the commands necessary to perform QoS configuration as described above via the CLI. The following configurations are available: (config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
Co n f ig u r at io n C om m an d s /
595
ACC1(config)#a pp l ic a ti on name
t c p [p o rt nu mb e r] u d p [p o rt nu mb e r/ ra n ge ] o v er -i p [ p or t/ r an ge ]
Defines a new application and application criteria. Enter a valid TCP port number, a valid UDP port number and range and a valid over-IP port number and range.
ACC1(config)#a pp l ic a ti on name t c p 80 u d p 60 o v er -i p 55
(config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
Related Commands
596
Related Commands
Co n f ig u r at io n C om m an d s /
597
(config) decision
Command Description Parameters Example with Syntax Related Commands
ACC1(config)#d ec i si on
Enters the Decision node No additional Parameters
ACC1(config)#d ec i si on
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
598
ACC1(config)#p o li cy - ru l e gl o ba l o ut b ou nd /
in bo u nd
Defines a new rule for globally handling an application. Inbound for inbound, outbound for outbound
ACC1(config)#p o li cy - ru l e gl o ba l inbound
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
Co n f ig u r at io n C om m an d s /
599
ACC1(config)#po li c y- r ul e l in k number ou tb o un d /
in b ou n d
Defines a new rule for a specific link. Inbound for inbound, outbound for outbound
600
ACC1(config)#sh o w a pp li c at io n
Displays all detected applications. No additional parameters needed.
ACC1(config)#sh o w a pp li c at io n
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
Co n f ig u r at io n C om m an d s /
601
(config) wan
Command Description Parameters Example with Syntax Related Commands
ACC1(config)#w a n
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
602
ACC1(decision)#m a tc h a pp li c at i on [name]
Creates an application matcher A valid application name
ACC1(decision)#m a tc h a pp li c at i on [name]
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
Co n f ig u r at io n C om m an d s /
603
ACC1(decision)#s et ac ce l er at e d i sa bl e /en ab l e
Sets a specific application to accelerate or do not accelerate. Enable to enable, Disable to disable
ACC1(decision)#m at c h ap p li ca t io n [name]
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
604
ACC1(decision)#se t t u nn el di sa b le /en a bl e
Sets a specific application to tunnel or do not tunnel. Enable to enable, Disable to disable
ACC1(decision)#se t t u nn el enable
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
Co n f ig u r at io n C om m an d s /
605
(rule) match
Command
Defines the filter for what type of traffic is handled by this rule per IP, tos bits and/or application name. Enter the application name and a valid IP address
Related Commands
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
606
ACC1(rule)#s e t po l ic y o rd e r
[ 1 00 to 6 5 53 4]
Defines the importance of the rule. Enter a valid policy order
ACC1(rule)#s e t po l ic y o rd e r 1000
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
Co n f ig u r at io n C om m an d s /
607
A C C1 (r u le )# s et po li c y pa s s- t hr ou g h
Sets the traffic type to override the entire QoS mechanism and pass through critical/ Diagnostic traffic Enter a valid policy priority.
ACC1(rule)#s et po li c y p as s- t hr ou g h
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
608
ACC1(rule)#s e t po l ic y p ri o ri ty
h i gh low m e di u m r e al - ti me
Defines the Priority for the application. Enter a valid policy priority.
ACC1(rule)#s e t po l ic y p ri o ri ty
h i gh low m e di u m r e al - ti me
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
Related Commands
Co n f ig u r at io n C om m an d s /
609
A C C1 (r u le )# s et p oli cy r at e bu rs t en ab le
Sets the traffic defined for this rule to be allowed to send bursts No additional parameters required
A C C1 (r u le )# s et p oli cy r at e bu rs t en ab le
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
610
ACC1(rule)#s et p ol i cy ra t e d es i re d number ( 1 t o
1 0 00 00 0 )
Sets a minimum bandwidth for the application. Enter a valid policy rate
Co n f ig u r at io n C om m an d s /
611
ACC1(rule)#se t p ol i cy r a te li mi t number (1 to
10 0 00 0 0)
Sets a maximum bandwidth for the application. Enter a valid policy rate larger than the minimum
612
(WAN) strict-priority
Command Description Parameters
AC C 1( WA N )# st r ic t -p ri o ri ty [e n ab le | di sa b le ] [i n bo un d |o ut b ou n d| bo t h]
Sets strict-priority for inbound and/or outbound traffic. Inbound for inbound Outbound for outbound Both for both
AC C 1( WA N )# st r ic t -p ri o ri ty enable both
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) burst, on page 613
Co n f ig u r at io n C om m an d s /
613
(WAN) burst
Command Description Parameters Example with Syntax Related Commands
ACC1(WAN)#b u rs t [ nu mb e r]
Enables bursts on the WAN up to the set bandwidth (1 to 1000000). Enter the bandwidth
ACC1(WAN)#b u rs t [ nu mb e r]
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612
614
RAID Commands
For general information on RAID, see About RAID, on page 308. The 6950 has 2 RAID arrays with up to two disks. The 79xx has 1 RAID array and up to 8 disks. Your specific Accelerator, may be configured differently. The following commands are available: (config) raid, on page 614 (RAID) add-disk, on page 614 (RAID) exit, on page 615 (RAID) remove-disk, on page 615 (RAID) show, on page 616
(config) raid
Command Description Parameters Example with Syntax Related Commands
Acc(config)# r ai d
Enters the RAID node No additional parameters are necessary
Acc(config)# r ai d
(RAID) add-disk, on page 614 (RAID) exit, on page 615 (RAID) remove-disk, on page 615 (RAID) show, on page 616
(RAID) add-disk
Command Description Parameters Example with Syntax Related Commands
A cc 2 3- 79 4 0( RA I D) a dd -d i sk [ d is k -n am e ]
Adds a disk to the RAID array. Enter the disk name, HDD01 for example
A cc 2 3- 79 4 0( RA I D) add-disk HDD01
(config) raid, on page 614 (RAID) exit, on page 615 (RAID) remove-disk, on page 615 (RAID) show, on page 616
Co n f ig u r at io n C om m an d s /
615
(RAID) exit
Command Description Parameters Example with Syntax Related Commands
Ac c( R AI D) ex i t
Exits the RAID menu and returns to the Configuration Menu. No additional parameters needed
Ac c( R AI D) exit
(config) raid, on page 614 (RAID) add-disk, on page 614 (RAID) remove-disk, on page 615 (RAID) show, on page 616
(RAID) remove-disk
Command Description Parameters Example with Syntax Related Commands
A cc (R A ID ) r em o ve -d i sk [d is k -n am e ]
Removes a disk from the RAID array. Enter the disk name, HDD01 for example
A cc (R A ID ) remove-disk HDD01
(config) raid, on page 614 (RAID) add-disk, on page 614 (RAID) exit, on page 615 (RAID) show, on page 616
616
(RAID) show
This command allows you to view the RAID array list and the disk list that are included in the RAID array. This list is dependent on the model of Accelerator that you have deployed.
Note: Should the status of the RAID disk be displayed as dirty, no errors it is not
indicative of a problem.
Command Description Parameters Example with Syntax Related Commands
A cc 23 - 79 40 ( RA I D) sh o w
Shows the RAID Arrays list and the Disk List (list will be different for each Accelerator) No additional parameters are necessary
Co n f ig u r at io n C om m an d s /
617
618
ACC1(config)#a gg r eg at i on po st cl a ss [d ef a ul t | c u st om - 1 | c us t om 2 | c it ri x ] gl o ba l [ en a bl e | di sa b le ]
Sets the Citrix aggregation classes globally. Citrix Aggregation on a link has 4 predefined classes that let you configure and apply different Citrix Aggregation settings to different types of traffic: default custom-1 custom-2 citrix Different applications may require different Citrix Aggregation class configuration (for example: different window size and aggregated packet size). Several well-known applications are defined as belonging to 'default' or 'citrix' aggregation class (for example: Citrix and Telnet applications predefined to belong to the 'citrix' class, which is preconfigured to properly handle these applications). You can disable, enable or configure each class. You can set each application that exists in the Accelerator to belong to one of the Citrix Aggregation classes. By default, Citrix is enabled but default, custom-1 and custom-2 are disabled. The Citrix Aggregation class parameter configuration is available only per-link. The Global command is for ease of use. This command is not saved in the configuration file, but goes over each link and changes its configuration to enable/disable. To view Citrix Aggregation statistics, use the show interface link command from the config prompt.
Description Parameters
ACC1(config)#a gg r eg at i on po st cl a ss [d ef a ul t |
c u st om - 1 | c us t om 2 | c it ri x ] gl o ba l [ en a bl e | di sa b le ]
(config) interface link, on page 619 (decision) set aggregation-class, on page 619 (LINK) aggregation post, on page 620 (LINK) aggregation post class, on page 620 (LINK) aggregation post limit, on page 621 (LINK) aggregation post threshold, on page 622 (LINK) aggregation post window, on page 623
Related Commands
Co n f ig u r at io n C om m an d s /
619
ACC1(config)#in t er f ac e l in k [ number]
Opens the node for the configuration of a specific link Enter the link number
ACC1(config)#in t er f ac e l in k [ number]
(config) aggregation post class, on page 618 (decision) set aggregation-class, on page 619 (LINK) aggregation post, on page 620 (LINK) aggregation post class, on page 620 (LINK) aggregation post limit, on page 621 (LINK) aggregation post threshold, on page 622 (LINK) aggregation post window, on page 623
ACC1(decision)#s et a g gr eg a ti o n- cl a ss [ c it r ix | d e fa ul t | cu st o m- 1 | c u st om - 2]
Sets the post-acceleration class of an application. An application is coupled with a Citrix Aggregation class through a decision. To see which application belongs to which class, type the show decision command. Enter the application name and the correct aggregation class.
620
ACC1(LINK)#a gg re g at io n p o st [e na b le | d is ab l e]
Sets the Citrix aggregation classes per link. Enter the bandwidth
ACC1(LINK)#a gg re g at io n p o st enable
(config) aggregation post class, on page 618 (config) interface link, on page 619 (decision) set aggregation-class, on page 619 (LINK) aggregation post class, on page 620 (LINK) aggregation post limit, on page 621 (LINK) aggregation post threshold, on page 622 (LINK) aggregation post window, on page 623
ACC1(LINK)#a gg r eg at i on p o st cl as s [ de f au l t |
c us t om - 1 | c us to m 2 | ci t ri x] [d i sa bl e | e na b le | li m it | t hr e sh ol d | wi n do w ]
Description
Defines a class of post aggregation settings. You can define settings per link per class or for the entire link. For limit, threshold and window details see below. The Citrix Aggregation class parameter configuration is available only per-link (see (LINK) aggregation post, on page 620). This command is for ease of use. It is not saved in the configuration file, but goes over each link and changes its configuration to enable/disable Enter the bandwidth
ACC1(LINK)#a gg r eg at i on p o st cl as s [ de f au l t |
c us t om - 1 | c us to m 2 | ci t ri x] [d i sa bl e | e na b le | li m it | t hr e sh ol d | wi n do w ]
(config) aggregation post class, on page 618 (config) interface link, on page 619 (decision) set aggregation-class, on page 619 (LINK) aggregation post, on page 620 (LINK) aggregation post limit, on page 621 (LINK) aggregation post threshold, on page 622 (LINK) aggregation post window, on page 623
Related Commands
Co n f ig u r at io n C om m an d s /
621
ACC1(LINK)#a gg r eg at i on p o st li mi t [ 40 - 3 00 0]
Sets the upper limit for packets to be aggregated. Number in bytes. The limit, set in bytes, is the upper ceiling of packet size for packets to be eligible for Citrix aggregation: packets that are larger than LIMIT are not aggregated (they are supposed to be big enough to be sent one at a time). Enter the bandwidth. You can configure LIMIT in range 40-3000 bytes. The default value is 256
ACC1(LINK)#a gg r eg at i on p o st li mi t 256
(config) aggregation post class, on page 618 (config) interface link, on page 619 (decision) set aggregation-class, on page 619 (LINK) aggregation post, on page 620 (LINK) aggregation post class, on page 620 (LINK) aggregation post threshold, on page 622 (LINK) aggregation post window, on page 623
622
ACC1(LINK)#a gg r eg at i on po st th re s ho l d [4 0 3 0 00 | au to ]
Sets the post aggregation threshold, number in bytes 40 to 3000 or automatic. The threshold, set in bytes, is the maximum size of aggregated packets. That is, when an aggregate packet reaches this size, it can be sent. You can configure THRESHOLD in range 40-MTU. If fragmentation is configured in the link, the threshold auto value will not be larger than the fragmentation size. Enter the correct threshold. The default value is auto, which means that the threshold will be calculated dynamically according to available bandwidth as follows: 512 bytes - for bandwidth that is less than or equal to 512 Kbps 1024 bytes - for bandwidth that is greater than 512 Kbps and less then 1Mbps MTU (usually 1500 bytes but no more than 3000) - for bandwidth that is more than 1Mbps
Parameters
ACC1(LINK)#a gg r eg at i on po st th re s ho l d 512
(config) aggregation post class, on page 618 (config) interface link, on page 619 (decision) set aggregation-class, on page 619 (LINK) aggregation post, on page 620 (LINK) aggregation post class, on page 620 (LINK) aggregation post limit, on page 621 (LINK) aggregation post window, on page 623
Co n f ig u r at io n C om m an d s /
623
ACC1(LINK)#ag gr e ga t io n p o st wi n do w [ 1 - 1 00 |
au t o]
Sets the post-acceleration window, number in bytes 1 to 100 or automatic. The window command is set in units of 10 ms. This is the maximum amount of time a packet can be delayed in Citrix Aggregation queues. This means that when WINDOW * 10 ms elapses, an aggregate packet is sent (even if its total size has not yet reached LIMIT value). This is done to avoid long packet delays. WINDOW can be configured in a range of 1-100 units. The default value is auto, which means that the WINDOW value is calculated dynamically given the bandwidth and the threshold value. An estimated value of the auto value is bandwidth/Threshold. This enables the aggreagator to wait enough time to get an aggregated packet with the largest size close to the THRESHOLD value. Enter the correct threshold
ACC1(LINK)#ag gr e ga t io n p os t t hr es h ol d 90
(config) aggregation post class, on page 618 (config) interface link, on page 619 (decision) set aggregation-class, on page 619 (LINK) aggregation post, on page 620 (LINK) aggregation post class, on page 620 (LINK) aggregation post limit, on page 621 (LINK) aggregation post threshold, on page 622
624
(Conf) dns-acceleration
Command Description Parameters Example with Syntax Related Commands
A CC 1 (c on f )# Dn s -a c ce le r at io n
Enables/disables DNS Acceleration. By default DNS Acceleration is disabled. Enable to enable, Disable to disable
A CC 1 (c on f )# Dn s -a c ce le r at io n
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) cache size, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) use-accelerator-dns, on page 631
Co n f ig u r at io n C om m an d s /
625
AC C 1( DN S -A CC ) #c a ch e c le ar
Lets you clear the cache contents. No additional parameters required.
AC C 1( DN S -A CC ) # cache clear
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache size, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) use-accelerator-dns, on page 631
A CC 1( D NS -A C C) # ca ch e s iz e [ 1 00 -3 0 00 0 | a u to ]
Lets you select whether to accept the system-defined value of the cache size or to set your own value (between 100 and 30000). Enter the application name and the correct aggregation class.
A CC 1( D NS -A C C) # ca ch e s iz e 2400
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) use-accelerator-dns, on page 631
626
(DNS-ACC) dns-acceleration
Command Description Parameters Example with Syntax Related Commands
A CC 1 (D NS - AC C) # Dn s -a cc e le ra t io n [ en a bl e | d is a bl e]
Enables/disables DNS Acceleration. By default DNS Acceleration is disabled. Enable to enable, Disable to disable
A CC 1 (D NS - AC C) # Dn s -a cc e le ra t io n enable
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) cache size, on page 625 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) use-accelerator-dns, on page 631
(DNS-ACC) Dns-masquerading
Command Description Parameters Example with Syntax Related Commands
A C C1 (D N S- AC C )# D ns -m a sq ue r ad i ng [ e na bl e | d i sa bl e ]
Enables/disables DNS masquerading. By default DNS masquerading is disabled. Enable to enable, Disable to disable
A C C1 (D N S- AC C )# D ns -m a sq ue r ad i ng enable
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) cache size, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) use-accelerator-dns, on page 631
Co n f ig u r at io n C om m an d s /
627
(DNS-ACC) ip host
Command Description Parameters Example with Syntax Related Commands
A C C1 (D N S- AC C )# i p ho s t [W O RD ] [I P]
Lets you define a static host-name to address, by using the WORD parameter followed by an IP address. Enter the site name and the correct IP address.
A C C1 (D N S- AC C )# i p ho s t mysite 100.100.20.5
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) cache size, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) use-accelerator-dns, on page 631
A C C1 (D N S- A CC )# i p ho s t [ pu rg e ]
Lets you remove all definitions of static hosts, by using the purge parameter. No additional parameters required.
A C C1 (D N S- A CC )# i p ho s t purge
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) cache size, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) use-accelerator-dns, on page 631
628
A CC 1 (D N S- AC C )# mi n T TL (m i nu te s ) [p r es e rv et tl | 1 -1 44 0 ]
Lets you select whether to keep the system-defined value of the time-to-leave period (preserve-ttl) or to set your own value (between 1 and 1440 minutes). Enter the a valid time period as described above.
A CC 1 (D N S- AC C )# mi n T TL (m in u te s ) pr e se rv e -t tl
440
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) cache size, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) use-accelerator-dns, on page 631
AC C1 ( DN S -A CC ) #q ue r y t im eo u t (0 - 30 )
Lets you set your own value for the query time out period (between 0 and 30) Enter a valid time out period as described above.
AC C1 ( DN S -A CC ) #q ue r y t im eo u t 25
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) cache size, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) use-accelerator-dns, on page 631
Co n f ig u r at io n C om m an d s /
629
AC C1 ( DN S- A CC ) #s ho w c ac h e
Displays the details of all hosts currently stored in the cache: host name, host address, flags and expiry time (time-to-leave). No additional parameters required.
AC C1 ( DN S- A CC ) #s ho w c ac h e
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) cache size, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show statistics, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) use-accelerator-dns, on page 631
A CC 1( D NS - AC C) # sh ow st a ti st i cs
Displays the statistics for the queries since the last time the DNS Acceleration feature was enabled: total number of queries, number of hits and number of misses. No additional parameters required.
A CC 1( D NS - AC C) # show statistics
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) cache size, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) transparency, on page 630 (DNS-ACC) use-accelerator-dns, on page 631
630
(DNS-ACC) transparency
Command Description
A C C1 (D N S- A CC )# t ra ns p ar e nc y [ au to | f ul l | s e mi ]
Lets you set your requested transparency mode: Semi - the traffic is transparent to the Client, but the server sees it as coming from the Accelerator. Full - the traffic is transparent to both the Client and the Server. Auto - the transparency is determined automatically according to the deployment level: either Semi (in On-LAN deployment) or Full (in On-Path deployment). The default value is Auto. Enter a valid transparency mode as described above.
A C C1 (D N S- A CC )# t ra ns p ar e nc y auto
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) cache size, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) use-accelerator-dns, on page 631
Co n f ig u r at io n C om m an d s /
631
(DNS-ACC) use-accelerator-dns
Command Description
A C C1 (D N S- A CC )# u se -a c ce l er at o r- dn s [ e na bl e | d i sa bl e ]
Enables/disables the use of Accelerator DNS, thereby defining the Accelerator as a DNS client. By so doing, the Accelerator will always intercept traffic and use its setting to process the traffic, even if that traffic was sent to another DNS server. If you enable the use of Accelerator DNS, you have to configure an IP name server under the DNS node. Enable to enable, Disable to disable.
