Expand User Guide 7.0.1

AcceleratorOS
User Manual Software Version 7.0.1 Revision 4.0

Pub no. AOSUG_701_250511
This guide is delivered subject to the following conditions and restrictions: This guide contains proprietary information belonging to Expand Networks Inc. Such information is supplied solely for the purpose of assisting explicitly and properly authorized users of the Expand product series. No part of its contents may be used for any other purpose, disclosed to any person or firm or reproduced by any means, electronic, photographic or mechanical, without the express prior written permission of Expand Networks, Inc. The text and graphics are for the purpose of illustration and reference only. The specifications on which they are based are subject to change without notice. The software described in this guide is furnished under a license. The software may be used or copied only in accordance with the terms of that agreement. Information in this guide is subject to change without notice. Corporate and individual names and data used in examples herein are fictitious unless otherwise noted. Copyright 2011 Expand Networks Inc. All rights reserved.AcceleratorOS, Accelerator 9920/6800/6810/6920/ 6950/6850/6930/6830/6840/4800/4810/4820/4920/4830/4930/3930/3830/1610/1800/1810/1820/1920 and ECT are trademarks of Expand Networks Inc. Flex 2.5 includes software developed by the University of California, Berkeley and its contributors. Copyright 1990, The Regents of the University of California. All rights reserved. Other company and brand product and service names are trademarks or registered trademarks of their respective holders.
Contents
Chapter 1: Introducing the Accelerator................................... 1
Features and Benefits ........................................................................................ 2 Virtual Bandwidth Management ................................................................. 2 Easy Management and Configuration ........................................................ 2 Redefining Application Traffic Management............................................... 2 Next-generation WAN Compression .......................................................... 3 Application-specific Acceleration ........................................................ 3 Layer-7 QoS and Bandwidth Management ................................................ 4 Layer-7 Monitoring and Reporting ...................................................... 5 Branch Office Features ....................................................................... 5 Rapid Deployment/Dependable Results............................................. 5 Maximum Uptime and Reliability ........................................................ 6 The Accelerator Product Line ............................................................................ 7 How the Accelerator Works................................................................................ 8 IP-Based Network ...................................................................................... 8 On-Path .............................................................................................. 8 On-LAN............................................................................................... 9 Configuration and Management......................................................................... 11
Chapter 2: Getting Started........................................................ 13

Connecting and Configuring Multi-Port Accelerators ......................................... 14 Understanding the LEDs ............................................................................ 15 Working with By-pass Mode............................................................................... 16 Reviewing the Setup Checklist .......................................................................... 17 Performing Setup via the LCD ........................................................................... 19 Performing Setup via the WebUI........................................................................ 21 Performing Setup via the Wizard ....................................................................... 22
ii
C o nt e nts
Configuring Basic Accelerator Details........................................................ 23 Setting Links via the Wizard....................................................................... 24 Setting the Time ......................................................................................... 26 Modifying the Password ............................................................................. 27 Reviewing Wizard Configuration ................................................................ 28 Accelerator Main Menu ...................................................................................... 29 Modifying the Basic Configuration ..................................................................... 30 Setting Routing Strategy ............................................................................ 31 Defining Advanced Settings ....................................................................... 32 About the AcceleratorOS License...................................................................... 34 Viewing the License Status ........................................................................ 35 Reviewing the Licensing Procedure........................................................... 36 Licensing a Physical Accelerator ............................................................... 37 Activating the I-Key in the Portal ........................................................ 37 Applying an Accelerator Feature License Key.................................... 38 Licensing a Virtual Accelerator................................................................... 38 Activating the Licensing Server Dongle via the Portal ........................ 38 Configuring the Licensing Server via the Accelerator......................... 39 Logging On and Off the Accelerator .................................................................. 41 Integrating the Accelerator into Your Network.................................................... 42 Integrating into Networks that use Dynamic Routing ................................. 42 Networks Using External QoS or Monitoring Devices................................ 43 Working in Noisy Link Environments.......................................................... 43 Installing On-LAN at a Data Center............................................................ 43 Installing in a High Latency Environment ................................................... 44 Installing in a Web-Intensive Environment ................................................. 44
Chapter 3: Monitoring the Network ......................................... 45

Introduction to Monitoring .................................................................................. 46 Working with Monitoring..................................................................................... 47 Installing the JAVA Applet .......................................................................... 47 Using Verisign Security Certificate ............................................................. 48 Studying The Monitoring Window............................................................... 48 Using Link Statistics and Graphs ....................................................................... 49 Viewing Throughput Statistics per Link ...................................................... 50 Viewing Utilization Statistics per Link ......................................................... 50 Viewing Acceleration Statistics per Link ..................................................... 51
Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
Co n t en ts
iii
Understanding Acceleration................................................................ 51 Viewing Compression Statistics per Link.................................................... 53 Viewing Statistics per Link .......................................................................... 54 Discovering Traffic.............................................................................................. 57 Viewing Detected Applications ................................................................... 57 Viewing Detailed Traffic Discovery ............................................................. 57 Creating a New Application from Discovered Traffic .................................. 59 Viewing Monitored Applications.................................................................. 60 Discovering Layer-7 Applications ............................................................... 60 Viewing Statistics and Graphs for Specific Applications..................................... 62 Setting up Graphs ............................................................................... 63 Viewing Utilization Statistics per Application .............................................. 63 Viewing Throughput Statistics per Application............................................ 63 Viewing Acceleration Statistics per Application .......................................... 64 Viewing Compression Statistics per Application......................................... 64 Viewing Bandwidth Distribution Statistics per Application .......................... 65 Monitoring Applications .............................................................................. 65 Viewing Statistics for Applications .............................................................. 67 Viewing Summary Graphs.................................................................................. 68 Viewing Ethernet Statistics ................................................................................. 69 Configuring the Ethernet Statistics Display Fields ...................................... 69 Configuring NetFlow Support ............................................................................. 71 Identifying the Traffic .................................................................................. 72 Enabling NetFlow ....................................................................................... 72
Chapter 4: Configuring Networking......................................... 75

Optimizing the Network Topology....................................................................... 76 Taking into Account Network-Specific Considerations................................ 77 Defining WAN Setup .......................................................................................... 78 Setting the Bandwidth................................................................................. 78 Configuring the WAN.................................................................................. 78 Configuring Secondary IP Addresses ................................................................ 79 Creating and Editing Links ................................................................................. 80 Studying the Links Screen .......................................................................... 81 Adding Links ............................................................................................... 82 Advanced Link Configurations.................................................................... 84 Editing Links ............................................................................................... 89
4. 0
iv
C o nt e nts
Using Dynamic Bandwidth.................................................................. 89 Configuring Link Subnets ........................................................................... 90 Creating Link Templates............................................................................. 92 Using a Virtual IP Address ................................................................................. 93 Setting Subnet Routing ...................................................................................... 94 Configuring Subnets Manually ................................................................... 95 Editing a Subnet ................................................................................ 96 Adding Static Routes.......................................................................................... 97 Setting Dynamic Routing ................................................................................... 98 Working with OSPF.................................................................................... 98 Configuring OSPF .............................................................................. 99 Working with Router Polling ....................................................................... 101 Enabling Packet Interception ............................................................................. 102 Working with RIP........................................................................................ 102 Configuring RIP .................................................................................. 102 RIP Route Injection............................................................................. 103 Using RIP for Packet Interception ...................................................... 104 Working with WCCP................................................................................... 104 Using WCCP for Packet Interception ................................................. 105 Adding a Dynamic Service ................................................................. 107 Editing a Dynamic Service.................................................................. 108 Setting WCCP on the Router.............................................................. 108 Working with PBR ...................................................................................... 108 Setting the Date and Time on the Accelerator ................................................... 109 Configuring DHCP Servers ................................................................................ 110 Activating DHCP Relay Agent.................................................................... 110 Setting ExpandView Connectivity Parameters................................................... 111
Chapter 5: Configuring and Managing WAFS......................... 113

Introduction to WAFS ......................................................................................... 114 Expand Networks WAFS Solution ............................................................. 114 Supported Servers ..................................................................................... 116 File Servers ........................................................................................ 116 Authentication Servers ....................................................................... 116 Supported Clients....................................................................................... 116 Expand Hardware Device Specifications ............................................ 116 Domains ..................................................................................................... 117
Co n t en ts
Authentication............................................................................................. 117 Getting Started with WAFS................................................................................. 118 Overview..................................................................................................... 118 Enabling WAFS Configuration............................................................................ 119 Configuring the File Server/Domain Controller........................................... 119 Defining Shared Directories ................................................................ 119 Defining User Permissions.................................................................. 120 Defining Network Settings .......................................................................... 121 Enabling WAFS Operation Mode ............................................................... 124 Excluding Servers or Subnets from WAFS................................................. 126 Configuring the Data Center and Branch Office................................................. 127 Setting Up the File Bank Director ............................................................... 127 File Server Settings............................................................................. 128 Summary............................................................................................. 129 Confirmation and Application .............................................................. 130 Setting Up the File Bank............................................................................. 130 Overview ............................................................................................. 131 Domain Settings.................................................................................. 132 File Bank Director Settings ................................................................. 133 Summary............................................................................................. 134 Confirmation and Application .............................................................. 134 WAFS Management and Operation Modes ....................................................... 136 The WAFS Management Screen................................................................ 136 FileBank Director Categories...................................................................... 137 FileBank Director System ........................................................................... 137 File Services ............................................................................................... 137 FileBank Director Utilities ........................................................................... 138 FileBank Categories ................................................................................... 138 FileBank System ................................................................................. 138 FileBank Services ............................................................................... 139 Additional Services ............................................................................. 140 FileBank Utilities ................................................................................. 140 Managing the Data Center ................................................................................. 141 Starting the Data Center ............................................................................. 141 Managing File Services .............................................................................. 142 Defining FileBank Director Settings .................................................... 142 Managing System Users..................................................................... 144 Adding File Servers............................................................................. 145
4. 0
vi
C o nt e nts
Managing the Compression Filters List .............................................. 147 Configuring FileBank Services ................................................................... 149 FileBank Directors .............................................................................. 149 Virtual Servers .................................................................................... 150 Windows Domain................................................................................ 151 Cache Settings ................................................................................... 152 Time to Live (TTL) settings ................................................................. 152 Invalidate Cache................................................................................. 153 System Users ..................................................................................... 153 STF Filters .......................................................................................... 154 Setting Advanced FileBank Features................................................................. 155 Configuring the Fetch Mechanism ............................................................. 155 Fetch Mechanism Overview ............................................................... 155 Fetch User .......................................................................................... 156 Fetch Jobs .......................................................................................... 156 Fetch Settings..................................................................................... 157 Fetch Activation.......................................................................................... 157 Creating Fetch Jobs ........................................................................... 158 Replication Service .................................................................................... 159 Replication User ................................................................................. 160 Replication File Types ........................................................................ 160 Replication Schedule.......................................................................... 160 Replication Paths................................................................................ 161 Replication Service Activation.................................................................... 161 Service Activation on FileBank Director ............................................. 161 Service Activation on FileBank ........................................................... 162 Initial Pre-population of Large Files on FileBank ................................ 162 Configuring Replication Services ............................................................... 162 Replication User ................................................................................. 163 Kerberos Configuration .............................................................................. 165 Enabling and Disabling Kerberos on the FB....................................... 165 Enabling and Disabling Kerberos on the FBD .................................... 165 Auto Kerberos Configuration .............................................................. 166 Enabling Kerberos per Server ............................................................ 166 Printing Services for the FileBank...................................................................... 168 Configuring Additional Services ................................................................. 168 Print Services ..................................................................................... 168 Configuring Print Services (FileBank) ........................................................ 169 Adding a Network Printer to FileBank................................................. 169
Co n t en ts
vii
Assigning Printing Administrators ....................................................... 170 PointNPrint Configuration.................................................................. 170 Uploading Printer Drivers.................................................................... 171 First Client Driver Installation .............................................................. 172 Verifying PointNPrint Installation ....................................................... 173 Manual Client Driver Installation ......................................................... 173 Verifying Driver Installation ................................................................. 174 Connecting the Printer to the FileBank Server.................................... 176 Printing Setup Troubleshooting........................................................... 176 Using WAFS Printing Services........................................................................... 178 Adding a WAFS Printer via Windows ......................................................... 178 WAN-OUT Operation ......................................................................................... 180 About WAN-OUT ........................................................................................ 180 Detecting a WAN-OUT Event ..................................................................... 180 FileBank WAN-OUT Detection Mechanism ........................................ 181 FBD WAN-OUT Detection Mechanism ............................................... 181 Working with Files while in WAN-OUT Mode ............................................. 181 Cache.................................................................................................. 181 File Access.......................................................................................... 182 File Security ........................................................................................ 182 Replication files and Short-Term files.................................................. 183 Partially Completed Transactions ....................................................... 183 Partial Disconnection .......................................................................... 183 WAN-OUT Known Limitations .................................................................... 183 DNS Masquerading ............................................................................................ 184 DNS Masquerading Benefits ...................................................................... 184 DNS Masquerading Configuration.............................................................. 185 Monitoring WAFS Functionality .......................................................................... 189 Running System Diagnostics...................................................................... 189 Viewing Logs .............................................................................................. 189 Troubleshooting.................................................................................................. 191 Troubleshooting Tools ................................................................................ 191 Networking.................................................................................................. 191 Windows Domain Join ................................................................................ 193 Service........................................................................................................ 194 Possible Error Messages............................................................................ 195 Access denied..................................................................................... 195 Performance ............................................................................................... 197
4. 0
viii
C o nt e nts
Advanced Expand Services ....................................................................... 199 DHCP Services................................................................................... 199 DNS Services ..................................................................................... 199
Chapter 6: Applying QoS.......................................................... 201

Accelerator QoS................................................................................................. 202 About QoS.................................................................................................. 202 How to Know What is on Your Network...................................................... 203 How to Prioritize Applications..................................................................... 203 Studying the QoS Solution ......................................................................... 203 Automatic Traffic Discovery ................................................................ 204 End-to-end application performance monitoring................................. 205 Transparency to existing QoS infrastructure ...................................... 205 Priority treatment for critical applications............................................ 205 Guaranteed bandwidth for specific applications ................................. 205 Restricting rogue and greedy applications ......................................... 205 Seamless integration with compression ............................................. 205 How QoS Works ................................................................................................ 207 Prerequisites .............................................................................................. 207 Understanding QoS Rules ......................................................................... 208 How Traffic Filtering is Applied................................................................... 209 How Traffic Shaping is Applied .................................................................. 209 Studying QoS Bandwidth Allocation........................................................... 209 WAN Bandwidth.................................................................................. 210 Link Bandwidth ................................................................................... 210 Diagnostic Mode Traffic ...................................................................... 210 Bandwidth Limits................................................................................. 210 Bursts ................................................................................................. 211 Desired Bandwidth ............................................................................. 211 Priority ................................................................................................ 212 Block................................................................................................... 212 Real-time ............................................................................................ 212 The Difference Between Real-time and Desired? .............................. 213 Carrying Out Basic QoS Configuration .............................................................. 214 Working with Applications .................................................................................. 215 Viewing Defined Applications..................................................................... 216 Deleting an Application .............................................................................. 217
Co n t en ts
ix
Editing an Application ................................................................................. 217 Creating New Applications ......................................................................... 219 Layer-7 Applications ................................................................................... 222 Creating Web Applications ......................................................................... 222 Creating Citrix Applications ........................................................................ 224 Citrix Benefits...................................................................................... 226 Creating Remote Desktop Services ........................................................... 226 Setting QoS Rules.............................................................................................. 229 Setting Inbound QoS .................................................................................. 229 Viewing QoS Rules..................................................................................... 229 Creating QoS Rules.................................................................................... 230 Editing QoS Rules ...................................................................................... 234 Making Decisions for Specific Applications ........................................................ 235 Creating a New Application Decision ......................................................... 236 External QoS ...................................................................................................... 237 QoS Troubleshooting ......................................................................................... 238
Chapter 7: Optimizing Acceleration Services......................... 239

Studying TCP Acceleration ................................................................................ 240 Understanding the Shortcomings of TCP ................................................... 241 The TCP Acceleration Solution .................................................................. 243 Scaling the Transmission Windows .................................................... 243 Congestion Avoidance ........................................................................ 244 Local Network Isolation....................................................................... 244 Asymmetric Networks Optimization .................................................... 244 Computing Latency ............................................................................. 245 Configuring TCP Acceleration ............................................................................ 248 Enabling TCP Acceleration......................................................................... 249 Excluding Servers or Subnets from TCP Acceleration ............................... 251 TCP Acceleration Advanced Settings......................................................... 252 Keepalive.................................................................................................... 253 Understanding Web Acceleration....................................................................... 254 Configuring HTTP Acceleration.......................................................................... 255 Enabling and Disabling HTTP Caching ...................................................... 255 Setting the Cache Size ............................................................................... 255 Setting Cache Content ............................................................................... 256 Working with HTTP Read Ahead................................................................ 256
4. 0
C o nt e nts
Clearing HTTP Cache ................................................................................ 257 Returning to Default Settings ..................................................................... 257 Setting Advanced HTTP Parameters ......................................................... 258 Setting HTTP Acceleration Rules............................................................... 259 Excluding from HTTP Caching................................................................... 260 Working with Fetch Jobs ............................................................................ 261 FTP Acceleration ............................................................................................... 264 Enabling and Disabling FTP Caching ........................................................ 264 Setting the Cache Size............................................................................... 265 Setting Cache Content ............................................................................... 265 Clearing FTP Cache................................................................................... 265 Returning to Default Settings ..................................................................... 265 Setting Advanced FTP Parameters............................................................ 266 Excluding from FTP Caching ..................................................................... 267 Configuring DNS Acceleration ........................................................................... 268 Enabling Aggregation......................................................................................... 271 Enabling Traffic Encryption ................................................................................ 273 Configuring an IKE Policy .......................................................................... 273 Defining Crypto Mode ................................................................................ 274 Configuring IPsec Policies ......................................................................... 275 Applying IPsec Policies on a Link .............................................................. 276 Remote Desktop Protocol Services ................................................................... 278 Configuring Terminal Services ................................................................... 278 Collecting RDP Proxy Statistics ................................................................. 279 Excluding Terminal Services ...................................................................... 280
Chapter 8: Configuring Management Options........................ 281

Studying the ExpandView System ..................................................................... 282 Simplifying WAN Optimization.................................................................... 282 Generating Advanced Alerts for World-Class NOCs.................................. 282 Generating Proactive Reports for Network Provisioning............................ 282 Defining Scalable QoS ............................................................................... 283 Updating the IP Address of ExpandView Server........................................ 283 Using Out-of-Band Management ....................................................................... 284 Using SNMP ...................................................................................................... 285 Receiving Log Error Messages.......................................................................... 287 Sending Updates to a Syslog Server ......................................................... 287
Co n t en ts
xi
Sending Updates via Email ........................................................................ 289
Chapter 9: Setting Advanced Parameters............................... 291

Adding WANs ..................................................................................................... 292 Handling Interfaces ............................................................................................ 295 Viewing Available Interfaces....................................................................... 296 Working with VLAN..................................................................................... 297 Viewing the VLAN Interfaces .............................................................. 299 Adding a VLAN Interface .................................................................... 300 Creating Static ARP Entries ............................................................................... 301 Defining Authentication Settings ........................................................................ 302 Configuring DNS ................................................................................................ 303 Dial-on-Demand ................................................................................................. 305
Chapter 10: Resiliency and Redundancy ................................ 307

RAID................................................................................................................... 308 About RAID................................................................................................. 308 RAID Support in Accelerators' Hard Drives ................................................ 308 RAID-1 Mirrored set without parity...................................................... 309 RAID-5 Striped set with distributed parity ........................................... 309 Multi-Port Support ............................................................................................. 311 Router Redundancy Protocols ........................................................................... 315 HSRP.......................................................................................................... 316 Enabling HSRP Automatic Detection.................................................. 317 Setting Manual HSRP Configuration................................................... 318 VRRP.......................................................................................................... 320
Chapter 11: Working with Mobile Accelerators ..................... 323

Overview ............................................................................................................ 324 Configuring the Mobile Accelerator Client .......................................................... 326 Viewing the Collective Branches ................................................................ 326 Creating a Collective Branch ...................................................................... 327 Creating a Collective Branch Template ...................................................... 328 Creating Mobile Accelerator Link Templates .............................................. 329
4. 0
xii
C o nt e nts
Monitoring Collective Branch Statistics .............................................................. 330 Viewing Collective Branch Throughput Statistics ....................................... 330 Viewing Collective Branch Utilization Statistics .......................................... 330 Viewing Collective Branch Acceleration Statistics...................................... 331 Viewing Collective Branch Compression Statistics .................................... 331 Viewing Collective Branch Statistics .......................................................... 332
Chapter 12: Security ................................................................. 335

Studying the AcceleratorOS AAA....................................................................... 336 Configuring AAA ................................................................................................ 338 Configuring Users ...................................................................................... 338 Deleting Users .................................................................................... 339 Viewing the Authentication Servers ........................................................... 340 Adding a New Authentication Server.................................................. 340 Setting the Authentication Method...................................................... 341 Defining the Security Settings .................................................................... 342 Auditing Administration Activities ....................................................................... 343 Locking and Unlocking the Keypad.................................................................... 344 Setting the Keypad Lock Definitions .......................................................... 344 Defining Other LCD Settings...................................................................... 345 Turning By-pass On............................................................................ 345 Locking the Keypad ............................................................................ 345 Product ID........................................................................................... 346 Management IP .................................................................................. 346 Management Mask ............................................................................. 346
Chapter 13: Troubleshooting ................................................... 347

Carrying out the Troubleshooting Procedure ..................................................... 348 Password Issues................................................................................................ 349 Resetting the Password ............................................................................. 349 Choosing a Legal Password ...................................................................... 349 Password Strength ............................................................................ 350 Examples of Good and Bad Passwords ............................................ 350 Additional Notes About Passwords .................................................... 351 Checking the Event Log..................................................................................... 352 Checking Info Events ................................................................................. 352
Co n t en ts
xiii
Checking Warning Events .......................................................................... 352 Checking Error Events................................................................................ 352 Checking Fatal Events................................................................................ 353 Studying Log Message Formats ................................................................. 353 Displaying Information for Troubleshooting........................................................ 355 Displaying Statistics in a Compressed, Archived File................................. 355 Checking the Link Status.................................................................................... 356 Checking Ethernet Settings................................................................................ 357 Checking Lack of Acceleration ........................................................................... 360 Accessing Remote Devices........................................................................ 360 Checking Link Malfunction ................................................................................. 361 Checking for a Corrupted Terminal..................................................................... 362 Checking HSRP Malfunction .............................................................................. 363 Checking QoS Malfunction................................................................................. 364
Chapter 14: Using the Accelerator Tools ................................ 365

Upgrading the AcceleratorOS Software ............................................................. 366 Using the Configuration Tools ............................................................................ 368 Using the General Tools ..................................................................................... 370 Sending a Ping to the Remote Accelerator ................................................ 371 Sending a Traceroute Packet ..................................................................... 371 Rebooting the Accelerator .......................................................................... 372 Gathering Statistics for Technical Support.................................................. 372 Managing User Files .......................................................................................... 374 Viewing System Information............................................................................... 375 Archiving Log Files ............................................................................................. 376 Accdump ............................................................................................................ 377 Enabling Accdump...................................................................................... 378 Deleting Accdump Files.............................................................................. 380 Downloading Accdump Files ...................................................................... 380
Appendix A: Pre-Defined Applications.................................... 381 Appendix B: Accelerator Integration ....................................... 391

Acceleration and Citrix Traffic............................................................................. 392 Disabling Citrix NFuse Compression.......................................................... 392 Disabling Citrix Encryption and Compression ............................................ 393
4. 0
xiv
C o nt e nts
Defining Settings on the Server.......................................................... 394 Setting/checking ICA or RDP listener traffic ....................................... 394 Speed Screen Latency Reduction Manager ....................................... 397 Defining Settings on the Client For Citrix ................................................... 397 Turning Compression off in the PNAgent Client......................................... 398 Understanding the PNA Problem ....................................................... 398 Resolving the PNA Problem ............................................................... 398 Identifying Citrix Layer-7 Applications ........................................................ 399 Configuring NetFlow .......................................................................................... 401 Studying Traffic Measurement.................................................................... 401 Studying Traffic Monitoring......................................................................... 402 Configuring Accelerator NetFlow ............................................................... 402 Disabling Compression on SAP......................................................................... 404 Calculating Acceleration using other Applications ............................................. 406
Appendix C: MIME Types ......................................................... 409

Application ......................................................................................................... 410 Audio.................................................................................................................. 415 Image ................................................................................................................. 416 Message ............................................................................................................ 417 Model ................................................................................................................. 418 Multipart ............................................................................................................. 419 Text .................................................................................................................... 420 Video.................................................................................................................. 421
Appendix D: Contacting TAC ................................................... 423 Appendix E: TCPDump Optional Flags ................................... 425 Appendix F: Command Line Interface..................................... 439
Getting Started ................................................................................................... 440 Understanding the CLI Documentation ...................................................... 440 Accessing the CLI ..................................................................................... 441 Login and Logout Commands .................................................................... 442 Basic CLI Actions ....................................................................................... 443 Licensing Commands................................................................................. 444 Basic Setup Commands............................................................................. 447 Configuration Settings Commands ............................................................ 448 Customizing the CLI................................................................................... 450 Configuration Commands .................................................................................. 452
Co n t en ts
xv
General Commands ................................................................................... 453 Local Interface Commands......................................................................... 454 Link Commands.......................................................................................... 458 Bandwidth Adjust Commands .................................................................... 499 Crypto Commands...................................................................................... 503 Subnet Commands..................................................................................... 504 Alias Commands ........................................................................................ 507 OSPF Commands ...................................................................................... 509 Router Polling Commands.......................................................................... 514 RIP Commands .......................................................................................... 517 WCCP Commands ..................................................................................... 522 SNTP Server Commands ........................................................................... 527 DHCP Server Commands .......................................................................... 528 DHCP Relay Commands............................................................................ 531 WEB Acceleration Commands ................................................................... 533 HTTP Acceleration Commands .................................................................. 536 Fetch Job Commands ................................................................................ 568 TCP Acceleration Commands .................................................................... 572 Keep Alive Commands ............................................................................... 579 FTP Acceleration Commands..................................................................... 581 Studying a Subnet Configuration Network.................................................. 587 Ethernet Statistics Display Commands ...................................................... 588 NetFlow Commands ................................................................................... 593 QoS Commands ......................................................................................... 594 RAID Commands........................................................................................ 614 Aggregation Class Commands................................................................... 617 DNS Acceleration Commands.................................................................... 624 Traffic Encryption Commands .................................................................... 632 ARP Commands......................................................................................... 638 Additional Commands ................................................................................ 640 Link Commands.......................................................................................... 646 Expand View Commands ........................................................................... 653 SNMP Commands...................................................................................... 655 Log Commands .......................................................................................... 658 Log Archives Commands ........................................................................... 665 Configuration Tool Commands ................................................................... 667 Accdump Commands ................................................................................. 671 RDP Proxy Commands .............................................................................. 676 Mobile Accelerator Commands .................................................................. 680
4. 0
xvi
C o nt e nts
Configuring WAFS ............................................................................................. 683 Basic Operation Commands ...................................................................... 684 Cache Commands ..................................................................................... 687 Print Administration Commands................................................................. 688 Printer Driver Commands........................................................................... 690 CUPS Commands...................................................................................... 692 Printer Port Commands.............................................................................. 693 Printer Management Commands ............................................................... 696 WAFS Transparency Commands............................................................... 698 Excluded Server Commands ..................................................................... 699 CIFS Commands........................................................................................ 700 Compression Filter Commands.................................................................. 701 Time and Date Commands ........................................................................ 702 Additional Commands ................................................................................ 703 Fetch Commands....................................................................................... 706 FileBank Director Commands .................................................................... 707 WAFS Help Commands ............................................................................. 711 WAFS Licensing Commands ..................................................................... 712 WAFS Log File Commands........................................................................ 713 Replication Service Commands ................................................................. 718 Replication User Commands ..................................................................... 725 Event Scheduling Commands.................................................................... 731 Service Management Commands.............................................................. 734 Software Commands.................................................................................. 738 Statistic Commands ................................................................................... 739 Stf_filter Commands................................................................................... 740 Transaction Monitoring Commands ........................................................... 742 TTCP Commands ...................................................................................... 743 User Commands ........................................................................................ 745 Virtual Memory Statistic Commands .......................................................... 746 Wins Commands........................................................................................ 747 Configuring Security........................................................................................... 748 Transport Type Commands........................................................................ 748 Server Configuration Commands............................................................... 750 User Account Configuration Commands.................................................... 754 Software OS Upgrade Commands............................................................. 761 Technical Information and Trouble Shooting Tools ............................................ 762 By-pass Mode Commands......................................................................... 762 show tech-support continuous ................................................................... 765
Co n t en ts
xvii
show events................................................................................................ 765 Configuring Core Allocation...................................................................... 766
Appendix G: Specifications and Warranty.............................. 767