A C C1 (D N S- A CC )# u se -a c ce l er at o r- dn s enable
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) cache size, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) show statistics, on page 629
632
AC C1 ( co n fi g) # sh ow cr y pt o
Lets you view the entire details of Accelerators crypto, such as the crypto mode, the IKE and the IPsec policies. No additional parameters required.
AC C1 ( co n fi g) # sh ow cr y pt o
(config) show interface link, on page 633 (config) show running-config, on page 633 (crypto) ipsec, on page 634 (crypto) show tech-encryption, on page 634 (ike_policy) description, on page 635 (ike_policy) esp-algorithm, on page 635 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ipsec) ike-policy, on page 637
Co n f ig u r at io n C om m an d s /
633
A CC 1( c on f ig )# s ho w i nt e rf ac e l in k [ n um be r ]
Lets you view whether IPsec is enabled, which IPsec policy is used and other details. Enter the link number.
A CC 1( c on f ig )# s ho w i nt e rf ac e l in k 1
(config) show crypto, on page 632 (config) show running-config, on page 633 (crypto) ipsec, on page 634 (crypto) show tech-encryption, on page 634 (ike_policy) description, on page 635 (ike_policy) esp-algorithm, on page 635 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ipsec) ike-policy, on page 637
AC C1 ( co n fi g) # sh ow ru n ni ng - co nf i g
Lets you view the entire details of the current crypto configuration, such as crypto mode, policy rules and decision number. No additional parameters required.
AC C1 ( co n fi g) # sh ow ru n ni ng - co nf i g
(config) show crypto, on page 632 (config) show interface link, on page 633 (crypto) ipsec, on page 634 (crypto) show tech-encryption, on page 634 (ike_policy) description, on page 635 (ike_policy) esp-algorithm, on page 635 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ipsec) ike-policy, on page 637
634
(crypto) ipsec
Command Description Parameters Example with Syntax Related Commands
A CC 1 (c r yp to ) #i ps e c
Lets you enter the IPsec node No additional parameters required.
A CC 1 (c r yp to ) #i ps e c
(config) show crypto, on page 632 (config) show interface link, on page 633 (config) show running-config, on page 633 (crypto) show tech-encryption, on page 634 (ike_policy) description, on page 635 (ike_policy) esp-algorithm, on page 635 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ipsec) ike-policy, on page 637
A CC 1 (c ry p to )# s ho w t ec h -e nc r yp t io n
Lets you view the IPsec tunnel status and the Pluto log. No additional parameters required.
A CC 1 (c ry p to )# s ho w t ec h -e nc r yp t io n
(config) show crypto, on page 632 (config) show interface link, on page 633 (config) show running-config, on page 633 (crypto) ipsec, on page 634 (ike_policy) description, on page 635 (ike_policy) esp-algorithm, on page 635 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ipsec) ike-policy, on page 637
Co n f ig u r at io n C om m an d s /
635
(ike_policy) description
Command Description Parameters Example with Syntax Related Commands
A CC 1( i ke _ po li c y) #d e sc r ip ti o n [W O RD ]
Lets you add a description to the IKE policy. Legal text string. Use underscores in place of spaces.
A CC 1( i ke _ po li c y) #d e sc r ip ti o n th i s_ d es cr i pt io n
(config) show crypto, on page 632 (config) show interface link, on page 633 (config) show running-config, on page 633 (crypto) ipsec, on page 634 (crypto) show tech-encryption, on page 634 (ike_policy) esp-algorithm, on page 635 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ipsec) ike-policy, on page 637
(ike_policy) esp-algorithm
Command Description Parameters Example with Syntax Related Commands
A C C1 (i k e_ po l ic y )# es p -a lg o ri t hm < 1 -3 >
Lets you set the ESP algorithm for the IKE policy. Pick an order from 1-3.
A C C1 (i k e_ po l ic y )# esp-algorithm 2
(config) show crypto, on page 632 (config) show interface link, on page 633 (config) show running-config, on page 633 (crypto) ipsec, on page 634 (crypto) show tech-encryption, on page 634 (ike_policy) description, on page 635 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ipsec) ike-policy, on page 637
636
AC C 1( ik e _p ol i cy ) #p re - sh ar e d k ey
Lets you create a pre-shared key. No additional parameters are necessary. Enter Y to confirm. This command is recommended only for transactions over a secure channel:
AC C 1( ik e _p ol i cy ) # pre-shared key
(config) show crypto, on page 632 (config) show interface link, on page 633 (config) show running-config, on page 633 (crypto) ipsec, on page 634 (crypto) show tech-encryption, on page 634 (ike_policy) description, on page 635 (ike_policy) esp-algorithm, on page 635 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ipsec) ike-policy, on page 637
AC C1 ( ik e _p ol i cy )# s a- l if et i me h o ur s < 1- 2 4>
Lets you set the number of hours for the SA lifetime 1 to 24 hours.
AC C1 ( ik e _p ol i cy )# sa-lifetime hours 12
(config) show crypto, on page 632 (config) show interface link, on page 633 (config) show running-config, on page 633 (crypto) ipsec, on page 634 (crypto) show tech-encryption, on page 634 (ike_policy) description, on page 635 (ike_policy) esp-algorithm, on page 635 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ipsec) ike-policy, on page 637
Co n f ig u r at io n C om m an d s /
637
A CC 1 (i k e_ po l ic y) # sa - li fe t im e s ec o nd s < 30 08 64 0 0>
Lets you set the number of hours for the SA lifetime 300 to 86400 seconds.
A CC 1 (i k e_ po l ic y) # sa-lifetime 4000
(config) show crypto, on page 632 (config) show interface link, on page 633 (config) show running-config, on page 633 (crypto) ipsec, on page 634 (crypto) show tech-encryption, on page 634 (ike_policy) description, on page 635 (ike_policy) esp-algorithm, on page 635 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ipsec) ike-policy, on page 637
(ipsec) ike-policy
Command Description Parameters Example with Syntax Related Commands
AC C1 ( ip s ec )# i ke -p o li c y
Lets you enter the IKE policy node. No additional parameters required.
AC C1 ( ip s ec )# i ke -p o li c y
(config) show crypto, on page 632 (config) show interface link, on page 633 (config) show running-config, on page 633 (crypto) ipsec, on page 634 (crypto) show tech-encryption, on page 634 (ike_policy) description, on page 635 (ike_policy) esp-algorithm, on page 635 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636
638
ARP Commands
This section contains the following configurations: (config) (config) (config) (config) arp, on page 638 arp cache limits, on page 638 arp cache max-size, on page 639 arp clear-table, on page 639
(config) arp
Command Description Parameters Example with Syntax Related Commands
ACC1(config)#a r p [ IP a d dr es s x .x . x. x ] [M A C ad dr e ss x x: x x: xx : xx : xx :x x ]
Sets manual ARP cache entries Enter a valid IP address and MAC address.
Co n f ig u r at io n C om m an d s /
639
AC C1 (c on fi g) # a r p ca c he m a x- s iz e 800000
(config) arp, on page 638 (config) arp cache limits, on page 638 (config) arp clear-table, on page 639
ACC1(config)#a rp cl ea r -t a bl e [ vo la t il e ]
Clears the ARP cache table. Using the volatile variable lets you clear entries from the active ARP without clearing the database. No additional parameters required.
ACC1(config)#a rp cl ea r -t a bl e [ vo la t il e ]
(config) arp, on page 638 (config) arp cache limits, on page 638 (config) arp cache max-size, on page 639
640
Additional Commands
This section contains the following configuration commands: (config) HSRP, on page 640 (config) HSRP autodetect, on page 641 (config) interface ethernet 0, on page 642 (config) interface vlan, on page 642 (config) VRRP, on page 643 (config) wan, on page 643 (interface) bridged-state disable, on page 644 (interface) ip address, on page 644 (interface) link-mode, on page 645
(config) HSRP
i i Note: In AcceleratorOS versions up to 6.0, adding an HSRP group automatically included the Accelerator in the group. Starting from AcceleratorOS 6.0, after HSRP group parameters are updated, the Accelerator must join the group. In the CLI this is accomplished using the join/leave commands.
Command Description Parameters
ACC1(config)#H S RP [number]
Sets manual configuration of HSRP Enter the following Parameters: authentication [string] force-priority ip (update IP address- create group if it does not exist) join leave (leave HSRP group) preempt priority [number 0 - 254] timers virtual-mac (virtual MAC address) vlan (assign HSRP group to VLAN)
ACC1(config)#H S RP 20
(config) HSRP autodetect, on page 641 (config) interface ethernet 0, on page 642 (config) interface vlan, on page 642 (config) VRRP, on page 643 (config) wan, on page 643 (interface) bridged-state disable, on page 644 (interface) ip address, on page 644 (interface) link-mode, on page 645
Co n f ig u r at io n C om m an d s /
641
ACC1(config)#H SR P 20 a ut h en ti c at i on myauthentication
f or c e- pr i or i ty i p 100.100.50.2 j oi n p re e mp t p ri o ri ty 1 t im e rs v ir t ua l- m ac F:F:F:F:F:F:F: v la n 2
ACC1(config)#HS R P au t od et e ct en ab l e/ di s ab l e
The Accelerator can auto-detect HSRP groups on its networks and add them to its Group Table Enable to enable, Disable to disable.
642
ACC1(config)# i nt er f ac e e th e rn et 0
Enters the configuration node for the Ethernet 0 interface. No additional parameters needed
ACC1(config)# i nt er f ac e e th e rn et 0
(config) HSRP, on page 640 (config) HSRP autodetect, on page 641 (config) interface vlan, on page 642 (config) VRRP, on page 643 (config) wan, on page 643 (interface) bridged-state disable, on page 644 (interface) ip address, on page 644 (interface) link-mode, on page 645
ACC1(config)#i n te rf a ce v l an [number]
x . x. x .x x . x. x. x
Enables VLAN, sets group number and IP address or native or native tagged Accelerator IP address as VLAN group IP address. Enter the following information (enter ip address and subnet mask) native native tagged
Description Parameters
ACC1(config)#i n te rf a ce v l an 1 100.100.50.5
(config) HSRP, on page 640 (config) HSRP autodetect, on page 641 (config) interface ethernet 0, on page 642 (config) VRRP, on page 643 (config) wan, on page 643 (interface) bridged-state disable, on page 644 (interface) ip address, on page 644 (interface) link-mode, on page 645
Co n f ig u r at io n C om m an d s /
643
(config) VRRP
Command Description Parameters
A C C1 (c o nf i g) #V R RP [ n um b er ]
Sets manual configuration of VRRP Enter the following parameters: ip (update IP address- create group if it does not exist) preempt priority [number 0 - 254] timer
A C C1 (c o nf i g) #V R RP [ n um b er ] i p 1 .1 . 1. 1 p r ee mp t p r io ri t y 100 t i me r
Related Commands
(config) HSRP, on page 640 (config) HSRP autodetect, on page 641 (config) interface ethernet 0, on page 642 (config) interface vlan, on page 642 (config) wan, on page 643 (interface) bridged-state disable, on page 644 (interface) ip address, on page 644 (interface) link-mode, on page 645
(config) wan
Command Description Parameters Example with Syntax Related Commands
ACC1(config)#w an [name]
Creates a new WAN. Enter the name of the WAN.
ACC1(config)#w an mywan
(config) HSRP, on page 640 (config) HSRP autodetect, on page 641 (config) interface ethernet 0, on page 642 (config) interface vlan, on page 642 (config) VRRP, on page 643 (interface) bridged-state disable, on page 644 (interface) ip address, on page 644 (interface) link-mode, on page 645
644
ACC1(interface)# b ri dg e d- s ta te di sa b le
Disables bridge support for the Ethernet 0 interface. No additional parameters needed
ACC1(interface)# b ri dg e d- s ta te disable
(config) HSRP, on page 640 (config) HSRP autodetect, on page 641 (config) interface ethernet 0, on page 642 (config) interface vlan, on page 642 (config) VRRP, on page 643 (config) wan, on page 643 (interface) ip address, on page 644 (interface) link-mode, on page 645
(interface) ip address
Command Description Parameters Example with Syntax Related Commands
ACC1(interface)# i p a dd re s s [x . x. x .x y . y. y. y ]
Sets an IP address and subnet mask for the Ethernet 0 interface. Enter a valid IP and subnet mask
AC C 1( in t er fa c e) # i p a dd re s s 100.100.23.2
255.255.255.255
(config) HSRP, on page 640 (config) HSRP autodetect, on page 641 (config) interface ethernet 0, on page 642 (config) interface vlan, on page 642 (config) VRRP, on page 643 (config) wan, on page 643 (interface) bridged-state disable, on page 644 (interface) link-mode, on page 645
Co n f ig u r at io n C om m an d s /
645
(interface) link-mode
Command
Description Parameters
646
Link Commands
The following commands are available: (config) interface link, on page 646 (LINK) acceleration, on page 647 (LINK) aggregation, on page 647 (LINK) cache-size large, on page 648 (LINK) checksum, on page 648 (LINK) force, on page 649 (LINK) fragmentation, on page 649 (LINK) header compression, on page 650 (LINK) header preservation, on page 650 (LINK) wan-id, on page 652 (LINK) header preservation tos, on page 651 (LINK) header preservation ttl, on page 652 (LINK) wan-id, on page 652
ACC1(config)#in te r fa c e li n k
Enters the Interface Link node. No additional parameters are necessary.
ACC1(config)#in te r fa c e li n k
(LINK) acceleration, on page 647 (LINK) aggregation, on page 647 (LINK) cache-size large, on page 648 (LINK) checksum, on page 648 (LINK) force, on page 649 (LINK) fragmentation, on page 649 (LINK) header compression, on page 650 (LINK) header preservation, on page 650 (LINK) wan-id, on page 652 (LINK) header preservation tos, on page 651 (LINK) header preservation ttl, on page 652 (LINK) wan-id, on page 652
Co n f ig u r at io n C om m an d s /
647
(LINK) acceleration
Command Description Parameters Example with Syntax Related Commands
ACC1(LINK)# ac ce l er at i on en ab l e/ di s ab l e
Sets the link to accelerate all traffic Enable to enable, Disable to disable.
ACC1(LINK)# ac ce l er at i on enable
(config) interface link, on page 646 (LINK) aggregation, on page 647 (LINK) cache-size large, on page 648 (LINK) checksum, on page 648 (LINK) force, on page 649 (LINK) fragmentation, on page 649 (LINK) header compression, on page 650 (LINK) header preservation, on page 650 (LINK) wan-id, on page 652 (LINK) header preservation tos, on page 651 (LINK) header preservation ttl, on page 652 (LINK) wan-id, on page 652
(LINK) aggregation
Command Description
AC C1 ( LI NK ) #a g gr eg a ti on au t o [n u mb er ]
Enables small packets to be aggregated on this link. If packets arrive smaller than the set size (68 to 6000), the QoS mechanism aggregates them and sends them together across the link. This only applies to traffic set with a CoS value of low, medium and high priority. Aggregation is accomplished on outgoing packets before the packets are compressed, and therefore you do not have to configure the aggregation symmetrically on both ends. Aggregation is applied only on congested links, to avoid adding unnecessary latency on nonproblematic links. Enter a valid number as described above, or Auto for the Accelerator to decide.
AC C1 ( LI NK ) #a g gr eg a ti on au t o 900
(config) interface link, on page 646 (LINK) acceleration, on page 647 (LINK) cache-size large, on page 648 (LINK) checksum, on page 648 (LINK) force, on page 649 (LINK) fragmentation, on page 649 (LINK) header compression, on page 650 (LINK) header preservation, on page 650 (LINK) wan-id, on page 652 (LINK) header preservation tos, on page 651 (LINK) header preservation ttl, on page 652 (LINK) wan-id, on page 652
648
ACC1(LINK)# ca c he -s i ze l a rg e e na b le
Sets the link to work in Large cache size mode. Enable to enable, Disable to disable.
ACC1(LINK)# ca c he -s i ze l a rg e enable
(config) interface link, on page 646 (LINK) acceleration, on page 647 (LINK) aggregation, on page 647 (LINK) checksum, on page 648 (LINK) force, on page 649 (LINK) fragmentation, on page 649 (LINK) header compression, on page 650 (LINK) header preservation, on page 650 (LINK) wan-id, on page 652 (LINK) header preservation tos, on page 651 (LINK) header preservation ttl, on page 652 (LINK) wan-id, on page 652
(LINK) checksum
Command Description Parameters Example with Syntax Related Commands
ACC1(LINK)# c he ck s um e n ab l e/ di s ab le
Includes a checksum in all packet transmissions. This setting is useful for high error rate links and troubleshooting purposes. Enable to enable, Disable to disable
ACC1(LINK)# c he ck s um enable
(config) interface link, on page 646 (LINK) acceleration, on page 647 (LINK) aggregation, on page 647 (LINK) cache-size large, on page 648 (LINK) force, on page 649 (LINK) fragmentation, on page 649 (LINK) header compression, on page 650 (LINK) header preservation, on page 650 (LINK) wan-id, on page 652 (LINK) header preservation tos, on page 651 (LINK) header preservation ttl, on page 652 (LINK) wan-id, on page 652
Co n f ig u r at io n C om m an d s /
649
(LINK) force
Command Description Parameters Example with Syntax Related Commands
ACC1(LINK)# f or c e e na bl e /d is a bl e
Sets the link to force all traffic into the tunnel. Enable to enable, Disable to disable
ACC1(LINK)# f or c e enable
(config) interface link, on page 646 (LINK) acceleration, on page 647 (LINK) aggregation, on page 647 (LINK) cache-size large, on page 648 (LINK) checksum, on page 648 (LINK) fragmentation, on page 649 (LINK) header compression, on page 650 (LINK) header preservation, on page 650 (LINK) wan-id, on page 652 (LINK) header preservation tos, on page 651 (LINK) header preservation ttl, on page 652 (LINK) wan-id, on page 652
(LINK) fragmentation
Command Description
A CC 1( L IN K )# fr a gm en t at i on a u to [ n um b er ]
Enables packets to be fragmented on this link. If packets arrive larger than the set size (68 to 6000), the QoS mechanism breaks them up. This setting is useful for handling latency on low bandwidth links, and applies only to traffic set with a CoS value of low, medium and high priority. Fragmentation does not have to be configured symmetrically on both ends. Fragmentation is accomplished on outgoing packets before the packets are compressed. Enter a valid number as described above, or auto for the Accelerator to pick.
A CC 1( L IN K )# fr a gm en t at i on 900
(config) interface link, on page 646 (LINK) acceleration, on page 647 (LINK) aggregation, on page 647 (LINK) cache-size large, on page 648 (LINK) checksum, on page 648 (LINK) force, on page 649 (LINK) header compression, on page 650 (LINK) header preservation, on page 650 (LINK) wan-id, on page 652 (LINK) header preservation tos, on page 651 (LINK) header preservation ttl, on page 652 (LINK) wan-id, on page 652
650
ACC1(LINK)# h ea de r c om p re s si on [ en a bl e| d is ab l e]
Enables or disables header compression Enable to enable, Disable to disable.
ACC1(LINK)# h ea de r c om p re s si on enable
(config) interface link, on page 646 (LINK) acceleration, on page 647 (LINK) aggregation, on page 647 (LINK) cache-size large, on page 648 (LINK) checksum, on page 648 (LINK) force, on page 649 (LINK) fragmentation, on page 649 (LINK) header preservation, on page 650 (LINK) wan-id, on page 652 (LINK) header preservation tos, on page 651 (LINK) header preservation ttl, on page 652 (LINK) wan-id, on page 652
ACC1(LINK)# h ea d er p r es er v at i on s r c
[ e na bl e |d is a bl e ]
Preserves the source IP address of the original IP header. This setting, which is useful for Policy Routing, also enables distinguishing between sessions. The SRC setting is disabled by default. Enable to enable, Disable to disable.
Co n f ig u r at io n C om m an d s /
651
ACC1(LINK)# he a de r p re se r va t io n p or ts [e n ab l e| di s ab le ]
Preserves the port settings. Enable to enable, Disable to disable.
ACC1(LINK)# h ea de r p r es er v at io n t o s [ en a bl e |d is a bl e]
TOS: Preserves the original ToS point settings - this is enabled by default. Enable to enable, Disable to disable.
ACC1(LINK)# h ea de r p r es er v at io n t o s enable
652
ACC1(LINK)# he ad e r p re se r va ti o n t tl
[e n ab le | di s ab le ]
TTL: Preserves the original TTL. This is disabled by default. Enable to enable, Disable to disable.
(LINK) wan-id
Command Description Parameters Example with Syntax Related Commands
ACC1(LINK)#w an - id [ number/ de f au lt ]
Sets the WAN to which this Link is assigned. Enter a valid IP, VRRP group number, and priority number
ACC1(LINK)#w an - id [ number/ de f au lt ]
(config) interface link, on page 646 (LINK) acceleration, on page 647 (LINK) aggregation, on page 647 (LINK) cache-size large, on page 648 (LINK) checksum, on page 648 (LINK) force, on page 649 (LINK) fragmentation, on page 649 (LINK) header compression, on page 650 (LINK) header preservation, on page 650 (LINK) wan-id, on page 652 (LINK) header preservation tos, on page 651 (LINK) header preservation ttl, on page 652
Co n f ig u r at io n C om m an d s /
653
(config) expand-view
Command Description Parameters Example with Syntax Related Commands
ACC1(config)# ex pa n d- v ie w
Enables/Disables interaction with ExpandView. Enable to enable, Disable to disable
ACC1(config)# ex pa n d- v ie w
(EVIEW) agent, on page 653 (EVIEW) IP address, on page 654 (EVIEW) port, on page 654 (EVIEW) show, on page 654
(EVIEW) agent
Command Description Parameters Example with Syntax Related Commands
AC C 1( E VI EW ) # ag e nt [e na b le /d i sa b le ]
Enables/Disables interaction with ExpandView. Enable to enable, Disable to disable
AC C 1( E VI EW ) # ag e nt enable
(config) expand-view, on page 653 (EVIEW) IP address, on page 654 (EVIEW) port, on page 654 (EVIEW) show, on page 654
654
(EVIEW) IP address
Command Description Parameters Example with Syntax Related Commands
A CC 1 (E VI E W) # I P ad d re s s [x . x. x. x ]
Sets the address of the ExpandView server in an Accelerator. Enter a valid IP address of the ExpandView server
A CC 1 (E VI E W) # I P ad d re s s 100.100.25.5
(config) expand-view, on page 653 (EVIEW) agent, on page 653 (EVIEW) port, on page 654 (EVIEW) show, on page 654
(EVIEW) port
Command Description Parameters Example with Syntax Related Commands
A CC 1 (E VI E W) # p or t [ xx x x]
Sets the port to use for interaction with the ExpandView server. Enter a legal port number that should be used to interact with the ExpandView server.
A CC 1 (E VI E W) # p or t 81
(config) expand-view, on page 653 (EVIEW) agent, on page 653 (EVIEW) IP address, on page 654 (EVIEW) show, on page 654
(EVIEW) show
Command Description Parameters Example with Syntax Related Commands
AC C 1( EV I EW )# sh ow
Verifies whether the unit is connected to ExpandView. No additional parameters
AC C 1( EV I EW )# show
(config) expand-view, on page 653 (EVIEW) agent, on page 653 (EVIEW) IP address, on page 654 (EVIEW) port, on page 654
Note: For more information on ExpandView, please refer to the ExpandView user
guide.
Co n f ig u r at io n C om m an d s /
655
SNMP Commands
This section contains the following configuration options: (config) (config) (config) (config) (config) snmp snmp snmp snmp snmp change-v3-password, on page 655 community access, on page 656 enable, on page 656 trap community, on page 657 traps, on page 657
ACC1(config)#s nm p c h an ge - v3 -p a ss w or d
Sets the password SNMP v.3 password. The default password is expand_initial_password and should be changed. Enter a valid password as described above.
ACC1(config)#s nm p c h an ge - v3 -p a ss w or d expand_initial_password
(config) snmp community access, on page 656 (config) snmp enable, on page 656 (config) snmp trap community, on page 657 (config) snmp traps, on page 657
Note: When monitoring for specific MIBs, add the index number of the processor even
if only one processor exists. Failing to add the index number results in an error message. For example: using the snmpget command with the syntax snmpget -v 1 -c expand 10.65.0.209 1.3.6.1.4.1.3405.1.3.1.1.2.1.3 returns the following error: There is no such variable name in this MIB. Failed object: SNMPv2-SMI:enterprises.3405.1.3.1.1.2.1.3 The correct string would be: snmpget -v 1 -c expand 10.65.0.209 1.3.6.1.4.1.3405.1.3.1.1.2.1.3.1 <processor id>
656
ACC1(config)#s nm p c om m un it y [ na m e] ac ce s s [ re a d- on l y/ r ea d- w ri te ]
Sets the name of the SNMP community (a group of users that are granted access to certain Accelerator devices). Each SNMP community can have either read-only or readwrite authorization. The default community is Public, and its authorization is read-write. Enter a valid name and access type as described above.
ACC1(config)#s n mp e n ab le / di s ab le
Enables/Disables SNMP support in the Accelerator. Enable to enable, Disable to disable.
ACC1(config)#s n mp enable
(config) snmp change-v3-password, on page 655 (config) snmp community access, on page 656 (config) snmp trap community, on page 657 (config) snmp traps, on page 657
Co n f ig u r at io n C om m an d s /
657
Note: If, after defining snmp trap manager-ip, snmp read community or snmp trap community, you want to clear these values, use the no command to reverse this definition. For example: no snmp read community [name]
Command Description Parameters Example with Syntax Related Commands
ACC1(config)#s nm p t r ap c o mm un i ty [n am e ]
Sets the name of the SNMP trap community. The default is Public. Enter a valid name as described above.
ACC1(config)#s nm p t r ap c o mm un i ty public
(config) snmp change-v3-password, on page 655 (config) snmp community access, on page 656 (config) snmp enable, on page 656 (config) snmp traps, on page 657
ACC1(config)#sn m p t ra ps en ab l e/ di s ab l e
Enables/Disables SNMP trap support. Enable to enable, Disable to disable.
ACC1(config)#sn m p t ra ps enable
(config) snmp change-v3-password, on page 655 (config) snmp community access, on page 656 (config) snmp enable, on page 656 (config) snmp trap community, on page 657
658
Log Commands
The following commands are available: (config) logging, on page 658 (logging) mail active, on page 659 (logging) mail from, on page 660 (logging) mail recipient, on page 660 (logging) mail server ip, on page 661 (logging) mail server port, on page 661 (logging) mail severity, on page 662 (logging) syslog active, on page 662 (logging) syslog facility, on page 663 (logging) syslog server ip, on page 663 (logging) syslog severity maximum, on page 664 (logging) syslog severity minimum, on page 664
(config) logging
Co n f ig u r at io n C om m an d s /
659
ACC1(config)#l og g in g
Enters the Logging node. No additional parameters are necessary.
ACC1(config)#l og g in g
(logging) mail active, on page 659 (logging) mail from, on page 660 (logging) mail recipient, on page 660 (logging) mail server ip, on page 661 (logging) mail server port, on page 661 (logging) mail severity, on page 662 (logging) syslog active, on page 662 (logging) syslog facility, on page 663 (logging) syslog server ip, on page 663 (logging) syslog severity maximum, on page 664 (logging) syslog severity minimum, on page 664
ACC1(logging)#m a il a c ti v e [d i sa bl e | en ab l e]
Sets the Accelerator to send email notification when events and alerts are received Enable to enable, disable to disable
ACC1(logging)#m a il a c ti v e enable
(config) logging, on page 658 (logging) mail from, on page 660 (logging) mail recipient, on page 660 (logging) mail server ip, on page 661 (logging) mail server port, on page 661 (logging) mail severity, on page 662 (logging) syslog active, on page 662 (logging) syslog facility, on page 663 (logging) syslog server ip, on page 663 (logging) syslog severity maximum, on page 664 (logging) syslog severity minimum, on page 664
660
ACC1(logging)#ma il fr om [ name]
Sets the name to appear in the From field of emails sent from the Accelerator. Enter a valid password as described above.
ACC1(logging)#ma il fr om [ name]
(config) logging, on page 658 (logging) mail active, on page 659 (logging) mail recipient, on page 660 (logging) mail server ip, on page 661 (logging) mail server port, on page 661 (logging) mail severity, on page 662 (logging) syslog active, on page 662 (logging) syslog facility, on page 663 (logging) syslog server ip, on page 663 (logging) syslog severity maximum, on page 664 (logging) syslog severity minimum, on page 664
ACC1(logging)#m ai l r ec i pi en t [ name]
Sets the name to appear in the To field of emails sent from the Accelerator. Enter a valid email address as described above.
ACC1(logging)#m ai l r ec i pi en t username@emailaddress.com
(config) logging, on page 658 (logging) mail active, on page 659 (logging) mail from, on page 660 (logging) mail server ip, on page 661 (logging) mail server port, on page 661 (logging) mail severity, on page 662 (logging) syslog active, on page 662 (logging) syslog facility, on page 663 (logging) syslog server ip, on page 663 (logging) syslog severity maximum, on page 664 (logging) syslog severity minimum, on page 664
Co n f ig u r at io n C om m an d s /
661
ACC1(logging)#m ai l s er v er i p 100.100.50.8
(config) logging, on page 658 (logging) mail active, on page 659 (logging) mail from, on page 660 (logging) mail recipient, on page 660 (logging) mail server port, on page 661 (logging) mail severity, on page 662 (logging) syslog active, on page 662 (logging) syslog facility, on page 663 (logging) syslog server ip, on page 663 (logging) syslog severity maximum, on page 664 (logging) syslog severity minimum, on page 664
ACC1(logging)#m a il s e rv er po r t 86
(config) logging, on page 658 (logging) mail active, on page 659 (logging) mail from, on page 660 (logging) mail recipient, on page 660 (logging) mail server ip, on page 661 (logging) mail severity, on page 662 (logging) syslog active, on page 662 (logging) syslog facility, on page 663 (logging) syslog server ip, on page 663 (logging) syslog severity maximum, on page 664 (logging) syslog severity minimum, on page 664
662
ACC1(logging)#m ai l s ev e ri ty mi ni m um [i nf o |
w ar n in g | e r ro r | f a ta l] ma xi m um [e rr o r | f at a l | i nf o | w a rn i ng ]
Description
Defines which events are sent, from the minimum to the maximum. Log events are as follows: info - informational events warning - warnings error - errors in acceleration fatal - fatal errors Enter the event as described above.
ACC1(logging)#s y sl og ac t iv e [ di sa b le |
en ab l e]
Enables Syslog events to be sent. Enable to enable, Disable to disable
ACC1(logging)#s y sl og ac t iv e enable
(config) logging, on page 658 (logging) mail active, on page 659 (logging) mail from, on page 660 (logging) mail recipient, on page 660 (logging) mail server ip, on page 661 (logging) mail server port, on page 661 (logging) mail severity, on page 662 (logging) syslog facility, on page 663 (logging) syslog server ip, on page 663 (logging) syslog severity maximum, on page 664 (logging) syslog severity minimum, on page 664
Co n f ig u r at io n C om m an d s /
663
ACC1(logging)#sy sl o g f ac il i ty [ number]
Sets the Syslog facility number. Enter a valid number
ACC1(logging)#sy sl o g f ac il i ty 23
(config) logging, on page 658 (logging) mail active, on page 659 (logging) mail from, on page 660 (logging) mail recipient, on page 660 (logging) mail server ip, on page 661 (logging) mail server port, on page 661 (logging) mail severity, on page 662 (logging) syslog active, on page 662 (logging) syslog server ip, on page 663 (logging) syslog severity maximum, on page 664 (logging) syslog severity minimum, on page 664
ACC1(logging)#s ys l og s e rv e r ip 100.100.20.3
(config) logging, on page 658 (logging) mail active, on page 659 (logging) mail from, on page 660 (logging) mail recipient, on page 660 (logging) mail server ip, on page 661 (logging) mail server port, on page 661 (logging) mail severity, on page 662 (logging) syslog active, on page 662 (logging) syslog facility, on page 663 (logging) syslog severity maximum, on page 664 (logging) syslog severity minimum, on page 664
664
ACC1(logging)#s y sl og se v er it y m ax i mu m
Defines which events to send, from the minimum to the maximum. Use in conjunction with severity minimum. Enter a valid event: info warning error fatal
ACC1(logging)#s y sl og se v er it y m in i mu m
Defines which events to send, from the minimum to the maximum. Use in conjunction with severity maximum. Enter a valid event: info warning error fatal
Co n f ig u r at io n C om m an d s /
665
log archive
Command Description Parameters Example with Syntax Related Commands
ACC1#lo g a r ch iv e [ pr e fi x ]
Enables creating a log archive. To insert your selected prefix, type this prefix in the WORD field. Enter a valid prefix if desired
ACC1#lo g a r ch iv e myprefix
log archive delete, on page 665 log upload, on page 666 show log archive, on page 666
ACC1#lo g a rc hi v e [ de le t e] [ f il e na me ] | [ a ll ]
Enables deleting a log archive. You can select between the following options: WORD - to delete a specific file. all - to delete all files. Enter a specific file name or All to delete all files as described above.
666
log upload
Command Description
ACC1#l og u p lo ad [m e th od ] [ fi l en a me ] | [ la te s t] [d es t in at i on ]
Lets you select the parameters for uploading log archive files: which method to use, which files to upload, and the requested destination. The optional values are as follows: Method - FTP, SFTP, TFTP and SCP Filename - to select a specific file. Latest - to upload the latest generated log archive. Destination - the destination of the file. Enter parameters as described above
ACC1#s ho w l og a r ch i ve
Lets you view all archived log files, including name, size and time stamp. No additional parameters required.
ACC1#s ho w l og a r ch i ve
log archive, on page 665 log archive delete, on page 665 log upload, on page 666
Co n f ig u r at io n C om m an d s /
667
ACC1(config)#co p y s ta rt u p- co n fi g r un n in gc on f ig
Reverts the running configuration to the last saved startup configuration. No additional parameters required
ACC1(config)#co p y s ta rt u p- co n fi g r un n in gc on f ig
(config) erase startup configuration, on page 668 (config) ping, on page 668 (config) show tech-support, on page 669 (config) traceroute, on page 669 (config) traceroute host, on page 670 (config) write startup-config, on page 670 (config) write terminal, on page 670
668
ACC1(config)#e ra se st ar t up co nf i gu ra t io n
Restores the Accelerators configuration to the Factory Default Settings. No additional parameters required
ACC1(config)#e ra se st ar t up co nf i gu ra t io n
(config) copy startup-config running-config, on page 667 (config) ping, on page 668 (config) show tech-support, on page 669 (config) traceroute, on page 669 (config) traceroute host, on page 670 (config) write startup-config, on page 670 (config) write terminal, on page 670
(config) ping
Command Description Parameters Example with Syntax Related Commands
Co n f ig u r at io n C om m an d s /
669
ACC1(config)#s h ow t e ch - su pp o rt [ c on t in uo u s]
Gathers troubleshooting statistics from the Accelerator. Press More to view additional output each time; alternatively, add the parameter continuous, to enable continuous output. Only add the continuous parameter if you want continuous output
ACC1(config)#s h ow t e ch - su pp o rt continuous
(config) copy startup-config running-config, on page 667 (config) erase startup configuration, on page 668 (config) ping, on page 668 (config) traceroute, on page 669 (config) traceroute host, on page 670 (config) write startup-config, on page 670 (config) write terminal, on page 670
(config) traceroute
Command Description Parameters Example with Syntax Related Commands
670
A CC 1( c on fi g )# tr ac e ro ut e [ h os t]
Displays the route to a remote machine Enter a valid host, where [host] represents the machine hosts name.
A CC 1( c on fi g )# tr ac e ro ut e
(config) copy startup-config running-config, on page 667 (config) erase startup configuration, on page 668 (config) ping, on page 668 (config) show tech-support, on page 669 (config) traceroute, on page 669 (config) write startup-config, on page 670 (config) write terminal, on page 670
A CC 1 (c o nf ig ) #w ri t e s ta rt u p- co n fi g
Saves the running configuration as the startup configuration. No additional parameters required
A CC 1 (c o nf ig ) # write startup-config
(config) copy startup-config running-config, on page 667 (config) erase startup configuration, on page 668 (config) ping, on page 668 (config) show tech-support, on page 669 (config) traceroute, on page 669 (config) traceroute host, on page 670 (config) write terminal, on page 670
A CC 1 (c on f ig )# w ri t e te r mi na l
Displays the running configuration on the terminal screen (similar to the show
startup-config command).
Parameters Example with Syntax Related Commands No additional parameters required
A CC 1 (c on f ig )# write terminal
(config) copy startup-config running-config, on page 667 (config) erase startup configuration, on page 668 (config) ping, on page 668 (config) show tech-support, on page 669 (config) traceroute, on page 669 (config) traceroute host, on page 670 (config) write startup-config, on page 670
Co n f ig u r at io n C om m an d s /
671
Accdump Commands
The following configuration options are available: (config) accdump, on page 671 (ACCDUMP) ipaccdump enable, on page 672 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump file-size, on page 673 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump flags, on page 674 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump upload, on page 675
(config) accdump
Command Description Parameters Example with Syntax Related Commands
A CC 1( c on fi g )# a cc du m p
Enters the Accdump node. No additional parameters needed
A CC 1( c on fi g )# accdump
(ACCDUMP) ipaccdump enable, on page 672 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump file-size, on page 673 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump flags, on page 674 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump upload, on page 675
672
ACC1(ACCDUMP)#i p a cc du m p en a bl e |d is a bl e
Enables or disables accdump. Note: If you choose enable, all values you configured do not affect the database. The database is being updated only after you carry out the exit command. Enable to enable, Disable to disable
ACC1(ACCDUMP)#i p a cc du m p enable
(config) accdump, on page 671 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump file-size, on page 673 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump flags, on page 674 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump upload, on page 675
ACC1(accdump)#i p t cp d um p f il e s- fo r ma t
Configures the tcpdump file format. Enter a valid IP and host The available types are: Pcap (saves the default format) enc (re-formats the file)
ACC1(accdump)#i p t cp d um p f il e s- fo r ma t enc
(config) accdump, on page 671 (ACCDUMP) ipaccdump enable, on page 672 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump file-size, on page 673 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump flags, on page 674 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump upload, on page 675
Co n f ig u r at io n C om m an d s /
673
ACC1(accdump)#i p t cp d um p f il e s- nu m be r a ut o /
[ number]
Configures the tcpdump file number. Possible values are 1 to 1000. If you type auto, the system sets the file number and file size to default (100 and 10MB, respectively). Enter a valid number or auto as described above
ACC1(accdump)#i p t cp d um p f il e s- nu m be r auto
(config) accdump, on page 671 (ACCDUMP) ipaccdump enable, on page 672 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump file-size, on page 673 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump flags, on page 674 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump upload, on page 675
ACC1(accdump)#ip tc p du mp fi le - si z e [ number]
Configures the tcpdump file size. Possible values are 1 to 1000 MB. Enter a valid number as described above.