Standards ........................................................................................................... 768 RFC / Standard List ................................................................................... 768 Terms and Conditions of Sale ............................................................................ 770 Acceptance................................................................................................. 770 Price and Payment ..................................................................................... 770 Title and Security Interest........................................................................... 770 Risk of Loss ................................................................................................ 771 Warranty ..................................................................................................... 771 Product Returns.......................................................................................... 771 License Grant ............................................................................................. 771 Limitation of Liability ................................................................................... 772 Default ........................................................................................................ 772 Indemnity .................................................................................................... 772 General....................................................................................................... 772 Open Source Provisions............................................................................. 773
Index ........................................................................................... 775
4. 0
Chapter 1: Introducing the Accelerator

Expand Networks AcceleratorTM is the ideal Application Traffic Management System for ensuring optimal application performance over the WAN. The Accelerator is a Layer-3 WAN device that dramatically improves application response times through a combination of bandwidth compression, Layer-7 QoS and acceleration plug-ins for specific applications. This chapter includes the following sections: Features and Benefits, on page 2 Next-generation WAN Compression, on page 3 Layer-7 QoS and Bandwidth Management, on page 4 The Accelerator Product Line, on page 7 How the Accelerator Works, on page 8 Configuration and Management, on page 11
C h ap t er 1: Introducing the Accelerator
Features and Benefits

The Accelerators new and improved algorithms provide the highest WAN compression performance available, in an easy to install package that fits seamlessly into various network topologies such as MPLS, QoS clouds, noisy networks, high BER networks, load balanced networks, and networks experiencing many out-of-order errors. Features include: Virtual Bandwidth Management, on page 2 Easy Management and Configuration, on page 2 Redefining Application Traffic Management, on page 2 Next-generation WAN Compression, on page 3 Layer-7 QoS and Bandwidth Management, on page 4
Virtual Bandwidth Management

Expands next-generation compression and caching take your limited WAN links and create four to ten times the output on the same infrastructure, thereby closing the proximity gap created by applications that consume bandwidth and create a poor user experience on the WAN. Expand extends your budget and stretches your resources further than imagined. Include the option of using a virtual Accelerator and the possibilities are endless.
Easy Management and Configuration

Many of the Settings in the User Interface contain an Auto setting. This allows the Accelerator to choose the proper parameter setting according to conditions at the given time allowing you to continually experience maximized optimization.
Redefining Application Traffic Management

The Accelerator takes application traffic management to the next level by reducing WAN costs and improving application performance. In addition to bandwidth compression capabilities, the Accelerator provides a rich set of features that improve application response times and provide Layer-7 visibility and control tools,
Fe at u r es a nd B en e fi ts
which enable network managers to align network resources with business priorities. Acceleration of application response times is achieved through next-generation WAN compression, application-specific acceleration, Layer-7 QoS capabilities and sophisticated monitoring and reporting.
Next-generation WAN Compression

The Accelerators bandwidth expansion algorithms provide an effective alternative to WAN upgrades with a 3 to 9 month ROI. Typical capacity gains of 100% to 400%+ additional capacity, peaks of 1000%+. Combination of byte-level caching, packet header reduction and adaptive packet compression. High performance, low latency algorithms Packets incur a maximum of 1 millisecond latency passing through the device. 100% lossless, works on all applications Supports up to 350 remote sites and 45 Mbps in a single device. Unique On-LAN deployments enable rack-and-stack above 350 sites and 45 Mbps. Verified in over 27,000 production installations. Network transparent RTM (Router Transparency Mode) enables 100% IP header preservation, ensuring guaranteed compatibility with any kind of WAN device. RTM also preserves Layer 4 for TCP & UDP traffic. Dynamic routing enables effortless installation even in complex networks that use OSPF, RIP and other routing protocols.
Application-specific Acceleration
Application-specific acceleration is a breakthrough approach that works in combination with next-generation compression for improving application response times. Improves application response times by 100% to 400%, peaks of 1000%+ Extensible architecture based on application acceleration plug-ins for additional application support TCP acceleration enables TCP transfer speeds in excess of WAN link speed, even under challenging latency and packet loss
conditions. The TCP acceleration plug-in is standards-based, meeting the SCPS standard (www.scps.org) that was developed by NASA and the DoD for performance optimization in high latency links. HTTP acceleration provides faster web application response times for chatty HTTP transactions by eliminating repetitive download of frequently accessed objects, applets, and so on. FTP acceleration provides faster response times due to elimination of long FTP transactions by keeping local copies of frequently accessed files. DNS acceleration eliminates DNS wait times for applications (for example: web portals) by keeping copies of frequently accessed DNS translations cached at the edge Accelerator. The Accelerator's full-scale WAFS and CIFS acceleration optimizes file access over the WAN, solving remote server data access from the data center over the WAN. Server consolidation is made possible without paying the price in WAN application performance. Expand Networks enhanced WAFS offering addresses the key performance, availability and management issues raised by server consolidation: LAN-like application performance: Expand Networks acceleration architecture replicates files and keeps them on the remote sites cache, thereby maintaining LAN-like performance for future file transfers. Virtual-Server: Expand Networks enhanced WAFS offering retains critical remote branch system services such as: DNS, DHCP, and print. Addressing WAN-Outs: In the event of a network outage, remote users can continue working because files are served from a local cache.
Layer-7 QoS and Bandwidth Management

The Accelerators Instant QoS functionality stops bandwidth abuse, guarantees network resources for critical applications like VoIP and lets network managers prioritize network applications according to business objectives. Low operational cost QoS solution, Layer-7 application discovery Easy to set upinstant QoS maximum flexibility for advanced users QoS can be applied to both inbound and outbound traffic.
Fe at u r es a nd B en e fi ts
Bandwidth limits can be set to a maximum amount or an optimal amount Burst-ability control Strict priority for real-time traffic Allows traffic shaping with high, medium, and low attributes Discards rogue applications Packet fragmentation assures VoIP/video latency budget Integrates with existing environments Marks, honors and preserves QoS based on application or QoS markings Extensible architecture Additional application classification QoS troubleshooting/diagnostics mode
Layer-7 Monitoring and Reporting

The Accelerators and the ExpandView stand-alone Application Traffic Management System provide powerful monitoring and graphical reporting for full application-level visibility and cost-effective end-to-end network management. Automatic application detection with hundreds of predefined classes. Dozens of historical and real-time reports for WAN and links Throughput, performance, acceleration Applications and hosts System-wide, per link, Peer, IP subnet, application inbound and outbound user customizable Complex rules available for the advanced user, such as nested rules and order matching Export and print functions End-to-end view with ExpandView
Branch Office Features

The Accelerators offer much more than just a bandwidth increase. These intelligent devices deliver a branch office platform that consolidates multiple devices. Full NetFlow compliance replaces the need for costly probes Open architecture for future enhancements
Rapid Deployment/Dependable Results

With minimal configuration and no network architecture changes.
2 minute configuration via front panel keypad Up and running in minutes with environment auto-detection Easy-to-use WebUI and central deployment stations Familiar Cisco-like CLI minimizes staff retraining Secure management with HTTPS, SSH, SNMP (v2c/v3) Integrates with existing user authentication and administration systems RADIUS, TACACS+, and Windows Directory Validated in over 1,000 enterprise and service provider networks
Maximum Uptime and Reliability

The Accelerators resilience features and standards-based implementation guarantee unsurpassed uptime and availability. Network integrity preserved with standards-based implementation, HSRP/VRRP failover External flash card for effortless device swap-out (for non-hard drivebased models: Switch-to-wire and software watchdogs) assure zero network downtime Remote access never compromised Out-of-band management Network integrity preserved with standards-based implementation IPComp tunnels Router Transparency Mode SCPS for TCP Acceleration SNMP for device management NetFlow probe
The Accelerator Product Line
T h e A cc el er a to r P r o d uc t L in e
The Accelerator product line consists Accelerators that will cater to a range of facilities from the small office to the Enterprise Network. Check the corporate web site (www.expand.com) for new hardware releases.
How the Accelerator Works

Accelerators can be deployed in any network environment, whether the WAN is a private line, frame relay, VPN, IP, ATM, xDSL, ISDN, wireless local loop, or satellite. You can connect Accelerators on the LAN side of the router. Some of the Accelerators benefits can be realized with no far-end Accelerator.
IP-Based Network
In an IP network, you can position the Accelerator on the LAN-side of the router or directly on the LAN. The Accelerator can be located either On-Path, on page 8 or On-LAN, on page 9.
On-Path
On-Path configuration places the Accelerator between the LAN and the router on both sides of the IP network. The data from the LAN segment passes through the Accelerator that performs traffic optimization, including compression and QoS, before the data reaches the router. See the sample On-Path application in Figure 1.
Figure 1: On-Path Application
In this configuration, internal by-pass circuitry ensures the Accelerator fails-to-wire, enabling invisible protection of the network in the unlikely event of failure. If the Accelerator fails-to-wire, traffic will continue passing, but will not be accelerated (by-pass mode).
H o w t h e A cc el er a t o r Wo r k s
On-LAN
On-LAN configuration places the Accelerator directly on the LAN as a host. The Accelerator becomes the next hop for traffic on the LAN destined to the WAN. The accelerated data is redirected to the far-end Accelerator (On-LAN or On-Path) where the data is reconstructed before reaching its destination IP address. Usually, one Accelerator is installed on the LAN segment. However, if resilience is to be enhanced, you can install two or more Accelerators for redundancy purposes. The most common configuration up to Version 6.1.2 involves creating two links (two Accelerators), one of which is assigned a higher priority (metric - ranging from 11 to 10,000), so it will be used as the default link for the connection. If this link fails, traffic switches to the other link. See Figure 2.
Figure 2: On-LAN Application
If all transparent Proxy services (such as HTTP acceleration or TCP acceleration) are disabled, you can assign incoming traffic through one link and outgoing traffic through the other link. Another optional configuration is shown in Figure 3:
Figure 3: An Optional Configuration
In this configuration, Hot Standby Routing Protocol (HSRP) or Virtual Router Redundancy Protocol (VRRP) enables the Accelerator to take part in HSRP/VRRP
10
groups. Starting from Version 6.1.2, a link can be destined to an HSRP/VRRP virtual IP, providing redundancy in cases where an active Accelerator fails. If an AcceleratorOS link is established, and the Source IP of this link is defined to be the HSRP Groups Virtual IP, the link switches to the next Accelerator in the rare case of primary Accelerator failure, and all of this links services are kept. When the primary Accelerator is available again, the link switches back to it.
Configuration and Management
Co n fi g ur at io n an d M an ag em e nt
11
You can configure and monitor the AcceleratorOS via a user-friendly Web User Interface (WebUI). The WebUI is accessible from Microsoft Internet Explorer via the HTTP protocol or the secured HTTPS protocol. Console-based administration can be accomplished using a directly connected terminal or terminal software using a serial connection, a Telnet session, or a secured SSH-based connection. You can carry out initial configuration by using the front-panel LCD. The Accelerator operating system, AcceleratorOS, provides a wide range of management features. Like most networking equipment, the Accelerator requires some basic initial configuration in order to function. This configuration is performed locally by using the front-panel LCD, or an RS-232 console, Telnet console or browser-based management console, and includes specifying the Accelerators IP address. The initial configuration also involves defining passwords, and the time and date at the Accelerator site. The Accelerators user-friendly Installation Wizard guides you through the steps necessary to get your Accelerator up and running. For Quick Installation Instructions, see the Accelerator Quick Installation Guide.
12
Chapter 2: Getting Started

This chapter assumes that you have successfully installed and turned on the Accelerator without any errors. If you have not been able to install or turn on the Accelerator successfully, see Troubleshooting, on page 347 and Contacting TAC, on page 423. The AcceleratorOS lets you set up the Accelerator either via the LCD, in conjunction with the Accelerators Wizard, or via the Wizard alone, by using the Accelerators default IP address (10.0.99.99). In addition, you can use the CLI to perform complete setup. This chapter contains the following topics: Connecting and Configuring Multi-Port Accelerators, on page 14 Working with By-pass Mode, on page 16 Reviewing the Setup Checklist, on page 17 Performing Setup via the LCD, on page 19 Performing Setup via the WebUI, on page 21 Performing Setup via the Wizard, on page 22 Accelerator Main Menu, on page 29 Modifying the Basic Configuration, on page 30 About the AcceleratorOS License, on page 34 Logging On and Off the Accelerator, on page 41 Integrating the Accelerator into Your Network, on page 42
14
C h ap t er 2: Getting Started
Connecting and Configuring Multi-Port Accelerators

To connect the Accelerator to your network:
1. Connect the Pair 0 first. Connect one port to the switch (LAN). ETH 0/0 for example 2. Connect the other port from the same pair to the router (WAN). ETH 0/1 for example. 3. Connect Port ETH0 to a computer for management (optional).
Figure 1: Connecting the Cables
4. Power on the Accelerator.
C on n ec t in g an d C on f ig u r in g M ul ti - P o r t Ac ce ler at o r s
15
Understanding the LEDs

When the Accelerator powers-up, make note of the LEDs use Figure 2 for the LED location and the following table for the LEDs description:
Figure 2: LED Display
See this table for 6x50 LED information:

Activity LED
LED Color Green Off Definition Active traffic No traffic LED Color Orange Green Off
Link LED
Definition 1000 MB link 100 MB link 10 MB link
See this table for 7930 and 7940 LED information:

LED that is Illuminated
Link/Act 100 1000 100 and 1000
Definition
There is traffic 100MB link 1G Link By-pass is activated
5. If there is an error or the LEDs light incorrectly, see the troubleshooting information for your specific device.
16
Working with By-pass Mode

When working in On-Path mode, the Accelerator can work in by-pass mode to enable transparent data transmission in the unlikely event of Accelerator failure. The move to by-pass mode is carried out automatically by the by-pass switch on the Accelerator. In addition, all models support invoking the by-pass mode through the CLI. Furthermore, with Accelerators that have multi-port support (79xx and 6x50) you can set specific ports or all ports to by-pass mode, via the CLI only. To activate bypass manually on an Accelerator that has multi-port support, see bypass activate, on page 762. CAUTION! When by-pass is enabled you will lose connectivity to the CLI/WebUI, unless Out-of-Band management is used.
Reviewing the Setup Checklist

Information Needed
Speed: 10/100/1000 Duplex: Half / Full IP Address: IP Address: Subnet Secondary (up to 10): VLAN: Subnet: Acc IP Address: Subnet: Acc IP Address: Subnet: Acc IP Address: Yes: HSRP / VRRP (circle one) No Yes / No If yes, OSPF Area ID: or IP address: Yes / No Version: 1/2 If yes, RIP Authentication: IP Address:
Re vie w in g t h e S et u p Ch ec kl ist
17
Follow this checklist to ensure that you have all of the information necessary to complete Accelerator setup:
Network Checklist
What are the port settings of the devices that will be attached to the Accelerator (switch/router)? What is the IP address of the Default Gateway? What will the IP address of the Accelerator be? Will there be secondary IP addresses or VLAN IP Addresses? Does this Accelerator have more than one subnet in its network?
For more information see:
Performing Setup via the Wizard, on page 22
Setting Subnet Routing, on page 94
Do you have HSRP or VRRP configured? Do you have OSPF configured?
HSRP, on page 316 (config-ospf) ospf-mode enable, on page 512 RIP Commands, on page 517
Do you have RIP configured?
IP address of the remote Accelerator? WAN bandwidth? Does your network include VLAN 802.1q trunking? Does your network use external traffic monitoring software on the router? Do you have any ToS implementation? MPLS? Diffserv? Any kind of applications that modify the ToS field?
Performing Setup via the Wizard, on page 22 Performing Setup via the Wizard, on page 22
Yes / No Yes / No
Working with VLAN, on page 297 Encapsulation, on page 25 MPLS, on page 77 Creating QoS Rules, on page 230
Yes / No Yes / No Yes / No Yes / No
18
Network Checklist (Continued)

Do you currently use SNMP?
Information Needed
Yes / No If Yes, what is the community name? Yes / No If Yes, what is the IP address of the trap receiver? Yes / No If Yes, what is the IP address of the Syslog Daemon? Yes / No Yes / No If yes, enable TCP Acceleration
For more information see:

Using SNMP, on page 285
Do you currently collect SNMP traps?
SNMP Commands, on page 655
Do you currently use a Syslog server?
Sending Updates to a Syslog Server, on page 287
Do you currently use NetFlow? Does your network have high latency lines above 40 ms?
Configuring NetFlow Support, on page 71 Studying TCP Acceleration, on page 240
Performing Setup via the LCD
P er f o r m in g S e tu p v ia t he L C D
19
Accelerator configuration is made simple with the front-panel LCD. AcceleratorOS v6.xx should be displayed, where xx is the maintenance release number (for example 7.0.1) in addition to a status display (Ready, By-pass, or various error messages). Press Enter to start configuration.
To navigate between the fields:

Follow these steps: Press the right/left arrows until the cursor is below the word/value you want to select or change. Press the up/down arrows to change the value of the numbers. Press Enter to write the setting and to navigate to the next screen. Enter the Setup Menu by making sure the cursor is under Setup and pressing Enter. Setup - Verify that the Setup LCD is illuminated, and press Enter.
Figure 3: The Setup LCD
Local IP - Enter the Local IP address and press Enter
Figure 4: Local IP LCD
Subnet Mask - Enter the Subnet Mask and press Enter
Figure 5:Subnet Mask LCD
20
Default Gateway - Enter the Default Gateway and press Enter
Figure 6: Default Gateway LCD
When asked if you want to Save the setup, select Yes or No and press Enter. At this point, management can be performed via the Accelerators Web UI, via the CLI, Telnet, SSH, or via ExpandView- Centralized Management. To work with ExpandView, you will need to define the ExpandView server IP address via the CLI. For other LCD settings, see section Locking and Unlocking the Keypad, on page 344.
Performing Setup via the WebUI

To access the WebUI:
P er f o r m in g S e tu p v ia t he Web U I
21
The Accelerators Web User Interface (WebUI) provides you with a user-friendly interface for configuring the Accelerator.
1. The Accelerator comes pre-configured with the IP address: 10.0.99.99 255.255.255.0 If no other IP address was assigned via the LCD, use this default address to access the Accelerator. If the Accelerator is connected directly to a management PC, ensure that you set the PC to the same subnet as the Accelerators IP address. 2. In the Address field of your web browser, enter the Accelerators IP Address. Alternatively, the Accelerator WebUI supports access via Secure HTTP, by typing https:// before the Accelerator IP address. 3. The Accelerators WebUI opens and prompts you to log in to use the WebUI. When prompted, log in to the Accelerator by entering a user name and password. The default user name and password (both case sensitive) that must be used on initial login are as follows: user name: expand password: Expand The first time you access the WebUI, the Setup Wizard automatically opens and guides you through the steps of basic Accelerator configuration.
22
Performing Setup via the Wizard

The Accelerators Setup Wizard guides you on the step-by-step configuration of the basic parameters (all parameters that are set via the front-panel LCD), which are necessary to get your Accelerator up and running.
To access the Setup Wizard:

1. The first time you access the Accelerators WebUI, the Setup Wizard opens automatically. On subsequent uses, to return to the Setup Wizard, click the Setup Wizard button. If the Accelerator is connected directly to a management PC, ensure that you set the PC to the same subnet as the Accelerators IP address. 2. Read carefully the explanations that appear in the Welcome screen and click Next to move to the My Accelerator screen, which lets you define the local Accelerator settings. i Note: To carry out any modifications and additions after initial configuration, always use the Basic screen or the My Links screen and not the Wizard. The Wizard resets other parameters to their default values when accessed. Additional Topics are as follows: Configuring Basic Accelerator Details, on page 23 for help with the My Accelerator Screen Setting Links via the Wizard, on page 24 for help with the My Links Screen Setting the Time, on page 26, for help with the Time screen Modifying the Password, on page 27, for help with the password screen Reviewing Wizard Configuration, on page 28, for help with the summary screen
P er fo r m in g S et up via t h e Wi z ar d
23
Configuring Basic Accelerator Details

Set the following parameters on the Wizards My Accelerator screen:
Device Name IP Address Subnet Mask Default Gateways Set a name for the Accelerator of up to 60 characters, without spaces and special characters. Enter the IP address of the Accelerator. Enter the Subnet Mask to identify this Accelerators local subnet. Enter the networks Default Gateway to which the Accelerator will forward the traffic it intercepts. You can add more than one gateway, by typing the IP address in the field and clicking Add. The maximum number of gateways that you can add is 5. The License Stratus is shown here. Enter the Accelerators serial number (product ID). Select either Evaluation, License Key or License File, and enter the license key or file number. For more information on Licensing, see About the AcceleratorOS License, on page 34. Select a deployment Type (ON-Path or On-LAN). In the deployment size field enter the approximate number of Accelerators to which the local Accelerator will be connected(1-500). Setting an accurate network size enables the Accelerator to better optimize traffic. In network topologies such as Mesh and Hub, knowing the network size is important for the Accelerator in order to know how to divide its system resources correctly among connected Accelerators.
Licensing
Advanced Settings
24
Setting Links via the Wizard

The My Links screen, accessed via the Wizard, lets you set up the basic parameters necessary to define your network and begin working with the Accelerator. Follow these steps to set Link information and click Next to advance to the next screen:
Figure 7: The Setup Wizard Links Screen
To add a remote Accelerator:

1. Using the parameters described in the table below, add the information as needed in the appropriate field. 2. Click Add to add the remote Accelerator. Use the Delete button to remove added links from the Links Table. 3. Click Next to advance to the next screen of the Wizard.
25
Parameter
Destination IP Name Bandwidth
Description
Enter the IP Address of the remote device. Set a name for the link that will let you identify it in the future. Up to 31 characters, no spaces, no special characters. Set the speed of the link that connects the local Accelerator to the remote Accelerator. This should be either the local WAN bandwidth or the remote WAN bandwidth - whichever is lower. To accomplish asymmetrical bandwidth settings, use either the advanced link parameters or the CLI. Choose one of the following options, by clicking on the relevant radio button: IPComp: IPComp encapsulation (tunneled encapsulation) compresses the entire packet. This means that the IP header, the transport header and the payload are compressed and the packet traversing the network will have an IPComp header. IPComp is the default setting, which enables the best compression rate. Router Transparency (RTM): In Router Transparency encapsulation, only the packets payload is compressed, leaving the original IP header and the original TCP/UDP header in their original forms so that their information is available across the network. Router Transparency encapsulation is appropriate in an environment where header preservation is necessary, including QoS deployments, monitoring (NetFlow), Load Balancing, Billing, encryption, MPLS networks and certain firewall environments. UDP: UDP encapsulation allows for more compatibility with firewalls that use encapsulated packets.
Encapsulation
Note: When using router transparency mode, the payload of packets destined to the router (SNMP requests, Telnet, and so on) will be compressed, making them unreadable by the router. In this event, it is necessary to set up a decision policy that does not tunnel specific applications, (like SNMP see Working with Applications, on page 215), or excludes specific subnets or IP addresses from being accelerated on the link (see Configuring Link Subnets, on page 90). Note: Encapsulation settings can be asymmetric. This means that you can set one Accelerator to Router Transparency while setting the other Accelerator to IPComp in the opposite direction. This is useful for setting RTM mode when one of the Accelerators is On-LAN and the other is On-Path. However, IPComp encapsulation will not function if the IPComp protocol is blocked by a firewall. Therefore, ensure that the IPComp protocol is not blocked before selecting either IPComp or RTM encapsulation
26
Note: TCP port 1928 is needed for establishing a connection between Accelerators. Ensure that this port is not blocked by a firewall that is installed between the Accelerators. Note: Deleting the non-link is impossible, because this link name is a logical entity that represents all un-specified traffic in the QoS and Monitoring engines
Setting the Time

Verifying that the Accelerators time is accurately set is extremely important in order to have an accurate reading of when events occur and when statistic items are gathered and updated. All Accelerators within the same network, must be set to the same time.
To set the time and time zone:

1. In the Current date and Time field, enter the Time in the following format: hh:mm 2. Using the Date drop down menus, select the current date using the following format: dd:mm:yyyy. 3. Using the Time zone drop-down menu, select the time zone that you are located in. If your country is not listed, select the one that is in your time zone. 4. Click Next to advance to the next screen.
Figure 8: The Setup Wizard
27
Modifying the Password

Security reasons necessitate changing the default password before exiting the setup Wizard. The password you select will not display in the field and it is casesensitive. Make sure you can remember your password as there is no retrieval system in case it is forgotten. If you cannot remember your password, you will need to reset the Accelerator to factory default settings as described in Resetting the Password, on page 349. i Note: The following values are not accepted as passwords: An empty field (i.e. a blank password) Expand (the default original password) Other values as specified in Choosing a Legal Password, on page 349.
To enter a password:
1. Type the current password in the Current Password field. If you are logging in for the first time, the default password is Expand. 2. Type a new password (context sensitive) in the New Password field. 3. Confirm this password by typing the same password you typed in step 2. 4. Click Next to move to the next screen.
Figure 9: The Setup Password window
28
Reviewing Wizard Configuration

The Summary screen of the Setup Wizard lets you review the parameters set via the Wizard before saving them to the Accelerator. If the configuration is correct, press the Finish button to save the settings to the Accelerator. ! CAUTION! Clicking Finish saves the configuration as the Accelerators Startup Config.
Figure 10: Setup Wizard Summary window
Accelerator Main Menu
A cc el era to r Mai n Me nu
29
The following buttons, which are common to all WebUI menu screens, let you carry out basic operations as follows:
WebUI Menu Item
Setup Wizard Write Change Password
Description
Click the Setup Wizard link at any time to open the Setup Wizard. Click the Write link at any time to write the current configuration. This must be done when specified. Click the Change Password link at any time to modify your login password. The password is case sensitive, but the number of characters is not limited. For information on choosing a proper password, see Choosing a Legal Password, on page 349. If you have forgotten your password, you will need to reset the Accelerator to factory default settings, see Resetting the Password, on page 349. Click the Logout link at any time to log out of the Accelerator. Clicking on this button at any time on any page in the interface will set that page as the default startup page home page each time you log into the WEB/UI. There is no confirmation to this action. Click the Refresh button at any time to refresh the data in the WebUI. Any change not saved will be deleted. Click the Help button at any time to open the Accelerators online help. This help is pop-up based so make sure your browsers settings allow pop-ups.
Logout
30
Modifying the Basic Configuration