ACC1(accdump)#ip tc p du mp fi le - si z e 500
(config) accdump, on page 671 (ACCDUMP) ipaccdump enable, on page 672 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump flags, on page 674 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump upload, on page 675
674
ACC1(accdump)#i p t cp d um p f il t er [ f il te r
ex pr e ss io n ]
Lets you capture only specific packets into the tcpdump files by using filter expressions in the formats acceptable by the system, such as net_10.2.3.0/ 24_and_port_20. or host_10.2.3.4_and_pronto 17. Enter a valid expression
ACC1(accdump)#i p t cp d um p f il t er net_10.2.3.0
(config) accdump, on page 671 (ACCDUMP) ipaccdump enable, on page 672 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump file-size, on page 673 (ACCDUMP) ip tcpdump flags, on page 674 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump upload, on page 675
ACC1(accdump)#ip tc p du mp fl ag s ( f l a g n a m e)
Lets you select tcpdump optional flags. For a detailed description of the optional flags, see in the appendix,TCPDump Optional Flags, on page 425 Enter a flag name as described in the appendix, TCPDump Optional Flags, on page 425
Co n f ig u r at io n C om m an d s /
675
ACC1(accdump)#i p t cp du m p in t er f ac e[ i nt er f ac e
n am e ]
Lets you select an option for an interface: Enter a valid interface as follows: any - capture packets from all interfaces. eth-local - capture packets from local interfaces. eth0 - captures packets from ethernet 0 eth0/0 - captures packets from ethernet 0/0 eth0/0 - captures packets from ethernet 0/1 internal - captures packets from internal interfaces
ACC1(accdump)#i p t cp du m p in t er f ac e any
(config) accdump, on page 671 (ACCDUMP) ipaccdump enable, on page 672 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump file-size, on page 673 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump flags, on page 674 (ACCDUMP) ip tcpdump upload, on page 675
ACC1(accdump)#ip t c pd u mp u p lo ad [m e th od ] [f i le ] [ de s ti na t io n ]
Lets you select the parameters for uploading tcpdump files: which method to use, which files to upload, and the requested destination. Enter a valid IP and host The optional values are as follows: Method - FTP, SFTP, TFTP and SCP File - one of the accdump files Destination - like in the Copy operation: user.password@ip/ file_destination_path
676
AC C 1( re m ot e- d es k to p- p ro xy ) # c op y c er ti f ic a te
Copies a saved authentication certificate. Use one of the following methods: scp sftp tftp ftp http
In th e f ol lo w in g f or m at : co p y ce r ti fi c at e [ pr o to co l t o b e u se d] us e rn am e :p as s wo r d@ [v a li d s er v er I P a dd r es s ]/ [c e rt if i ca te fi l e pa t h an d n a me ]
Note that the user name and password may not be needed for all copying methods Example with Syntax
Related Commands
Co n f ig u r at io n C om m an d s /
677
AC C 1( re m ot e -d es k to p- p ro x y) # d ef a ul t c er t if i ca te
Enables or disables the authentication certificate. Enable to enable, Disable to disable.
AC C 1( re m ot e -d es k to p- p ro x y) # de f au lt c e rt if i ca te en a bl e
(remote-desktop-proxy) copy certificate, on page 676 (remote-desktop-proxy) exclude, on page 677 (remote-desktop-proxy) excluded-servers, on page 678 (remote-desktop-proxy) no <removal parameter>, on page 678 (remote-desktop-proxy) proxy, on page 679 (remote-desktop-proxy) show, on page 679
(remote-desktop-proxy) exclude
Command Description Parameters
A CC 1( r em ot e -d e sk to p -p ro x y) ex cl u de [ cl ie n t| se r ve r |w or d |I P]
This allows you to exclude a specific server, client, or subnet from the RDP services. Note that enabling other services on an excluded machine will have to be done by hand. Enter one of the following parameters: Client - choose client to exclude the client Server - choose server to exclude the server Word - servers logical name IP - IP address of the server or subnet
678
(remote-desktop-proxy) excluded-servers
Command Description Parameters Example with Syntax
AC C 1( re m ot e- d es k to p- p ro xy ) # e xc lu d ed -s e rv e rs
This allows you to clear the servers from the excluded servers table. This action clears all of the servers that are on the list in a single execution. Clear to clear, and when prompted enter Y or N to continue or cancel.
AC C 1( re m ot e- d es k to p- p ro xy ) # e xc lu d ed -s e rv e rs cl e ar Wa r ni ng : T hi s o p er at i on w i ll de le t e al l ex c lu de d s er v er s . Ar e y ou su re ? ( y /n ) Y
Related Commands
(remote-desktop-proxy) copy certificate, on page 676 (remote-desktop-proxy) default certificate, on page 677 (remote-desktop-proxy) exclude, on page 677 (remote-desktop-proxy) no <removal parameter>, on page 678 (remote-desktop-proxy) proxy, on page 679 (remote-desktop-proxy) show, on page 679
A CC 1( r em ot e -d e sk to p -p ro x y) # n o < re mo v al p ar am e te r>
This allows you to clear the servers from the excluded servers table. This action clears all of the servers that are on the list in a single execution. enter one of the following commands: Default certificate - to remove the default authentication certificate Exclude - to remove the exclude servers Proxy - disables the RDP Proxy
A CC 1( r em ot e -d e sk to p -p ro x y) # n o d ef au l t c er ti f ic at e
(remote-desktop-proxy) copy certificate, on page 676 (remote-desktop-proxy) default certificate, on page 677 (remote-desktop-proxy) exclude, on page 677 (remote-desktop-proxy) excluded-servers, on page 678 (remote-desktop-proxy) proxy, on page 679 (remote-desktop-proxy) show, on page 679
Co n f ig u r at io n C om m an d s /
679
(remote-desktop-proxy) proxy
Command Description Parameters Example with Syntax Related Commands
A CC 1 (r em o te -d e sk t op -p r ox y) # p r ox y
Enables or disables the RDP service Enable to enable Disable to Disable
A CC 1 (r em o te -d e sk t op -p r ox y) # proxy enable
(remote-desktop-proxy) copy certificate, on page 676 (remote-desktop-proxy) default certificate, on page 677 (remote-desktop-proxy) exclude, on page 677 (remote-desktop-proxy) excluded-servers, on page 678 (remote-desktop-proxy) no <removal parameter>, on page 678 (remote-desktop-proxy) show, on page 679
(remote-desktop-proxy) show
Command Description Parameters Example with Syntax Related Commands
A CC 1( r em o te -d e sk to p -p ro x y) # s ho w
Shows the RDP service status Proxy - for proxy status Remote-desktop-proxy for RDP status
A CC 1( r em o te -d e sk to p -p ro x y) # sh remote-desktop-proxy
(remote-desktop-proxy) copy certificate, on page 676 (remote-desktop-proxy) default certificate, on page 677 (remote-desktop-proxy) exclude, on page 677 (remote-desktop-proxy) excluded-servers, on page 678 (remote-desktop-proxy) no <removal parameter>, on page 678 (remote-desktop-proxy) proxy, on page 679
The following screen appears (in this example the RDP status is shown):
Proxy.............................enable Default certificate...............enable Proxy statistics ----------------------------------------------------Peak number of concurrent sessions: 3 Current number of sessions: 1 Average RDP PDU size: 952.43 Max RDP PDU size: 15452 ----------------------------------------------------No Remote Desktop Proxy excluded servers exist.
For an explanation on the statistics output, see Collecting RDP Proxy Statistics, on page 279.
680
ACC1(config)# i n te rf a ce l i nk mo bi l e
Creates a link from an Accelerator to a Mobile Accelerator Client You need to enter the unique id of the remote device. It is 27 characters long. The ID must have the following syntax where X is a number: XXXXXXXXXXXXXXXXXXXXXXXX
ACC1(config)# i n te rf a ce l i nk mo bi l e 3030-3033-62332334324792334
interface link template, on page 680 remote-unique-id, on page 681 show interface link template, on page 681 show remote-unique-id, on page 682 show unique-id, on page 682
ACC1(config)# i nt e rf ac e l in k t e mp la t e
Opens the specified template Template number <0-33> is required. Currently only templates 0 and 1 are supported. Template number 0 is the default Accelerator Link template Template number 1 is the default Mobile Accelerator Client Link template
ACC1(config)# i nt e rf ac e l in k t e mp la t e 1
interface link mobile, on page 680 remote-unique-id, on page 681 show interface link template, on page 681 show remote-unique-id, on page 682 show unique-id, on page 682
Co n f ig u r at io n C om m an d s /
681
remote-unique-id
Command Description Parameters
ACC1(LINK)# re m ot e- u ni qu e -i d
Sets the unique id for the remote device (Mobile Accelerator Client) You need to enter the unique id of the remote device. It is 27 characters long. The ID must have the following syntax where X is a number: XXXXXXXXXXXXXXXXXXXXXXXX
ACC1(LINK)# re m ot e- u ni qu e -i d 3030-3033-62332334324347934
interface link mobile, on page 680 interface link template, on page 680 show interface link template, on page 681 show remote-unique-id, on page 682 show unique-id, on page 682
ACC1(config)# sh o w in t er f ac e l in k t em p la te
Opens the specified template Template number <0-33> is required. Template number 0 is the default Accelerator Link template Template number 1 is the default Mobile Accelerator Client Link template All shows all templates
ACC1(config)# sh o w in t er f ac e l in k t em p la te
all
interface link mobile, on page 680 interface link template, on page 680 remote-unique-id, on page 681 show remote-unique-id, on page 682 show unique-id, on page 682
682
show remote-unique-id
Note that Mobile Accelerator Clients that are not connected will be shown as idle.
Command Description Parameters Example with Syntax Related Commands
ACC1(LINK)# s ho w r em o te -u n iq ue - id
Displays the unique id for the remote device. This can be an Accelerator or a Mobile Accelerator Client. no additional parameters necessary
ACC1(LINK)# s ho w r em o te -u n iq ue - id
interface link mobile, on page 680 interface link template, on page 680 remote-unique-id, on page 681 show interface link template, on page 681 show unique-id, on page 682
show unique-id
Command Description Parameters Example with Syntax Related Commands
ACC1(config)# s ho w u ni q ue -i d
Displays the unique id for the Accelerator. no additional parameters necessary
ACC1(config)# s ho w u ni q ue -i d
interface link mobile, on page 680 interface link template, on page 680 remote-unique-id, on page 681 show interface link template, on page 681 show remote-unique-id, on page 682
Configuring WAFS
The following configurations are available: Basic Operation Commands, on page 684 Print Administration Commands, on page 688 Printer Driver Commands, on page 690 CUPS Commands, on page 692 Printer Port Commands, on page 693 Printer Management Commands, on page 696 WAFS Transparency Commands, on page 698 Excluded Server Commands, on page 699 CIFS Commands, on page 700 Compression Filter Commands, on page 701 Time and Date Commands, on page 702 Additional Commands, on page 703 Fetch Commands, on page 706 FileBank Director Commands, on page 707 WAFS Help Commands, on page 711 WAFS Licensing Commands, on page 712 WAFS Log File Commands, on page 713 Replication Service Commands, on page 718 Replication User Commands, on page 725 Event Scheduling Commands, on page 731 Service Management Commands, on page 734 Software Commands, on page 738 Statistic Commands, on page 739 Stf_filter Commands, on page 740 Transaction Monitoring Commands, on page 742 TTCP Commands, on page 743 User Commands, on page 745 Virtual Memory Statistic Commands, on page 746 Wins Commands, on page 747
Co n f ig u r in g WAF S /
683
Most of the WAFS configuration is done through the CLI, letting you display and manage printing devices and printing authorizations.
684
{hostname}:filecontroller0# exit
Command Description Parameters Example with Syntax Related Commands
{ ho s tn am e }: fi l ec o nt ro l le r0 # [ e xi t| q ui t]
Logs out from shell. No additional parameters needed.
{ ho s tn am e }: fi l ec o nt ro l le r0 # quit
{hostname}:filecontroller0# ping [host], on page 684 {hostname}:filecontroller0# reboot, on page 685 {hostname}:filecontroller0# restart, on page 685 {hostname}:filecontroller0# shutdown, on page 685 {hostname}:filecontroller0# start, on page 686 {hostname}:filecontroller0# stop, on page 686
{ ho s tn am e }: fi l ec o nt ro l le r0 # p i ng [ h os t]
Pings a remote machine. Enter a valid IP address
{ ho s tn am e }: fi l ec o nt ro l le r0 # ping 122.222.22
{hostname}:filecontroller0# exit, on page 684 {hostname}:filecontroller0# reboot, on page 685 {hostname}:filecontroller0# restart, on page 685 {hostname}:filecontroller0# shutdown, on page 685 {hostname}:filecontroller0# start, on page 686 {hostname}:filecontroller0# stop, on page 686
Co n f ig u r in g WAF S /
685
{hostname}:filecontroller0# reboot
Command Description Parameters Example with Syntax Related Commands
{ ho st n am e} : fi l ec on t ro ll e r0 # r eb o ot
Reboots the WAFS module. No additional parameters are needed
{ ho st n am e} : fi l ec on t ro ll e r0 # reboot
{hostname}:filecontroller0# exit, on page 684 {hostname}:filecontroller0# ping [host], on page 684 {hostname}:filecontroller0# restart, on page 685 {hostname}:filecontroller0# shutdown, on page 685 {hostname}:filecontroller0# start, on page 686 {hostname}:filecontroller0# stop, on page 686
{hostname}:filecontroller0# restart
Command Description Parameters Example with Syntax Related Commands
{h os t na me } :f i le co n tr ol l er 0 # re s ta rt
Stops and then restarts the application. No additional parameters required.
{h os t na me } :f i le co n tr ol l er 0 # restart
{hostname}:filecontroller0# exit, on page 684 {hostname}:filecontroller0# ping [host], on page 684 {hostname}:filecontroller0# reboot, on page 685 {hostname}:filecontroller0# shutdown, on page 685 {hostname}:filecontroller0# start, on page 686 {hostname}:filecontroller0# stop, on page 686
{hostname}:filecontroller0# shutdown
Command Description Parameters Example with Syntax Related Commands
{ ho s tn am e }: fi l ec o nt ro l le r0 # s h ut do w n
Shuts down the system. No additional parameters are needed
{ ho s tn am e }: fi l ec o nt ro l le r0 # shutdown
{hostname}:filecontroller0# exit, on page 684 {hostname}:filecontroller0# ping [host], on page 684 {hostname}:filecontroller0# reboot, on page 685 {hostname}:filecontroller0# restart, on page 685 {hostname}:filecontroller0# start, on page 686 {hostname}:filecontroller0# stop, on page 686
686
{hostname}:filecontroller0# start
Command Description Parameters Example with Syntax Related Commands
{ ho s tn am e }: f il ec o nt ro l le r 0# s t ar t
Starts the WAFS module on the logged device. No additional parameters required.
{ ho s tn am e }: f il ec o nt ro l le r 0# start
{hostname}:filecontroller0# exit, on page 684 {hostname}:filecontroller0# ping [host], on page 684 {hostname}:filecontroller0# reboot, on page 685 {hostname}:filecontroller0# restart, on page 685 {hostname}:filecontroller0# shutdown, on page 685 {hostname}:filecontroller0# stop, on page 686
{hostname}:filecontroller0# stop
Command Description Parameters Example with Syntax Related Commands
{ ho s tn a me }: f il ec o nt ro l le r 0# s t op
Stops the WAFS module on the logged device. No additional parameters required.
{ ho s tn a me }: f il ec o nt ro l le r 0# stop
{hostname}:filecontroller0# exit, on page 684 {hostname}:filecontroller0# ping [host], on page 684 {hostname}:filecontroller0# reboot, on page 685 {hostname}:filecontroller0# restart, on page 685 {hostname}:filecontroller0# shutdown, on page 685 {hostname}:filecontroller0# start, on page 686
Co n f ig u r in g WAF S /
687
Cache Commands
Manages and displays cache-related information. The following commands are available: {hostname}:filecontroller0# cache invalidate, on page 687 {hostname}:filecontroller0# cache [show], on page 687 {hostname}:filecontroller0# cache ttl set, on page 687
{ ho s tn am e }: f il ec o nt ro l le r 0# ca c he i n va li d at e
Resets the TTL for the cached information, thereby forcing the FB to validate the updated information with the EFS. Enter a valid parameter as described above.
{ ho s tn am e }: f il ec o nt ro l le r 0# ca c he invalidate
{hostname}:filecontroller0# cache [show], on page 687 {hostname}:filecontroller0# cache ttl set, on page 687
{h os t na me } :f i le co n tr ol l er 0 #c ac h e sh o w
Displays cache-related information. No additional parameters are needed
{h os t na me } :f i le co n tr ol l er 0 #c ac h e show
{hostname}:filecontroller0# cache invalidate, on page 687 {hostname}:filecontroller0# cache ttl set, on page 687
{ ho s tn am e }: fi l ec o nt ro l le r0 # ca c he t t l se t
Displays or sets cache Time To Live for directories or files. The Time To Live is expressed in seconds, where the default is 1800 (30 minutes) and the Maximum is 14,400. The specific directory and file must be included.
{ ho s tn am e }: fi l ec o nt ro l le r0 # ca c he t t l se t c / m yf i le s. t xt 2 5 00
{hostname}:filecontroller0# cache invalidate, on page 687 {hostname}:filecontroller0# cache [show], on page 687
688
{ ho st n am e} : fi l ec on t ro ll e r0 # p ri nt i ng a d mi ns a dd |d e le te gr o up { [ do ma i n\ ] us er }
Lets you add or delete printer administrators groups. Enter the username/group for the printer administrator
{ h os tn a me }: f il e co nt r ol le r 0# p ri nt i ng a d mi n s a d d us e r
Lets you add or delete printer administrators users. Use the following parameters: Add - adds a user Delete - deletes a user Domain - a valid domain address User - the username of the account you want to have administrative status.
Co n f ig u r in g WAF S /
689
{ h os t na me } :f il e co n tr ol l er 0# p ri n ti ng ad mi n s l i st
Displays a list of printer administrators users and groups No additional parameters required
{ h os t na me } :f il e co n tr ol l er 0# p ri n ti ng ad mi n s l i st
{hostname}:filecontroller0# printing admins add group, on page 688 {hostname}:filecontroller0#printing admins add user, on page 688 {hostname}:filecontroller0# printing devices list, on page 689 {hostname}:filecontroller0#printing drivers show, on page 689
{h os t na me } :f i le co n tr ol l er 0 # pr i nt i ng d e vi ce s li st
Shows information regarding locally connected printers. No additional parameters required
{ ho s tn am e }: fi l ec o nt ro l le r0 # pr i nt in g d ri v er s s ho w
Displays the status of the printing drivers. No additional parameters required
{ ho s tn am e }: fi l ec o nt ro l le r0 # pr i nt in g d ri v er s
show
{hostname}:filecontroller0# printing admins add group, on page 688 {hostname}:filecontroller0#printing admins add user, on page 688 {hostname}:filecontroller0#printing admins list, on page 689 {hostname}:filecontroller0# printing devices list, on page 689
690
{h o st na m e} : fi le c on tr o ll e r0 #p r in ti n g dr i ve rs mi g ra te {d o ma in | us er }
Use domain user to migrate drivers from File Server to the File Bank Enter a valid UserID and domain name
{h o st na m e} : fi le c on tr o ll e r0 # pr i nt in g d ri ve r s se t c li e nt
Setting manual mode for client driver installation. No additional parameters required
{h o st na m e} : fi le c on tr o ll e r0 # pr i nt in g d ri ve r s se t c li e nt
{hostname}:filecontroller0# printing drivers migrate, on page 690 {hostname}:filecontroller0# printing drivers set local, on page 691 {hostname}:filecontroller0# printing drivers set remote, on page 691 {hostname}:filecontroller0# printing drivers set server, on page 691
Co n f ig u r in g WAF S /
691
{h os t na m e} :f i le co n tr o ll er 0 # pr in t in g dr i ve rs se t l oc a l
Store uploaded printer drivers on local print $ share (on the File Bank). No additional parameters required
{h os t na m e} :f i le co n tr o ll er 0 # pr in t in g dr i ve rs se t l oc a l
{hostname}:filecontroller0# printing drivers migrate, on page 690 {hostname}:filecontroller0# printing drivers set local, on page 691 {hostname}:filecontroller0# printing drivers set remote, on page 691 {hostname}:filecontroller0# printing drivers set server, on page 691
{ h os tn a me }: f il e co nt r ol le r 0# p ri nt i ng d r iv e rs s e t re m ot e
Store uploaded printer drivers on remote print $ share (on the File Server). Enter a valid UserID and domain name
{ h os tn a me }: f il e co nt r ol le r 0# p ri nt i ng d r iv e rs s e t re m ot e
{hostname}:filecontroller0# printing drivers migrate, on page 690 {hostname}:filecontroller0# printing drivers set local, on page 691 {hostname}:filecontroller0# printing drivers set local, on page 691 {hostname}:filecontroller0# printing drivers set server, on page 691
{h o st n am e} : fi le c on t ro ll e r0 # p ri nt i ng dr iv e rs se t s e rv er
Setting point and print mode for client driver installation. No additional parameters required
{h o st n am e} : fi le c on t ro ll e r0 # p ri nt i ng dr iv e rs se t s e rv er
{hostname}:filecontroller0# printing drivers migrate, on page 690 {hostname}:filecontroller0# printing drivers set local, on page 691 {hostname}:filecontroller0# printing drivers set local, on page 691 {hostname}:filecontroller0# printing drivers set remote, on page 691
692
CUPS Commands
The following commands are available: {hostname}:filecontroller0# printing restart, on page 692 {hostname}:filecontroller0# printing status, on page 692
{h o st na m e} : fi le c on tr o ll e r0 # pr in t in g re st a rt
Restarts the CUPS service, which is responsible for the print spooling and processing in the system. No additional parameters required
{h o st na m e} : fi le c on tr o ll e r0 # p ri nt i ng restart
{hostname}:filecontroller0# printing status, on page 692
{ h os tn a me } :f il e co nt r ol l er 0# pr in t in g s ta t us
Checks the status of the CUPS service. This command checks only whether this service is supposed to run, and not the services actual state No additional parameters required
{ h os tn a me } :f il e co nt r ol l er 0# pr in t in g s ta t us
{hostname}:filecontroller0# printing restart, on page 692
Co n f ig u r in g WAF S /
693
{h os t na m e} :f i le co n tr o ll er 0 #p ri n ti n g po r t [d el e te | ad d] [ na me ]
Lets you add or delete a printing port. The default port - Accelerator Local Port - cannot be modified or deleted. Enter a valid printing port name
{h os t na m e} :f i le co n tr o ll er 0 #p ri n ti n g p o rt a dd
{ ho s tn am e }: fi l ec o nt ro l le r0 # pr i nt in g p or t s
Displays the list of the existing printer ports, with their names and URI. Accelerator Local Port is the default printer port, which appears always, and only its name is displayed. All other printers added afterwards appear with both their names and URIs No additional parameters required
{ ho s tn am e }: fi l ec o nt ro l le r0 # pr i nt in g p or t s
{hostname}:filecontroller0# printing port add, on page 693 {hostname}:filecontroller0# printing printers add, on page 694 {hostname}:filecontroller0# printing printers delete, on page 694 {hostname}:filecontroller0# printing settings force, on page 695
694
{ h os t na me } :f il e co n tr ol l er 0# p ri n ti ng pr i nt e rs a d d [ na me ] [ UR I |I D ] [d e sc ri p ti o n]
Adds a specific printer, including the printers alphanumeric name, URI or ID and (optionally) a textual description. Enter a valid printer name, URI, ID and a description.
{ h os t na me } :f il e co n tr ol l er 0# p ri n ti ng pr i nt e rs a d d myprinter laserjet
{hostname}:filecontroller0# printing port add, on page 693 {hostname}:filecontroller0# printing ports, on page 693 {hostname}:filecontroller0# printing printers delete, on page 694 {hostname}:filecontroller0# printing settings force, on page 695
{ ho s tn am e }: fi l ec o nt ro l le r0 # pr i nt in g p ri n te rs d el e te [ n am e]
Deletes a specific printer by indicating the printers alphanumeric name. Enter the printer name
{ ho s tn am e }: fi l ec o nt ro l le r0 # pr i nt in g p ri n te rs d el e te myprinter
{hostname}:filecontroller0# printing port add, on page 693 {hostname}:filecontroller0# printing ports, on page 693 {hostname}:filecontroller0# printing printers add, on page 694 {hostname}:filecontroller0# printing settings force, on page 695
Co n f ig u r in g WAF S /
695
{h os t na me } :f i le co n tr ol l er 0 #p ri n ti ng se t ti ng s fo rc e [ sh o w] [e na b le |d i sa b le ]
Prevents the Windows Client from renaming the printer when uploading a new driver. Changing this setting requires restarting SAMBA. You should pay attention to the warning that appears in the CLI: Changing this setting may cause clients that are connected to exported printer queues to be unable to print until they delete and reconnect to the print queue Show to show settings, Enable to enable, or Disable to disable.
{h os t na me } :f i le co n tr ol l er 0 #p ri n ti ng se t ti ng s fo rc e show
{hostname}:filecontroller0# printing port add, on page 693 {hostname}:filecontroller0# printing ports, on page 693 {hostname}:filecontroller0# printing printers add, on page 694 {hostname}:filecontroller0# printing printers delete, on page 694
696
{h o st n am e} : fi le c on t ro ll e r0 #p r in t in g pr i nt e rs [ l is t]
Displays a list of all printers. No additional parameters required
{h o st n am e} : fi le c on t ro ll e r0 #p r in t in g pr i nt e rs list
{hostname}:filecontroller0# printing printers set, on page 696 {hostname}:filecontroller0# printing printers testpage, on page 697
{ h os tn a me }: f il e co nt r ol le r 0# p ri nt i ng p r in te r s se t [ n am e] [n ew UR I ] [n e w co m me n t]
Changes the URI of an existing printer. Enter a valid domain and user
{ h os tn a me }: f il e co nt r ol le r 0# p ri nt i ng a d mi n s
Co n f ig u r in g WAF S /
697
{ ho s tn am e }: fi l ec o nt ro l le r0 # pr in t in g pr in t er s t es t pa ge {n am e }
Prints a test page. Enter name of printer
{ ho s tn am e }: fi l ec o nt ro l le r0 # pr in t in g pr in t er s t es t pa ge myprinter
{hostname}:filecontroller0# printing printers list, on page 696 {hostname}:filecontroller0# printing printers set, on page 696
698
(config) wafs
Command Description Parameters Example with Syntax Related Commands
AC C 1( co n fi g) # w a fs
Enters the WAFS node No additional parameters are necessary.
AC C 1( co n fi g) # wafs
(WAFS) transparency, on page 698 (WAFS) transparency exclude excluded-servers, on page 698
(WAFS) transparency
Command Description Parameters
AC C 1( WA F S) #t r an s pa re n cy e n ab l e| d i sa bl e
Enables or disables WAFS transparency. Enable to enable, disable to disable. When WAFS transparency is enabled, the FileBank polls all servers by default. If you are enabling an Alias, this should be set to disable.
AC C 1( WA F S) #t r an s pa re n cy enable
(config) wafs, on page 698 (WAFS) transparency exclude excluded-servers, on page 698
A CC 1 (W A FS )# t ra ns p ar e nc y e xc lu d e e xc lu d ed s er v er s
Defines which servers to exclude from WAFS transparency. No additional parameters required
A CC 1 (W A FS )# t ra ns p ar e nc y e xc lu d e e xc lu d ed s er v er s
(config) wafs, on page 698 (WAFS) transparency, on page 698
Co n f ig u r in g WAF S /
699
ACC1(W A FS ) #s ho w t ra n sp a re nc y e xc l ud e ds er ve r s
Displays the list of servers that are excluded from WAFS transparency. No additional parameters required
ACC1(W A FS ) #s ho w t ra n sp a re nc y e xc l ud e ds er ve r s
(WAFS) transparency excluded servers clear, on page 699
A C C1 ( WA FS ) #t ra n sp ar e nc y e xc l ud ed se r ve rs c l ea r
Clears the excluded servers list. No additional parameters required
A C C1 ( WA FS ) #t ra n sp ar e nc y e xc l ud ed se r ve rs c l ea r
(WAFS) show transparency excluded-servers, on page 699
700
CIFS Commands
The following commands are available: {hostname}:filecontroller0# cifs status, on page 700
{h o st na m e} :f i le co n tr o ll er 0 # ci f s s ta tu s
Displays status of CIFS connections, shares and locks. No additional parameters required
{h o st na m e} :f i le co n tr o ll er 0 # cifs status
Co n f ig u r in g WAF S /
701
{hostname}:filecontroller0# comp_filters
Command Description Parameters Example with Syntax Related Commands
{ ho st n am e }: fi l ec on t ro l le r0 # co mp _ fi l te rs ad d/ d el et e { f il te r }
Adds/deletes a given filter to/from a list. Add to add Delete to delete
{ ho st n am e }: fi l ec on t ro l le r0 # co mp _ fi l te rs d el et e { f il te r }
{hostname}:filecontroller0# comp_filters list, on page 701
{ ho st n am e} : fi l ec on t ro ll e r0 # c om p _f il t er s l is t/ c le ar
Displays/clears a list of current compression filters. No additional parameters required
{ ho st n am e} : fi l ec on t ro ll e r0 # c om p _f il t er s l is t/ clear
{hostname}:filecontroller0# comp_filters, on page 701
702
{hostname}:filecontroller0# date
Command Description Parameters Example with Syntax Related Commands
{h o st na m e} :f i le c on tr o ll er 0 #d a te [ D AT E] [T I ME ]
Changes the current systems date and time. Make sure the date is mmddyyyy and time is hh:mm:ss
{h o st na m e} :f i le c on tr o ll er 0 #d a te 11112011 12:12:12
{hostname}:filecontroller0# date show, on page 702
{ ho s tn a me }: f il ec o nt r ol le r 0# da t e s ho w
Displays the current systems date and time. No additional parameters necessary
{ ho s tn a me }: f il ec o nt r ol le r 0# da t e show
{hostname}:filecontroller0# date, on page 702
Co n f ig u r in g WAF S /
703
Additional Commands
The following configurations are available: {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# diagnostics, on page 703 domain set, on page 704 domain show, on page 704 domain join, on page 704 enable, on page 705 exit|quit, on page 705
{hostname}:filecontroller0# diagnostics
Command Description
{ h o st n a me } : fi l e co n t ro l l er 0 # di a g no s t ic s
Runs diagnostics tests. You can use this command to diagnose either the full system, the configuration settings of the Accelerator, hardware problems or communication problems. Enter one of the following: all - runs a complete diagnostic check settings - checks the settings hardware - checks hardware functioning communication - tests communication settings.
Parameters
{ h o st n a me } : fi l e co n t ro l l er 0 # di a g no s t ic s all
{hostname}:filecontroller0# domain set, on page 704 {hostname}:filecontroller0# domain show, on page 704 {hostname}:filecontroller0# domain join, on page 704 {hostname}:filecontroller0# enable, on page 705 {hostname}:filecontroller0# exit|quit, on page 705
704
{ ho s tn am e }: fi l ec o nt ro l le r0 # d o ma in se t
Sets or displays the Windows NT domain on a local network. This command also defines a domain name. No additional parameters needed
{ ho s tn am e }: fi l ec o nt ro l le r0 # domain set
{hostname}:filecontroller0# diagnostics, on page 703 {hostname}:filecontroller0# domain show, on page 704 {hostname}:filecontroller0# domain join, on page 704 {hostname}:filecontroller0# enable, on page 705 {hostname}:filecontroller0# exit|quit, on page 705
{h os t na me } :f i le co n tr ol l er 0 #d om a in s h ow
Displays the current domain name. No additional parameters needed
{h os t na me } :f i le co n tr ol l er 0 #d om a in show
{hostname}:filecontroller0# diagnostics, on page 703 {hostname}:filecontroller0# domain set, on page 704 {hostname}:filecontroller0# domain join, on page 704 {hostname}:filecontroller0# enable, on page 705 {hostname}:filecontroller0# exit|quit, on page 705
{ h os tn a me }: f il e co nt r ol le r 0# do ma i n jo i n
Joins a FileBank to the current domain. No additional parameters needed
{ h os tn a me }: f il e co nt r ol le r 0# do ma i n join
{hostname}:filecontroller0# diagnostics, on page 703 {hostname}:filecontroller0# domain set, on page 704 {hostname}:filecontroller0# domain show, on page 704 {hostname}:filecontroller0# enable, on page 705 {hostname}:filecontroller0# exit|quit, on page 705
Co n f ig u r in g WAF S /
705
{hostname}:filecontroller0# enable
Command Description Parameters Example with Syntax Related Commands
{ ho s tn am e }: fi l ec o nt ro l le r0 # e na b le
Switches to privileged mode command prompt (root shell). Requires knowledge of the root password. No additional parameters needed. Enter password when prompted.
{ ho s tn am e }: fi l ec o nt ro l le r0 # e na b le
{hostname}:filecontroller0# diagnostics, on page 703 {hostname}:filecontroller0# domain set, on page 704 {hostname}:filecontroller0# domain show, on page 704 {hostname}:filecontroller0# domain join, on page 704 {hostname}:filecontroller0# exit|quit, on page 705
{hostname}:filecontroller0# exit|quit
Command Description Parameters Example with Syntax Related Commands
{ ho s tn am e }: f il ec o nt ro l le r 0# e x it |q u it
Logs out from shell. No additional parameters needed.
{ ho s tn am e }: f il ec o nt ro l le r 0# quit
{hostname}:filecontroller0# diagnostics, on page 703 {hostname}:filecontroller0# domain set, on page 704 {hostname}:filecontroller0# domain show, on page 704 {hostname}:filecontroller0# domain join, on page 704 {hostname}:filecontroller0# enable, on page 705
706
Fetch Commands
Manages fetch jobs and instances. The fetch commands are used for prepopulating the FileBanks cache. Fetch jobs describe the entity that should be fetched, namely: a specific directory on a file server. Fetch instances perform the actual work. The following commands are available: {hostname}:filecontroller0# fetch, on page 706 {hostname}:filecontroller0# fetch log, on page 706
{hostname}:filecontroller0# fetch
Command Description Parameters Example with Syntax Related Commands
{h os t na m e} :f i le co n tr o ll er 0 # fe t ch [j ob s | in st a nc e s]
Manages fetch jobs or instances. Jobs to fetch jobs, Instances to fetch instances.
{h os t na m e} :f i le co n tr o ll er 0 # fetch jobs
{hostname}:filecontroller0# fetch log, on page 706
{ ho st n am e }: fi l ec on t ro l le r0 # fe tc h l o g
Shows the log of current and completed fetch instances. No additional parameters needed.
{ ho st n am e }: fi l ec on t ro l le r0 # fetch log
{hostname}:filecontroller0# fetch, on page 706
Co n f ig u r in g WAF S /
707
{h os t na me } :f i le co n tr ol l er 0 # fp o rt [ a dd | de le t e] [ F P]
Adds or deletes a named FileBank Director to or from the FileBank Directors list. Use a legal port number. Default ports: UDP 4049, TCP 4049 are then assigned to this {FP}.
708
{h os t na m e} :f i le co n tr o ll er 0 #f po r t [ TC P | U D P] [F P] [ PO R T]
Defines the IP port {PORT} for networking with the specified FileBank Director {FP}. Use a legal port number and a specific FBD
{h o st na m e} :f i le c on tr o ll er 0 #f p or t di s co nn e ct ed fo r ce { F P} [o n |o f f]
Force / unforce {FP} to be in disconnected mode. Changes take effect only after FileBank reset. Use On to force and Off to unforce
{h o st na m e} :f i le c on tr o ll er 0 # fport
disconnected force on
{hostname}:filecontroller0# fport add, on page 707 {hostname}:filecontroller0# fport define, on page 708 {hostname}:filecontroller0# fport disconnected handle, on page 709 {hostname}:filecontroller0# fport list, on page 709 {hostname}:filecontroller0# gns refresh, on page 710 {hostname}:filecontroller0# iostat, on page 710
Co n f ig u r in g WAF S /
709
{ h os tn a me }: f il e co nt r ol le r 0# f po rt d i sc on n ec te d h a nd le {F P} [ on | of f]
Enable/disable disconnected operation handling for {FP}. Changes take effect only after FileBank reset. Use on to enable and Off to disable
{ h os tn a me }: f il e co nt r ol le r 0# fport
disconnected handle on
{hostname}:filecontroller0# fport add, on page 707 {hostname}:filecontroller0# fport define, on page 708 {hostname}:filecontroller0# fport disconnected force, on page 708 {hostname}:filecontroller0# fport list, on page 709 {hostname}:filecontroller0# gns refresh, on page 710 {hostname}:filecontroller0# iostat, on page 710
{ h os t na me } :f il e co n tr ol l er 0# fp o rt l i st
Shows a list of FileBank Directors. No additional parameters needed.
{ h os t na me } :f il e co n tr ol l er 0# fport list
{hostname}:filecontroller0# fport add, on page 707 {hostname}:filecontroller0# fport define, on page 708 {hostname}:filecontroller0# fport disconnected force, on page 708 {hostname}:filecontroller0# fport disconnected handle, on page 709 {hostname}:filecontroller0# gns refresh, on page 710 {hostname}:filecontroller0# iostat, on page 710
710
{h os t na me } :f i le co n tr ol l er 0 #g ns re fr e sh
Refreshes the list of file servers. No additional parameters required.
{h os t na me } :f i le co n tr ol l er 0 # gns refresh
{hostname}:filecontroller0# fport add, on page 707 {hostname}:filecontroller0# fport define, on page 708 {hostname}:filecontroller0# fport disconnected force, on page 708 {hostname}:filecontroller0# fport disconnected handle, on page 709 {hostname}:filecontroller0# fport list, on page 709 {hostname}:filecontroller0# iostat, on page 710
{hostname}:filecontroller0# iostat
Command Description Parameters Example with Syntax Related Commands
{h o st na m e} : fi le c on tr o ll er 0 # i os ta t
Shows the disk utilization report. No additional parameters required.
{h o st na m e} : fi le c on tr o ll er 0 # iostat
{hostname}:filecontroller0# fport add, on page 707 {hostname}:filecontroller0# fport define, on page 708 {hostname}:filecontroller0# fport disconnected force, on page 708 {hostname}:filecontroller0# fport disconnected handle, on page 709 {hostname}:filecontroller0# fport list, on page 709 {hostname}:filecontroller0# gns refresh, on page 710
Co n f ig u r in g WAF S /
711
{hostname}:filecontroller0# help
Command Description Parameters Example with Syntax Related Commands
{ ho st n am e }: fi l ec on t ro l le r0 # h el p
Lists the commands and parameters. No additional parameters required.