To modify the basic Accelerator setup, you can make changes via the Basic screen in the Setup menu of the WebUI. i Note: To carry out any modifications and additions after initial configuration, always use the Basic screen or the My Links screen and not the Wizard. The Wizard resets other parameters to their default values when accessed. The parameters on this screen are identical to the parameters configurable via the Setup Wizards Basic screen, with the exception of Routing Strategy settings (see Setting Routing Strategy, on page 31). For more information see Performing Setup via the Wizard, on page 22. In addition, the Basic screen lets you add a description to identify the Accelerator. The Basic screen includes specific details concerning the Accelerator device, as follows:
Parameter
Platform Product ID AcceleratorOS Version System Up-Time Current Time
Description
Accelerator type The product ID is the unique number identifying the Accelerator, and is used when licensing the product Software (AcceleratorOS) version running on the Accelerator The last time the device was rebooted, and how much time has elapsed since. Time set in the Accelerator
If you need help with the AcceleratorOS interface, see Accelerator Main Menu, on page 29.
To change the basic Accelerator parameters:

1. Enter the information as described in the following table. 2. Click Submit.
M o d if yin g t h e Ba sic C o nf ig u r a ti on
31
3. For advanced configurations, click Advanced Settings Configuration and see Defining Advanced Settings, on page 32.
Device Name Description IP Address Subnet Mask Routing Strategy Default Gateways Set a name for the Accelerator of up to 60 characters, without spaces and special characters. Type a description that is relevant for your use. For example, 3F ACC Type a valid IP address for this Accelerator. Type a Subnet Mask to identify this Accelerators local subnet. See Setting Routing Strategy, on page 31. Enter the networks Default Gateway to which the Accelerator will forward the traffic it intercepts. You can add more than one gateway, by typing the IP address in the field and clicking Add. The maximum number of gateways that you can add is 5. See Defining Advanced Settings, on page 32
Advanced Settings
Setting Routing Strategy

The Basic screen lets you set the Routing Strategy. Routing strategy defines how to route traffic. In environments such as router polling and dynamic routing networks, the Accelerator must route all traffic, and therefore you should set Routing strategy to Routing only. In other environments, non-link traffic and inbound traffic should not be directed to the router (normally, when nonlink traffic is transmitted by the Accelerator, it is directed to the router; but this can cause problems if the destination is a Layer-2 address or for incoming traffic). In such environments you have to set the Routing strategy to Bridge route, which does not route non-link and inbound traffic - only traffic destined to an accelerated link or a virtual link. Routing-Only typically used in On-LAN deployments, or in environments that require the Accelerator to route all traffic (for example: networks that use Dynamic Routing policies). Bridge Route typically used in On-Path deployments, where traffic is not necessarily routed through the router. i Note: Enabling TCP Acceleration requires you to use Routing-Only routing strategy.
32
Defining Advanced Settings

Lets you set advanced information about the Accelerators setup, as shown in the following table. Changes made here require you to click the Submit button in order for those changes to take effect.
Deployment Type On-Path: see On-Path, on page 8 On-LAN: see On-LAN, on page 9 For additional information on both types of deployment, see the Quick Installation Guide supplied with your Accelerator Enter the approximate number of Accelerators to which the local Accelerator will be connected (1-500). Setting an accurate network size enables the Accelerator to better optimize traffic. In network topologies such as Mesh and Hub, knowing the network size is important for the Accelerator in order to know how to divide its system resources correctly among connected Accelerators. Set the precise bandwidth (in Kbps) of the WAN. 0 is not a valid bandwidth Defines the active cache method: WAFS only (for CIFS traffic), Web Cache only (for HTTP servers), or both or None. This sets the Maximum Segment Size in bytes of a TCP packet that the Accelerator will accept in a single, unfragmented piece, excluding the TCP and IP headers. For maximum efficiency, the MTU should never be more than the MSS + the headers. MSS can be configured on a per-link basis or globally on all links. You can either choose Other and enter your own value. By default the setting is None. Used for defining the maximum number of requested links. You can set here any number between 1 and 450. Enabled by default, allows the user to see statistics in the traffic gauge links or non-link output. Select the Enable check box to Enable, clear the check to Disable.
Deployment Size
Bandwidth Caching Local MSS
Maximum Links Traffic Gauge
CAUTION! The WAN bandwidth setting is used by the Accelerators QoS ! mechanism. Ensure that the WAN bandwidth is not set too low, otherwise the ! Accelerators QoS mechanism may drop packets and cause applications to disconnect. Note: For the Accelerators application optimization to work properly, you are advised to set an accurate WAN bandwidth defining the physical link that the Accelerator sits on. Either select the WAN Bandwidth from the pull-down menu or select Other and enter a specific figure into the provided field along with its correct unit (bps, Kbps, Mbps, Gbps). If you are unsure of your WAN bandwidth setting, use the default setting of 100 Mbps.
M o d if yin g t h e Ba sic C o nf ig u r a ti on
33
34
About the AcceleratorOS License

Physical Accelerators are shipped with a temporary license with a 30-day grace period, during which you must register the product and a install a permanent license. Once the 30-day grace period has passed, the Accelerator will continue to pass data in pass-through mode and will not optimize traffic in any way. Once you have installed the permanent license only the features (listed below) that you have licensed will be optimized. Virtual Accelerators are licensed via the Licensing Server and Dongle. Information about the Licensing Server is in the Licensing Server User Guide that is supplied with the Accessories DVD for the Virtual Accelerator. The following features are subject to individual licensing requirements: Bandwidthsee note below QoS L7-QoS TCP Acceleration Web Caching WAFS (both FB and FBD) IPsec MACC Seats (for Mobile Accelerators - the value indicates maximum number of MACCs that can be connected to this specific Accelerator.)
A Note about Bandwidth Licensing: the bandwidth license specifies the maximum amount of traffic that will be accelerated. Any remaining traffic will pass-through. For example, if you have a license for 2MB and the network has more than 2MB of traffic, the maximum amount of traffic up to 2MB is accelerated, the remaining will pass through. To see if a particular link has exceeded the licensed bandwidth allowance, look at the My Links screen and a partial icon will be displayed next to the link. If you are concerned about exceeding your license limit, you can monitor it within the Links Statistics Data Table (see Figure 11). If packets are exceeding the license or if the license is expired, you are notified with a warning message
Ab o u t th e A cce le r at o r O S Li ce ns e
35
Figure 11: License Exceeded
Additional topics in this section include: Viewing the License Status, on page 35 Reviewing the Licensing Procedure, on page 36 To load a new license, see Applying an Accelerator Feature License Key, on page 38 To configure the Licensing Server information, see Configuring the Licensing Server via the Accelerator, on page 39
Viewing the License Status

Viewing the license status is possible as follows: Via the Licensing tab of the My Accelerator screen. or Via the CLI see Licensing Commands, on page 444. The License Table shows all applicable features that are subject to the license and also shows each licenses status. If the license is a trial license, the amount of time left to the license is indicated. Should you need to change, upgrade, or re-new your license, you should contact your local reseller. i Note: The grace period counts only days during which the Accelerator is powered on. Note: In the unlikely event of Accelerator failure, if you use a non hard drivebased Accelerator, you can immediately replace the Accelerator in the field by inserting the Compact Flash from an Accelerator with a permanent license into another Accelerator. This will enable the second Accelerator to function with a an evaluation license, allowing you time to register the new Accelerator.
36
See one of the following topics for more information: Applying an Accelerator Feature License Key, on page 38for loading a new license file Configuring the Licensing Server via the Accelerator, on page 39for configuring the Licensing Server information.
Reviewing the Licensing Procedure

Licensing a physical Accelerator involves two steps: Activating the I-Key in the Portal, on page 37 Applying an Accelerator Feature License Key, on page 38 Licensing a Virtual Accelerator involves two steps: Activating the Licensing Server Dongle via the Portal, on page 38 Configuring the Licensing Server via the Accelerator, on page 39 To renew or upgrade your license, contact Expands Technical Assistance Center. If you do not know how to do this see Contacting TAC, on page 423.
37
Licensing a Physical Accelerator

Activating the I-Key in the Portal
To Activate the I-Key:
1. Identify the Accelerators Serial number (product ID) in the upper right hand corner of the Basic screen of the AcceleratorOS WebUI. 2. Open your E-mail and copy the I-Key that was sent to you with your order confirmation. 3. Go to www.expand.com. Click the My Expand tab on the top of the Web page. Customers are to go to the Extranet site by clicking the Here to Login button on the right. 4. Enter your login information and click Log In. If you have not yet registered click First Time Here to do so and then log in. 5. Click on the Accelerator Licensing tab. 6. Click the Add Product link. 7. In the popup window, enter the Site Name, and the Reseller. Type or paste the Serial Number from the AcceleratorOS WebUI. Re-enter the serial number. Click the Submit button and a new pop-up window opens. 8. In the I-Key field, enter the I- Key (received via E-mail) and click the Activate button. The popup window now displays the details of the license key. 9. Copy the information listed in the first line: LICENSE KEY IS: This is the number that you need to enter into the Accelerator to activate the license. Keep this information in a safe place. See Applying an Accelerator Feature License Key, on page 38 to continue.
38
Applying an Accelerator Feature License Key

To activate or reactivate an Accelerator feature License Key:
1. Make sure you have copied the License Key from the Licensing Section of the customer portal to the clipboard. 2. In the Accelerators WebUI, click Setup followed by My Accelerator, and then Licensing. 3. Click the Activate New License button and click the Key radio button. 4. Click Paste to paste the License Key as copied from the clipboard. 5. To update the new license features for all established links, select the Refresh acceleration on all links checkbox, if not keep the checkbox deselected. 6. Click Activate License.
To upload a License File:

1. Make sure you have downloaded the license file (.lic) from the Customer Portal and transfer it to the Accelerator using an appropriate transfer protocol (FTP, for example). Also, make sure you write down the file name (it is case sensitive). 2. In the Accelerators WebUI, click Setup followed by My Accelerator, and then Licensing. 3. Click the Activate New License button. 4. Click the File radio button and type the complete name of the file in the field. There is no browse option. 5. To update the new license features for all established links, select the Refresh acceleration on all links checkbox, if not keep the checkbox deselected. 6. Click Activate License.
Licensing a Virtual Accelerator

Activating the Licensing Server Dongle via the Portal
Once you have received the Licensing Server Package, you need to register the Dongle on the Expand Networks Channel or Extranet Portal. You will need the
39
Dongle ID number in order to register the Dongle. This number is supplied to you within the Confirmation Letter you received when you purchased the Virtual Accelerator. 1. Go to www.expand.com. Click the My Expand Link. Customers are to go to the Extranet site by clicking the Here to Login button on the right. 2. Enter your login information and click Log In. If you have not yet registered click First Time Here to do so and then log in. 3. Click on the Accelerator Licensing tab. 4. Click the Add Product link. 5. In the popup window, enter the Site Name, and the Reseller. Enter the Dongle ID Number. Re-enter the Dongle ID Number. Click the Submit button and a new popup window opens. 6. Download the Licensing Deployment File (.lic) by clicking the underlined hyperlink. 7. The individual Virtual Accelerator License Keys are also displayed. Download the Excel spreadsheet and save it for your records. 8. Go to Configuring the Licensing Server via the Accelerator, on page 39, to continue.
Configuring the Licensing Server via the Accelerator

All Virtual Accelerators require a connection to the Licensing Server in order to provide acceleration services. Note that, if for any reason the connection to the licensing server is lost, the license state will default to a grace-period state, requiring you to fix the problem before the grace-period ends. Failure to do so will result in your license being invalidated.
Note: In order to use the Virtual Accelerator, you will need to install the Licensing Server and Dongle. For additional information about the Licensing Server Installation or Licensing Server Dongle, see the documentation included on the Virtual Accelerator Accessories DVD.
40
To connect the Virtual Accelerator to the licensing server:

1. In the Accelerators WebUI, click Setup followed by My Accelerator, and then Licensing. 2. Click the + to open the Licensing Advanced window. 3. Decide how you are going to connect to the server by selecting one of the following: If you know the licensing servers IP address, select IP address and type it in the IP Address field. If you know the Host name, type the name in the Host Name field. If you want the Virtual Accelerator to discover the licensing server by itself, click Auto Discover. 4. Click Submit.
Logging On and Off the Accelerator

To log into the Accelerator:
1. Open a web browser.
L o g gi n g O n an d O f f t he A cc ele r a to r
41
In the setup of the Accelerator, you set a password. You will need this password to log into the software.
2. Enter the IP address of the Accelerator. The login screen appears. 3. If your browser has pop-ups disabled, change the properties so that pop-ups are enabled. 4. Verify that the platform and software version shown on the screen are correct. 5. In the User Name field, enter the user name you used in the Setup Wizard. This is case sensitive. 6. In the Password field, enter the password you used in the Setup Wizard. This is case sensitive. If this is your first time logging in, the default user name is expand and the default password is Expand. Both are case sensitive. 7. Click Submit.
To logout of the Accelerator:

1. From any screen in the WebUI, click Logout. There is no confirmation. You are immediately logged out.
42
I ntegrati ng the Accelerator i nto Your Network

The steps involved in integrating the Accelerator in your network depend entirely on the structure of the network and the various technologies and devices already in place on your network. The following section describes the steps needed to get the Accelerator up and running for various network topologies and technologies. Your network may need one or any combination of the following settings. The Accelerator Installation Wizard is designed to get the Accelerator up and running on a standard network, namely: a network that installs the Accelerators in a point-to-point, or point-to-multipoint configuration, with one router and one or more remote sites. After concluding the first stage of using the wizard, as detailed in the Quick Installation Guide, proceed with the configuration by referring to one of the following sections, depending on the network environment: Integrating into Networks that use Dynamic Routing, on page 42 Networks Using External QoS or Monitoring Devices, on page 43 Working in Noisy Link Environments, on page 43 Installing On-LAN at a Data Center, on page 43 Installing in a High Latency Environment, on page 44 Installing in a Web-Intensive Environment, on page 44 Accelerator QoS, on page 202
Integrating into Networks that use Dynamic Routing

Follow these steps to install the Accelerator on a network that already uses dynamic routing. Use the Installation Wizard to set up basic Accelerator properties. Use the following steps for networks that use OSPF dynamic routing. See Setting Dynamic Routing, on page 98.
In te g r at in g t h e A cc el er a to r in t o Yo u r N et w o r k
43
Networks Using External QoS or Monitoring Devices

When QoS is deployed on the network (not via the Accelerator, but by using thirdparty software), setting up the Accelerator is necessary for enabling the QoS device to continue having access to the traffic traversing the Accelerator. See
Working in Noisy Link Environments

If you add the Accelerator to a particularly noisy environment, with a high number of BERs, drops or collisions (for example, satellite links or a connection with radio transmissions), the following configuration modifications may help optimize Accelerator performance. In addition you may want to consider enabling TCP Acceleration if links are high-latency, as described in section Installing in a High Latency Environment, on page 44. See Creating and Editing Links, on page 80 for information on customizing link connections.
Installing On-LAN at a Data Center

Installing an Accelerator On-LAN at the data center requires taking extra measures in order to enable redirecting all relevant traffic to the Accelerator. When working in On-LAN mode, the Accelerator needs to intercept packets from the LAN before they are handled by the router. This is accomplished either via RIP Route Injection, or via the Web Cache Communication Protocol (WCCP). For more information, see Enabling Packet Interception, on page 102. For information on configuring the router to support WCCP mode, see Setting WCCP on the Router, on page 108. If resilience is necessary, and HSRP or VRRP is implemented among the routers at the central site, you can configure the Accelerator to operate within an HSRP or a VRRP group. For more information see Router Redundancy Protocols, on page 315.
44
Installing in a High Latency Environment

TCP, which was designed to ensure reliable IP transmission, does not perform well in high latency and high-packet-loss environments. The TCP limitations are expressed in the long times required for file transfers over the WAN, degraded web performance and unresponsive applications. TCP Acceleration enables optimization and better utilization of WANs that suffer from distance-induced TCP limitations. For more information on TCP Acceleration, see section Studying TCP Acceleration, on page 240,.
Installing in a Web-Intensive Environment

If your network runs many Web-based applications, or a lot of Web browsing takes place between branch offices to the central offices Internet link, DNS Acceleration may decrease some of the network congestion.
Chapter 3: Monitoring the Network

This chapter explains how to use and understand the Accelerators advanced graphic reporting and statistics feature that enables monitoring of Accelerator performance and throughput. For statistical data for the Collective Branch, see Monitoring Collective Branch Statistics, on page 330. This chapter includes the following sections: Introduction to Monitoring, on page 46 Using Link Statistics and Graphs, on page 49 Discovering Traffic, on page 57 Viewing Statistics and Graphs for Specific Applications, on page 62 Viewing Summary Graphs, on page 68 Viewing Ethernet Statistics, on page 69 Configuring NetFlow Support, on page 71
46
C h ap t er 3: Monitoring the Network
Introduction to Monitoring
All statistics generated for these graphic reports are saved in the Accelerator history log, so that if Windows closes or if an Accelerator reboots, you can easily re-access the chart or graph via the Accelerator WebUI. The graphs are automatically updated, according to a set frequency. The Accelerator samples the data behind-the-scenes and stores it in a compact way, which lets you view data up to the minute over a period of up to a year. This sampled data represents the average over the selected period of time. Expand recommends that you open a maximum of five charts per-Accelerator simultaneously. The monitoring feature, available via the Monitor tab, lets you view statistics and graphs for the following: From WAN, To LAN, To WAN, and From LAN traffic, as described in the following figure:
Figure 1: WAN to LAN and LAN to WAN
Note: In a non-link environment, if a local subnet is not defined as LOCAL, the Accelerator QoS and Monitoring features do not function properly. Ensure that all Local subnets are defined as local.
Working with Monitoring

Installing the JAVA Applet, on page 47 Using Verisign Security Certificate, on page 48 Studying The Monitoring Window, on page 48 i
Wo r k in g w i th M on i to r i ng
47
To work with monitoring, you first need to take several steps, defined in the following sections:
Note: The Accelerators graphic reporting feature works with the Java-Applet (JRE 1.4 and up, recommended to use the Java-Applet provided on the Expand Networks<> Extranet). The PC used for viewing the graphs must support Java runtime environments and a Java plug-in must be installed in order to view the Accelerators graphs
Installing the JAVA Applet

To determine whether you need to install the Java plug-in, from the Start button, click Settings > Control Panel > Add or Remove Programs. Search the list for JAVA 2 Runtime Environment. If you do have this software installed and have verified that you are using the correct version, you are ready to begin working with the Accelerators Graph Monitoring feature. If the JAVA plugin is not installed on the PC, follow this procedure to download and install the plugin.
To download and install the Java plugin:

1. Use the Documentation and Software CD and Click on the Java plugin link. The Java Plug-in installation wizard opens. 2. Use the default settings to install the Java-Plug-in. This plug-in lets you view the Accelerators Graphic-Reporting feature by opening a new Internet Explorer window and entering the Accelerators IP address into the Address field.
48
Using Verisign Security Certificate

In order to work with the Monitoring feature, MS Windows requests you to verify that the Accelerator is a trusted site, via a popup window that appears on your screen. To avoid seeing this popup every subsequent time you try to access the Monitoring menu, you should click the Always button the first time it appears.
Studying The Monitoring Window

Option
Direction Link
Description
The Accelerators monitoring feature lets you view statistics for inbound or outbound traffic on the Accelerator. The Accelerators monitoring feature lets you view statistics, for the following: A specific link All of the Accelerators links All compressible links The non-link All virtual links Scroll down in the View Last drop-down menu to select the period for which the graph is displayed. The default period is 30 minutes. You can set the link speed in the fields above the graph to add a line to the displayed graph, enabling you to see the limit of throughput that can actually traverse the link. By default, when Auto is selected in the link speed column, the link speed is set to the bandwidth set for the link selected. When Total is selected in the Link column, the default link speed (when Auto is selected in the Link speed column) is set to either the total bandwidth set for all links or the sum of all WAN bandwidths; total is the lower value of the two. Select the Show checkbox if you want to see the peak lines representing the highest statistics achieved for the reported period. All graphs displayed give an average of the performance for any given interval. Therefore, viewing Peaks is necessary for understanding the Accelerators overall performance. Click the Save button to save the generated graphs as a JPG or a PDF file. You are then directed to browse to a location in which to save the file. The PDF file created displays each graph in the selected Monitoring window and a brief description of each. Click the Export to CSV button to save the generated graphs as a CSV file. You will be directed to browse to a location in which to save the file. The file created generates a table with the following fields: Name, Description, Period, Interval, Sample Time, In, Peak In, Effective In, Effective Peak In, Inbound Acceleration, Inbound Peak Acceleration, Inbound Compression, Inbound Peak Compression, Out, Peak Out, Effective Out, Effective Peak Out, Outbound Acceleration, Outbound Peak Acceleration, Outbound Compression, Outbound Peak Compression For a description of these fields, see section Viewing Statistics for Applications, on page 67.
View Last Link Speed
Peak Data
Save
Export to CSV
Using Link Statistics and Graphs
U sin g L in k Stat i st ics a nd G r ap h s
49
The link statistics and graphs let you monitor the performance of the Accelerator and its links. Alternatively, you can monitor the Accelerator based on the Applications traversing its links. Topics covered include: Viewing Viewing Viewing Viewing Viewing Throughput Statistics per Link, on page 50 Utilization Statistics per Link, on page 50 Acceleration Statistics per Link, on page 51 Compression Statistics per Link, on page 53 Statistics per Link, on page 54
50
Viewing Throughput Statistics per Link

The Throughput Statistics per Link graph lets you monitor how much traffic passed through the Accelerator. This graph lets you compare between accelerated throughput, (what actually goes over your WAN link) and the pre-accelerated throughput, which is the throughput that would have been used without the Accelerators compression mechanisms. The blue area represents the actual bandwidth used with the Accelerator, while the yellow represents the amount of bandwidth that would have been used without the Accelerator. i Note: If the Accelerator is not deployed the available bandwidth is reduced, therefore you should expect to see slower rates used by their servers and hosts.
Figure 2: Link Utilization Statistics
Viewing Utilization Statistics per Link

The Utilization Statistics per Link graph lets you monitor how much of the link is being utilized. The traffic displayed is accelerated traffic, and therefore cannot exceed 100% of the link speed. Selecting the link speed is necessary in order for the Utilization graph to display accurate data.
51
Viewing Acceleration Statistics per Link

The Acceleration Statistics per Link graph lets you view acceleration percentages for inbound and outbound traffic on the Accelerator per interface/link or for the total for the Accelerator.
Understanding Acceleration
The Acceleration percentage describes how effectively the Accelerator is processing and compressing the traffic. This statistic does not take into account traffic that bypasses the acceleration mechanism. Acceleration percentages are calculated as follows:
Figure 3: Acceleration Process
To calculate acceleration:
Refer to the Monitor > Links > Statistics menu for data to be used in the following procedure. 1. Multiply the number of In Packets by 14. 2. 3. 4. 5. This accounts for the Ethernet Layer-2 header. Subtract this number from the number of In Bytes. Divide this number by the sum of the Out Packets multiplied by 14 and subtracted from Out bytes. Subtract 1 from the sum. Multiply the ratio by 100 to arrive at the acceleration percentage.
52
InBytes 14 X InPackets ------------------------ 1 X 100 -----------------------OutBytes 14 X OutPackets

Figure 4: Calculating Acceleration
InBytesIncoming bytes (from LAN) - Do not tunnel bytesRouting bytes- Passthrough bytes InPacketsIncoming packets (from LAN) - Do not tunnel packets Routing packets - Passthrough packets OutBytesOutgoing bytes (to the WAN) - Do not tunnel bytes Routing bytes - Passthrough bytes - System messages bytes OutPacketsOutgoing packets (to the WAN) - Do not tunnel packets - Routing packets - Passthrough packets - System messages packets.
Parameter Item
Do Not Tunnel Routing
Description
Traffic set with the Do Not Tunnel decision, Non-link traffic, Virtual link traffic Traffic between the Accelerator and the local router to retrieve routing information for the local LAN Traffic set with the Do Not Accelerate decision, overload traffic Keepalives and so on.
Passthrough System Messages
53
For example: in a simple scenario in which the packet size is 1000 bytes: If InBytes = 300,000 and OutBytes = 100,000 then: 300000 14 X 300 -------------- 1 X 100 = 208 ------------100000 14 X 300
Figure 5:Calculating Acceleration Example
Viewing Compression Statistics per Link

The Compression Statistics per Link graph displays the amount by which traffic was reduced by the Accelerator. This graph represents in percents, how much less data is passing over the physical link because of acceleration. The Accelerator is capable up to 99.99% reduction.
54
Viewing Statistics per Link

The Accelerators Statistics table displays data presented in the Link graphs in table format per link or for the entire traffic.
To view a statistics table:

1. Click the following menu sequence: Monitor > Links > Statistics. 2. Select a link from the Link drop-down menu, or select Total to view statistics for all of the links. 3. From the drop-down menu, select the statistics to be displayed: All, Throughput, Errors, or Acceleration. For a description of the information that is displayed in the table, see the following table below: All statistic items are displayed according to: DataLists type of statistic gathered. System upData transferred over the link selected that was collected since the Accelerator was powered on. Data is listed in KB, in percentages, or in number of packets. Since ClearData transferred over the link selected that was collected since the Accelerators counters were last cleared. Data is listed in KB, in percentages, or in number of packets. Last 5 SecondsData transferred over the link selected that was collected over the last 5 seconds. Data is listed in Kbps or in percentages.
Parameter Item Bytes Information
In Bytes Out Bytes In IPsec Bytes Out IPsec Bytes Raw In Bytes Raw Out Bytes Dropped Out IPsec Bytes Exceeded License Bytes Number of input bytes Number of outgoing bytes Number of input bytes that are sent over a secure link Number of outgoing bytes that are sent over a secure link Total incoming bytes being accelerated using this link Total outgoing bytes being accelerated using this link Number of outgoing bytes that were dropped on a secure link Number of bytes that are not optimized because the bandwidth limit as set by the AcceleratorOS license is exceeded
Description
Packets
In Packets Out Packets Number of input packets Number of outgoing packets
55
Parameter Item Packets