{ ho st n am e }: fi l ec on t ro l le r0 # help
{hostname}:filecontroller0# help command, on page 711
{ ho st n am e} : fi l ec on t ro ll e r0 # help license
install
{hostname}:filecontroller0# help, on page 711
712
Co n f ig u r in g WAF S /
713
{ ho st n am e} : fi l ec on t ro ll e r0 # l o g ar c hi v e g en er a te
Generates a new log archive file. No additional parameters are needed
{hostname}:filecontroller0# lo g a rc hi v e g en er a te
{hostname}:filecontroller0# log archive list, on page 714 {hostname}:filecontroller0# log archive upload, on page 714 {hostname}:filecontroller0# log level set, on page 715 {hostname}:filecontroller0# log level show, on page 715 {hostname}:filecontroller0# log show, on page 716 {hostname}:filecontroller0# log syslog status, on page 716 {hostname}:filecontroller0# log upload, on page 717
714
{h os t na m e} :f i le co n tr o ll er 0 # lo g a r ch iv e l is t
Lists all log archive files. No additional parameters are needed
{ ho s tn am e }: f il ec o nt ro l le r 0# lo g a rc h iv e u pl o ad
Uploads a log archive file to an FTP server. No additional parameters are needed
Co n f ig u r in g WAF S /
715
{h o st na m e} : fi le c on tr o ll e r0 #l o g le v el se t {i n fo |w a rn i ng |e r ro r| c ri t ic al }
Sets minimal level for events to log. The lowest level being info and the highest being critical. Any log events below the level you set are not logged. Enter the log level (info, warning, error, critical)
{h os t na me } :f i le co n tr ol l er 0 # l og l e ve l s ho w
Displays the current log level. No additional parameters are needed
716
{ ho s tn a me }: f il ec o nt r ol le r 0# lo g s h ow [ al l |c o mm un i ca ti o n| s ec ur i ty |s y st e m]
Lists the event log. No additional parameters are required.
{ h os tn a me }: f il e co nt r ol le r 0# l o g s ys lo g s t at us
DIsplays the current syslog status. No additional parameters are needed
Co n f ig u r in g WAF S /
717
{ ho s tn am e }: fi l ec o nt ro l le r0 # l o g u pl o ad {U RL }
Uploads the current logs to the indicated URL. Enter a valid URL.
718
{ ho s tn am e }: fi l ec o nt ro l le r0 # r e pl ic a ti on [ en a bl e| d is ab l e]
Enables or disables the replication service. Enable to enable, Disable to disable.
{ ho s tn am e }: fi l ec o nt ro l le r0 # replication enable
{hostname}:filecontroller0# replication filters, on page 719 {hostname}:filecontroller0# replication instances, on page 719 {hostname}:filecontroller0# replication log, on page 720 {hostname}:filecontroller0# replication log list, on page 720 {hostname}:filecontroller0# replication paths, on page 721 {hostname}:filecontroller0# replication setup, on page 721 {hostname}:filecontroller0# replication start, on page 722 {hostname}:filecontroller0# replication start initial, on page 722 {hostname}:filecontroller0# replication status, on page 723 {hostname}:filecontroller0# replication stop, on page 723 {hostname}:filecontroller0# replication user, on page 724
Co n f ig u r in g WAF S /
719
{ ho st n am e} : fi l ec on t ro ll e r0 # r ep l ic at i on f il te r s
Manages the replication filters. For details see Replication Service, on page 159 No additional parameters are needed
{ ho st n am e} : fi l ec on t ro ll e r0 # replication filters
{hostname}:filecontroller0# replication enable, on page 718 {hostname}:filecontroller0# replication instances, on page 719 {hostname}:filecontroller0# replication log, on page 720 {hostname}:filecontroller0# replication log list, on page 720 {hostname}:filecontroller0# replication paths, on page 721 {hostname}:filecontroller0# replication setup, on page 721 {hostname}:filecontroller0# replication start, on page 722 {hostname}:filecontroller0# replication start initial, on page 722 {hostname}:filecontroller0# replication status, on page 723 {hostname}:filecontroller0# replication stop, on page 723 {hostname}:filecontroller0# replication user, on page 724
{h o st n am e} : fi le c on t ro ll e r0 # r ep l ic at i on in s ta n ce s
Manages the replication instances. For details see Replication Service, on page 159 No additional parameters are needed
{h o st n am e} : fi le c on t ro ll e r0 # replication instances
{hostname}:filecontroller0# replication enable, on page 718 {hostname}:filecontroller0# replication filters, on page 719 {hostname}:filecontroller0# replication log, on page 720 {hostname}:filecontroller0# replication log list, on page 720 {hostname}:filecontroller0# replication paths, on page 721 {hostname}:filecontroller0# replication setup, on page 721 {hostname}:filecontroller0# replication start, on page 722 {hostname}:filecontroller0# replication start initial, on page 722 {hostname}:filecontroller0# replication status, on page 723 {hostname}:filecontroller0# replication stop, on page 723 {hostname}:filecontroller0# replication user, on page 724
720
{h os t na m e} :f i le co n tr o ll er 0 # re p li c at io n l og [s ho w ]
Displays a specific replication log. No additional parameters are needed
{ ho s tn a me }: f il ec o nt r ol le r 0# r e pl ic a ti o n lo g l is t
Lists all replication log files. No additional parameters are needed
Co n f ig u r in g WAF S /
721
{ ho st n am e }: fi l ec on t ro l le r0 # r ep l ic a ti on p at hs
Manages the replication paths. For details see section Replication Service, on page 159 No additional parameters are needed
{ ho st n am e }: fi l ec on t ro l le r0 # r ep l ic a ti on p at hs
{hostname}:filecontroller0# replication enable, on page 718 {hostname}:filecontroller0# replication filters, on page 719 {hostname}:filecontroller0# replication instances, on page 719 {hostname}:filecontroller0# replication log, on page 720 {hostname}:filecontroller0# replication log list, on page 720 {hostname}:filecontroller0# replication setup, on page 721 {hostname}:filecontroller0# replication start, on page 722 {hostname}:filecontroller0# replication start initial, on page 722 {hostname}:filecontroller0# replication status, on page 723 {hostname}:filecontroller0# replication stop, on page 723 {hostname}:filecontroller0# replication user, on page 724
{ h os tn a me } :f il e co nt r ol l er 0# re pl i ca t io n s e tu p
Sets up replication service. No additional parameters are needed
{ h os tn a me } :f il e co nt r ol l er 0# replication setup
{hostname}:filecontroller0# replication enable, on page 718 {hostname}:filecontroller0# replication filters, on page 719 {hostname}:filecontroller0# replication instances, on page 719 {hostname}:filecontroller0# replication log, on page 720 {hostname}:filecontroller0# replication log list, on page 720 {hostname}:filecontroller0# replication paths, on page 721 {hostname}:filecontroller0# replication start, on page 722 {hostname}:filecontroller0# replication start initial, on page 722 {hostname}:filecontroller0# replication status, on page 723 {hostname}:filecontroller0# replication stop, on page 723 {hostname}:filecontroller0# replication user, on page 724
722
{ h os tn a me }: f il e co nt r ol le r 0# re pl i ca ti o n s t ar t
Starts an unscheduled replication process now. No additional parameters are needed
{ h os tn a me }: f il e co nt r ol le r 0# replication start
{hostname}:filecontroller0# replication enable, on page 718 {hostname}:filecontroller0# replication filters, on page 719 {hostname}:filecontroller0# replication instances, on page 719 {hostname}:filecontroller0# replication log, on page 720 {hostname}:filecontroller0# replication log list, on page 720 {hostname}:filecontroller0# replication paths, on page 721 {hostname}:filecontroller0# replication setup, on page 721 {hostname}:filecontroller0# replication start initial, on page 722 {hostname}:filecontroller0# replication status, on page 723 {hostname}:filecontroller0# replication stop, on page 723 {hostname}:filecontroller0# replication user, on page 724
{ h os tn a me }: f il e co nt r ol le r 0# r e pl i ca ti o n s t ar t i ni ti a l
Starts initial pre-population of replication files from the file server to the FileBank Director. No additional parameters are needed
Co n f ig u r in g WAF S /
723
{ h os tn a me } :f il e co nt r ol l er 0# re pl i ca t io n s t at us
Displays the replication process status. No additional parameters are needed
{ h os tn a me } :f il e co nt r ol l er 0# replication status
{hostname}:filecontroller0# replication enable, on page 718 {hostname}:filecontroller0# replication filters, on page 719 {hostname}:filecontroller0# replication instances, on page 719 {hostname}:filecontroller0# replication log, on page 720 {hostname}:filecontroller0# replication log list, on page 720 {hostname}:filecontroller0# replication paths, on page 721 {hostname}:filecontroller0# replication setup, on page 721 {hostname}:filecontroller0# replication start, on page 722 {hostname}:filecontroller0# replication start initial, on page 722 {hostname}:filecontroller0# replication stop, on page 723 {hostname}:filecontroller0# replication user, on page 724
{ ho st n am e} : fi le c on t ro ll e r0 # r ep l ic at i on s t op
Stops the replication process. No additional parameters are needed
{ ho st n am e} : fi le c on t ro ll e r0 # replication stop
{hostname}:filecontroller0# replication enable, on page 718 {hostname}:filecontroller0# replication filters, on page 719 {hostname}:filecontroller0# replication instances, on page 719 {hostname}:filecontroller0# replication log, on page 720 {hostname}:filecontroller0# replication log list, on page 720 {hostname}:filecontroller0# replication paths, on page 721 {hostname}:filecontroller0# replication setup, on page 721 {hostname}:filecontroller0# replication start, on page 722 {hostname}:filecontroller0# replication start initial, on page 722 {hostname}:filecontroller0# replication status, on page 723 {hostname}:filecontroller0# replication user, on page 724
724
{h os t na m e} :f i le co n tr o ll er 0 # re p li c at io n u se r
Manages the replication user. For details see Replication User Commands, on page 725 No additional parameters are needed
{h os t na m e} :f i le co n tr o ll er 0 # replication user
{hostname}:filecontroller0# replication enable, on page 718 {hostname}:filecontroller0# replication filters, on page 719 {hostname}:filecontroller0# replication instances, on page 719 {hostname}:filecontroller0# replication log, on page 720 {hostname}:filecontroller0# replication log list, on page 720 {hostname}:filecontroller0# replication paths, on page 721 {hostname}:filecontroller0# replication setup, on page 721 {hostname}:filecontroller0# replication start, on page 722 {hostname}:filecontroller0# replication start initial, on page 722 {hostname}:filecontroller0# replication status, on page 723 {hostname}:filecontroller0# replication stop, on page 723
Co n f ig u r in g WAF S /
725
{ ho st n am e} : fi l ec on t ro ll e r0 # r ep l ic at i on f il te r s ad d /d e le te {f il t er }
Adds or deletes the current replication filter. No additional parameters are needed
726
{ ho s tn am e }: f il ec o nt ro l le r 0# r e pl ic a ti o n f il t er s c le a r
Clears the current replication filters (file types). No additional parameters are needed
{h o st na m e} : fi le c on tr o ll e r0 # r ep li c at i on fi l te rs [l i st ]
Lists the current replication filters (file types). No additional parameters are needed
Co n f ig u r in g WAF S /
727
{ ho s tn a me }: f il ec o nt r ol le r 0# r e pl i ca ti o n i ns t an c es [ l is t]
Displays all replication instances. The possible values are as follows: Running - The instance is running Finished - The instance has finished successfully Failed - The instance has failed due to an error (see log) Aborted - The instance has been aborted by the user
{ ho s tn am e }: fi l ec o nt ro l le r0 # r ep l ic a ti on p at h s ad d { UN C PA T H} [ P RI OR I TY ]
Adds a new replication path. Path and priority
{ ho s tn am e }: fi l ec o nt ro l le r0 # r ep l ic a ti on p at h s ad d { UN C PA T H} [ P RI OR I TY ]
{hostname}:filecontroller0# replication filters add, on page 725 {hostname}:filecontroller0# replication filters clear, on page 726 {hostname}:filecontroller0# replication filters list, on page 726 {hostname}:filecontroller0# replication instances, on page 727 {hostname}:filecontroller0# replication paths clear, on page 728 {hostname}:filecontroller0# replication paths delete, on page 728 {hostname}:filecontroller0# replication paths list, on page 729 {hostname}:filecontroller0# replication user delete, on page 729 {hostname}:filecontroller0# replication user set, on page 730 {hostname}:filecontroller0# replication user show, on page 730
728
{h o st na m e} :f i le c on tr o ll er 0 # r ep li c at io n pa t hs c l ea r
Deletes all replication paths. Enter one of the parameters above
{h o st na m e} :f i le c on tr o ll er 0 # r ep li c at io n pa t hs d e le te [P A TH -I D ]
Deletes a replication path. Enter the name of the path
Co n f ig u r in g WAF S /
729
{ ho st n am e }: fi l ec on t ro l le r0 # r ep l ic a ti on p at hs li s t
List all current replication paths. Enter one of the parameters above
{ ho s tn am e }: fi l ec o nt ro l le r0 # r ep l ic at i on u s er d el e te
Deletes the current replication user. No additional parameters are needed
730
{ ho s tn am e }: f il ec o nt ro l le r0 # r e pl ic a ti on us er s et {d om a in \ us er n am e}
Sets the replication user. Valid domain name and valid username
{ ho s tn am e }: fi l ec o nt ro l le r0 # r ep l ic a ti on us er [ sh o w]
Displays the current replication user. No additional parameters are needed
Co n f ig u r in g WAF S /
731
{ ho s tn am e }: fi l ec o nt ro l le r0 # sc he d ul e a c ti on s
Lists all actions that can be scheduled. Replication schedule actions: replication.start and replication.stop No additional parameters required
{ ho s tn am e }: fi l ec o nt ro l le r0 # schedule actions
{hostname}:filecontroller0# schedule events add, on page 731 {hostname}:filecontroller0# schedule events clear, on page 732 {hostname}:filecontroller0# schedule events delete, on page 732 {hostname}:filecontroller0# schedule events list, on page 733
{ ho s tn am e }: fi l ec o nt ro l le r0 # s c he du l e ev e nt s a dd [A CT I ON N A ME ] [ TI M E]
Adds a new daily recurring event. Enter the following: A name for the action that appears on the list of actions A time for it to occur. HH:MM
732
{ ho s tn am e }: f il ec o nt ro l le r 0# s c he du l e ev e nt s c le a r
Clears all scheduled events. Enter one of the parameters above
{ ho s tn am e }: f il ec o nt ro l le r0 # s c he du l e ev e nt s d el e te [ E VE N T ID ]
Deletes a scheduled event. Enter a valid event id
{ ho s tn am e }: f il ec o nt ro l le r0 # s c he du l e ev e nt s delete myevent
{hostname}:filecontroller0# schedule actions, on page 731 {hostname}:filecontroller0# schedule events add, on page 731 {hostname}:filecontroller0# schedule events clear, on page 732 {hostname}:filecontroller0# schedule events list, on page 733
Co n f ig u r in g WAF S /
733
{ ho s tn am e }: fi l ec o nt ro l le r0 # s ch e du l e ev e nt s [ li s t]
Lists all events. No additional parameters required
734
{ h os tn a me }: f il ec o nt r ol le r 0# s e rv ic e [ en a bl e| d i sa bl e ]
Enables or disables the current service. Enable to enable, Disable to disable
{ h os tn a me }: f il ec o nt r ol le r 0# service enable
{hostname}:filecontroller0# service status, on page 735 {hostname}:filecontroller0# services create FileBank Director, on page 735 {hostname}:filecontroller0# services create FileBank Director ha, on page 736 {hostname}:filecontroller0# services create filecontroller, on page 736 {hostname}:filecontroller0# services list, on page 737 {hostname}:filecontroller0# services set, on page 737
Co n f ig u r in g WAF S /
735
{ h os t na me } :f il e co n tr ol l er 0# se r vi ce st at u s
Checks whether the current service is enabled. No additional parameters needed
{ h os t na me } :f il e co n tr ol l er 0# service status
{hostname}:filecontroller0# service enable, on page 734 {hostname}:filecontroller0# services create FileBank Director, on page 735 {hostname}:filecontroller0# services create FileBank Director ha, on page 736 {hostname}:filecontroller0# services create filecontroller, on page 736 {hostname}:filecontroller0# services list, on page 737 {hostname}:filecontroller0# services set, on page 737
{ ho st n am e} : fi l ec on t ro ll e r0 # s er v ic es cr e at e F il eB a nk D i re c to r
Creates a FileBank Director service. No additional parameters required.
736
{h o st na m e} :f i le c on tr o ll er 0 # s er vi c es c r ea t e Fi l eB an k D ir e ct o r ha
Creates a FileBank Director HA. No additional parameters required.
{h os t na m e} :f i le co n tr o ll er 0 # se r vi c es c r ea te fi le c on t ro ll e r
Creates a FileBank service. No additional parameters required.
Co n f ig u r in g WAF S /
737
{ ho s tn am e }: fi l ec o nt ro l le r0 # s e rv ic e s li s t
Displays the list of services No additional parameters needed
{ ho s tn am e }: fi l ec o nt ro l le r0 # services list
{hostname}:filecontroller0# service enable, on page 734 {hostname}:filecontroller0# service status, on page 735 {hostname}:filecontroller0# services create FileBank Director, on page 735 {hostname}:filecontroller0# services create FileBank Director ha, on page 736 {hostname}:filecontroller0# services create filecontroller, on page 736 {hostname}:filecontroller0# services set, on page 737
{ h os tn a me } :f il e co nt r ol l er 0# se rv i ce s s et
Sets the SERVICE as active. All operations will act on SERVICE from now on. Service-name should be a valid service name (for example: FileBank Director0/ FileBank Director1), monitored by cluster. Enter the services name
738
Software Commands
Displays version numbers for all currently installed software packages. The following commands are available: {hostname}:filecontroller0# software version, on page 738
{ ho s tn am e }: f il ec o nt ro l le r 0# s o ft wa r e ve r si o n
Displays the version numbers of all currently installed software packages. No additional parameters required.
{ ho s tn am e }: f il ec o nt ro l le r 0# s o ft wa r e ve r si o n
Co n f ig u r in g WAF S /
739
Statistic Commands
Shows product statistics. The following configuration options are available: {hostname}:filecontroller0# statistics, on page 739 {hostname}:filecontroller0# statistics upload, on page 739 {hostname}:filecontroller0# status, on page 739
{hostname}:filecontroller0# statistics
Command Description Parameters Example with Syntax Related Commands
{ ho st n am e} : fi l ec on t ro ll e r0 # s ta t is ti c s
Displays a table of indicated file statistics for today/past week/past month. No additional parameters required.
{ ho st n am e} : fi l ec on t ro ll e r0 # statistics
{hostname}:filecontroller0# statistics upload, on page 739 {hostname}:filecontroller0# status, on page 739
{h os t na me } :f i le co n tr ol l er 0 # st a ti st i cs up lo a d
Uploads the yearly statistics file to the destination URL. The URL protocol must be FTP and the URL must end in a filename.
{hostname}:filecontroller0# status
Command Description Parameters Example with Syntax Related Commands
{h os t na me } :f i le co n tr ol l er 0 # st a tu s
Shows the current status of the system. No additional parameters required.
{h os t na me } :f i le co n tr ol l er 0 # status
{hostname}:filecontroller0# statistics, on page 739 {hostname}:filecontroller0# statistics upload, on page 739
740
Stf_filter Commands
Displays, adds and deletes STF (Short Term Files) filters. STF filters define the files which are not sent by the FileBank to the FileBank Director. For example, the default STF filter in the FileBank includes *.TMP files which are not sent by the FileBank to the FileBank Director. The following commands are available: {hostname}:filecontroller0# stf filters add, on page 740 {hostname}:filecontroller0# stf filters clear, on page 740 {hostname}:filecontroller0# stf filters list, on page 741
{h os t na me } :f i le co n tr ol l er 0 # st f f il t er s a dd
Add or deletes a given filter to/from the list. No additional parameters required.
{ ho s tn am e }: fi l ec o nt ro l le r0 # s t f fi l te rs c le a r
Clears the list of filters. No additional parameters required.
Co n f ig u r in g WAF S /
741
{ h os tn a me } :f il e co nt r ol l er 0# st f f il t er s l is t
Lists current STF filters. No additional parameters required.
742
{h o st na m e} :f i le c on tr o ll er 0 # t ra ns a ct io n l i st
Lists transactions that match the filter. No additional parameters required.
{h o st na m e} :f i le c on tr o ll er 0 # transaction list
{hostname}:filecontroller0# transaction stop, on page 742
{ ho s tn a me }: f il ec o nt r ol le r 0# tr a ns ac t io n s t op [ id ]
Stops the transaction of the given ID. No additional parameters required.
Co n f ig u r in g WAF S /
743
TTCP Commands
Times the transmission and reception of the data between two systems using TCP protocol. Client should receive a server's hostname parameter, which indicates the remote TCP server destination. The following commands are available: {hostname}:filecontroller0# uptime, on page 744 {hostname}:filecontroller0# ttcp server, on page 743 {hostname}:filecontroller0# uptime, on page 744
{ ho s tn am e }: fi l ec o nt ro l le r0 # t t cp c l ie nt
Run this on the host from which you want measure traffic. Specify the host on which you run the 'ttcp server' as SERVER. No additional parameters required.
{ ho s tn am e }: f il ec o nt ro l le r 0# t t cp s e rv er
Run this on the host to which you want measure traffic. No additional parameters required.
{ ho s tn am e }: f il ec o nt ro l le r 0# t t cp s e rv er
{hostname}:filecontroller0# uptime, on page 744 {hostname}:filecontroller0# uptime, on page 744
744
{hostname}:filecontroller0# uptime
Command Description Parameters Example with Syntax Related Commands
{h os t na m e} :f i le co n tr o ll er 0 # up t im e
Displays the period of time for which the system has been running since it was last booted. No additional parameters required.
{h os t na m e} :f i le co n tr o ll er 0 # uptime
{hostname}:filecontroller0# uptime, on page 744 {hostname}:filecontroller0# ttcp server, on page 743
Co n f ig u r in g WAF S /
745
User Commands
Manages the users database. The following commands are available: {hostname}:filecontroller0# user add, on page 745 {hostname}:filecontroller0# user list, on page 745 {hostname}:filecontroller0# user password, on page 745
{ ho st n am e} : fi l ec on t ro ll e r0 # u se r a dd
Adds or deletes a given user to/from the list. Add to add, Delete to delete. You also need the domain and UserName.
{ ho st n am e} : fi l ec on t ro ll e r0 # u se r l is t
Lists all users. No additional parameters required.
{ ho st n am e} : fi l ec on t ro ll e r0 # user list
{hostname}:filecontroller0# user add, on page 745 {hostname}:filecontroller0# user password, on page 745
{ h os tn a me } :f il e co nt r ol l er 0# us er pa s sw or d
Changes the given user's password (prompts for new password). old password, new password
{ h os tn a me } :f il e co nt r ol l er 0# user password
{hostname}:filecontroller0# user add, on page 745 {hostname}:filecontroller0# user list, on page 745
746
{hostname}:filecontroller0# vmstat
Command Description
{ h os tn a me }: f il e co nt r ol le r 0# vm st a t
Reports virtual memory statistics. The report is repeated 10 times at 5 second intervals. Note:Press Ctrl-C to interrupt No additional parameters required.
{ h os tn a me }: f il e co nt r ol le r 0# uptime
Co n f ig u r in g WAF S /
747
Wins Commands
Manages WINS server settings for automatic registration. The following commands are available: {hostname}:fp0# wins server delete, on page 747 {hostname}:fp0# wins server set, on page 747 {hostname}:fp0# wins server show, on page 747
748
Configuring Security
You can set the following basic AAA parameters: Transport Type Commands, on page 748 Server Configuration Commands, on page 750 User Account Configuration Commands, on page 754 Software OS Upgrade Commands, on page 761
The following commands are available: (config) aaa, on page 748 (config) transport input, on page 749
(config) aaa
Command Description Parameters Example with Syntax Related Commands
ACC1(conf)# aa a
Opens the AAA node. No additional parameters are necessary.
ACC1(conf)# aaa
(config) transport input, on page 749
Co n f ig ur in g Se cu rity /
749
AC C1 ( aa a )# tr a ns po r t i np ut (t el n et | ss h| c on so l e| w eb |s e cu re we b| f tp | sn mp | tf tp ) ( e na bl e |d is a bl e )
Enables or disables access to the transport type. For example, typing: transport input web disable disables access to the Accelerator via the WebUI. By default, all transport types are set to enabled, except FTP and TFTP which are set to disabled Enter one of the following transport input types: telnet ssh console web secure-web ftp snmp tftp Followed by Enable to enable, Disable to disable.
Description
Parameters
750
A CC 1 (a aa ) #a ut h en t ic at i on l o gi n [ lo c al | r ad i us | ta ca c s]
Sets server to be checked. If more than one authentication type is used, lists the server types in the order in which they are to be authenticated. Enter parameter string as described above
Co n f ig ur in g Se cu rity /
751
Related Commands
752
A CC 1 (a aa ) #r a di us na me [ server name] t im e ou t
Sets the time out in seconds between 0 and 5000 to wait for a server to reply. The default time out is 180 seconds. Enter parameter string as described above
A CC 1 (a aa ) #r a di us na me myserver t im e ou t 180
(aaa) authentication login, on page 750 (aaa) radius name, on page 751 (aaa) radius name timeout, on page 752 (aaa) tacacs+, on page 752 (aaa) tacacs name timeout, on page 753 {hostname}:filecontroller0# authsrv add, on page 753 {hostname}:filecontroller0# authsrv list, on page 753
(aaa) tacacs+
Command
AC C1 ( aa a) # ta c ac s+ na me [ server name] i p [x .x . x. x] | k e y [ encryption key] | or d er [server authentication order]| po rt [tcp port for the server]
Sets the TACACS server and server information including IP address, encryption key and TCP port. Enter parameters as follows: Server name - enter the correct server name IP address - enter a valid IP address Encryption Key - enter the encryption key Server authentication order -enter the server authentication order Port - enter the TCP port for the server The default port is 1645.
Description Parameters
Co n f ig ur in g Se cu rity /
753
A CC 1( a aa )# t ac a cs n a me [ server name] t im e ou t
Sets the time out in seconds between 0 and 5000 to wait for a server to reply. The default time out is 180 seconds. Enter parameter string as described above
{ ho s tn am e }: f il ec o nt ro l le r0 # au t hs rv [ ad d |d el e te ] { ho s t}
Defines or deletes current authentication server. Add to add, Delete to delete and a valid host.
{ ho s tn am e }: f il ec o nt ro l le r0 # authsrv add
myhost
(aaa) authentication login, on page 750 (aaa) radius name, on page 751 (aaa) radius name timeout, on page 752 (aaa) tacacs+, on page 752 (aaa) tacacs name timeout, on page 753 {hostname}:filecontroller0# authsrv list, on page 753
{h o st n am e} : fi le c on t ro ll e r0 # a ut h sr v l is t
Displays current authentication server. No additional parameters required
{h o st n am e} : fi le c on t ro ll e r0 # authsrv [list]
(aaa) authentication login, on page 750 (aaa) radius name, on page 751 (aaa) radius name timeout, on page 752 (aaa) tacacs+, on page 752 (aaa) tacacs name timeout, on page 753 {hostname}:filecontroller0# authsrv add, on page 753
754
AC C 1( aa a )# us e r [ user name] [ lo c k| un l oc k]
Disables or enables the specified users account. Enter the user name and Lock to lock, Unlock to unlock.
AC C 1( aa a )# us e r myusername lock
(aaa) user role, on page 755 (config) lcd lock, on page 755 password local, on page 756 show aaa, on page 757
Co n f ig ur in g Se cu rity /
755
Description
Note: If you lock the keypad via the WebUI or via the CLI, you cannot use the
keypads unlock sequence to unlock the keypad. In such a case, the unlock operation can be carried out only via the CLI or the WebUI
Command Description Parameters Example with Syntax Related Commands
ACC1(config)#lc d l oc k | u n lo c k
Locks/unlocks the keypad. Lock to lock, Unlock to unlock
ACC1(config)#lc d lock
(aaa) user lock, on page 754 (aaa) user role, on page 755 password local, on page 756 show aaa, on page 757
756
password local
Command Description Parameters Example with Syntax Related Commands
A cc 1 # pa s sw o rd l o ca l
To set a local password, type in the user name and local password and press Enter. You will be prompted to enter a password. Enter parameter string as described above
A cc 1 # pa s sw o rd l o ca l myusername
mypssword
(aaa) user lock, on page 754 (aaa) user role, on page 755 (config) lcd lock, on page 755 show aaa, on page 757
Note: Use the command no user [name] to remove a user. You cannot remove a root user, but you can modify the password. (Changing an Expand users password will automatically change the root user as well.)
Co n f ig ur in g Se cu rity /
757
show aaa
Command Description Parameters Example with Syntax Related Commands
A cc 1# sh ow aa a
Displays the security settings No additional parameters are required.
A cc 1# show aaa
(aaa) user lock, on page 754 (aaa) user role, on page 755 (config) lcd lock, on page 755 password local, on page 756
758
show aaa You can enter the show aaa command from the configuration mode. This command lists all the AAA options and their settings.
User Name r o ot ex pa n d us er 1 us er 2 us er 3 Acc1(config)# show aaa te l ne t t ra n sp or t -i np u t s ta tu s .. .. . en a bl e ss h t ra n sp o rt -i n pu t s ta t us .. . .. .. . en a bl e co n so le tr a ns po r t- in p ut st at u s. .. . en a bl e we b t ra n sp o rt -i n pu t s ta t us .. . .. .. . en a bl e se c ur e- w eb tr an s po rt - in p ut s t at us . en a bl e ft p t ra n sp o rt -i n pu t s ta t us .. . .. .. . di s ab le tf t p tr a ns p or t- i np ut st a tu s. . .. .. . di s ab le sn m p tr a ns p or t- i np ut st a tu s. . .. .. . en a bl e Fi r st A u th e nt ic a ti on Me t ho d. . .. .. . Lo c al Se c on d A ut h en ti c at io n M e th od . .. .. . Ra d iu s Th i rd A u th e nt ic a ti on Me t ho d. . .. .. . TA C AC S+ Ma x im um Fa i le d L og in At t em pt s .. .. . 5 Co n fi gu r at i on C h an ge Au d it E v en t. . .. . di sa b le Cr e at e L in k A ud i t Ev e nt . .. .. . .. .. . di s ab le Status p er m it t ed p er m it t ed p er m it t ed p er m it t ed p er m it t ed Role a dm in i st ra t or a dm in i st ra t or a dm in i st ra t or n et ad m in m on it o r
Co n f ig ur in g Se cu rity /
759
Server
radius radius radius tacacs
Order
first second third first
Server Name
rad2 rad3 rad4 tac2
IP
10.0.130.139 10.0.130.132 24.0.214.160 21.0.214.160
Port
1645 1645 1645 49
Time-out
180 180 180 180
The show authentication order command lists which of the authentication servers is set as the first, second and third level authentication server.
Ac c1 ( aa a )# show authentication login order Fi rs t A u th en t ic at i on Me th o d. .. . .. . Lo ca l Se co n d A ut he n ti ca t io n M et h od .. . .. . Ra di u s Th ir d A u th en t ic at i on Me th o d. .. . .. . TA CA C S+
show servers The show servers command lists the authentication servers defined in the Accelerator.
A cc 1 (a aa ) # show servers
Server
radius radius radius tacacs
Order
first second third first
Server Name
rad2 rad3 rad4 tac2
IP
10.0.130.139 10.0.130.132 24.0.214.160 21.0.214.160
Port
1645 1645 1645 49
Time-out
180 180 180 180
760
show transport input The show transport input command lists all possible management protocols and services available and their status.
Ac c 1( aa a )# sh ow tr an s po r t in p ut te l ne t t ra n sp or t -i np u t s ta tu s .. .. . en a bl e ss h t ra n sp o rt -i n pu t s ta t us .. . .. .. . en a bl e co n so le tr a ns po r t- in p ut st at u s. .. . en a bl e we b t ra n sp o rt -i n pu t s ta t us .. . .. .. . en a bl e se c ur e- w eb tr an s po rt - in p ut s t at us . en a bl e ft p t ra n sp o rt -i n pu t s ta t us .. . .. .. . di s ab le tf t p tr a ns p or t- i np ut st a tu s. . .. .. . di s ab le sn m p tr a ns p or t- i np ut st a tu s. . .. .. . en a bl e
show user The show user command lists the users and their authorization levels.
A c c1 (a a a) # show user User Name
root
Status
permitted permitted permitted permitted permitted
Role
administrator administrator administrator netadmin monitor
expand
user1 user2 user3
Co n f ig ur in g Se cu rity /
761
AC C 1 #c o py [ s cp | sf tp | t ft p | f tp | h tt p]
[b un d le na me ] [ bu n dl e l oc a ti on ]
This command, used for copying any file, lets you upgrade the AcceleratorOS in any of the methods mentioned above, by copying the upgrade bundle file from its location. You should use the following format for specifying the location: user:password@ip/filepath.
ACC 1# r eb oo t [ bu n dl e n am e ]
This command should be used when upgrading, for the Accelerator to use the new bundle file after rebooting. Enter the same bundle name you entered in the previous section
762
bypass activate
Command Description Parameters Example with Syntax Related Commands
A CC 1# b y p as s ac t i va t e |d e ac t i va t e
Activates or Deactivates the by-pass functionality on all the interfaces. Activate to activate, Deactivate to deactivate.
A CC 1# b y p as s ac t i va t e
bypass activate interface, on page 763 bypass enable, on page 763 bypass enable interface, on page 763 show bypass, on page 764 show bypass interface, on page 764
Note: After entering the by-pass Deactivate command it is necessary to Write this
change. Failure to do so in the case where an Accelerator shuts down will cause the Accelerator to be in by-pass activate state following reboot.
Tec h ni ca l I nf o r m at io n a nd Tro u bl e S h oo t in g To o ls /
763
AC C1 # b yp a s s a c ti v at e / de a c ti v a te x /x
Activate or Deactivate the by-pass functionality on a specific interface. Activate to activate, Deactivate to deactivate, followed by the complete port number
Note: After entering the by-pass Deactivate command it is necessary to Write this
change. Failure to do so in the case where an Accelerator shuts down will cause the Accelerator to be in by-pass activate state following reboot.
bypass enable
Command Description Parameters Example with Syntax Related Commands
A C C 1# by p a ss e na b l e/ d i sa b l e
Enable or disable the by-pass on all the interfaces. Enable to enable, Disable to disable
A CC 1# b y p as s en a b le
bypass activate, on page 762 bypass activate interface, on page 763 bypass enable interface, on page 763 show bypass, on page 764 show bypass interface, on page 764
A CC 1# b y p as s [e n a bl e | di s a bl e ] [ x / x]
Enable or disable the by-pass on all the interfaces. Enable to enable, Disable to disable. Enter the complete port number
A CC 1# b y p as s en a b le 1 /0
bypass activate, on page 762 bypass activate interface, on page 763 bypass enable, on page 763 show bypass, on page 764 show bypass interface, on page 764
764
show bypass
Command Description Parameters Example with Syntax Related Commands
A CC 1# s h o w b y pa s s
Shows the by-pass status on all the interfaces. (enabled, disabled, activated, deactivated) No additional parameters required
A CC 1# s h o w b y pa s s
bypass activate, on page 762 bypass activate interface, on page 763 bypass enable, on page 763 bypass enable interface, on page 763 show bypass interface, on page 764
A CC 1# sh o w b y p as s x/ x
Shows the by-pass status on a specific interface (enabled, disabled, activated, deactivated). Enter the command with the specific valid port number
A CC 1# sh o w b y p as s 0/ 1
bypass activate, on page 762 bypass activate interface, on page 763 bypass enable, on page 763 bypass enable interface, on page 763 show bypass, on page 764
Tec h ni ca l I nf o r m at io n a nd Tro u bl e S h oo t in g To o ls /
765
ACC1#s ho w t e ch -s u pp or t c o nt in u ou s
Lists all information necessary to troubleshoot Accelerator problems. Information gathered here includes: version information, license state, CPU and memory utilization, events, link statistics, interface statistics, QoS configuration, route-rules, discovered traffic, running configuration and startup configuration. Press More to view additional output each time; alternatively, add the parameter Continuous to enable continuous output. Enter the same bundle name you entered in the previous section
ACC1#s ho w t e ch -s u pp or t continuous
show events
Command
AC C 1# sh o w e ve nt s [ lo n g | s ho r t] f i lt e r se v er it y f r om [ f at al | w ar ni n g | e rr o r | in f o] t o [ f at al | wa r ni n g | e rr or |i n fo ] ta i l [n u mb e r of la st x e ve nt s t o b e di s pl ay e d]
Lists Accelerator events. Long gives all available information on the event, while short gives a brief summary of each event. Enter the same bundle name you entered in the previous section
766
To assign cores:
1. In the Accelerators CLI, in configuration mode, type core-allocation. 2. In core alloc mode, type greedy-threshold followed by the minimum number of Accelerators to equally share memory, as follows: ACC1(CORE ALLOC)# greedy-threshold [minimum number of Accelerators] The default greedy-threshold size is 1.
Note: After the core allocation is modified, it is recommended to reboot the Accelerator.
768
Standards
RFC / Standard List
Modules
Router Protocols RIP RIPv2 OSPFv2 WCCP Router Polling Networking Spanning Tree Protocol VLAN 802.1Q HSRP VRRP SCPS IEEE 802.1D IEEE 802.1Q 2281 3768 ISO 15893:2000 CCSDS-714.0-B-1 MIL-STD-2045-44000 3954 1034, 1035, 2181 1213 2217 818 1350 959 2045, 2616, 2818 1361 IETF drafts 1157, 1155, 1212,1215 1901-1908, 25782580 3411-3418 2104 (HMAC), 2403(96), 2404 (96), 1321 (MD5) 2404 1321 1058 1723, 2082 2328, 2370 3040 2096
RFC /Standard #
NetFlow DNS Acceleration Management MIB-2 Telnet COM port Telnet service TFTP FTP HTTP, HTTPS NTP SSH, SCTF, SFTP SNMPv1 SNMPv2 SNMPv3 Security HMAC
Sta n da rd s Radius TACACS+ HW Safety approvals UL 1950, CAN/CSA C22.2, EN60950/A4, No. 950-95 FCC Part 15 Class B EN55022:1998 Class B EN55024:1998 IEC EN61000-4-2:1995 IEC EN61000-4-3:1995 IEC EN61000-4-4:1995 IEC EN61000-4-5:1995 IEC EN61000-4-6:1996 IEC EN61000-411:1994 IEC EN61000-3-2:2000 IEC EN61000-3-3:1995 CISPR16-1:1999 CISPR16-2:1999 IEC 60950-1:2001, EN 60950-1:2001. ISO 9001:2000, EN 46001, ISO 13485 ISO 9000 ETSI EN 3000192(1999-09), ESTI EN 300019-2(1994), Bellcore standard: GR63-ORE. Telcordia (Bellcore) 2138, 2865 1492
769
EMC approvals
MTBF
770
Acceptance
These terms and conditions of sale (Terms and Conditions) are the terms and conditions upon which Expand Networks, Ltd. and its affiliates and subsidiaries (together Expand) make all sales. Expand will not accept any other terms and conditions of sale, unless Purchaser and Expand have executed an agreement that expressly supersedes and replaces these Terms and Conditions. Acceptance of all purchase orders is expressly made conditional upon Purchaser's assent, expressed or implied, to the Terms and Conditions set forth herein without modification or addition. Purchaser's acceptance of these Terms and Conditions shall be indicated by Purchaser's acceptance of any shipment of any part of the items specified for delivery (the Products) or any other act or expression of acceptance by Purchaser. Expand's acceptance is expressly limited to the Terms and Conditions hereof in their entirety without addition, modification or exception, and any term, condition or proposals hereafter submitted by Purchaser (whether oral or in writing) which is inconsistent with or in addition to the Terms and Conditions set forth hereon is objected to and is hereby rejected by Expand.