In IPsec Packets Out IPsec Packets Discarded In Packets Discarded Out Packets Dropped In Packets Dropped Out Packets Dropped Out IPsec Packets Traffic-Gauge Packets
Description
Number of input packets sent over a secure link Number of outgoing packets sent over a secure link Incoming packets that were discarded by a rule with discard policy Outgoing Packets that were discarded by a rule with discard policy Incoming packets that were dropped by QoS enforcements, such as queues and obsolete Outgoing Packets that were dropped by QoS enforcements, such as queues and obsolete Outgoing Packets that were dropped by QoS enforcements, such as queues and obsolete on a secure link. Outgoing Packets that were not optimized due to being sent through the Traffic-Gauge mechanism in order to enhance performance Number of small packets aggregated, or combined, after transmission Number of small packets aggregated, or combined, before transmission Incoming packets that were aggregated as part of the default postacceleration aggregation policy. Outgoing Packets that were aggregated as part of the default postacceleration aggregation policy Incoming Packets that were aggregated as part of the user defined-1 post-acceleration aggregation policy. Outgoing Packets that were aggregated as part of the user defined-1 post-acceleration aggregation policy. Incoming Packets that were aggregated as part of the user defined-2 post-acceleration aggregation policy. Outgoing Packets that were aggregated as part of the user defined-2 post-acceleration aggregation policy Incoming Packets that were aggregated as part of the Thin Client post-acceleration aggregation policy Outgoing Packets that were aggregated as part of the Thin Client post-acceleration aggregation policy Number of packets sent out marked as Do not Accelerate. Number of packets sent out marked not to be routed into the link. Number of packets that are not optimized because the bandwidth limit as set by the AcceleratorOS license is exceeded
Poly In Packets Poly Out Packets Agg Default In Packets Agg Default Out Packets Agg User-Defined 1 In Packets Agg User-Defined 1 Out Packets Agg User-Defined 2 In Packets Agg User-Defined 2 Out Packets Agg Thin Client In Packets Agg Thin Client Out Packets Do Not Acc Packets Do Not Tunnel Packets Exceeded License Packets
Errors
CRC Errors Other Errors Number of CRC-errored packets received Unexpected errors received
56
Parameter Item Errors

IPsec Decrypt Errors IPsec Encrypt Errors IPsec Other In Errors IPsec Other Out Errors IPsec IPS In Auth Errors IPsec IPS In Replay Win Errors
Description
Errors resulting from Decryption Errors resulting from Encryption Number of errored packets received that were not caused by decryption Number of errored packets transmitted that were not caused by encryption Number of Authentication Header failures. This occurs when there is an authentication mismatch Number of Replay Window errors. This is generated when a duplicate packet is received by the replay window
Acceleration
In Acceleration Out Acceleration In Actual Acceleration Out Actual Acceleration In Compression Out Compression Inbound Acceleration percentage Outbound Acceleration percentage Acceleration that considers all incoming throughput Acceleration that considers all outgoing throughput Inbound compression percentage Outbound compression percentage
To clear all of the statistics counters:
Note: This will clear all of the statistics counters, so make sure you want to do this before proceeding. 1. Click the Clear Counters button. 2. Click Yes when prompted.
Discovering Traffic
D isc o ver in g Tra f fi c
57
The Traffic menu lets you view applications running on the network. Traffic is divided into the following categories: Detected traffic (all other applications detected on the network - non-classified traffic that is not part of a predefined or user-configured application type), Monitored traffic (all applications set to enable collect statistics), and Layer-7 discovery (the application properties discovered on the network). This section contains the following topics: Viewing Detected Applications, on page 57 Viewing Detailed Traffic Discovery, on page 57 Creating a New Application from Discovered Traffic, on page 59 Viewing Monitored Applications, on page 60 Discovering Layer-7 Applications, on page 60
Viewing Detected Applications

The Detected Applications menu lets you view all detected applications that traverse the network. You can view the applications coming in both directions (from LAN to WAN and conversely), the throughput before and after the acceleration, and the acceleration rate.
Viewing Detailed Traffic Discovery

If you want to create a new application from the discovered traffic, see Creating a New Application from Discovered Traffic, on page 59.
To view detailed traffic discovery for detected applications:

1. Click on Monitor, followed by the Traffic Discovery tab and then the Detected Applications tab. 2. Click on the Details column and the Detected Applications window appears.
58
Figure 6: Detected Applications
This window contains the following items: The Clear Counters button - lets you clear all counters for the discovered application. This is useful in case you want to start collecting new statistics without restarting the system. The Inbound section - details data regarding the inbound traffic. All data items detailed here can be seen since the system was last started (System up), since the last time the counters were cleared (Since Clear) or in the last five seconds. The Outbound section - details data regarding the outbound traffic. All data items detailed here can be seen since the system was last started (System up), since the last time the counters were cleared (Since Clear) or in the last five seconds. The Inbound section details the following data items: In Bytes - the amount of compressed bytes that entered the link in this specific system. Raw In Bytes - the amount of pre-compressed bytes that entered the link in this specific system. Queued in bytes - the amount of bytes waiting to enter the system. In Packets - the amount of compressed packets that entered the link in this specific system. Dropped In Packets - the amount of packets that were not accelerated. Discarded In Packets - the amount of packets that were discarded before passing through the link. In Acceleration - how effectively the Accelerator is processing and compressing the traffic. In Compression - the amount by which traffic was reduced by the Accelerator. The Outbound section details the same data items, in the outbound direction.
59
Creating a New Application from Discovered Traffic

To create a new application from discovered traffic:
1. Click the Monitor tab, followed by Traffic Discovery, and Detected Applications. 2. In the Detected Applications table, click on the name of the detected application for which you would like to create an application. Follow the directions as in any new application. See Working with Applications, on page 215. Once the Application is created, the application appears in the list of Monitored Applications. To see this list, see Monitoring Applications, on page 65. You can view the newly created monitored application from any of the application graph screens by selecting it from the Applications drop-down box, from within the graph screen. See Viewing Statistics and Graphs for Specific Applications, on page 62. i Note: As soon as even one undefined packet is detected (TCP/UDP), it is displayed as an unrecognized port in the traffic discovery list.
60
Viewing Monitored Applications

The Monitored Applications menu and table lets you view all discovered and defined applications traversing the network. You can view the applications coming in both directions for the last five seconds. The Monitored List is done on a per link basis, or can be done globally to all links. Monitored Applications are added to a monitor list. Applications can be removed or added to this list. See Monitoring Applications, on page 65.
Figure 7:Monitored Applications
To view a monitored application:

1. Click the following menu sequence: Monitor >Traffic Discovery > Monitored Applications. 2. The monitored applications menu opens. 3. To see details about a specific application click the Details link and a table opens showing statistical information on the application. See Viewing Statistics for Applications, on page 67 for an explanation on the fields in the table.
Discovering Layer-7 Applications

The L-7 table lists the application properties discovered on the network. These may be L7-applications that have been defined already or L7-applications that are not defined but have been detected. To configure the QoS parameters of these applications, double-click the applications in the table. To configure the QoS parameters of these applications, double-click the applications in the table.
61
To discover which applications are present on the network:

1. In the Accelerator WebUI, click Monitor, followed by Traffic Discovery and then L7 Discovery. 2. In the Parent L7 Application field, select one of the following: HTTP, Citrix, or RDP. 3. Select the Enable Discovery checkbox. By default this checkbox is disabled. The L7 table lists the application properties discovered on the network. These may be L7-applications that have been defined already or L7-applications that are not defined but have been detected. To define the application, see Creating New Applications, on page 219. 4. To configure the QoS parameters of these applications, double-click the applications in the table. This eases the process of defining QoS for the applications, because the L7 application parameters are detected and filled-in automatically (MIME type, URL, Citrix Application name and client and so on). See Applying QoS, on page 201 for more information.
62
Viewing Statistics and Graphs for Specific Applications

Displaying statistics allows the ability to monitor changes in application behavior. Displaying the statistics as a graph makes the information easy to understand. The application allows you to save all statistical data in external formats such as PDF and Excel. In addition, you can monitor the Accelerators within your system. The following operations can be performed: Viewing Utilization Statistics per Application, on page 63 Viewing Acceleration Statistics per Application, on page 64 Viewing Compression Statistics per Application, on page 64 Viewing Bandwidth Distribution Statistics per Application, on page 65 Monitoring Applications, on page 65 Viewing Statistics for Applications, on page 67 Graphs viewed per application let you view statistic data items, export them into a CSL file, or save them in Acrobat (PDF) format. For each graph, the following options are available, as seen in the screen below:
Parameter
Application
Description
Select an application to view, or select Top 10 or From List. Top 10 displays results for the ten applications that are most prevalent on your network. From List displays the ten applications selected in the Monitored Applications window. The Accelerators monitoring feature lets you view data for From WAN, To LAN, To WAN and From LAN traffic on the Accelerator. The Accelerators monitoring feature lets you view data per link or for the total for all of the Accelerators links. Scroll down in the View-last drop-down menu to select the period for which the graph is displayed. The default period is 30 minutes. You can set the link speed in the fields above the graph to add a line to the displayed graph, which lets you see the limit of throughput that can actually traverse the link. Select the Peak Data checkbox if you want to see the peak lines representing the best statistics achieved for the reported period. Because all graphs displayed give an estimate of the performance for any given interval, viewing the peaks is necessary for getting a full picture of the Accelerators overall performance.
Direction Link View Last Link Speed
Peak Data
Vie w in g Stat i st ics a nd G r ap h s fo r Spe ci fi c A p pl ic at io n s
63
Setting up Graphs
Only applications defined as monitored applications are displayed in the application graphs. The Traffic Discovery menu lets you view all applications traversing the network.
Viewing Utilization Statistics per Application

The Utilization Statistics per Application graph lets you monitor how much in percentage the link is being utilized by a single application. This graph lets you compare between inbound and outbound utilization (what actually goes over your WAN vs. LAN link). The blue area represents your bandwidth gains with the Accelerator, allowing you to see just how much the Accelerator is really adding to the line. You can view the graph per each application, for the top 10 applications or for ten selected applications.
To enable monitoring of a discovered application:

1. Click on Monitor followed by Applications, followed by Utilization. 2. In the Applications table, highlight the applications to be monitored and use the arrow keys to add or remove these applications from the monitored applications table. 3. In the Direction field, select to or from LAN or WAN.
Viewing Throughput Statistics per Application

The Throughput Statistics per Application graph lets you monitor how much traffic per application passed through the Accelerator. This graph lets you compare between accelerated throughput (what actually goes over your WAN link) and the pre-accelerated throughput, which is the throughput that would have been passed without our advanced compression mechanisms. The blue area represents your bandwidth gains with the Accelerator, allowing you to see just how much the Accelerator is really adding to the line. You can view the graph per each application, for the top 10 applications or for ten selected applications.
64
To enable monitoring of a discovered application:

1. Click on Monitor followed by Applications, followed by Monitor Applications. 2. In the Applications table, highlight the applications to be monitored and use the arrow keys to add or remove these applications from the monitored applications table. 3. In the Apply to Link field, scroll down to select the link whose traffic you want to display
Viewing Acceleration Statistics per Application

The Acceleration Statistics per Application graph lets you view acceleration percentages for inbound and outbound applications on the Accelerator per interface/tunnel or for the total for the Accelerator.
Viewing Compression Statistics per Application
Figure 8: Compression Statistics
The Compression Statistics per Application graph display, in percents, the amount by which data traffic over the physical link was reduced, presented in distribution per single applications.
65
Viewing Bandwidth Distribution Statistics per Application

To gain a better picture of what kind of traffic is traveling across your line, the Bandwidth Distribution Graph details the percentage of bandwidth consumed by each selected class. The distribution is for accelerated data, meaning that traffic types that benefit from a high acceleration percentage consume a relatively small percentage of the line, though they constitute a higher percentage of the pre-accelerated data.
Monitoring Applications
This section explains how to use and understand the Accelerators advanced graphic reporting and statistics feature that enables monitoring of accelerated applications. Applications are either predefined or user-defined. By default, 50 of the predefined applications are considered Monitored applications (see Pre-Defined Applications, on page 381), and all user-defined applications are Monitored by default. Monitored applications are applications for which statistics are saved in the Accelerator to be displayed in graphs and charts. You can monitor simultaneously up to 50 applications on each Accelerator, and up to 10 applications on each link. Applications can be can be monitored on a per-link basis or globally on all links.
Figure 9: Monitored Applications window
66
To add an application to the monitored list:

1. Click the following menu sequence: Monitor > Applications > Monitor Applications. 2. Select the link upon which the application is running, from the Apply to Link drop-down menu. Select Total for all links. 3. Select the application direction from the drop-down menu at the top of the Application table. 4. Select the Application within the table and click the >> button to move the application to the Monitored Application list. To remove an application from this list, select the application and click the << button. 5. Click Submit.
67
Viewing Statistics for Applications

This screen allows you to view statistical in formation on a specific defined application over a specific link or a specific defined application over all links. Defined applications are all applications that have been discovered and have had their parameters defined and created as an application. These applications appear in the Applications table (Setup > My Applications). If you want to add an application to the Applications table, see Working with Applications, on page 215.
To view statistics for a specific detected application:

1. Follow the following menu sequence: Monitor> Applications> Statistics. 2. Select the link on which the application is running from the Link drop-down menu. Select the desired Application from the drop-down menu. The statistical information for the application appears in the statistics table.
Parameter Item Inbound
In Bytes Raw In Bytes Queued In Bytes In Packets Dropped In Packets Discarded In Packets In Acceleration In Compression Number of input bytes. Total incoming bytes being accelerated using these links Number of incoming bytes that are in the queue. Number of input packets Incoming packets that were dropped by QoS enforcements, such as queues and obsolete Incoming packets that were discarded by a rule with discard policy (discard all P2P) Inbound Acceleration percentage Inbound compression percentage
Description
Outbound
Out Bytes Raw Out Bytes Queued Out Bytes Out Packets Dropped Out Packets Discarded Out Packets Out Acceleration Out Compression Number of outgoing bytes Total outgoing bytes being accelerated using this link Number of outgoing bytes that are in the queue. Number of outgoing packets Outgoing Packets that were dropped by QoS enforcements (queues, obsolete and so on.) Outgoing Packets that were discarded by a rule with discard policy (discard all P2P). Outbound Acceleration percentage Outbound compression percentage
3. To clear the statistics counters, click the Clear Counters button.
68
Viewing Summary Graphs

The Accelerator lets you view a selection of important performance graphs to provide you with an overview of your network performance. The Summary menu lets you view several graphs via a single screen. The data used in the graphs is based on the total traffic on all Accelerator links.
To view summary graphs:

1. In the Accelerators WebUI, click on the Monitor tab, followed by Summary. 2. Select the link, view last, link speed and peak data options.
Figure 10:Summary Graph
Viewing Ethernet Statistics
View i n g Et he rn et Sta ti st ic s
69
The Accelerator lets you view a statistic detailing of the data displayed on the monitoring graphs. Refer to one of the following sections for details regarding the configuration of Ethernet statistics: Configuring the Ethernet Statistics Display Fields, on page 69, for WebUI configuration. Ethernet Statistics Display Commands, on page 588 for configuration with the CLI.
Configuring the Ethernet Statistics Display Fields

Follow these steps to view, via the WebUI, a statistic detailing of the data displayed on the monitoring graphs: 1. Click on Monitor followed by Interfaces.
Figure 11: Ethernet Statistics window
2. In the Ethernet Statistics screen, select the relevant Ethernet card in the Interface field. The Interface drop-down menu shows all detected Accelerator interfaces. Additional ports are shown only for platforms which support multi-port. If optional panels are used, 4 pairs are shown, otherwise 2 pairs. In other words, the UI shows only the amount of available ports, as indicated in the following figure:.
70
Figure 12: Ethernet Statistics screen
The buttons near the Interface field let you clear either the counters of the currently selected interface or all counters of all interfaces. All statistic items, in both inbound and outbound directions, are displayed according to:
DataLists type of statistic gathered System UpData transferred over the selected link, which was collected since the Accelerator was powered on. Data is listed in KB, in percentages, or in number of packets. Since ClearData transferred over the selected link, which was collected since the Accelerators counters were last cleared. Data is listed in KB, in percentages, or in number of packets. Last 5 SecondsData transferred over the selected link, which was collected over the last 5 seconds. Data is listed in Kbps or in percentages.
Configuring NetFlow Support
Co n f ig u r in g N et Fl o w S u p p or t
71
The Accelerator supports Ciscos NetFlow protocol (version 5), which enables collecting traffic flow statistics on routing devices. NetFlow is based on identifying packet traffic and reporting the traffic statistics to the collector. The traffic reported is traffic before acceleration, which lets you receive data regarding real traffic (not encrypted, tunneled or accelerated). NetFlow does not: Involve setting any connection-setup protocol either between routers or to any other networking device or end station Require any change externally either to the traffic or packets themselves or to any other networking device. NetFlow does provide various statistical data items (WAN-to-LAN or LAN-to-WAN), in addition to the items generated by the Accelerator. NetFlow uses the following SNMP names: eth 1 (for ETH 0/0) eth 2 (for ETH 0/1) By using these names, the Collector receives on-path indication even when on-LAN deployment is used. In the Collector, eth 2 is used as the Out port and eth 1 as the In port in LAN-toWAN deployment, while the opposite happens in WAN-to-LAN deployment (eth 1 is used as the Out port and eth 2 as the In port). When using the CLI to configure NetFlow, you have to indicate which port is used for connecting to the LAN. The following traffic types are not reported: WAN-to-WAN LAN-to-LAN (including bridgeless traffic). i Note: The NetFlow collector listening port is needed for establishing a connection between the Accelerator and the collector. Ensure that this port is not blocked by a firewall installed between the Accelerator and the collector.
72
Identifying the Traffic

NetFlow detects the local subnets source and destination addresses, and determines the traffic direction according to these addresses: the local address are detected as LAN, while the other address are detected as WAN. However, local subnets that were configured in the Accelerator to be excluded (namely: to be connected through a non-link) are detected as WAN. NetFlow is completely transparent to the existing network, including end stations, application software and network devices like LAN switches. In addition, NetFlow is performed independently on each internetworking device, and need not be operational on each router in the network. NetFlow exports data to a remote workstation for collection and further processing. NetFlow does consume CPU resources; therefore, you should be aware of the resources required on your Accelerator before enabling NetFlow. The Accelerator communicates data to Collector as it is set to act as any other probe on the network, forwarding its packet statistics to the NetFlow Collectors, such as Scrutinizer and PRTG, which let you monitor and analyze Accelerator packets. i Note: For your convenience, an evaluation version of the NetFlow collector has been provided for you on the Documentation CD.
Enabling NetFlow
To enable NetFlow:
1. Click on the Setup tab, followed by Advanced, followed by Netflow. 2. Use the relevant fields to enter the Collector IP address, port number and interface. Alternatively, click the Set Default Values button to reset the Netflow configuration values to factory values. 3. Use the Interface drop-down menu to select one of the detected Accelerator interfaces. Additional ports are shown only for platforms which support multi-port. If optional panels are used, 4 pairs are shown, otherwise 2 pairs. In other words, the UI shows only the amount of available ports, as indicated in the following figure:
Co n f ig u r in g N et Fl o w S u p p or t
73
Figure 13: Netflow Statistics Interface Parameters window
4. Click the Submit button.
74
Chapter 4: Configuring Networking

This chapter describes how to perform networking configuration on the Accelerator, including: Optimizing the Network Topology, on page 76 Defining WAN Setup, on page 78 Configuring Secondary IP Addresses, on page 79 Creating and Editing Links, on page 80 Setting Subnet Routing, on page 94 Adding Static Routes, on page 97 Setting Dynamic Routing, on page 98 Enabling Packet Interception, on page 102 Setting the Date and Time on the Accelerator, on page 109 Configuring DHCP Servers, on page 110 Setting ExpandView Connectivity Parameters, on page 111
76
C h ap t er 4: Configuring Networking
Optimizing the Network Topology

The Accelerator enables support of many complex network topologies. Some of these environments have special considerations when setting up the Accelerator.
Point-to-Point The Accelerators default settings are designed with a basic point-topoint network in mind. For point-to-point networks as well as for branch offices connected to headquarters, the basic Wizard configuration should suffice. This is the default setting. In a mesh or hub-and-spoke topology it is recommended for the Accelerator to have a correct estimate of the size of the network and the number of Accelerators connected. To adjust the size of the deployment, see Defining Advanced Settings, on page 31.
Mesh and Hub
If the Topology-Size is set to a number that is too large, the Accelerator will not use all its resources, resulting in lower acceleration percentages than would be possible if the Topology-Size were set accurately. If the Topology-Size is set to a number that is too small, too many negotiation messages will be sent between the Accelerator and the network. In addition, the amount of time it takes for the Accelerator to reboot and to recover from a disconnected link will be longer than necessary.
O pt i mi z in g t he N et w o r k Top o lo g y
77
Taking into Account Network-Specific Considerations

The Accelerators advanced algorithms support multiple complex networks with no added or special configuration. The algorithms automatically optimize Accelerator benefits per network setup. The following are special configuration recommendations for particular networks:
Environment Type
Noisy environments
Customized Configuration
Noisy environments are handled automatically via the Accelerator. The Accelerators basic configuration settings can automatically optimize problematic networks of this type. Out-of-order environments are handled automatically via the Accelerator. The Accelerators basic configuration settings can automatically optimize problematic networks of this type. In load-balanced environments, you should set the Accelerator to Source IP preservation (CLI configuration only) to maintain the semblance of a session, or RTM encapsulation if necessary. You can perform load balancing per packet or per session. In a loadbalanced environment you should either enable IPcomp via the CLI, (see (link) encapsulation, on page 474) or use transparent mode to preserve session information. In MPLS networks, enable ToS bit preservation and source IP preservation. Often it is important to enable router transparency instead, to work with the networks QoS deployment (see section (link) encapsulation, on page 474). Enable router transparency, or ToS bit preservation &/or Source IP Preservation (see section (link) encapsulation, on page 474). Depending on the fields in use, enabling one or more of the IPComp preservation modes may be necessary in order to use RTM. Enable router transparency, or ToS bit preservation &/or Source IP Preservation (see section (link) encapsulation, on page 474). Depending on the fields in use, enabling one or more of the IPComp preservation modes may be necessary in order to use RTM.
Out-of-order
Load balancing
MPLS
QoS cloud or working in conjunction with a QoS device
Monitoring device in a cloud
78
Defining WAN Setup

Each Accelerator has a default WAN. The settings on this WAN define the physical connection of the Accelerator to the WAN. The WAN bandwidth setting is the total physical bandwidth of the link between the Accelerator and the network. The default WAN is automatically generated and will suffice for most networks. For details regarding the configuration of complex networks, on which more than one WAN is necessary, see Adding WANs, on page 292.
Setting the Bandwidth

Correct functioning of the Accelerators bandwidth management and flow control mechanisms requires you to configure an accurate bandwidth for the WAN. The Bandwidth setting is enforced once it is set. Ensure that you set the Outbound Bandwidth for the local Accelerator. The Accelerator applies no policy for Inbound Bandwidth unless otherwise specified. See Adding WANs, on page 292. Setting inbound QoS on a link requires setting the Bandwidth of the inbound link. For more information see Setting Inbound QoS, on page 229.
Configuring the WAN

In addition to Bandwidth, you can assign Links per WAN, and configure QoS settings to be applied on the WAN level. For more information about QoS, see Applying QoS, on page 201. To carry out basic WAN configuration, use either the Setup - Basic menu in the WebUI, or the Setup Wizard. For more information on WAN Bandwidth and Links, see Setting Advanced Parameters, on page 291.
Configuring Secondary IP Addresses
Co n f ig u r in g S e co n da r y IP Ad d r es se s
79
You can set on the Accelerator up to 20 Secondary IPs, for connection to multiple subnets on the same network. Out-of-band management is set here. If Out-of-band management is used, it is counted as one of the twenty Secondary IP addresses available. Starting from Version 6.1.2, you can set several IPs on the same subnet, whereas prior to this version, a secondary IP address belonged to a different subnet.
Figure 1:My Secondary IPs Window
To set the number of Accelerators in the network:

1. In the Accelerators WebUI, click on Setup > My Accelerator, followed by Secondary IP. 2. Enter the IP address and Subnet Mask to be used, select whether to advertise the IP address and click the Add button. 3. The IP address appears in the Secondary IP List table. 4. To edit or delete an address that is in the table, highlight the row in the Secondary IP List table, select the address, and click Edit to edit, or Delete to delete.
80
Creating and Editing Links

A Link is a logical connection between the Accelerator and a connected remote site and its subnets. The Accelerator optimizes network performance to remote sites with Accelerators deployed via Accelerated Links, and to remote sites without Accelerators deployed via Virtual Links. The Accelerators benefits are greatest when working with another Accelerator on the other side. The Accelerator can provide QoS services to Virtual Links, when no other Accelerators are present on the remote sites. In addition, the Accelerator enables configuration of a single Non-link. The Nonlink is the default link for all traffic not assigned to any known subnet or remote Accelerator. Internet traffic is one example of traffic assigned to the Non-link. You can manage this Non-link like any other link, and that lets you determine traffic QoS and bandwidth restrictions for all traffic not destined for your remote networks and Accelerators.
When a link is first created or re-established, auto-negotiation occurs between the local and remote ends of the link and uses the inbound and outbound bandwidth settings to determine the resources to be allocated for each link. This section contains the following topics: Studying the Links Screen, on page 81 Adding Links, on page 82 Advanced Link Configurations, on page 84 Editing Links, on page 89 Using Dynamic Bandwidth, on page 89 Configuring Link Subnets, on page 90 Creating Link Templates, on page 92
C r ea ti n g an d E d it in g L i nk s
81
Studying the Links Screen

The Links screen lets you add, edit, and manage the Accelerators links. Each link that has been created is added to the Links table. The table gives link by link information about: The type of link The links name The IP address of the remote side of the link Bandwidth allocated to the link The links acceleration and compression status (see below) The type of Encapsulation that has been applied to the link (IPcomp, Router Transparency, UDP) If TCP Acceleration has been applied to the link (Advanced option) Note: The link type can either be Accelerator (either MACC to ACC or ACC to ACC) or Virtual. Both link types are depicted by different icons. The acceleration and compression status states are explained in the tables that follow.
Compression Status States

Status Trying to Connect Negotiating Accelerating Active Dropped Load Error Not Managed Inactive Description Link id establishing a connection Link parameters (cache size, and so on) are being negotiated Link is active and acceleration is on Link is active and the link is tunnelling but not accelerating traffic, or one of the nodes is missing a license (will indicate as such). A connection could not be established or communication has been lost Internal error occurred during definition of the link in the system A Virtual link (no far-end Accelerator) Remote Accelerator is not available
Acceleration Status States

Status Blue Check mark Partial Check mark Description Full Acceleration Partial Acceleration (Your license may be exceeded. See About the AcceleratorOS License, on page 32.)
82
Acceleration Status States

The Link is not accelerating data. This may mean you have exceeded the bandwidth limit dictated by the licensing agreement for the software. To check your License status see About the AcceleratorOS License, on page 32. If this is not the case, it may indicate a hardware problem and you should contact the customer service desk. See Contacting TAC, on page 423 for information on contacting the customer service department.
Figure 2: Links screen
Note: Packet Fragmentation does not work in RTM mode. The following sections detail the additional operations you can carry out via the Links screen: Adding Links, on page 82 Advanced Link Configurations, on page 84 Editing Links, on page 89 Creating Link Templates, on page 92 The CLI procedure for adding and editing links is the same as for creating the first link. For more information, see Link Commands, on page 458.
Adding Links
Add links to the Accelerator via the Setup - My Links menu. Note that TCP port 1928 is needed for establishing a connection between Accelerators. Ensure that this port is not blocked by a firewall that is installed between the Accelerators.
83
Note: When configuring a link, it is advised to set a link metric (in the Advanced menu) for it, which is the actual metric for all the links subnets, with the exception of excluded Subnets. If you do not set a link metric for the link, the system automatically sets a default for the link, which is the current maximum metric +10, starting from 11. Also note that changing the local link metrics or the metrics for redistributed routes on the router, may cause clear traffic to exit the Accelerator even if you are using IPSec enabled links with a Crypto mode configured as Strict.
To add a link:
1. In the Accelerator WebUI, click on the Setup tab, and then the My Links menu. The Links screen opens by default. See Figure 3.
2. Set the basic link properties, as follows:

Property
Source IP
Figure 3:Links Screen
Description
IP address of the sending device. By default, the Accelerators primary IP is displayed. You can either leave this choice or select another source IP address. The Source IP field, lets you define a source IP for each new link you create, and also changes the source link while the link is active. In addition, you may use a virtual IP address for redundancy purposes. In this case the virtual IP will be a link which, in the case of machine failure, will be redirected to another machine, unlike a link whose source is a primary IP address. The valid link source IPs are as follows: Primary IP Secondary IP VLAN IP HSRP IP VRRP IP For more details see Using a Virtual IP Address, on page 93. Set a name for the link to let you identify the link in the future. Up to 32 characters, no spaces. IP address of the remote device.
Name Destination IP
84
Property
Bandwidth IPComp
Description
Set the links bandwidth, namely: the maximum throughput allowed to traverse the link. IPComp encapsulation enables the best compression rate. IPComp encapsulation (tunnelled encapsulation) defines complete compression of the packets intercepted by the Accelerator. This means that the IP header, the TCP/UDP header and the payload are compressed and the packet traversing the network will have an Accelerator-proprietary IPComp header. In Router Transparency encapsulation, only the packets payload is compressed, leaving the original IP header and the original TCP/UDP header in their original forms so that their information is available across the network. Router Transparency encapsulation is appropriate in an environment where header preservation is necessary, including QoS deployments, monitoring (NetFlow), load balancing, billing, encryption, MPLS networks and certain firewall environments. RTM support for On-LAN deployments is available in AcceleratorOS 5.0(6) and higher. UDP encapsulation allows for more compatibility with firewalls that use encapsulated packets.
Router Transparency (RTM)
UDP
Note: If you leave the Source IP field empty, the default value is the machines primary IP address. 3. If you are finished, click the Add button. For particularly complex networks, the Accelerator enables advanced link configuration, as shown Advanced Link Configurations, on page 84.
Advanced Link Configurations

To set additional advanced configuration settings:
1. Click the following menu sequence Setup > My Links > Links. 2. Click the Advanced button.
85
3. Open the different sections by clicking on the + sign next to the section title. After you have made changes, save the settings by clicking Submit and then click Back to Links to return to the My Link screen. For Advanced Configuration options using the CLI, see Additional Commands, on page 640. See the following table for specific parameter information:
Section/Parameter Title Parameters
Link Name Source IP Destination IP Bandwidth Out Bandwidth In MSS
Description
Use the Parameters section to edit parameters such as Link Name, Destination IP, Source IP, Link Metric, Bandwidth Out and MTU (Maximum Transmission Unit). Supply a logical name for the link. This name is used in the Links Table. Enter the IP address of the Accelerator that you are configuring or another source. Enter the IP address of the destination Accelerator. This is the Accelerator the source will establish a connection with. Select an Outbound Bandwidth. Choose one from the scroll down menu, or select Other and supply your own. Select an Inbound Bandwidth. Choose one from the scroll down menu, or select Other and supply your own. This sets the Maximum Segment Size in bytes of a TCP packet that the Accelerator will accept in a single, unfragmented piece, excluding the TCP and IP headers. For maximum efficiency, the MTU should never be more than the MSS + the headers. MSS can be configured on a per-link basis or globally on all links. You can either choose Auto (Link Specific) which lets the Accelerator decide, or choose Other and enter your own value. By default the setting is None. Maximum Transmission Unit. This is the largest packet size (in bytes) that will be transmitted. Accepted values are 68-6000 bytes. The actual metric for all the links subnets, with the exception of excluded Subnets. If you do not set a link metric for the link, the system automatically sets a default for the link, which is the current maximum metric +10, starting from 11. Also note that changing the local link metrics or the metrics for redistributed routes on the router, may cause clear traffic to exit the Accelerator even if you are using IPSec enabled links with a Crypto mode configured as Strict. Assigns the link to work on a specific pre-defined WAN. To choose the WAN, use the scroll down menu. To create a WAN, see Adding WANs, on page 292. Select this check box to use fragmentation on packets larger than the amount of bytes that you enter into the field. Check the box and then put the byte amount in the field, as long as it is within the accepted range (68-6000). Select this box to aggregate packets smaller than the amount of bytes you enter in the field. Check the box then put celibate amount in the field, as long as it is within the accepted range (68-2500).
MTU Metric
WAN
Fragmentation
Aggregation
86
Section/Parameter Title Acceleration

Accelerate Header Compression
Description
Use the Acceleration section to define whether to accelerate the link and to use header compression Select the check box to accelerate the link, clear the check box to not accelerate the link. Check the Header Compression checkbox to compress the header, clear the checkbox to not compress it. Use the Tunneling section to define parameters such as the encapsulation type, preservation and checksum Choose the encapsulation type - IPComp, UDP, or Transparent. If choosing UDP, enter the destination and source port IP addresses in the relevant fields. Choose Auto, IPComp, or UDP. If choosing UDP, enter the destination and source port IP addresses in the relevant field. Type of Service - select either Preserve to preserve the ToS value, or Set to pick your own and put this value in the field. Preserves the TTL information as used in the original packet header before it was compressed. Check to enable, clear to disable. Preserves the port numbers used in the packet header. Note that if you selected UDP encapsulation the port information you entered (above) for UDP will not be used. Preserves the source information. Note that if you selected UDP encapsulation, the source information you entered for UDP (above) will not be used. When selected, includes checksum information within the compressed packet header. Check to enable, clear to disable. In the TCP Acceleration settings section, select whether to use the Global TCP acceleration settings or Link Specific. In addition, you need to input the Typical Acceleration Rate, as well as choosing the type of Congestion Control you want to use. To have TCP Acceleration on a specific link, choose Link Specific, otherwise choose Global. The round trip time is the amount of time for one packet to travel from an Accelerator to a destination and back. Choose Auto to allow the Accelerator to automatically adjust, or choose Other and input a time amount in milliseconds in the field. The rate is the rate at which the TCP sender injects packets into the network.
Tunneling
Encapsulation
System Encapsulation ToS TTL Preservation Ports Preservation
SRC Preservation
Include checksum
TCP Acceleration
TCP Acceleration Typical Round Trip
Typical Acceleration Rate
87
Section/Parameter Title
Congestion Control
Description
Choose from one of the following: Noneno congestion avoidance is used Standardthe congestion avoidance conforms to the standard TCP/ IP protocol (Reno) VegasTCP Vegas reduces latency and increases overall throughout, by carefully matching the sending rate to the rate at which packets are successfully being transmitted by the network. The Vegas algorithm maintains shorter queues, and is therefore suitable either for low-bandwidth-delay paths, such as DSL, where the sender is constantly over-running buffers, or for high-bandwidth-delay WAN paths, where recovering from losses is an extremely time-consuming process for the sender. The shorter queues should also enhance the performance of other flows that traverse the same bottlenecks. Hyblareduces penalization of TCP connections that incorporate a high-latency terrestrial or satellite radio link, due to their longer round trip times. It consists of a set of procedures which includes, among others: - An enhancement of the standard congestion control algorithm - The mandatory adoption of the SACK policy - The use of timestamps In the TCP Acceleration Advanced section, select the type of acceleration you want to implement (Global, link specific, or none). If you choose link specific, you will need to fill in additional fields. Restricts the size of packets sent to X amount (if entered) before sending an ACK request. You can either select Other and enter your own amount, or select Auto and the value will dynamically change depending on network and bandwidth conditions. Restricts the size of packets received to X amount (if entered) before sending an ACK request. You can either select Other and enter your own amount, or select Auto and the value will dynamically change depending on network and bandwidth conditions. Enter the number of packets that will be sent before an ACK request is sent to the destination. Choose a value between 2-8 packets. Check this checkbox to enable Keep Alive, which ensures that the connection will not close until the time out interval has passed. This value determines how long to wait before sending out the first message. Choose a value between 1-10000 seconds LAN, WAN or both This value determines how many times a keep alive message will be sent. Choose a value between 1-10000 probes. This value determines the waiting time between messages. Choose a value between 1-500000 seconds. In the Post Acceleration Aggregation section, select whether to enable the Default class, a User Defined class, or the Thin client class, which can be set on a per link basis. Each link can have aggregation acceleration enabled or disabled independently of other links. The values you set here Shows the PoA status. Select Enable to enable, Disable to disable.
TCP Acceleration Advanced

Send Window Size
Receive Window Size
Acknowledge Packet Rate Keep Alive Keep Alive Time Keep Alive Direction Keep Alive Probes Keep Alive Interval
Post Acceleration Aggregation

Status
88
Threshold
Description
Sets the targeted size of the aggregated packet. PoA will not output packets that are not at least the threshold byte size. It will queue the packets until the threshold is reached or the window size has been reached. Select Auto to have the Accelerator automatically select the threshold or select Other to input your own value in the field as long as it is within the acceptable range 40-3000 bytes. Defines the maximal size a packet can be (in bytes) and still be eligible for PoA. Any packet greater than this amount is not aggregated. Select Auto to have the Accelerator automatically select the limit or select Other to input your own value in the field as long as it is within the acceptable range 40-3000 bytes This dictates how long the PoA will hold the packets in the queue (in 10 millisec units). Small packets enter PoA queues and wait there until either the aggregate packet becomes large enough (i.e. reaches the threshold size), or too much time elapses (window size * 10 ms). When either of these limits is reached, the packet is released. Select Auto to have the Accelerator automatically select the size or select Other to input your own value in the field as long as it is within the acceptable range (between 10 and 1500 msecs). In the Bandwidth Adjustment section, select the Enable Bandwidth Adjustment check box and fill in the percentage and interval rates. For details see Using Dynamic Bandwidth, on page 89 Select the checkbox to enable, clear to disable. Defines the minimum value to which the bandwidth will be reduced as a result of congestion. This value is calculated as percentage of the userdefined outgoing bandwidth size. Default: 50%. Choose from the drop-down box Other to enter a percentage of reduction, or select None. Defines the rate by which the links bandwidth will be gradually restored to its former size. Increasing the bandwidth is much less critical than decreasing it in case of congestion, and therefore the default set of the increase is 2%. Type a time interval (1-20 seconds) which will be used to base the increase rate. (i.e. X% every Y seconds). To detect a congestion state more accurately, set longer decrease and increase intervals. Type a time interval (1-20 seconds) which will be used to base the decrease rate. (i.e. X% every Y seconds). In the IPsec section, select the Enable IP Sec checkbox and select a policy name and enter a local and remote IP address. Note that IPsec cannot be set if you do not enable IPsec and make sure that IPsec is also enabled on the other end of the link. In addition you can also select which IPsec policy to apply, out of the policies you configured earlier. You will also have to include a Public IP address for the local and remote machines. For additional details, see Configuring IPsec Policies, on page 275. To enable IPSec, select the checkbox. To disable, clear the checkbox. Select the IPSec policy you want to assign to this link.
Limit
Window Size
Bandwidth Adjustment
Enable Bandwidth Adjustment Minimal Bandwidth
First Decrease Rate Increase Rate
Increase Interval Decrease Rate Decrease Interval
IPsec Encryption
Enable IPsec Policy Name
89
Local NAT IP Address
Description
Enter the local NAT IP address. This IP address is local to the network, and is usually used as an internal IP address or an intranet address. When packets are sent out of the network to the WAN, the Remote IP address (see below) is used. Enter the Remote NAT IP address. This IP address is the published, known IP address. When packets are sent out of the network to the WAN the local IP address (see above) is replaced with the Remote NAT IP address.
Remote NAT IP Address
Editing Links
You can use the Edit Links screen to fine-tune and modify existing links. This screen lets you set basic link parameters, acceleration, tunneling and TCP Acceleration parameters for the link.
To edit an existing link:

1. In the Links table, either click the name of the link to be edited, or click the row of the link to be edited, and click the Edit button. 2. A menu identical to the Advanced Links menu opens. For assistance on Parameter information, see Advanced Link Configurations, on page 84. Use the Link Subnets screen to set the links subnets. For configuration details, see Configuring Link Subnets, on page 90. 3. If the connection to this link was lost because the license on the remote Accelerator expired, you can refresh the link once the license on the remote Accelerator has been re-established by clicking the Refresh Acceleration License button. 4. Click Submit.
Using Dynamic Bandwidth

The Bandwidth Adjustment section lets you define settings to detect traffic congestion on a link, and adjust the outgoing bandwidth accordingly. This feature is disabled by default and should be used judiciously. The feature should be used on low to medium bandwidth links, which can suffer from changing outgoing bandwidth.
90
Note: Bandwidth adjustment is possible only on an accelerating link The bandwidth adjustment mechanism samples internal messages (of the links internal protocol). Based on these messages, the bandwidth adjustment algorithm detects a state of congestion and decreases the user-defined outgoing bandwidth. Once the mechanism detects that the state of congestion no longer exists, the bandwidth is gradually restored to its user-defined size. The bandwidth adjustment parameters are as follows: Minimal BandwidthDefines the minimum value to which the bandwidth will be reduced as a result of congestion. This value is calculated as percentage of the user-defined outgoing bandwidth size. Default: 50% Increase RateDefines the rate by which the links bandwidth will be gradually restored to its former size. Increasing the bandwidth is much less critical than decreasing it in case of congestion, and therefore the default set of the increase is 2% Decrease RateTo detect a congestion state more accurately, set longer decrease and increase intervals After setting all required parameters, click Submit.
Configuring Link Subnets

If the Accelerator network does not work with dynamic routing, or if a remote subnet was not detected via OSPF or RIP, you have to manually add, edit and delete remote subnets to be advertised by the Accelerator. When adding a subnet, you have to apply it to a specific link of your choice. The Link Subnets screen lets you display all subnets applied to a specific link. You can also use this screen to add, edit and delete subnets to be excluded from the link.
To add a remote subnet to the Accelerator:

1. Click on the following menu sequence: Setup > My Links > Link Subnets.
91
Figure 4: Link Subnets screen
2. Set the parameters as follows, and click Add to set the parameters:
Parameter Item
IP Address Subnet Mask Exclude
Description
Set the IP address of the Subnet you want to connect to the Accelerator. Set the Subnet Mask of the subnet. If a subnet has already been added, and specific IP address(es) are to be excluded, enter the IP address and mask and select the Exclude checkbox.
CAUTION! The Accelerators remote subnet is automatically detected and added. ! If more than one remote subnet exists, you have to add all additional remote subnets. Ensure that the local subnets appear in the Remote Subnets Table. Otherwise, in a non-link environment, the Accelerator QoS and Monitoring features will not function properly.
To delete a remote subnet:

Select a remote subnet from the table and click Delete.
To edit a remote subnet:

Select a remote subnet from the table and click Edit. The parameters you can edit are the same described in the table above.
92
Creating Link Templates

There are three templates that you can create: ACC (Accelerator)sets the link parameter settings between a local and remote Accelerator. MACC (Mobile Accelerator Client)sets the link parameter settings between an Associated Set and the Mobile Accelerator Client. Collective Branchsets the link parameter settings between an Associated set and a Collective Branch.
To create an Accelerator link template:

1. Click the following menu sequence: Setup > My Links > Link Templates. 2. In the Template Type drop-down menu select ACC. 3. Fill in the parameters in the fields, clicking the + to open the additional parameter sections. For help, see Advanced Link Configurations, on page 84.
To create a Mobile Accelerator link template:

1. Click the following menu sequence: Setup > My Links > Link Templates. 2. In the Template Type drop-down menu select MACC. 3. Fill in the parameters in the fields, clicking the + to open the additional parameter sections. For help, see Creating Mobile Accelerator Link Templates, on page 329.
To create a Collective Branch Template:

1. Click the following menu sequence: Setup > My Links > Link Templates. 2. In the Template Type drop-down menu select Collective Branch. 3. Fill in the parameters in the fields, clicking the + to open the additional parameter sections. For help, see Creating a Collective Branch Template, on page 328.
Using a Virtual IP Address
Us in g a Vi rtua l IP Ad d res s
93
As mentioned earlier (see On-LAN, on page 9), in the case of machine failure, a link that uses a Virtual IP can be redirected to another machine. An example of such a case is provided in the figure below.
Figure 5: On-LAN Deployment
The source IP (virtual IP) in the sending machine is the destination IP in the receiving machine. If an AcceleratorOS link is established, and the Source IP of this link is defined to be the HSRP Groups Virtual IP, the link switches to the next Accelerator in the rare case of primary Accelerator failure, and all of this links services are kept. When the primary Accelerator is available again, the link switches back to it.
94
Setting Subnet Routing

To function properly, the Accelerator must correctly detect the layout of the network to which it is connected. In other words, it must understand where the Accelerator resides as well as all other subnets on both sides of the link that the Accelerator should serve. In this way, the Accelerator will be able to forward the packets it receives to the correct destination, as seen in the figure below.
Figure 6: Subnet Routing
In Figure 6 above, S1 is Accelerator 2s direct subnet, while S2 and S3 are also subnets of Accelerator 2. Accelerator 1 must forward traffic destined for devices that are part of S2 and S3 to Accelerator 2 via Link1. In order for Accelerator 1 to do this, it must detect S1, S2 and S3 as subnets of Accelerator 2. Accelerator 2 automatically detects S1 and adds it as its local subnet. You can manually add S2 and S3 to Accelerator 2s Subnets list, or use routing protocols to add them dynamically. If the network supports OSPF or RIP the Accelerator can function as an OSPF or RIP device to receive routing information. If other dynamic protocols are in use, the Accelerator can poll routers to learn their routing tables. Then, Accelerator 2 must advertise its subnet list to Accelerator 1, enabling Accelerator 1 to properly route packets destined to S1, S2 and S3 to Accelerator 2 via Link 1. i Note: The Accelerator supports up to 2500 local subnets and up to 2500 remote subnets per link.
S e tt i ng S ub n et R o u ti ng
95
Configuring Subnets Manually

If the network in which Accelerator resides does not work with dynamic routing or if a subnet was not detected via OSPF or RIP, you will have to add and edit subnets manually.
To add a subnet to the Accelerator:

1. Click on the following menu sequence: Setup > My Accelerator > My Subnets.
Figure 7: My Subnets screen
2. Set the parameters as follows:

Parameter Item
IP Address Subnet Mask Metric
Description
Set the IP address of the Subnet that is connected to the Accelerator. Set the Subnet Mask of the subnet. The metric setting defines the priority of the route or the subnet. Set a lower number for more desirable routes. For example, on a T3 link with 1 hop, set a low metric value, whereas on a long-haul 128 Kbps link with 8 hops you should set a high number. Advertised subnets are the Accelerators subnets that the Accelerator broadcasts to other Accelerators when link negotiations occur. Select whether to advertise this subnet. By default, subnets that are manually added are advertised. When adding a subnet, the Add route rule checkbox lets you create a static route rule to define how to reach the subnet. This will add an entry in the My Routes table, which displays access to the subnet via the next hop. Note: Once the static route is created, no connection exists between the routerule added and the subnet. Any change made in the one will not affect the other. Add a next hop via which the subnet will be accessed. The Edit button lets you modify already added subnets by selecting them in the table and clicking this button. This may be done for manually added subnets as well as dynamically learned subnets. To delete subnets, select them in the table and click this button. When subnets that are set to be advertised are deleted, they are removed from all connected Accelerators.
Advertise
Add route rule
Next hop Edit
Delete
96
CAUTION! The Accelerators local subnet is automatically detected and added. If more than one local subnet exists, you have to add all additional local subnets. Ensure that the local subnets appear in the Local Subnets Table. Otherwise, in a non-link environment, the Accelerator QoS and Monitoring features will not function properly.
Editing a Subnet
Once a subnet has been added to the Accelerator, you can use the following steps to edit it.
To edit a subnet:
1. In the My Subnets screen, highlight one subnet in the Local Subnet table, and click the Edit button. 2. Edit the IP address, Subnet mask, Metric and Advertise status as necessary and click the Submit button. When subnets that are set to be advertised are edited, the change is broadcasted to all connected Accelerators:
Figure 8: Edit Subnet Details
Adding Static Routes
Ad d in g Sta ti c Ro u te s
97
Use the following procedure to add static routes to the Accelerator. You can add multiple static routes. The maximum is 1500. To add a dynamic route, see Setting Dynamic Routing, on page 98. To add a static route: 1. Click on the following menu sequence: Setup > My Accelerator > My Routes. 2. In the Dynamic Routing section, enter the subnet IP and Mask, and the next hop to be used for accessing the subnet. 3. Click the Add Routes button. The static route now appears in the Route Rules table. To add another route, repeat from step 2. 4. To add additional Next hops, enter the IP address in the Next Hop table and click Add. You can add up to 5 Next hops entries. To delete a hop, select the hop in the table and click Remove. 5. To remove a route from the table, select the route in the table and click Delete.
98
Setting Dynamic Routing

i Note: Static routes created via the My Subnets menu also appears in the Route Rules table. For more information, see Configuring Subnets Manually, on page 95. Once the static route is created, no connection exists between the route-rule added and the subnet. Any change made in one of them will not affect the other. Due to the continuous changes in routing and the vast complexity of collecting necessary routing parameters, many advanced networks use dynamic routing protocols to enable routers to exchange routing data automatically. In addition to allowing manual routing configuration, the Accelerator supports dynamic routing protocols, including OSPF and RIP v1 and v2 and Router Polling. Supporting dynamic routing protocols enables the Accelerator to use alternate routes in the event of router failure. In addition, the Accelerator learns the cost and length of each route (per bandwidth in the case of OSPF and per hop in the case of RIP), and can forward accelerated packets to the best router. The Accelerator can also load-balance best routes. A subnet whose Advertised status is manually manipulated continues to function dynamically within the routing protocol, but maintains the manually altered Advertising status. The following topics are discussed in this section: Working with OSPF, on page 98 Working with Router Polling, on page 101 Working with RIP, on page 102 i Note: Once Subnets are located by using OSPF or RIP, you can perform manual modifications. For example, subnets located via RIP are set by default as Not Advertised; however, you can modify them to be Advertised subnets. For Manual Subnet configuration information, see Configuring Subnets Manually, on page 95.
Working with OSPF

Once the Accelerator is set to work with OSPF, it updates its routing and subnets tables according to dynamic information coming from OSPF updates. All local subnets detected via OSPF are automatically set to be advertised by default if their metric value is between the high and the low values. Advertised subnets are the Accelerators subnets, which are broadcasted to other Accelerators when link negotiations occur.
S e tt in g D yn am i c R o u ti ng
99
Figure 9: My OSPF screen
Configuring OSPF
Configuring OSPF is accomplished via the Setup - My Accelerator - My Routes Menu.
To configure OSPF:
1. Click on the OSPF button. 2. Set the parameters as follows:
Parameter Item
OSPF Model
Description
Enable or Disabled OSPF Mode. Enabling OSPF Mode lets you configure OSPF parameters. Disabling OSPF Mode saves any previously configured OSPF settings, but disables OSPF capabilities. OSPF divides its networks into areas. Therefore, you must set the Accelerator with its OSPF area identification number, which lets the Accelerator identify itself to local routers. To set the Area of the Accelerator within the OSPF group, use its number or its IP Address format number. The default is 0.0.0.0. Determines a range of subnets to be advertised. If a subnet is between the high value and the low value, it should be advertised.
Area ID
Low/High Locality Metric
100
Parameter Item
Authentication
Description
Authentication on the Accelerator must match the OSPF authentication set across the network. Set the Authentication to None, Key, or MD5: None: When no authentication is necessary to communicate with other OSPF devices. Key: When a non-encrypted authentication password is needed to communicate with other devices in the OSPF network, insert the key used. This key is a common string (non-encrypted) that must be set according to what is set across all devices on the network using OSPF. MD5: When an MD5 authentication password is needed to communicate with other OSPF devices, insert the encrypted key used. This must be the password that is set across all devices on the network using OSPF. Set the ID number according to this authentication passwords ID number across the OSPF network. The Accelerator automatically detects neighboring OSPF routers. If a router was not auto-detected, you can manually add up to 20 routers to the Neighbors Table. This is particularly important when connecting to nonbroadcast networks, such as an Accelerator on a subnet that does not use OSPF. This enables the Accelerator to receive OSPF routing information from a neighboring router on a subnet that uses OSPF
Neighbor IP
S e tt in g D yn am i c R o u ti ng
101
Working with Router Polling

The Accelerators Router Polling feature enables the Accelerator to retrieve route rules from the routers routing table. The Accelerator uses SNMP to collect the routers routing table and add it to the Accelerators list of routes. You can filter the list by collecting only routes learned by specific protocols.
To configure router polling:

1. Click the following menu sequence: Setup > Networking > Router Polling. 2. Set the parameters as follows:
Parameter Item
Router Polling
Description
Enable or Disable Router Polling. Enables the Accelerator to retrieve route rules from the routers routing table. Sets the frequency with which the router is polled (in seconds). Default is 180 seconds. Selects whether to use the local default gateway or to set an IP address manually. Selects whether not to use a secondary router IP address (default) or to set an IP address manually. Sets the SNMP version to be used for polling the router. Sets the SNMP community to be used for polling the router. Lists the polling protocols used for retrieving the route rules from the routers routing table. Check the checkbox of the route rule you want to apply, or click the checkbox next to status, to select all. The following protocols are supported: BBNSPFIGP BGP CISCO-IGRP EGP ES IS GGP HELLO ICMP IS IS Local OSPF Other RIP Static
Polling Interval Primary Router IP Address Secondary Router IP Address SNMP Version SNMP Community Name Polling Protocols Table
3. After making any change, click Submit. 4. To reset the parameters back to the default value, click Set Default Values and then click Yes, when asked to confirm.
102
Enabling Packet Interception

When the Accelerator is deployed in On-LAN mode, WAN traffic must be redirected through the Accelerator in order for it to work. To do that, one of the following methods can be used: Working with RIP, on page 102 Working with WCCP, on page 104 Working with PBR, on page 108
Working with RIP

Once the Accelerator is set to work with RIP, it detects all subnets (including the Accelerators local network) connected to all routers on all connected networks and adds these to the Accelerators subnet and route tables. By default, all subnets detected via RIP are set to Not Advertised. Advertised subnets are the Accelerators subnets, which are broadcasted to other Accelerators when link negotiations occur.
Configuring RIP
Configuring RIP is accomplished via the My Routes menu.
To configure RIP:
1. Click the following menu sequence Setup > My Accelerators > My Routes. 2. Click on the RIP button. 3. Set the parameters as follows:
Parameter Item
RIP Mode
Description
Set RIP Mode to Enable or Disabled. Enabled Mode allows configuration of RIP parameters. Disabled RIP Mode saves any previously configured RIP settings, but disables RIP capabilities. Set Passive mode to Enable or Disable. Passive mode enables RIP in a listening mode without sending updates. Select the RIP version in use on the network: either RIP version 1 or RIP version 2. Note that in cases where RIP route injection is used, the RIP version should be set to version 2.
Passive Mode Version
En ab li ng P ac ket I n te rce p ti on
103
Parameter Item (Continued)

Authentication
Description
Authentication on the Accelerator must match the RIP authentication set across the network. When working with RIP version 1, Authentication is automatically disabled. When working with RIP version 2, set the Authentication to None, Key, or MD5: Disable: When no authentication is necessary to communicate with other RIP devices. Enable: When a non-encrypted authentication password is needed to communicate with other devices in the RIP network, insert the key used. This authentication key is a common string (non-encrypted) that must be set according to what is set across all devices on the network using RIP. MD5: When an MD5 authentication password is needed to communicate with other RIP devices, insert the encrypted key used. This must be the password that is set across all devices on the network that use RIP. Set the ID number according to this authentication passwords ID number across the RIP network. The Accelerator automatically detects neighboring RIP routers. If a router was not auto-detected, you can manually add up to 20 routers to the Neighbors Table. This is particularly important if the Accelerator is on a subnet that does not use RIP. The Accelerator can receive its RIP routing information from a neighboring router on a subnet that uses RIP.
Neighbor IP
RIP Route Injection

RIP Route Injection adds a route rule to the routers routing table, which forwards all traffic from the Accelerators subnets to the Accelerator. The Accelerator then returns the packets to the router after they have been processed by the Accelerator. The routes to these subnets, set on the Accelerator, are learned by the router during RIP negotiation. i Note: RIP must be in Active mode and set to version 2 for RIP Route Injection to operate. For more information, see section Working with RIP, on page 102. Note: For packet-interception with RIP injection, the number of injected routes is as follows: The number of injected subnets = 32 Mask_Len or if If Mask_Len <= 8, then the formula is: the number of injected subnets = 32 Mask_Len + 1 For example: for 10.0.0.0/30, 2 subnets for 10.0.0.0/8, 25 subnets
104
Using RIP for Packet Interception

RIP (Route Injection Protocol) is the other method used by the AcceleratorOS to enable Accelerators in On-LAN deployment to intercept packets from the LAN.
To use RIP for Packet Interception:

1. Click the following menu sequence: Setup > Networking > Packet Interception > RIP. 2. In the RIP Mode drop-down menu, select Enable to enable RIP mode. i Note: If Router RIP mode is configured as Passive, you should disable Passive mode in order to enable RIP mode. For details, see Configuring RIP, on page 102. 3. Select the maximal number of subnets that would use packet interception via RIP (any number between 1 and 2500; the default is 1000). 4. Click Submit.
Working with WCCP

WCCP, the Web Cache Communication Protocol, is another way in which the router can learn to forward all traffic from the Accelerators subnets to the On-LAN Accelerator. WCCP, a protocol usually used for directing Web traffic to a local Web Cache Server before forwarding requests across the WAN, enables the Accelerator to receive traffic from the router. Starting from Version 6.1.2, the types of traffic WCCP enables the Accelerator to receive are not only TCP and UDP (service groups 77 and 78), but also other types such as ICMP, CIFS and TCPPromiscuous. For details, see Setting WCCP on the Router, on page 108. By creating an IP GRE tunnel between the Accelerator and the router, the Accelerator is able to receive and process all relevant traffic and return it to the router before the traffic traverses the WAN, as follows: The Accelerator is set as a WCCP device. The router directs traffic to the Accelerator. The Accelerator returns accelerated traffic to the router in a GRE tunnel. Data is removed from the GRE tunnel, and sent to its destination. The WebUI lets you intercept packets by using either WCCP or RIP.
105
Using WCCP for Packet Interception

The AcceleratorOS lets Accelerators in On-LAN deployment intercept packets from the LAN by using either WCCP or RIP.
To use WCCP for Packet Interception:

1. Click the following menu sequence: Setup > Networking > Packet Interception > WCCP.
Figure 10: WCCP screen
2. In the WCCP drop-down menu select Enable to enable WCCP. i Note: Enabling WCCP is relevant only with On-LAN deployment. If your currently selected deployment is On-Path, please change it by going to Setup > My Accelerator > Basic > Advanced Settings. Use the Routers Table to add or delete routers to the list of routers to be used for packet interception. When adding a router, you have to indicate its router ID (the IP address used for connecting him to out network, usually the highest value number), as well as the router status (Connected/Disconnected - indicating a connection to the network). If you enable the WCCP Service, and do not set a router IP address, an error will result.
106
3. Use the Services Table to manage the list of services to be used for packet interception. It displays by default all of the pre-defined services, which are as follows: Weball TCP traffic that is sent on port 80 (http traffic) ICMPInternet Conreol Management Protocol, services such as ping, and trace-route use this protocol UDPall UDP traffic TCP-Promiscuousall TCP traffic (not port dependent) both inbound (towards the LAN) and outbound (towards the WAN) CIFS - WAFSCommon Internet File System all TCP traffic that is sent on port 445. Additional services can be added or deleted from the Services Table. The same services must be configured on the router that is connected to the Accelerator. 4. To add a service, see Adding a Dynamic Service, on page 107. To delete a service select the table row and click Delete. To enable or disable a service, click the ID of the service and Parameters for the specified service opens. Change the Service Mode to Enable or Disable. To change other parameters see Editing a Dynamic Service, on page 108. i Note: When you enable the WCCP feature, all pre-defined services are enabled by default, except for Web and CIFS. In addition, if you have multiple Accelerators deployed on your network, the same WCCP services should be enabled on each appliance.
107
Adding a Dynamic Service

To add a WCCP Dynamic Service:
1. In the Services Table header, click the Add button.
Figure 11: WCCP Services screen
The Parameters box lets you configure the following parameters: Service ID - any number between 0 and 254 (configurable only on dynamic services; this number is not editable on pre-defined services). Protocol ID - any number between 1 and 255 (again, configurable only on dynamic services). Priority - any number between 0 and 255 (default: 100). Weight - used for load balancing. If you have one or more Accelerators that share the router to which your Accelerator is connected, you can use this field to instruct the router what percentage of the traffic that uses this service is to be directed to the current Accelerator (default: 100). Port Direction - lets you set the port direction used for carrying out load balancing through Hash. This load balancing is configured in the router, according to either subnets (IPs) or ports. This box lets you only enable the Hash-assisted load balancing, through the Destination/Source IP, Port or both. Password - lets you enter a password for using the service. The next time your Accelerator synchronizes with the router, the router
108
reads this password and prevents unauthorized access to this services traffic. 2. Use the Ports Table to add a port (optional). 3. Click Submit. Once the new dynamic service is added, you can add it like any other WCCP service. See Editing a Dynamic Service, on page 108.
Editing a Dynamic Service

To edit a WCCP service:
1. In the Services Table, click the number (ID) of the service you want to edit, in the ID column of the row of this service (for example, ID 52 in the UDP row). 2. In the Edit WCCP Service screen that appears now, edit the services various parameters. As mentioned earlier, the Service ID and Protocol ID parameters can be edited only in dynamic services. For explanation of the Parameters see Adding a Dynamic Service, on page 107. 3. Click Submit.
Setting WCCP on the Router

Using WCCP requires you to configure WCCP to work on the networks router using the same service settings (the port numbers in the Accelerator must be identical to the Router on a per service basis). You can use CLI commands to configure WCCP on Cisco routers. For more information, see the Configuration Guide supplied with your router. You can use CLI commands to configure WCCP on the Accelerator. When configuring WCCP on multiple appliances, make sure that the WCCP services on each Accelerator is identical. See WCCP Commands, on page 522.
Working with PBR

Policy Based Routing, or PBR is used for intercepting traffic in an On-LAN deployment scenario. It is defined on the router and not on the Accelerator. Check your routers documentation for further assistance.
Setting the Date and Time on the Accelerator

To set the Accelerators date and time:
S et ti ng th e Da t e a n d Tim e o n t he A cc ele ra to r
109
You can alter the time setting manually, or set it to receive time synchronization from a Simple Network Time Protocol server (SNTP).
1. Click on the Setup tab, and then the My Accelerators tab, followed by the Date and Time menu. 2. Select a time zone that matches the location of the Accelerator using the Time zone drop-down box. If you need help locating the time zone in which your Accelerator resides, go to http://www.worldtimezone.com/ and there is a map that can help you. 3. Select how you want to enter the time and date. Select from one of the following radio buttons: Date and Timeto enter the setting manually. or For manual time settings, fill in the local time and date fields. If you decide to enter the time and date settings manually and there are either date or time changes (as in Daylight savings time) you will have to return to this menu and update accordingly, Use SNTPto have the server update the Accelerator automatically. Enter the server IP address and the frequency with which the server is to be polled for time updates. 4. Click the Submit button.
110
Configuring DHCP Servers

Managing the DHCP servers on your system requires a configuration file. By default, the DHCP server is disabled. To enable it, you have to download the sample DHCP configuration file and save it on your system. When you have a configuration file, you can either use the current file or customize the file and then upload the customized file.
To display the lease data of a selected IP address:

1. In the Accelerator WebUI, Click on the Setup tab, and then the Networking tab, followed by the DHCP menu. 2. In the DHCP Server field, set the status to Enable. 3. In the Lease section, enter an IP address of your choice and click the Show Lease button. The host name, IP address and expiry date are displayed on the screen.
Activating DHCP Relay Agent

The DHCP relay agent allows placing DHCP clients and DHCP servers on different networks, thus solving the problem that arises because DHCP broadcast messages do not, by default, cross the router interfaces, without using the costly solution of placing a DHCP server on each network segment. Choosing the DHCP relay agent solution lets you use fewer DHCP servers and place these machines in central locations. To solve the problem of DHCP broadcast messages, you can configure the routers to pass DHCP/BOOTP messages selectively, a process known as BOOTP relay. A router or Accelerator that carries out DHCP relay does not just forward BOOTP broadcast messages, but actually examines the packet, makes appropriate changes to it, and only then relays the packet to a DHCP server. The DHCP server to which the packet is relayed is configured by adding a Helper Address on the router or an IP address under the local interface of the Accelerator. The relay agent communicates with a DHCP server and acts as a proxy for DHCP broadcast messages that need to be routed to remote segments. Like the routerbased BOOTP Relay Agent, the DHCP Relay Agent is configured with addresses of DHCP servers to which they should relay the DHCP message. The DHCP Agent communicates with the DHCP server by using unicast communications instead of broadcast messages. Therefore, the Agents requests can be routed to a server on a remote network, regardless of segment boundaries.
Setting ExpandView Connectivity Parameters
S et t in g E x pan d View Co n n ec ti vit y P a r am et e r s
111
Registered users of ExpandView enjoy the benefit of having ExpandView automatically discover a new registered Accelerator as soon as a link to that Accelerator is established. However, if the default settings of ExpandView are changed (for example, port), or if the auto-discovery fails, you have to update the ExpandView agents parameters accordingly.
Figure 12: ExpandView Parameters screen
To define ExpandView Connectivity parameters:

1. Click the following menu sequence: Setup > My Accelerator > ExpandView. 2. In the ExpandView menu, select the Enable ExpandView Agent box. 3. Enter the ExpandView Servers IP address and port number. 4. Click the Submit button to submit the registration request. If all parameters were entered appropriately, the Status line now displays the current status (Enabled / Disabled).
112
Chapter 5: Configuring and Managing WAFS

This chapter introduces you to the Wide Area File Service feature and shows you how to use it and manage it to streamline your business while maintaining control over important company documents. Topics covered in this chapter include: Introduction to WAFS, on page 114 Getting Started with WAFS, on page 118 Enabling WAFS Configuration, on page 119 Configuring the Data Center and Branch Office, on page 127 WAFS Management and Operation Modes, on page 136 Managing the Data Center, on page 141 Setting Advanced FileBank Features, on page 155 Replication Service, on page 159 Printing Services for the FileBank, on page 168 Using WAFS Printing Services, on page 178 WAN-OUT Operation, on page 180 DNS Masquerading, on page 184 Monitoring WAFS Functionality, on page 189 Troubleshooting, on page 191
114
C h ap t er 5: Configuring and Managing WAFS
Introduction to WAFS
WAFS stands for Wide Area File Service, namely: remote users who access files over a WAN, such as branch office or mobile users accessing centralized storage. Such users often experience poor performance when trying to access files that are stored in a central location. Expand Networks WAFS solution allows users fast and efficient access to centralized storage by using intelligent, dynamic caching.
Note: This feature is only supported on Accelerators with a hard drive. If your Accelerator does not have a hard drive and you want to have WAFS functionality, contact your supplier.
Expand Networks WAFS Solution

Designed specially for distributed organizations, Expand's intelligent, dynamic caching solution allows users fast and efficient access to centralized storage. Expand enables global and fully secure direct file access to users at multiple sites, as if they were at the same site as the files, eliminating the need for local file servers and unreliable backup procedures. By consolidating corporate resources, IT managers regain total control of enterprise-wide storage, eliminating the cost and complexity associated with remote system administration, replication, backup and maintenance.
Figure 1:WAFS Solution diagram
I nt r o d u ct io n t o WAF S
115
The corporate Data Center is equipped with an Expand FileBank Director, and each remote site (requiring access to the center) is equipped with an Expand FileBank. Once these hardware devices are installed, branch office users can immediately work with files located in the Data Center, with the same speed level and efficiency as if they were working on their local file server. Expand uses a patent-pending file system technology that allows direct access to files located in distributed file storage architectures throughout the enterprise. Network architecture can be deployed as a private network of leased lines, or a virtual private network (VPN) that utilizes the public Internet in a secure way. Expand provides the following features and benefits: Centralization of storage and backup resources Synchronous, reliable file operations LAN-like performance WAN Consumption optimization Ease of installation and management Seamless integration Native security support Many-to-many architecture Integrated Branch IT Services High resilience Expand's pass-through authentication technology seamlessly ensures enforcement of enterprise policies such as user authentication, access rights verification and quota management support. Expand devices use regular LAN and power connections. Configuration is simple, and no infrastructure changes are required. No client software is installed on the Data Center file servers or on any of the remote office workstations.
116
Supported Servers
File Servers
Microsoft Windows NT Server 4.0 SP3 and above Microsoft Windows 2000 Server Microsoft Windows 2003 Server Microsoft Windows 2008 Server Network Device Filer series (ONTAP 6.x & 7)
Authentication Servers
Windows NT Server 4.0 Primary Domain Controller (PDC) Windows NT Server 4.0 Backup Domain Controller (BDC) Windows 2000 Server Active Directory Domain Controller Windows 2003 Server Active Directory Domain Controller
Supported Clients
Microsoft Windows NT Workstation 4.0 Microsoft Windows 2000 Microsoft Windows XP Professional
Expand Hardware Device Specifications

The Expand solution is available as an installed device (FileBank Director and FileBank). When planning the hardware specification for the FileBank and FileBank Director, disk capacity is an important consideration, especially in consolidation environments. Most of the device disk capacity is allocated for maintaining the cache optimization state. In general, the chances that a file is available on a FileBank cache improve with cache partition size. However, because the cache is merely an optimization layer (meaning, the files are always available on the file server), its size does not have
I nt r o d u ct io n t o WAF S
117
to be equal to the size of the total data set. Various approaches exist for estimating optimum FileBank disk capacity, the most common of which are as follows: Complete data set size (migrated from the legacy file server) Working set size (for example: 30% of complete data set) Per number of branch users (for example: 0.5GB x number of branch users) The FileBank Director is connected On-LAN to the file servers, and therefore its cache state is less critical than that of the remote branch FileBank, which is connected over the narrow-bandwidth, high-latency WAN. FileBank Director disk capacity planning should take into account the percentage of data that is shared between branches (that is, the level of inter-branch collaboration), and a size estimation of the working set. As a rule of thumb 10-20% of the accumulated branch FileBank cache is sufficient. Both FileBank and FileBank Director employ LRU (Least Recently Used) cache management, so a dynamic, working-set cache is always maintained.
Domains
The FileBank acts as a server in the Windows Domain hierarchy. Windows Clients at the remote office will see the FileBank as part of this domain when connecting to the network, and after appropriate mapping. When configuring the FileBank for the first time, you are asked which domain to join, so obtain the domain name in advance. In order to perform the join operation, a user with sufficient access rights is required, namely: a user that is part of the domain administrators group.
Authentication
Identify the name of the authentication server. The authentication server must be a Windows NT/2000/2003 server that can authenticate users accessing the domain (Windows NT v4.0 Primary/Backup Domain Controller or Windows 2000/2003 Active Directory Server).
Note: You are advised to utilize the domain controller of the local remote branch office, when applicable.
118
Getting Started with WAFS

Overview
The main steps for configuring the Data Center are as follows: 1. Enabling WAFS Configuration, on page 119 - to prepare the Accelerator for WAFS Services. 2. Configuring the Data Center and Branch Office, on page 127 - to specify the file bank and file bank director 3. Viewing the License Status, on page 33 - to verify you have a WAFS license. 4. FileBank Categories, on page 138- to start the WAFS service Note that the order that these steps are taken does matter and performing these steps out of sequence may result in the WAFS services not running. Make sure that you finish a step before proceeding to the next one.
Enabling WAFS Configuration
E n ab li ng WA F S C o nf ig u r a ti on
119
There are three steps that need to be done in order to enable WAFS configuration: Configuring the File Server/Domain Controller, on page 119 Defining Network Settings, on page 121 Enabling WAFS Operation Mode, on page 124
Configuring the File Server/Domain Controller

Configuration of the File Server/Domain Controller consists of the following steps: Defining the shared directories on the File Server, from which remote and local users can access files Changing the Login scripts (if any are used within your organization)
Defining Shared Directories

To let users access a specific shared directory:
1. Right-click the folder you want to share (using Windows Explorer, My Computer, or any other Windows convention) and select Properties and the New Share Properties dialog box opens.
120
Figure 2: New Share Properties dialog box
2. Click the Sharing tab and define share properties. 3. Repeat this procedure for all directories you want to share.
Defining User Permissions

To define which users can access the shared directory:
1. Click the Permissions button on the Share Properties dialog and the Permissions for New Share dialog box opens.
121
Figure 3:Permissions for New Share
2. Add the users who are allowed to access the shared directory and define permissions for each user. 3. Click OK and proceed to the next step, Defining Network Settings, on page 121.
Defining Network Settings

To define the network settings, use either the Accelerator 6940 front-panel LCD or the CLI command line.
Note: AcceleratorOS v6.xx should be displayed, where xx is the maintenance release number (for example 6.00) in addition to a status display (Ready, Bypass, or various error messages.).
To prepare the Accelerator to work in WAFS mode:

Follow these steps to establish the WAFS services: 1. Log in to the AcceleratorOS WebUI. 2. Enter the setup wizard. The AcceleratorOS setup wizard appears:
122
Figure 4: Setup Wizard
3. If you do not intend to define a link on this device (namely, to use the device as an Accelerator), press Cancel and continue with the FBD configuration. 4. In the dialog box that appears, click OK to confirm the closure operation. 5. In the Basic tab of the My Accelerator screen, fill-in the device name as shown below and click Submit.
Figure 5:My Accelerator screen
6. Move to the Time tab to enter your local time settings. You are advised to set the Accelerators time and date manually (default).
123
Figure 6: Accelerator Time
7. Select Setup > Networking, and then go to the DNS tab. This tab lets you configure the domain name server.
Figure 7: DNS Configuration
8. Fill-in the domain name in the Domain Name field. 9. In the Domain Name Table pane, click Add to add the domain name.
124
In the dialog box that opens now, enter the domain name(s) for the servers in the order of preferential usage and click Submit. 10. Select the IP Domain Lookup type as Enable. 11. Type the domain name server IP address in the field and click Apply.
Enabling WAFS Operation Mode

To enable the WAFS Operation Mode:
1. Select Services > WAFS. 2. Select File-Bank Director as WAFS operation mode, as shown below:
Figure 8: WAFS Services menu
3. Click Submit. 4. Use the dialog box that appears now to confirm the creation of the WAFS service. 5. The next dialog box prompts you to execute write configuration and perform reboot to enable creation of WAFS service. 6. Click OK and then click the Write command at the top of the screen (encircled below):
125
Figure 9:Web Page dialog box
7. Click Close. 8. Select Tools > General Tools and click the Reboot button to apply your new settings. 9. In the dialog box that appears now, click OK to confirm the reboot operation.
Figure 10: Confirm Reboot
126
Excluding Servers or Subnets from WAFS

It is possible to exclude specific servers or subnets from receiving the benefit of WAFS services.
To exclude servers or subnets:

1. From the Services Menu, click WAFS, then click Exclusion 2. In the Exclude by field select: IP address, Subnet, or Host name. 3. Select either client or server side. 4. Enter a valid IP address and click Add.
To delete an entry in the exclude table:

1. Select the row of the entry. 2. Click Delete.
Configuring the Data Center and Branch Office
C on f ig u r in g t h e D ata C en t er an d B r an ch O f f ic e
127
There are two components to the Data Center: the File Bank Director, and the File Bank. When put on the network, they work together to create a virtual file server system, in order to accelerate company file sharing as shown in the diagram below. The WAFS screen lets you view the current WAFS operation mode: either FB (FileBank) or FBD (FileBank Director). In addition, this screen lets you select whether to enable WAFS transparency. If you enable this feature, the FB will poll the FBD for all file servers it recognizes, as well as each server that is added or removed. All IP addresses of these file servers are resolved, and all traffic destined to the servers is redirected to the Accelerator. In order for the data center to function, the following steps need to be done: Setting Up the File Bank Director, on page 127 Setting Up the File Bank, on page 130
Setting Up the File Bank Director

You should run the Setup Wizard prior to activating the FileBank Director, as part of the initial FileBank Director installation. You can later use the FileBank Director Administration GUI for modifying any of the installation parameters. The Setup Wizard lets you set up FileBank Director in several simple steps. (In the last step, you have the option of modifying parameters before accepting them.)
To run the setup wizard for the File Bank Director:

1. Make sure you are logged into the machine you want to set as file bank director. 2. From the AcceleratorOS Home Page, select Services > WAFS. 3. In the WAFS Operation Mode field, choose File-Bank Director from the dropdown menu. 4. You will notice that the WAFS Configuration button is now enabled. Click this button to enter the WAFS Management screen.
Note: WAFS Management is a pop-up window, and therefore you need to allow blocked content (pop-up) to be able to display it.
128
Figure 11: WAFS Setup Wizard
5. Click Setup Wizard in the Left Window Pane to invoke the Setup Wizard. The wizard has the following screens: File Server Settings, on page 128 - the one that is open now Summary, on page 129 Confirmation and Application, on page 130 6. Proceed to the next section, File Server Settings, on page 128.
File Server Settings

In this section you will set the Domain Settings.
File Server Name Here Alias Here
Figure 12: Setup Wizards File Server Settings screen
129
To set the File Server settings:

1. In the fields indicated in the window above, Type in the names of the servers and their aliases. The alias field is optional. When an alias is not defined for a file server, the default alias will be the FileBank Directors host name. 2. Click Next >> to proceed to the next section, Summary, on page 129.
Summary
In this section you see the settings that you made from the previous section, File Server Settings, on page 128, as shown here in the diagram.
Figure 13: Summary section
At this stage the wizard displays a summary of all parameters entered during setup, prior to applying them to the FileBank Director.
To confirm the settings:

1. Review the list for any possible errors. If you see an error, click Setup Wizard and make necessary changes. 2. To accept all parameters and configure the FileBank Director device, click Apply. 3. Proceed to the next section, Confirmation and Application, on page 130.
130
Confirmation and Application

The following screen appears to allow you to restart the Accelerator and apply the settings.
Figure 14:Wizard Summary screen
To apply the settings:

1. To apply the settings, click Restart. To confirm all changes have been made successfully, a confirmation screen appears.
Figure 15: Confirmation screen
2. Make sure you have a valid WAFS FB license as explained in Viewing the License Status, on page 33. 3. Once the license is installed go to the machine that will be the File Bank and follow the directions as described in Setting Up the File Bank, on page 130.
Setting Up the File Bank

You should run the Setup Wizard prior to activating the FileBank, as part of the initial FileBank configuration. You can later use the FileBank Administration GUI for modifying any of the installation parameters.
131
The Setup Wizard lets you set up a FileBank in several simple steps. (In the last step, you have the option of modifying parameters before accepting them.) Once Setup is complete, make sure you have a valid FB license. To check if the license is valid, see Viewing the License Status, on page 33.
Overview
To configure the branch office:
1. Connecting the FileBank device to the branch office LAN. 2. Setting up the FileBank device. For details, see Setting Up the File Bank, on page 130. 3. Configure the client computers.
To run the setup wizard for the File Bank:

1. Make sure you are logged into the machine you want to set as file bank. 2. From the AcceleratorOS Home Page, select Services > WAFS. 3. In the WAFS Operation Mode field, choose File-Bank from the drop-down menu. 4. You will notice that the WAFS Configuration button is now enabled. Click this button to enter the WAFS Management screen.
Note: WAFS Management is a pop-up window, and therefore you need to allow blocked content (pop-up) to be able to display it.
Figure 16: Setup Wizard
132
1. Click Setup Wizard in the Left Window Pane to invoke the Setup Wizard. The wizard has four main screens: File Server Settings, on page 128 File Bank Director Settings, on page 133 Summary, on page 129 Confirmation and Application, on page 130 2. Proceed to the next section, File Server Settings, on page 128.
Domain Settings
In this section you will set the Domain Settings.
Figure 17: Domain Settings
To set the domain settings:

1. After the screen appears, fill in the fields with the correct information as shown below: Windows Domainthis is the domain that you will use to connect to the File Bank. You will need to have administrators username and password in the screen that follows (see Summary, on page 134) in order to set this parameter. Authentication Serversupply the name of the domain controller. Make sure the name you use is known to the DNS. Virtual Server PrefixIf you are not using WAFS transparency, you should add a prefix to the servers name so that all requests to the file bank (FB) are directed to the VFS and not to the actual server. You may also add a suffix. Note that this prefix is added to all servers.
133
Virtual Server SuffixIf you are not using WAFS transparency, you should add a suffix to the servers name so that all requests to the file bank (FB) are directed to the VFS and not to the actual server. You may also add a prefix. Note that this suffix is added to all servers. 2. Once you have filled in these fields, click Next >> and proceed to the next section, File Bank Director Settings, on page 133.
File Bank Director Settings

In this step, you define the file servers to be exported by the FileBank Director.
Figure 18: FileBank Director Settings screen
To indicate the File Bank Director:

1. This step is critical because it will indicate to the File Bank which server or servers are to be the File Bank Director. Type in the names of the file bank director you indicated in File Server Settings, on page 128 and in the order indicated. If you mismatch these settings it may have an effect on user performance. 2. Click Next >> to proceed to the next section, Summary, on page 134.
134
Summary
Figure 19:Summary
At this stage the wizard displays a summary of all parameters entered during setup, prior to applying them to the FileBank Director.
To confirm your settings:

1. Review the list for any possible errors. 2. To accept all parameters and configure the FileBank Director device, click Apply. 3. Proceed to the next section, Confirmation and Application, on page 134.
Confirmation and Application

The following screen appears to allow you to restart the Accelerator and apply the settings.
Figure 20:Confirmation
135
To apply your settings:

1. In order to assure that the File Bank is joined properly to the Windows domain that you set in Domain Settings, on page 132, the user that has administrative rights to the Windows domain should enter his/her username and password and click Join. 2. To apply the settings, click Restart. To confirm all changes have been made successfully, a confirmation screen appears.
Figure 21: Successful Installation
3. Go to the next section, WAFS Management and Operation Modes, on page 136.
136
WAFS Management and Operation Modes

This section describes the management and configuration of the WAFS service under FileBank and FileBank Director operation modes. The following topics are discussed: The WAFS Management Screen, on page 136 FileBank Categories, on page 138 FileBank Director Categories, on page 137
The WAFS Management Screen