Ter m s an d C o nd it i on s o f S al e
771
Risk of Loss
Risk of loss or damage to the Products shall pass to the Purchaser upon delivery of the Products to the common carrier, regardless of whether the purchase price has been paid in full. Unless advised otherwise, Expand may insure the Products shipped to full value and all such insurance costs shall be for the Purchaser's account. The Purchaser shall inspect the Products immediately upon receipt and shall promptly file any applicable claims with the carrier when there is evidence of damage during shipping.
Warranty
Expand warrants to the purchaser for a period of ninety (90) days from shipment that the products shall be free from defects in material and workmanship and shall perform in substantial conformance with specifications published by Expand. Expand's obligations under these terms and conditions shall be limited solely to Expand making, at Expand's cost and expense, such repairs and replacements as are necessary to place the products in good working order and to conform the products to Expand's published specifications. This warranty is in lieu of all other warranties, express or implied, including without limitation, implied warranties of merchantability and fitness for a particular purpose.
Product Returns
Return of Products purchased hereunder shall be governed by Expand's RMA policies in effect on the date of the invoice. Expand reserves the right to modify or eliminate such policies at any time. The right to return defective Products, as previously described, shall constitute Expand's sole liability and Purchaser's exclusive remedy in connection with any claim of any kind relating to the quality, condition or performance of any Product, whether such claim is based upon principles of contract, warranty, negligence or other tort, breach of any statutory duty, principles of indemnity or contribution, the failure of any limited or exclusive remedy to achieve its essential purpose, or otherwise. In the event Expand issues a return authorization to Purchaser allowing Purchaser to return Product to Expand, Purchaser will deliver the Product to Expand's address in the United States, if so required by Expand, and Purchaser shall bear all applicable federal, state, municipal and other government taxes (such as sales, use and similar taxes) as well as import or customs duties, license fees and similar charges, however designated or levied, on any replacement Product to be shipped by Expand to Purchaser.
License Grant
The Products, though primarily composed of hardware components, contain software that is proprietary to Expand or its licensors. Expand hereby grants to Purchaser, and Purchaser accepts, a personal non-exclusive, nontransferable license to use the Program, in object code form only, and the accompanying documentation (collectively referred to as the Software) only as authorized in these Terms and Conditions. The Software is licensed for Purchaser's internal use and the Software or any derivative or by-product of the Software may not be used by, sub-licensed, re-sold, rented or distributed to any other party. Purchaser agrees that Purchaser will not assign, sublicense, transfer, pledge, lease, rent, or share Purchaser's rights under these Terms and Conditions. Purchaser shall not copy, modify, reverse assemble, reverse engineer, reverse compile, or otherwise translate all or any portions of the Software. The Software and the Documentation are proprietary to Expand and are protected under U.S. and international copyright, trademark, trade secret and patent laws. All right, title, and interest in and to the Software, including associated intellectual property rights, are and shall remain with Expand.
772
Limitation of Liability
In no event shall Expand be liable for loss of profits, indirect, special, incidental, or consequential damages (including, without limitation, loss of use, income or profits, losses sustained as a result of personal injury or death, or loss of or damage to property including, but not limited to, property handled or processed by the use or application of the products) arising out of any breach of these Terms and Conditions or obligations under these Terms and Conditions. Expand shall not be liable for any damages caused by delay in delivery, installation, or furnishing of the Products hereunder. No action arising out of any claimed breach of these Terms and Conditions or transactions under these Terms and Conditions may be brought by either party more than two years after the cause of action has accrued. Expand's liability under these Terms and Conditions shall in no event exceed the purchase price of the Products.
Default
The failure of the Purchaser to perform its obligations under these Terms and Conditions including but not limited to payment in full of the purchase price for the Products, or the filing of any voluntary or involuntary petition under the Bankruptcy Code, insolvency, assignment for the benefit of creditors, or liquidation of the Purchaser's business shall constitute a default under these Terms and Conditions and shall afford Expand all the remedies of a secured party under the Uniform Commercial Code. In the event of default, Expand may, with or without demand or notice to Purchaser, declare the entire unpaid amount immediately due and payable, enter the premises where the Products is located and remove it, and sell any or all the Products as permitted under applicable law. Expand may, in addition to any other remedies which Expand may have, refuse to provide service on the Products under any applicable maintenance agreement relating to the Products then in effect between the parties at the time of the default.
Indemnity
Expand shall defend or settle any suit or proceeding brought against Purchaser based on a claim that Products sold hereunder constitutes an infringement of any existing United States patent, copyright or trade secret providing that Expand is notified promptly in writing and is given complete authority and information required for the defense. Expand shall pay all damages and costs awarded against Purchaser, but shall not be responsible for any cost, expense or compromise incurred or made by Purchaser without Expand's prior written consent. If any Products is in the opinion of Expand likely to or does become the subject of a claim for patent infringement, Expand may, at its sole option, procure for the Purchaser the right to continue using the Products or modify it to become noninfringing. If Expand is not reasonably able to modify or otherwise secure the Purchaser the right to continue using the Products, Expand shall remove the Products and refund the Purchaser the amounts paid in excess of a reasonable rental for past use. Expand shall not be liable for any infringement or claim based upon use of the Products in combination with other Products or with software not supplied by Expand or with modifications made by the Purchaser.
General
Expand shall not be liable for Expand's failure to perform or for delay in performance of Expand's obligations under these Terms and Conditions if such performance is prevented, hindered or delayed by reason of any cause beyond the reasonable control of Expand. These Terms and Conditions and the rights and duties hereunder shall not be assignable by either party hereto except upon written consent of the other. Purchaser agrees to pay to Expand any reasonable attorney's fees and other costs and expenses incurred by Expand in connection with the enforcement of these Terms and Conditions. These Terms and Conditions and performance hereunder shall be Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
Ter m s an d C o nd it i on s o f S al e
773
governed by and construed in accordance with the laws of the State of New York. Each party acknowledges that it has read, fully understands and agrees to be bound by these Terms and Conditions, and further agrees that it is the complete and exclusive statement of the agreement between the parties, which supersedes and merges all prior proposals, understandings and all other agreements, oral and written, between the parties relating to the subject matter of these Terms and Conditions. These Terms and Conditions may not be modified or altered except by a written instrument duly executed by both parties. If any provision of these Terms and Conditions shall be held to be invalid, illegal or unenforceable, the validity, legality and enforceability of the remaining provisions shall in no way be affected or impaired thereby. The failure of either party to exercise in any respect any right provided for herein shall not be deemed a waiver of any right hereunder.
774
I n de x
775
Index
A
AAA configuring via the CLI 748 configuring the Radius server 750 configuring users 754 viewing AAA configuration 757 configuring via the WebUI 338 configuring users 338 defining the security settings 342 setting authentication preferences 340 description 336 AccDump 377 download files 380 enable 378 Accelerator templates 92 Access authentication 336 Activating WCCP 526 Adding entries to the ARP cache 638 Advanced QoS configuring 230 setting parameters 229 Aggregation aided by Syslog server 287 applying aggregation classes to an application 619 configuring classes 617 enabling classes per link 620 prioritizing applications 205 selecting a class 271 setting by using the Decision screen 235 setting limit 621 setting window 623 AID 308 ARP creating static ARP entries 301 Assigning a link to a wan 652 Authentication 117 Authentication servers, compatibility with 116
B
Bandwidth setting a minimum bandwidth desired 203 Bandwidth management Layer-7 and bandwidth management 4 setting the bandwidth 78 Bypass mode carrying out the troubleshooting procedure 348 checking the link status 356 description 16 in an On-Path deployment 295
C
Cache Management 152 Checking Ethernet settings 357 Checking for corrupted terminals 362 Checking HSRP malfunction 363 Checking lack of acceleration 360 Checking link malfunction 361 Checking QoS malfunction 364 CIFS defining active cache method 32 Compact Flash replacing the Accelerator in the field 35 upgrading the AcceleratorOS software 366 Compression by using IPComp 25, 84
776
I n de x
Citrixs internal compression mechanism 392 disabling compression disabling Citrix encryption and compression 393 disabling Citrix NFuse compression 392 in the PNAgent client 398 on SAP 404 next-generation WAN compression 3 QoS integration with 205 viewing compression statistics per application 64 per link 53 Compression filter 147 Configuring 113 Configuring Accelerator NetFlow 402 Configuring Accelerator networking 75 Configuring DHCP servers 110 Configuring OSPF via the WebUI 99 Configuring RIP via the CLI 517 via the WebUI 102 Configuring router polling via the CLI 514 via the WebUI 101 Configuring secondary IP addresses 79 Configuring subnets manually 95 Configuring the File Server/Domain Controller 119 Configuring the WAN 78 Configuring the wizard 23 Configuring WCCP via CLI 522 Copying last saved startup configuration to running configuration 667 running configuration as startup configuration 368
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
Creating static ARP entries 301 Crypto 273 Crypto mode 274
D
Defining Shared Directories 119 Deployment Citrix deployment benefits in terminal and thin client deployments 393 Citrix metaframe deployments 226 controlling latency and jitter 392 configuring via the CLI 449 defining deployment size 32 defining deployment type 32 transparency configuring transparency support 259, 567, 585 in On-LAN deployments 254 in On-Path deployments 254 DFS 145 DHCP servers configuring via the CLI 528 via the WebUI 110 Disconnected Operation 180 DISKSITES Services Issues DHCP services 199 Displaying information for troubleshooting 355 DNS 184 DNS acceleration 268 benefits 4, 44 DNS Acceleration Configuring via the WebUI 268 Domains 117 Dynamic bandwidth using 89 Dynamic routing a feature in WAN compression 3
I n de x
777
E
Editing 89 Enabling Packet Interception 102 Encryption 214 Ethernet checking Ethernet settings 357 Ethernet port configuring NetFlow 402 connecting out-of-band management 284 Ethernet statistics viewing via the CLI 588 via the WebUI 69 Event log checking for unusual errors checking error events 352 checking fatal events 353 checking info events 352 checking warning events 352 Expand solution 114 ExpandView working with Accelerators via 291 External monitoring devices 43 External QoS devices integrating into 43
FileBank adding FileBank Directors 149 cache management 152 deleting FileBank Directors 149 fetch settings 157 filters 154 print services 168 short term files filter 154 Time to Live settings 152 users 153 Windows domain 151 FileBank Director compression filter 147 file servers 145 file services 142 settings 142 Setup Wizard 127, 131 system functions 127, 131 FileBank Director Settings 142 Filters 154 FTP acceleration configuring via the WebUI 264 definition 4
H
High latency environment installing in 44 HSRP 315 configuring autodetecting HSRP groups 641 enabling HSRP automatic detection 317 setting HSRP group number 640 setting manual HSRP configuration 318 understanding router redundancy protocols 302 HTTP acceleration configuring via the CLI 536
F
Fetch 261 Fetch Settings 157 Fetch Users 153 File Server/Domain configuring 119 File servers 145 File servers, compatibility with 116 File Services Functions 149
778
I n de x
I
IKE policy 273 Installing the Accelerator On-Path using bypass mode 16 OnPath 8 IP address configuration configuring router polling 101 configuring secondary 79 configuring subnets manually 95 configuring the Accelerator 455 creating QoS rules 231 creating static ARP entries 301 defining OSPF and RIP neighbors defining a RIP neighbor 518 defining an OSPF neighbor 511 editing a subnet 96 enabling NetFlow 593 settings 28, 32 setting a network for broadcasting the Accelerators rules 512 setting ExpandView agent parameters 111 setting links via the wizard 25 setting the Accelerators clock 109 setting the WCCP router IP 524 IPSec policies 275
L
Latency causing slower session start 242 computing 245
increased by waiting for ACK packets 242 installing in a high latency environment 44 SpeedScreen Latency Reduction Manager 397 TCP poor handling of high latency 240 using Citrix acceleration plug-in to reduce 226 using packet fragmentation to prevent violation of VoIP/video latency budgets 205 ways to reduce DNS acceleration 268 DNS caching 268 packet aggregation 647 packet fragmentation 649 scaling the transmission window 243 TCP Vegas 249 using QoS 202 using SCPS 243 Layer-7 applications classifying 222 discovering 60 identifying Citrix Layer-7 applications 399 Layer-7 QoS 4 monitoring and reporting 5 Link statistics 50 Link Templates 92 Links adding via the my links screen 81 assigning a link to a WAN 652 creating and editing 80 defining advanced settings 32 defining maximum number of 32 editing via the my links screen 89 enabling citrix acceleration 272, 276 generating trend reports via ExpandView 283 managing 305
I n de x
779
noisy links 237 setting the Accelerator to enable external QoS 237 setting the bandwidth of 210 checking QoS malfunction 364 setting to work in large cache mode 648 using graphs to view link statistics 49 acceleration 51 compression 53 summary graphs 68 using the statistics table to view link statistics 54 checking lack of acceleration 360
M
MACC configuration 323 MACC templates 92 Maximum Transmission Unit 85 Maxiumum Segment Size 85 Mobile Accelerator Configuration 323 Monitoring window description 48 MSS 85 MTU 85 Multi 311 Multiport 311 My Links screen uses adding links 82 editing links 89 using for setting links 24
identifying the traffic 72 NetFlow compliance as an Expand benefit 5 requiring router transparency encapsulation 84 Network topology optimizing 76 Networks asymmetric networks optimization 244 computing latency 246 congestion avoidance 244 defining printers for 140 IP-based network On-LAN 9 On-Path 8 overviewing your network performance 68 preparing network integration 13, 95 Non-Link 80
O
On-LAN deployment configuring transparency support 259 defining encapsulation settings 475 enabling packet interception 102 RTM support for 84 setting routing strategy 31 setting the deployment type in the CLI 454, 457 using WCCP to forward traffic to an On-LAN accelerator 104 On-LAN installation at a data center 43 configuring Accelerator NetFlow in 403 defining encapsulation settings 25 use in IP-based network 9 On-Path deployment applying HTTP transparency to the server side 254 configuring NetFlow support 71 configuring transparency support 259
N
NetFlow configuring NetFlow support 71 enabling via the CLI 593
780
I n de x
defining encapsulation settings 25 operating in bypass mode 295 setting the deployment type in the CLI 454, 457 using bridge route 31 working with bypass mode 16 working with VLAN 299 On-Path installation configuring NetFlow 403 Operating requirements 22 OSPF adding remote subnets manually 90 configuring 42, 99 configuring subnets manually 95 setting dynamic routing 94, 98 using out-of-band management 284 working with 98
P
Packet interception enabling 102 Pre-fetch 261 Print Services 168 Prioritizing applications methods of 203 when creating a new Citrix application 224 when creating a new Web application 222 when creating a QoS rule 230 when filtering traffic 209 Prioritizing traffic by using traffic shaping 210, 212
Q
QoS applications creating 215 creating Citrix applications 223
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
creating Web applications 222 modifying 222 benefits of the Expand QoS solution end-to-end application performance monitoring 205 guaranteed bandwidth for specific applications 205 restricting rouge and greedy applications 205 seamless integration with compression 205 transparent to existing QoS infrastructure 205 checking lack of acceleration 360 malfunction 364 configuring the WAN 78 configuring via the CLI 594 defining scalable 283 dropped out packets 55, 67, 333 external QoS devices 43 Layer-7 QoS bandwidth management 4 part of On-Path configuration 8 providing QoS services to virtual links 80 router transparency 25 rules creating 229 editing 234 understanding 208 setting inbound 229 understanding how QoS works QoS rules 208 studying QoS bandwidth allocation 209 traffic filtering 209 traffic shaping 209
R
RAID 308, 311
I n de x
781
RAID support 308 RAID-1 309 RAID-5 309 RDP description 393 disabling compression and encryption 394 Recovering the password 349 Redundancy 307, 311 Resiliancy 307 RIP configuring 102, 104, 105 via the CLI 517 via the WebUI 102 setting routing 94 dynamic routing 98 subnet routing 94 setup checklist 17 working with 102 Router polling configuring via the CLI 514 setting dynamic routing 98 setting routing strategy 31 using out-of-band management 284 working with 101 Router redundancy 315 HSRP 315 On-LAN deployment 9 understanding router redundancy protocols 315 VRRP 315 Router transparency monitoring device in a cloud 77 preserving network integrity 6 setting links via the wizard 25 setting the link to work with 475 WAN compression 3 with a QoS device 77 RS232 console 11 Rules route rules
S
SCPS standard compliance of TCP acceleration with 4 congestion avoidance 244 description 240 preserving network integrity 6 standard number 768 studying SCPS 243 TCP spoofing 244 Secondary IP address configuring in the WebUI 79 Security 335 Security Accelerators AAA 336 authentication setting authentication method 342 setting authentication servers 340, 342 entering user-defined password 27, 302 locking and unlocking the keypad 344 managing users defining authorization for a new user 338 deleting users 339 modifying authorization for an existing user 339 using Verisign security certificate 48 Setup via the WebUI 21 Setup wizard accessing 22 configuring 23 defining advanced settings 32 reviewing configuration 28 setting links via 24 setting time 26 Shared Directories
782
I n de x
defining 119 Short Term Files filter 154 SNTP setting the Accelerators time 109 SSH enabling secure management 6, 20 logging into the Accelerator via 442 Static ARP entries 301 Subnet routing setting 94 Summary graphs viewing 68
Transparency support configuring 259, 567, 585 Troubleshooting 347 DISKSITES services issues 199 general 191 networking issues 191, 194 security issues 193, 197 Troubleshooting displaying information for 355
U
Upgrading the AcceleratorOS software via the CLI 761 via the WebUI 366 Utilization statistics 50
T
TCP acceleration computing latency 245 configuring 248 via the WebUI 248 editing links 89 enabling 249 optimizing WANs in a high latency environment 44 understanding the shortcomings of TCP 241 Technical support displaying information for troubleshooting 355 Time setting the Accelerator time 109 Time to Live settings 152 Traffic discovery discovering Layer-7 applications 60 enabling L-7 traffic discovery via the CLI 591 gathering statistics for detected applications 59, 68, 72 viewing detailed 57 Traffic shaping how it is applied 209 prioritizing applications 203, 205 role in the QoS mechanism 207
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
V
Verisign security certificate using 48 Virtual links 80 VLAN including the Accelerator in a VLAN group 299 setting in the CLI 642 working with in an On-LAN configuration 297 in an On-Path configuration 299 VRRP 315 Setting VRRP Group Number 643 understanding router redundancy protocols 302
W
WAFS FileBank categories 142 additional services 140 file services 139
I n de x
783
system 138 utilities 140 FileBank Director categories 137 file services 137 system 137 utilities 138 WAFS transparency enabling 698 excluding servers from 698 WAN adding via the CLI 643 via the WebUI 292 addressing WAN-Outs 4 assigning a link to 652 configuring configuring NetFlow support 71 configuring the WAN 78 defining link speed 48 enabling bursts 613 enabling packet interception 102 identifying ongoing traffic 72 setting the bandwidth of QoS bandwidth allocation 209 setting inbound QoS 229 via the CLI 457 via the WebUI 32 setting to work in strict-priority mode 612 viewing detected applications 57 WAN bandwidth configuring the Accelerator 457 setting 23, 32 studying QoS bandwidth allocation 210 WAN bursts 211 WCCP configuring via the CLI 522 activating 526 setting authentication 523 setting priority 523 setting router IP 524
setting TCP service ID 525 setting UDP service ID 526 installing On-LAN at a data center 43 using out-of-band management 284 Web-intensive environment installing in 44 Windows Domain 151 Working with Accelerators Via ExpandView 155