In general the WAFS Management screen will look the same from both WAFS operation modes (FileBank or FileBank director). Unless indicated, the features described within will be for both modes. The WAFS Management screen is divided into the following sections: Status Baralong the top Navigation Paneon the left Workspacethe main area, on the right Clicking a selection from the navigation pane opens the relevant page in the workspace. The navigation pane is divided into the following main categories: Systemfor detailed description, see Setting Up the File Bank Director, on page 127 and Setting Up the File Bank, on page 130. File Servicesfor detailed description, see section Managing File Services, on page 142 Additional Services(FileBank Operation mode only) for a detailed description, see Configuring Additional Services, on page 168 Utilitiesfor detailed description, see section FileBank Utilities, on page 140
WA FS M a n ag em en t a n d O pe r at i on M o de s
137
Figure 22: WAFS Management screen
FileBank Director Categories

The following sections describe the WAFS management screen work categories, as viewed when the WAFS operation mode is FBD (FileBank Director): FileBank Director System, on page 137 File Services, on page 137 FileBank Director Utilities, on page 138
FileBank Director System

The System category includes the following subsections: Setup Wizardlets you set up FileBank Director in several simple steps. Once Setup is complete, the FileBank Director can function. You should run the Setup Wizard prior to activating FileBank Director. All parameters set via the Setup Wizard can be modified within the GUI. For more information, see Setting Up the File Bank Director, on page 127. Boot serviceslets you control FileBank Director service and device status. Controlling the service status lets you start, stop or restart FileBank Director service. Controlling the device status lets you reboot or shut down the FileBank Director device. For more information see Managing the Data Center, on page 141.
File Services
This section describes the following functions offered by FileBank Director:
138
FileBank Director Settingslets you define the Listen Port Assignments settings and set the FileBank Director ID. The TCP (data transfer) and UDP (keep alive) ports are set to 4049 by default, but can be changed if necessary. System Usersused for managing internal users that are used by specific Expand services (for example: Replication Service). File Serversto add file severs to be exported through the Expand WAFS solution and the FileBank Director, enter the file server name, and optionally an alias, in this screen. Filtersallow Expand to avoid unnecessary compression attempts on files that are already compressed, thereby improving overall system performance. Replication Servicesthe method by which the system can be set to optimize the handling of very large files over the bandwidth-limited WAN link.
FileBank Director Utilities

This section describes the FileBank Director utilities, which are as follows: System Diagnosticslets you run a diagnostic test on the FileBank Director device to ensure that the device is working properly. The results of the test will be displayed in the Results area of this screen. Logslets you generate FileBank Director activity logs for monitoring, optimization, and troubleshooting purposes.
FileBank Categories
The following sections describe the WAFS management screen work categories, as viewed when the WAFS operation mode is FB (FileBank): FileBank System, on page 138 File Services, on page 137 Additional Services, on page 140 FileBank Utilities, on page 140
FileBank System
The System category includes the following subsections:
WA FS M a n ag em en t a n d O pe r at i on M o de s
139
Setup Wizardlets you set up FileBank in several simple steps. Once Setup is complete, the FileBank can function. You should run the Setup Wizard prior to activating FileBank. All parameters set via the Setup Wizard can be modified within the GUI. Boot serviceslets you control FileBank service and device status. Controlling the service status lets you start, stop, or restart FileBank service. Controlling the device status lets you reboot or shut down the FileBank device.
FileBank Services
This section describes FileBank File Services functions, which are as follows: FileBank Directorsdisplays the current FileBank Director(s) for the FileBank, and lets you add or delete FileBank Directors as necessary. Virtual Serverslets you configure FileBank to automatically add a prefix and/or suffix to the original file server name defined at the FileBank Director site, to represent the local virtual server. This helps distinguishing the local virtual server name from the Central File Server name. Windows Domainlets you join the FileBank to the domain, use domain administrator credentials (Username and Password), set the domain name, and add or delete authentication servers. Cache Settingsgives you cache statistics, and lets you control basic cache functionality: cache validation frequency, and manual cache invalidation. Fetch Settingslets you define which data will be fetched from the Data Center for pre-population of the Cache. Once fetched, this data resides in the Cache and can be accessed immediately. Thus prepopulation optimizes first-time access to this data. System Userslets you add and delete FileBank system users. Filtersprovides smart filters to enhance performance and bandwidth optimization over the WAN. Replication Servicesthe method by which the system can be set to optimize the handling of very large files over the bandwidth-limited WAN link. Kerberos Configurationallows nodes communicating in a nonsecure network the ability to identify each other in a secure manner.
140
Additional Services
This section describes the FileBank Additional Services, which are: Print Servicesyou can configure FileBank to serve as the local branch print server. This screen lets you add network printers, view a list of already existing printers, and delete printers, as required.
FileBank Utilities
This section describes the FileBank utilities, which are as follows: System Diagnosticslets you run a diagnostic test on the FileBank device to ensure that the device is working properly. The results of the test will be displayed in the Results area of this screen. Logslets you generate FileBank activity logs for monitoring, optimization, and troubleshooting purposes. System Statisticsdisplays a list of connected users, with their Session ID, Username, Group and Machine. To update the list, use the Refresh button.
Managing the Data Center

The following topics are discussed: Starting the Data Center, on page 141 Managing File Services, on page 142 Configuring FileBank Services, on page 149
M a n ag in g t h e D ata C en t er
141
Starting the Data Center

If you have configured the File Bank and File Bank Director and have installed the AOS license file on each machine you will need to start the WAFS service on each. In addition to starting the WAFS service, the following options can be performed: Start or Stop the File Bank Director Service Restart or Reboot the File Bank Director Service Shutdown the File Bank Director Device Note that, in order to start the WAFS services, you must follow this step. Caution should be made when stopping, starting, or restarting the WAFS service as this may interfere with other users who have work in progress.
To start, stop, restart, reboot, or shutdown:

1. Access the Boot Services screen by clicking Boot Services (circled) under the System Menu lets you to control FileBank Director service and device status.
Figure 23: Boot Services
142
2. Perform one of the following actions: Start the File Bank Director ServiceClick Start Stop the File Bank Director ServiceClick Stop (See warning!) Restart the File Bank Director ServiceClick Restart (See warning!) Reboot the File Bank Director DeviceClick Reboot (See warning!) Shutdown the File Bank Director DeviceClick Shutdown (See warning!)
CAUTION! Stopping or Restarting the device while users are connected will interfere with their work in progress.
CAUTION! If you click Reboot or Shutdown, there is no confirmation dialog so ! the operation is carried out immediately. Make sure you want to do this before clicking! Note too that if you reboot or shutdown while users are connected their work progress will be affected.
Managing File Services

This section describes File Services options, which are as follows: Defining FileBank Director Settings, on page 142for FileBank Director mode only Managing System Users, on page 144. Adding File Servers, on page 145for FileBank Director mode only Managing the Compression Filters List, on page 147. Replication Service, on page 159.
Defining FileBank Director Settings

The FileBank Director Settings screen lets you set the Listen Port Assignments and the FileBank Director ID. The TCP (data transfer) and UDP (keep alive) ports are set to 4049 by default, but can be changed if necessary. FileBank Director Settings is also used for changing the FileBank Director ID in a multi FileBank Director environmentwhere each FileBank Director is automatically assigned its own, unique, integer ID. FileBank Director ID should not be changed once the system is running, because such a change will result in resetting the
143
cache optimization state (namely, the cache associated with the initial ID will become obsolete). Also, if the ID is changed and matches the ID of another machine, errors will result.
Figure 24: FileBank Director Settings screen
To change Listen Port Assignments:

1. Make sure you are using the FileBank Director WAFS operation mode. 2. From the WAFS left menu pane, under File Services select FileBank Director > Settings. 3. Type in the new TCP value. 4. Type in the UDP value. 5. Click Apply.
To change FileBank Director ID:

1. Make sure you entered the WAFS menu using FileBank Director Operation Mode. 2. From the WAFS left menu pane, under File Services select FileBank Director > Settings 3. Type in the new unique ID. It is best to write this ID down for future reference. 4. Click Apply.
144
Managing System Users

The System Users screen (File Services > System Users) is used for managing internal users that are used by specific Expand services (for example: Replication Service).
Figure 25: System Users
To add a user:
1. From the WAFS left menu pane, under File Services select System Users. 2. Fill in the new user's Domain Name, Username and Password. Verify the password by typing in the same password you entered in the Password field. 3. Click Add and the Users information is added to the list at the bottom.
To delete users from the current list:

1. From the WAFS left menu pane, under File Services select System Users. 2. Select the checkbox for the user, or users, to be deleted 3. Click Delete.
145
Figure 26: Delete Users
Adding File Servers

To add more file severs to be exported through the Expand WAFS solution and the FileBank Director, type in the file server nameand optionally an aliasin the File Servers screen (File Services > File Servers). i Note: When the FileBank Director is configured to export a DFS root, it is necessary to export all the participating DFS file servers on the FileBank Director side.
146
Figure 27: File Servers
To add a user:
1. Make sure that you entered the WAFS menu using FileBank Director Operation Mode. 2. Fill in File Server Name, and optionally an Alias 3. Click Add.
To delete servers:
1. Make sure that you entered the WAFS menu using FileBank Director operation mode. 2. From the Exported File Servers section, select one or more checkboxes. 3. Click Delete.
147
To Set a CIFS User:

1. Make sure that you entered the WAFS menu using FileBank Director operation mode. 2. In the Set a CIFS User section, fill in the following information: Domain Name User Name Password Verify Passwordmake sure the password you enter here matches the password you enter in the Password field. 3. Click Set.
To delete a CIFS User:

1. Make sure that you entered the WAFS menu using FileBank Director operation mode. 2. This will clear all of the listed CIFS users. There is no confirmation and action will take place immediately. 3. Click Clear.
Managing the Compression Filters List

The Expand WAFS solution compresses data that travels across the WAN, to optimize performance. However, several file types are already compressed and cannot be compressed further. The compression filters allow Expand to avoid unnecessary compression attempts on files that are already compressed, thus improve overall system performance. The Compression Filters list (File Services > Filters) shows you all file extensions that the system will not attempt to compress. If you are using compressed files of a type that is not currently included on the Compression Filters list, you can add it. You can also delete extensions from the list, if you are sure that they are not compressed and were added by mistake.
148
Figure 28: Filters screen
To add a filter:
1. From the WAFS left menu pane, under File Services select Filters. 2. Type in the file extension in the form *.xxx (where xxx is a three or four-letter fileextension). 3. Click Add.
To delete filters:
1. From the WAFS left menu pane, under File Services select Filters. 2. Select one or more filter checkboxes. 3. Scroll down to the bottom of the Compression Filters list. 4. Click Delete
.
CAUTION! Do not delete filters that were included in the list provided by Expand. Files of these types are known to be compressed and do not require further compression. You should only delete a filter if was added by mistake.
149
Configuring FileBank Services

This section describes FileBank File Services functions that are only accessible through the FileBank Operation mode, which are as follows: FileBank Directors, on page 149 Virtual Servers, on page 150 Windows Domain, on page 151 Cache Settings, on page 152 Fetch Settings, on page 157
FileBank Directors
To access the FileBank Directors screen, click File Services > FileBank Directors in the Navigation Pane (see figure below). This screen displays the current FileBank Director(s) for the FileBank, and lets you add or delete FileBank Directors as necessary.
Figure 29: FileBank Director settings
150
To add a FileBank Director:

1. Make sure that you entered the WAFS menu using FileBank operation mode. 2. 3. 4. 5. ii Enter the hostname. Enter the TCP port number Enter the UDP port number Click Add.
Note: You may leave the TCP and UDP fields blank, in which case the default value - port 4049 - is applied to both.
To delete a FileBank Director:

1. Make sure that you entered the WAFS menu using FileBank operation mode. 2. Select one or more checkboxes of hostnames in the current FileBank Directors list 3. Click Delete.
Virtual Servers
You can configure FileBank to automatically add a prefix and/or suffix to the original file server name defined at the FileBank Director site, used for representing the local virtual server (File Services > Virtual Servers). This helps distinguishing the local virtual server name from the Central File Server name. CAUTION! Virtual Server Name = File Server Alias + any prefix/suffix added here. If neither a prefix nor a suffix is defined, DNS Masquerading or WAFS ! Transparency must be activated, to avoid name resolution conflicts. For details regarding DNS Masquerading, see DNS Masquerading, on page 184. For details regarding WAFS Transparency, see section WAFS Transparency Commands, on page 698. CAUTION! If you plan to use WAFS transparency, do not use an Alias name. Also ! if you need to use an Alias name, you must block WAFS transparency. The lower half of the screen lists Exported Virtual Servers and their connection status (Connected/Disconnected).
151
Figure 30: Virtual Servers
To create the virtual server name:

1. Make sure that you entered the WAFS menu using FileBank operation mode. 2. Type in a prefix and/or a suffix. 3. Click Apply.
Windows Domain
The Windows Domain screen (File Services > Windows Domain) is used for carrying out the following tasks: Joining the FileBank to the domain. Using domain administrator credentials (Username and Password) Setting the domain name Adding or deleting authentication servers.
152
Figure 31: Windows Domain
Cache Settings
The Cache Management screen (File Services > Cache Settings) provides you with cache statistics, and lets you control basic cache functionality: cache validation frequency, and manual cache invalidation.
Time to Live (TTL) settings

These settings determine how often the FileBank verifies directories or file data with the FileBank Director. Time to Live applies only to directory listing and readonly files. Cache coherency is maintained regardless of these settings. Higher values mean better cache performance, whereas lower values mean that read-only data is more accurate.
153
Figure 32: Cache Settings
Invalidate Cache
The Invalidate button resets the TTL for the cached information, thereby forcing the FB to validate the updated information with the EFS. ii Note: Access to Data Center versions of cached files is verified prior to the invalidation. Cache files are not invalidated if Data Center versions are not available.
System Users
The System Users screen (File Services > System Users) lets you add and delete FileBank system users.
154
Figure 33: System Users
To delete users from the current list:

1. Select the checkbox for the users to be deleted. 2. Click Delete. The Expand WAFS solution uses smart filters to provide additional performance and bandwidth optimization over the WAN. Two types of filters are listed on the Filters screen (File Services > Filters): Short Term File (STF) filters Compression filters
STF Filters
Short Term Files (STFs) are files that are saved locally on the FileBank and not sent to the central server. Use the STF Filter for files that exist for a short term and for any other files you do not want to be backed up on the central file server (for example: photos and media files). The STF Filter list displays all file extensions that the system is currently configured not to back up. You can add to or delete from this list as necessary. ii Note: All Files that match the STF filter extensions selected are not backed up.
S e t ti ng Ad va n ced Fi leB an k F ea tu r e s
155
S e t t i n g A d va n c e d F i l e B a n k Fe a t u r e s
This section covers advanced features that you can configure to the FileBank for added functionality. Topics covered include: Configuring the Fetch Mechanism, on page 155 Replication Service, on page 159 Replication Service Activation, on page 161 Configuring Replication Services, on page 162 Configuring Additional Services, on page 168
Configuring the Fetch Mechanism

This section covers topics related to the Cache. Topics discussed in this section include: Fetch Mechanism Overview, on page 155 Fetch User, on page 156 Fetch Jobs, on page 156 Fetch Settings, on page 157 Creating Fetch Jobs, on page 158
Fetch Mechanism Overview

The Fetch mechanism lets you pre-populate the FileBank cache with specific data sets from the data-center file server. Cache pre-population optimizes first-time data access to files and directories by utilizing the Expand advantage: once a particular data set is saved in the local FileBank cache, future requests for files from that set will require the transfer of minimal amounts of data over the WAN, speeding up service. Depending on the mode in which files are opened by Clients, FileBank synchronously validates that the cached data is updated, and acquires file locks on the Server. Although cache pre-population is not essential, for performance reasons it is strongly recommended that in file server consolidation scenarios you pre-populate the branch files working set as a minimum (for example: user home drives). ii Note: File types that have been configured as Short Term Files (STF) or Replication files, are not pre-populated by the Fetch mechanism.
156
Fetch User
The fetch user is the internal user that performs the data pre-population on the cache. The fetch user must have sufficient security permissions to traverse the file system and read permissions for the files being transferred. You can configure the fetch user on the FileBank using the user CLI command, or the System Users option in the management web interface.
Fetch Jobs
The term Fetch jobs describes the entities that will be pre-populated onto the FileBank cache. A fetch job is defined by the path and the fetch user that will be used for fetching that path. The path is expressed in UNC format (starting with virtual server name), and the user command argument is entered in {domain\user} format. A fetch job can aggregate multiple paths under one entity (see the fetch jobs paths option). Activating a multiple path job effectively creates a fetch instance for each specific path.
Figure 34: Fetch Settings
157
Fetch Settings
The Fetch Settings screen (File Services > Fetch Settings) controls the prepopulation of the Cache with specific data from the Data Center. Once fetched, this data resides in the Cache and can be accessed immediately. Thus pre-population optimizes first-time access to this data. The Fetch Settings screen lets you define which data will be fetched for pre-population. This screen lists Fetch Jobs and their current status.
Figure 35: Fetch Settings
Fetch Jobs describe the entity that should be fetched (namely, a specific directory on a file server). For details, see section Creating Fetch Jobs, on page 158. Fetch Instances represent Job runs. For details, see section Creating Fetch Jobs, on page 158.
Fetch Activation
Once configuration is complete, you can activate the Fetch mechanism by running fetch jobs, and subsequently manage it by running fetch instances. Fetch Jobs are created with a single path. You can add paths as necessary, as described below.
158
Creating Fetch Jobs

Choose and start the fetch job you want to run. Each time a job is started a new Fetch instance is created.
To create a Fetch job:

1. Make sure that you entered the WAFS menu using FileBank operation mode. 2. In the Add Job area of the Fetch Settings screen (File Services > Fetch Settings), fill-in the following parameters: UNC Path - a specific folder on a file server. Domain/Username - as described in System Users, on page 153 and as described in Virtual Servers, on page 150. 3. Click Add. The new job is added to the list of Fetch Jobs.
Figure 36:Fetch Jobs
4. Add one or more paths to this Fetch Job, as required, by typing the requested UNC path and priority, and then clicking Add. The paths are added to the Fetching Paths list, and are now part of this Job. 5. When you have added all necessary paths, click the Back to Fetch Settings link at the bottom of the screen. This link takes you back to the general Fetch Settings screen, for all Fetch Jobs.
To delete a Fetch job:

1. Make sure that you entered the WAFS menu using FileBank operation mode. 2. Select the checkbox for the job. 3. Click Delete.
159
To start a Fetch instance:

1. Make sure that you entered the WAFS menu using FileBank operation mode. 2. In the Fetch Jobs list of the Fetch Settings screen, select the checkbox for the Job. 3. Click Start. An instance of the Fetch Job is started, and is added to the Fetch Instances list.
To stop a Fetch instance:

1. Make sure that you entered the WAFS menu using FileBank operation mode. 2. Select the instance in the Fetch Instance list. 3. Click Stop.
To add Fetch instances:

1. Make sure that you entered the WAFS menu using FileBank operation mode. 2. Fill-in the following parameters for the new user: Domain name Username Password 3. Click Delete.
To delete Fetch instances:

1. Make sure that you entered the WAFS menu using FileBank operation mode. 2. Select the checkbox for the instance. 3. Click Delete.
Replication Service
One of the main challenges resulting from the consolidation of file services in a data center, is how to grant users efficient access to very large files over the WAN, despite limited bandwidth and high latency. The Expand replication service addresses this challenge, by reducing bandwidth consumption at peak hours. With this feature, administrator-defined file types (such as. *.PST, *.GHO) are served locally at the branch by the FileBank virtual server, while a recurring replication process handles daily synchronization with the data center file server (at times of low WAN bandwidth consumption).
160
When you create a new file (of a type that is replicated), this file is synchronously created on the central file server with its security metadata (namely ACLs), but without the actual file data. The file data is then updated asynchronously by the recurring replication process. The same principle applies to changes made to existing files. ! ! CAUTION! Replication is an asynchronous process, and as such, should be activated only for files used exclusively by the branch. Sharing replication files between branches can result in data loss. Replication service configuration includes the following parameters: Replication Replication Replication Replication User, on page 160 File Types, on page 160 Schedule, on page 160 Paths, on page 161(optional)
Replication User
The Replication User is an internal user that performs file replication for the system. The replication user must have sufficient security permissions for traversing the file system and writing permissions to replicate to the file server. The replication user is set both on the FileBank and on the FileBank Director.
Replication File Types

The Replication service handles replication on the basis of file extension (for example: *.mdb for Microsoft Access files), not file size. All files whose extension is on the list of Replication File Types are handled by the replication mechanism, regardless of their size. When changes are made to the list of Replication File Types, you must reboot the FileBank for the changes to take effect. ii Note: In a nested shares environment, the replication files should be prepopulated to the FileBank using the same path to which the users are mapped.
Replication Schedule
Replication is programmed to run once a day to synchronize changes between the FileBank and the Data Center file server. You are advised to run replication at offpeak hours, when WAN bandwidth is least utilized. You define the time of day
161
(UTC value) that replication starts, and you can also force a stop time (namely: stop the process even if replication is not complete). You can also run a non-scheduled replication at any time by using the Replication Start and Stop options, either over the web or through the CLI. ii Note: AcceleratorOS supports only DNS masquerading and not WINS masquerading. Therefore, all clients who have NT 4.0 or earlier systems, which use WINS servers, need to have DNS servers as well to let us support them. Note: Replication Start and End times are defined as UTC values.
ii
Replication Paths
By default, the Replication Service searches the entire file system for files that correlate to the Replication File Types list. Alternatively, you may define specific paths to be searched (instead of the entire file system). The replication path can point either to a share or to a directory within a share. Defining replication paths results in a faster replication process. When using this option, files outside the specified paths are not replicated. ii Note: When no replication paths are defined, the replication feature searches the entire file system for files to be replicated. However, once one or more replication paths are defined, the feature searches only on the defined paths.
Replication Service Activation

General system configuration must be complete before you activate replication. Once the service is activated, FileBank may be populated with the initial set of files.
Service Activation on FileBank Director

On the FileBank Director side, you need only to define the replication user and start the replication server that runs on the FileBank Director. Initial service configuration and activation are easily performed, by using either the FileBank Director web management or the replication setup command (CLI).
162
Service Activation on FileBank

On the FileBank side, service configuration includes defining: replication user, replication file types, and the daily Start time (the definition of replication paths, and of a Stop time, are optional, as described above). Initial service configuration and activation are easily performed, by using either the FileBank Director web management or the replication setup command (CLI). Once configuration is complete, the replication service must be enabled on the FileBank.
Initial Pre-population of Large Files on FileBank

Working with replication services on large files requires pre-populating the files located in the paths we want to replicate, before starting to work with the FileBank in the field. Pre-populating involves copying an initial, up-to-date snapshot of all qualifying replication files, from the file server that holds them. This snapshot consists of file data and metadata (for example: timestamps and security attributes). You can perform the initial pre-population by either running the Replication Start initial CLI command or using data migration tools (such as Robocopy, or Secure copy) to copy the files from the legacy branch file server to the FileBank virtual server. Once pre-population is complete, users can start working on the files. ii ii Note: File pre-population onto the FileBank is a prerequisite for working on the replication files. Note: Replication files that are on the file server but have not been pre-populated onto the FileBank cache are visible in directory listings, but are empty if opened.
Configuring Replication Services

The Replication Services screen (File Services > Replication Services) displays the current status of the Replication Service, and allows you to Start and Stop it. It also gives you access to the Replication User screen (see section Replication User, on page 163). For details of what the Replication Service does, see section Managing the Compression Filters List, on page 147.
163
ii
Note: Before you can start the Replication Service for the first time, you must define a valid Replication User. For more details, see section Replication User, on page 163.
Figure 37: Replication Services
Replication User
The Replication User is an internal user that performs file replication for the system. The Replication User Screen (Replication Services > Replication User) displays the currently defined user, and lets you clear (in other words, delete) the current user, and/or set a different user.
164
ii
Note: The Replication Service cannot function unless a valid Replication User is set. This user must have sufficient security permissions for traversing the file system and writing permissions to replicate to the file server.
Figure 38: Replication User
To set the replication user:

1. In the Replication Services screen (File Services > Replication Services), click the Replication User link. ! CAUTION! You should configure the same replication user on the FileBank and the matching FileBank Director. Note: The Replication Service cannot function unless a valid Replication User is set. This user must have sufficient security permissions for traversing the file system and writing permissions to replicate to the file server. 2. Select the checkbox for the required user, and then click Set.
ii
To clear the current Replication User (without setting another):

1. In the Replication Services screen (File Services > Replication Services), click the Replication User link. The Replication User screen opens, showing the current user. 2. Click Clear. ! CAUTION! You should configure the same replication user on the FileBank and the matching FileBank Director. The user is no longer the Replication User.
165
ii
NOTE: Using the replication services requires creating a new user.
Kerberos Configuration
Kerberos is a computer network configuration protocol which allows nodes communicating over a non-secure network to prove their identity in a secure manner. When used in a client-server model, Kerberos provides mutual authentication, whereby both the user and the server verify each other's identity. Kerberos Protocol messages are protected against eavesdropping and replay attacks. The following configurations are possible: Enabling or Disabling Kerberos - available on the FB and FBD Enabling Kerberos on a Specific Server - FBD only Auto Configuration - FBD only ii Note: It is important to make sure that the time of the Accelerator is synchronized with all other points on the network. If the time is not synchronous, it may result in Kerberos failure. To check the Accelerators time, see Setting the Date and Time on the Accelerator, on page 109.
Enabling and Disabling Kerberos on the FB

To enable or disable kerberos on the FB:
1. From the WAFS Configuration menu, under File Services, select Kerberos Configuration. 2. The Kerberos status is shown. To enable kerberos, click Enable, to disable kerberos, click Disable.
Enabling and Disabling Kerberos on the FBD

This will enable or disable Kerberos on the File Bank Director and all servers that are associated with the File Bank Director.
166
To enable or disable Kerberos on the FBD:

1. From the WAFS Configuration menu, under File Services, select Kerberos Configuration. The Kerberos menu opens. 2. Fill in the fields as follows: Realm - supply a Realm name (this is similar to a Domain Name controller) Although the realm can be any name you want it is common practice to create the realm by uppercasing the DNS domain name that is associated with the hosts in the to be defined realm. For example, if your hosts are all in the mydomain.com realm, your kerberos realm might be MYDOMAIN.COM. Admin Server - if the Domain Name Controller is different from the kerberos name, put the name of the DNC here or else leave the field empty. KDCs - in this field, put the name of the Key Distribution Center - if there are more than one, separate each name by a comma. Default Domain - if there is more than one domain name controller, put the name of the default one in the field. 3. Click Apply to submit.
Auto Kerberos Configuration

When selecting this setting, the Accelerator chooses the settings.
To choose the auto-configuration Setting:

1. From the WAFS Configuration menu, under File Services, select Kerberos Configuration. The Kerberos menu opens. 2. Click the AutoConfig button.
Enabling Kerberos per Server

This is not available on the FB
167
To choose the auto-configuration Setting:

1. From the WAFS Configuration menu, under File Services, select Kerberos Configuration. The Kerberos menu opens. 2. 3. 4. 5. Under Kerberos per EFS, click Enable. A list of servers opens Choose the servers by clicking on them. Click Apply.
168
Printing Services for the FileBank

Configuring Additional Services
This section describes the FileBank Additional Services, which currently include the Print Services.
Print Services
You can configure FileBank to serve as the local branch print server. The Print Services screen (Additional Services > Print Services) lets you add network printers, view a list of already existing printers, and delete printers, as required. For additional information about print functions, see section Setting Advanced FileBank Features, on page 155.
Figure 39: Print Services
Pri nt i ng S erv ice s fo r th e F il eB an k
169
To add a printer:
1. Type in the printer name (preferably a descriptive name such as Konica 7022, frontdesk or floor5). 2. Type the printer URI (an identifying string such as socket://192.168.1.21:9100/.) 3. Enter a brief description to help other users identify the printer. 4. Click Add. The printer is added to the list of printers available to branch users (this list displays Name, Description, and URI).
To delete a printer:
1. Select the checkbox near the name of the printer you want to delete. 2. Click Delete.
Configuring Print Services (FileBank)

Once FileBank is installed at the branch office, you can configure it to replace the existing local print server (or servers). FileBank includes the following features: Lets administrators manage network printers and upload end-user drivers through the Windows Add Printer Wizard Lets clients download and install drivers and printers via Point'n'Print, or install printer drivers locally Supports standard network printing protocols Can be connected directly to the printer
Adding a Network Printer to FileBank

The first stage when installing a new printer to the FileBank, is to set the printer entry and URI.
170
Figure 40: Print Services
Assigning Printing Administrators

Only assigned printing administrators can upload printer drivers. Printing administrators must be users with full access and write credentials on the central fileserver PRINT$share. The default printing administrator values are: Administrator (individual) and @Administrators (group name). In many cases the default setting is not sufficient and you need to create additional user(s) and groups. ii ii NOTE: Group names must be prefixed with @. NOTE: Printing administrators must posses full access and write credentials on the central file server Prints share.
PointNPrint Configuration
Once you have defined printers, printing mode and printing administrators on FileBank, you can upload printer drivers to the print server. This Enables clients to use the Point'n'Print feature, which automatically installs the associated printer driver the first time they access a particular printer. Uploaded drivers are stored on the central file server and cached on the local FileBank (a valid network connection between the FileBank and the FileBank Director is required).
P ri nt i ng S erv ice s fo r th e F il eB an k
171
The initial listing of printers in the FileBank Printers and Faxes folder, accessed from a Client, has no real printer driver assigned to it. The standard Windows Add Printer Wizard (APW), run from NT/2000/XP clients, is used for printer driver upload. Note: The existence of PRINT$share on the central file server is a prerequisite for uploading/downloading printers drivers (PointNPrint).
ii
Uploading Printer Drivers

1. Log in to a workstation as a user who is also defined as a printing administrator. 2. Browse to the FileBanks virtual server name, by doing one of the following: Open Network Neighborhood and browse to the virtual server name, OR Click Start > Run, and type in the UNC path of the virtual server: \\{virtual server name} 3. Open the Printers and Faxes folder, locate the printer you have added to FileBank, right-click on the printer icon, and select Properties (from the menu). You are trying to view the printers properties before a driver has been assigned to it, and therefore the dialog box shown below appears.
Figure 41: Printer Properties
CAUTION! Do not click Yes. 4. Click No. 5. Do one of the following: Install a new printer driver (thereby activating the Add Printer Wizard, see next step). OR If one or more drivers have already been installed, you can select one of these drivers from the drop-down list. (If no drivers have been installed this list will be empty.) 6. If installing a new driver, follow the Windows Add Printer Driver Wizard.
172
7. After driver upload is complete, perform the first client driver installation, as described in the next section.
First Client Driver Installation

After uploading a printer driver or drivers, you must perform the First Client Driver Installation. Once this initiation step is concluded, further clients are easily set up and should not require further attention. 1. Log in to any workstation as a user who is also defined as a printing administrator and has administrator rights on the workstation. 2. Browse to the FileBanks virtual server name. 3. Right-click on the relevant printer, and select Connect from the menu. 4. The printer is added to the local Printer folder (you can verify this by clicking Start > Settings > Control Panel > Printers and Faxes). 5. use the following procedure to trigger the printer driver startup. Right-click on the printer and select Properties. ii Note: If Connect still appears on the right-click menu, the driver is not yet installed. Return to step 3 above. On the Advanced tab, click Printing Defaults. Change the current page orientation (Portrait/Landscape) and click Apply. Restore original page orientation and click Apply.
P ri nt i ng S erv ice s fo r th e F il eB an k
173
At this stage you may also want to set other printing defaults that will apply to all future clients wanting to carry out PointNPrint driver installation. From now on, any client wanting to install this printer can just Point'N'Print.
Verifying PointNPrint Installation

After completing the above two stages, you are advised to verify that PointNPrint is functioning correctly. 1. Log in to any other workstation (with permission to install drivers locally). 2. Locate the printer (Start > Printers and Faxes) and double-click it. 3. Verify that drivers are installed. ii Note: If you are running Windows 2000, a dialog box may appear at this stage. 4. 5. 6. 7. Open the print queue for the printer. Print a test page. Verify that the print job is added to the print queue and prints out correctly. Verify that printer properties are visible (see the driver-specific fields)
Manual Client Driver Installation

Once you have defined your printers on the FileBank, you can optionally install printer drivers locally on workstations (without relying on PointNPrint). 1. Log in to a workstation as a user who has administrator rights on the workstation. 2. Browse to the FileBanks virtual server name, by doing one of the following: Open Network Neighborhood and browse to the virtual server name, OR Click Start > Run, and type in the UNC path of the virtual server: \\{virtual server name} 3. Open the Printers and Faxes folder (Start > Printers and Faxes), locate the printer you have added to FileBank, right-click on the printer icon, and select Properties (from the right-click menu). You are trying to view the printers properties before a driver has been assigned to it. Therefore, the following message appears:
174
Figure 42: Printer Properties
4. Click Yes. The Add Printer Wizard (APW) opens. 5. Select the driver to associate with the printer, install it and connect.
Verifying Driver Installation

To enable a client to use the FileBank as the print spooler, communicating by using IPP (Internet Printing Protocol):
1. Open the print queue for the printer. 2. Print a test page. 3. Verify that the print job is added to the print queue and prints out correctly.
To verify driver installation for each Client:

1. Add a printer to the FileBank. 2. Log in to the workstation to which you to install a printer as the workstations administrator. 3. Browse to the Clients Control Panel. 4. Open the Printers and Faxes folder (Start > Printers and Faxes). 5. On the File menu, click Add Printer. The Add Printer wizard opens.
175
Figure 43: Add Printer Wizard
6. Select the radio-button Connect to a printer on the Internet or on a home or office network. 7. In the URL field, enter the URL for the printer in the following format: http://<FileBank's hostname>:631/printers/<printers name> 8. Click Next. 9. Select the appropriate driver to install, and use the wizard for completing the installation. 10. When done, print out a test page. ii Note: Installing the IPP printer drivers to a workstation does not require additional settings on the FileBank other than adding the IPP printer URL to the FileBank. Note: Client side IP configuration does not support PointNPrint.
ii
176
Connecting the Printer to the FileBank Server

Although both Parallel and USB connections are supported, you achieve the following functionality with a USB connected printer: Installing the printer using a USB driver Migration of the remote driver for USB Ability to use all of the printers functionality via the USB driver Ability to create Users and Groups as well as permission settings If the printer is connected to the FB with a USB cable, the FB will automatically mount the printer.
To connect a printer to the FileBank server:

1. Connect the printer to the FileBank server via USB (or parallel port if no USB is available). 2. Use the WebUI to add a printer.
Printing Setup Troubleshooting

Issue: I cannot select a new driver to upload, the option is disabled.
177
1. Ensure that a PRINT$share is defined on the central file server. 2. Verify that you are logged in as a printing administrator, with full read and write access to the PRINT$share. 3. Ensure that this user is defined as a printing administrator (see section Assigning Printing Administrators, on page 170.) I get an Access Denied message when trying to upload drivers 1. Verify that PRINT$share exists on the target's central file server. 2. Verify that you are logged in as a printing administrator with full read/write access on the PRINT$share. 3. Verify that you have set the printing driver to server at the FileBank: > printing drivers set server and then repeat the driver upload procedure (see Uploading Printer Drivers, on page 171). When I try to print out a test page I get one of the following errors: Operation could not be completed Could not add a print job Print test page failed 4. Ensure that you have initialized the printer by performing the first Client driver installation, before trying to print (see First Client Driver Installation, on page 172). 5. If the printer driver is not yet installed on the workstation, Ensure that you are logged in as an administrator for this workstation. 6. Verify that the printer is connected and operational (look for errors such as network connection problems, paper jam and out of paper). Print jobs are not cleared from the queue (even after refreshing the queue) and are not printed 7. Verify that the printer is connected and operational ((look for errors such as network connection problems, paper jam and out of paper). 8. Verify that the printers URI is defined correctly on the FileBank, and that the printer supports the protocol given and is configured to acknowledge on the specific protocol (IP, port, protocol).
178
Using WAFS Printing Services

Adding a WAFS Printer via Windows
WAFS now lets you use the Windows Add Printer Wizard to add a Server printer on a remote computer.
To add a Server printer:

1. Go to the Printers and Faxes section on the server from which you want to add the printer. 2. In the Printer Tasks pane, click the Add a Printer button. The Add Printer Wizard dialog box appears:
Figure 44:Add Printer Wizard
3. The next screen lets you either select the port you want your printer to use or create a new port:
Us in g WAF S P r in t in g S e r vi ce s
179
Figure 45: Select Printer Port
4. Select the option of creating a standard TCP/IP port. 5. Use the following dialog box to add a printer name or IP address and a port name.
Figure 46: Add Port
6. Use the standard Windows wizard to continue with the installation.
180
WAN-OUT Operation
This section presents the following topics: About WAN-OUT, on page 180 Detecting a WAN-OUT Event, on page 180 Working with Files while in WAN-OUT Mode, on page 181 WAN-OUT Known Limitations, on page 183
About WAN-OUT
Expand's WAFS solution comprises of two parts that communicate with one another: a FileBank (FB) installed at the Remote Branch Office (RBO), and a FileBank Director (FBD) installed at the Data Center. Expand's WAFS solution lets users at the RBO optimize their use of shared contents on a File Server installed at the Data Center. Expands WAFS solution includes support for WAN-OUT mode, thus providing necessary business continuity for cases of temporary WAN outage, or when the FileBank Director is temporarily unavailable. When a WAN-OUT event is identified, the system automatically switches to WAN-OUT Mode, allowing users at the RBO to open, with READ-ONLY permissions, cached share content stored on the FileBank. A WAN-OUT event can be triggered by any of the following scenarios: The RBO's WAN link is down. The FBD is inaccessible to the FileBank:. The FBD is totally inaccessible (disconnected from the network). The FBD is frequently inaccessible (some network disconnections). The FBD's WAFS services are down.
Note: If the File Server goes down prior to the communication being cut between the FB and FBD, a WAN-OUT event will not be triggered
Detecting a WAN-OUT Event

Generally, a WAN-OUT event is detected on the FileBank installed at the RBO. However, the FBD installed at the Data Center, has its own WAN-OUT detection mechanism in order to allow it to identify a WAN-OUT event independently.
WA N - O U T O p e r a ti on
181
FileBank WAN-OUT Detection Mechanism

The FB communication with the FBD comprises many connections between the two devices. Some of these connections are created as a result of end-users work with the File Server (such as opening a file), while other connections are created as a result of system internal communications between FB and FBD (for example: a periodical GNS Refresh operation). The FB WAN-OUT mechanism inspects all of the above connections for failure, and will detect a WAN-OUT event if any of these connections fail.
FBD WAN-OUT Detection Mechanism

The FBD Keep-Alive mechanism's purpose is to notify the FBD that it is maintaining a healthy communication with the respective FB. Keep-Alive UDP datagram messages are sent periodically from the FB to the FBD. These messages are unidirectional, and are not replied by the FBD. The Keep-Alive mechanism sends one UDP keep-alive message every 30 seconds. If the FBD has not received any keep-alive message within 180 seconds, it will assume that it is no longer communicating with the respective FB, and therefore, detect a WAN-OUT event. The FBD Keep-Alive mechanism uses UDP port 4049 datagrams sent from the FB to the FBD.
Working with Files while in WAN-OUT Mode

When a WAN-OUT event has occurred, the FB maintains its existing/open WAFS connections. This allows the FB to maintain end-user security permissions, which allows end-users to access cached share content stored on the FB with READONLY permission. The FBD, on its part, releases all file locks on the File Server (originating/initiated from the respective FB).
Cache
When working in WAN-OUT mode, end-users at the RBO can work only with cached share content stored on the FB. The entire cache content on the FB is treated as valid. This means that when consulting the FB's cache, all cache TTL timers are ignored.
182
File Access
When an user tries to open a file, READ ONLY (RO) access is granted (provided applicable security). Any other access flags - such as WRITE, DELETE, TRUNCATE, CREATE are denied. Users opening files receive a notification as if they have a read-only permission to the file. Copying a file to the Clients harddrive is possible, along with all security and permission data, provided that the user has the applicable security to do so. In WAN-OUT mode all operations that attempt to change a file, a file system structure, or data are immediately responded with Access Denied by the FileBank. For security reasons, the time frame granted to the users to access the cached share content stored on the remote accelerator is limited to the 10 minutes prior to the WAN-OUT mode initiation. This means that any files that were not opened by a specific user within 10 minutes prior to the WAN-OUT event initiation, are blocked and the user will not be able to open them during the WAN-OUT period. The file access is granted on a per-user basis, so if one user has the file open, but another user does not, after a WAN-OUT, only the user who opened the file will be able to access it.
File Security
The way end-users at the RBO work when the FB is in WAN-OUT mode, changes with respect to whether a Domain Controller is accessible to the FB. Two possibilities are available: For a remote site with a local Domain Controller (the Domain Controller is still reachable by the accelerator while the site is in WAN-OUT mode): Users will be able to continue to work on the files opened at the time the link is lost. Users that will need to save their work while the link is down would not be able to do it on Expand cache, but they will be requested to use an alternative local storage. Users will be able to open files or folders that were previously accessed during the time frame defined in the AcceleratorOS (10 minutes). Only those files will only be accessible and will be limited to READ-ONLY permission. For a remote site without a local Domain Controller (the Domain Controller is not reachable by the Accelerator while the site is in WAN-OUT mode): Users will be able to continue to work on the files opened at the time the WAN link is lost.
WA N - O U T O p e r a ti on
183
Users that will need to save their work while in WAN link is down would not be able to do it on the Accelerators cache, but will need to use an alternative local storage. No other files or folders can be opened from the shared cache on the Accelerator.
Replication files and Short-Term files

When working in WAN-OUT mode, Replication (OSF) files and Short-Term (STF) files are treated as regular files, meaning they can be opened with RO permissions only, following the necessary security checks on the file/user.
Partially Completed Transactions

A disconnection event may occur in the middle of a transaction. In this case, the FB responds to the user as if the request was received in WAN-OUT mode. Unless the FB receives an affirmative response from the FBD regarding the completion of the operation, it assumes the operation has not been successful and will switch to the WAN-OUT mode.
Partial Disconnection
In some cases, a single FileBank is connected to multiple FileBank Directors at different physical locations. A failure in one or several of these FileBank Directors is possible, resulting in a situation where only a part of the files accessed by the RBO are now under disconnection. As the FileBank has the notion of the origin of each file (namely: the specific FileBank Director that manages the file), the system selectively enters the WAN-OUT mode for files from FileBank Directors that are disconnected and operates normally with files from FileBank Directors that have valid connection.
WAN-OUT Known Limitations

Printing is not supported while in WAN-OUT mode.
184
DNS Masquerading
One primary objective of the Expand solution is to provide a truly dynamic global file system. To ensure that data is always accessible across the distributed organization, Expand must anticipate and overcome challenges introduced by common network issues and user usage patterns. Some key requirements of a global file system include: Common name space the solution must be fully coherent with the existing naming convention used across different branch offices. For example, a file server named efs should be accessible, using this name, to branch offices with or without Expand FileBank. Direct access on failure users in branch offices should be able to access the file server at the data center should the FileBank at their location become unavailable. Roaming user support supports mobile users travelling between different branch offices. The system should automatically redirect users to the nearest FileBank according to the user's current location. To meet these requirements, Expand supports DNS Masquerading. Using DNS Masquerading, Expand becomes part of the DNS scheme in the organization, and uses DNS to overcome challenges associated with the above requirements.
DNS Masquerading Benefits

Common Name SpaceTo ensure that users across the organization can seamlessly access directories at the Data Center, regardless if their individual office uses FileBank, Expand supports common name space conventions with and without the device. Direct Access on FailureOne of the most important features of any network device is that of fail over and high availability. To ensure that remote office users continue to access the file server at the datacenter, even in cases of planned or unplanned downtime of the FileBank, Expand uses DNS masquerading to redirect users directly to the file server over the WAN. Roaming Users SupportFurther complicating the already challenging management of distributed organizations are roaming users who travel between locations. Expand uses DNS masquerading to ensure that roaming users have access to centralized data even when they move from one office to another. Each time the user
D NS Ma sq ue rad i ng
185
reboots or wakes the computer from hibernation, the DHCP server pushes a new DNS server list. If the office uses FileBank, the FileBank will be listed as the primary DNS as described above.
DNS Masquerading Configuration

To configure DNS Masquerading:
1. In the Setup screen, go to the Networking tab. 2. Select the DNS option. 3. Set the IP domain lookup table status to Enable. 4. Fill-in the relevant details in the Servers table, Domain name table and Static host table ii NOTE: Configuring the NetBios domain name should be carried out via WAFS CLI.
Figure 47: DNS Configuration
5. In the Services screen go to the DNS Acceleration tab. 6. Set the DNS Masquerade status to Enabled. Fill-in the relevant IP Address (the FileBank IP Address) and Host Name (Fully qualified domain name)
186
Figure 48: DNS Acceleration
7. In the Services screen go to WAFS. Click on WAFS Configuration. 8. In the WAFS Management screen select System>Setup wizard. Ensure that the virtual server name includes no prefix, suffix or alias, and is identical to the file server name. At the end of the process, the WAFS details should be similar to the following:
D NS Ma sq ue rad i ng
187
9. Use the WAFS CLI to verify that spnego option is on. (using the _auth spnego on command). This setting is essential in order for DNS Masquerading to function correctly. Do not use the DNS Masquerading option from the Additional Services menu. Do not change any settings on the client. There is no need to change the primary DNS server. When the FileBank reboots, the client is immediately connected to the Fileserver. When the FileBank is up, the client continues to be connected to the original Fileserver. You are advised to reboot the client after the configuration
To use a local client for testing DNS masquerading:

1. Update the list of DNS servers configured on the client so that the FileBank is configured as the primary DNS server. Do not define any additional DNS servers. 2. Open the command prompt window. 3. At the command prompt, perform an nslookup. The nslookup should report the FileBank as the primary DNS server. 4. Issue an nslookup request for an existing virtual server (for example: dsefs.demo.com). The IP address of the FileBank should be returned. 5. Issue a request to any other name recognized by the central DNS server. (for example: www.cnn.com). The proper IP address should be returned. GeneralIf you use the domain controller as the file server, consider defining a DNS alias to be used for accessing the file server at the datacenter and the virtual file server at the branch office. For example, you have a domain controller called dc1 that is also used as the file server. Add an alias to the DNS server called efs1, which points to the same IP address as dc1. On the FileBank Director add the file server efs1 (use the command cifs export efs1). Ensure that no prefix or suffix is defined on the FileBank (see above). Testing DNS masquerading can only be tested when there is an active virtual server. DNS masquerading is automatically turned off when there are no active virtual servers to initiate switching to a secondary DNS server. Switching to and from FileBank Changing the TTL of the file server DNS recordThe time is takes for the client to switch between the primary DNS and the secondary DNS servers depends on the TTL of the file server DNS
188
record. You should set the TTL of the file server record to the minimum in order to shorten the fail-over time. The DNS client service does not revert to using the primary DNS serverThe Windows 2000 Domain Name System (DNS) Client service (DNSCache) follows an algorithm when it decides the order of the DNS servers configured in the TCP/IP properties. Refer to Microsoft Knowledge Base for more information http:// support.microsoft.com/default.aspx?scid=kb;EN-US;286834 CIFS session time outIn some cases, the client will fall back from the EFS to the FileBank only after its CIFS session with the EFS terminates. The time this takes is influenced by the session time out on the EFS, and can be configured by using the following command on the Windows file server: net config server /autodisconnect:<minutes>
Monitoring WAFS Functionality

This section describes the Utilities options, which are as follows: Running System Diagnostics, on page 189 Viewing Logs, on page 189
M o ni t or in g WAF S Fu n ct io n al it y
189
Running System Diagnostics

The System Diagnostics screen lets you run a diagnostic test on the FileBank Director device to ensure that the device is working properly. The results of the test are displayed in the Results area of this screen, and describe any problems with the FileBank Director device. To start the test, click Run Diagnostics.
Figure 49: System Diagnostics
Viewing Logs
The Logs screen lets you generate activity logs of the FileBank Director for monitoring, optimization, and troubleshooting purposes. Generating a log archive may take several minutes. When finished, the log file is saved in a default system location, and a link to the log archive appears in the Log Archives section of the screen (newest on top).
190
Figure 50: Logs screen
Troubleshooting
In this troubleshooting section it is assumed that: configured
Tro ub le sh o o ti ng
191
1. A complete end-to-end Expand WAFS installation has been set up and 2. Devices are connected to the network (L1, L2) correctly and the right network (L3) settings have been applied
Troubleshooting Tools
Internal Diagnostics: An automated internal utility that provides an immediate indication of the Expand device performance and issues. This is the first tool that should be used when troubleshooting is necessary. You should run this tool at both branch and data center ends. For details, see Running System Diagnostics, on page 189 (FileBank), and Running System Diagnostics, on page 189 (FileBank Director). Logs: The internal system logs that can be viewed, archived and uploaded. For details, see Viewing Logs, on page 189 (FileBank) and (FileBank Director). Statistics: An internal tool that provides FileBank service statistics (see DNS Masquerading, on page 184). Status: The status CLI command reports on the current system running status. General Network Utilities: Ping, traceroute, ttcp, ifconfig, route, and netstat.
Networking
No route/connection to the Expand devices Check that the device is operational and is connected correctly to the network (both Ethernet cable ends should be firmly in place). Verify that the green light at the cable socket of each side is on. Verify that network settings are correct, by examining the output of the ifconfig CLI command. Pay particular attention to IP address and netmask.
192
Use the route CLI command to verify that routing tables are correct. Try to ping a machine in the same subnet (typically the gateway, depending on your network topology). No route/connection to the Domain Controller (authentication server) Use the domain controller's IP address to check connectivity. If this fails, refer to the previous section and correct networking/routing problems. Verify the name set for the authentication server. Use the CLI authsrv command, or the relevant Web Interface page. Try to ping the domain controller by its name. Failure to do so indicates a name resolution issue. To resolve this issue, either add the domain controller to the static hosts list (using the hosts add CLI command), or verify correct DNS settings. Ensure that you have applied valid DNS servers. Use the CLI prompt command dns, or the relevant web interface page, to assign/delete/list DNS servers. Ensure that you have added the DNS suffix required to complete the FQDN of the authentication server. Use either the CLI prompt command dns search, or the relevant web page, to apply the required suffix. If the FileBank has not been configured with DNS servers, add the authentication server name under the static hosts. Use the hosts CLI prompt command, or the relevant web interface page, and repeat a connectivity check to the authentication server. No route/connection to Fileserver(s) Ensure that you have correctly defined the server(s) that needs to be exported by FileBank Director. Verify that the file servers NetBIOS names are the names you have defined to be exported by FileBank Director. Try to ping the file server's NetBIOS names. Failure to do so indicates a name resolution issue. Verify correct DNS settings, including DNS search path. Alternatively, use 'hosts' static entry to add them to the list, as described in the previous section. FileBank Director cannot access the file server on port 139 or 445 FileBank Director requires active ports 139 or 445 on the fileserver. If port 139 (SMB over NetBIOS) is disabled, enable the NetBIOS port as follows: browse the
193
file servers TCP/IP network properties, select the Enable NetBIOS over TCP/IP checkbox and apply changes. If NetBIOS is to remain disabled on the fileserver, please consult the Expand support team support@expand.com for additional configuration settings. No route/connection from FileBank to the FileBank Director Expand utilizes TCP connection to transfer the data between FileBank and FileBank Director. The UDP port is set to keep alive acknowledgements between the two. Connection ports between FileBank and FileBank Director are set by default to 80. Ensure that the connection ports between the FileBank Director and the FileBank match each other. Use the FileBank Director CLI listenport command, or the relevant web interface page, to verify/alter listen ports. Use FileBank CLI fport command, or the relevant web interface page, to verify/alter connection ports. Ensure that the designated ports (UDP and TCP) are opened on the firewall (if applicable), and that corresponding settings are applied. Check MTU (Maximum Transfer Units) consistency along the network path. This check is especially needed with DSL connections. Inconsistency may result in lack of communication. Test different values for MTU using ifconfig CLI command. Try to reduce the MTU gradually, and find the largest MTU value that works for you (ping to verify). If the problem persists, contact Expand support at support@expand.com for additional information.
Windows Domain Join

Failed to join FileBank to the domain FileBank must be joined to the domain just like any other domain resource. When joined correctly, it appears as a resource object in the active directory. Verify that the correct domain name is set, and a route to the authentication server (DC) is assigned. Use CLI commands authsrv and domain, or the relevant web interface page, to apply settings correctly.
194
The user that is entered upon joining the domain must have adequate permissions on the domain to join computer objects. Ensure that the hostname of the FileBank is a valid NetBIOS name, and does not exceed 15 characters. If necessary, redefine the hostname and rejoin the FileBank to the domain. If the problem persists, contact Expand support at: support@expand.com.
Service
System status: Not Running Verify the system was started, and try to start it again using restart CLI command. Run the status CLI command, and check reported errors in command output. Run the diagnostics CLI command, and check reported errors in command output. Ensure that the AcceleratorOS license is installed and valid. If the problem persists, contact Expand support at: support@expand.com System is running, no virtual servers appear on FileBank Run the diagnostics CLI command on the FileBank Director to verify connectivity to the file server/s, and that FileBank Director is able to read file server shares. If FileBank Director cannot read shares, verify the existence of shares by accessing the file server directly from a workstation (namely, not via Expand), and define a share listing user (when necessary) using the FileBank Director cifs user CLI command. Run the diagnostics CLI command on FileBank to verify connectivity to FileBank Director. Run the gns refresh CLI command on FileBank. Verify that the defined connection ports associated with the various FileBank Directors match the FileBank Directors listen ports (the listen port can be explored at the FileBank Director end, by issuing the listenport CLI command or the relevant Web Interface page). Verify that no firewall is blocking the FileBank Director/FileBank connection ports. Workstations cannot connect to FileBank virtual server(s)
195
1)Name Resolution Issues
Possible Error Messages

Network name no longer exists The network path was not found Start troubleshooting by verifying virtual server name resolution. Clients connecting to FileBank virtual server/s require NetBIOS name resolution. Ensure that the client can resolve the virtual server NetBIOS name by using at least one of the following options: Broadcast on the same LAN segment WINS entry Local workstations settings (LMHOST/HOST files) DNS entry (a reverse entry is also needed) ii NOTE: A DNS entry can be used when the FileBank exports only one virtual server, If the FileBank exports more than one virtual server, the Expand DNS masquerading feature can be utilized to support a DNS resolution (see also section must be in Active mode and set to version 2 for RIP Route Injection to operate. For more information, see section DNS Masquerading, on page 184. Permissions and domain trust issues
Access denied
Continue troubleshooting by verifying user permission to access the central server resource, and the existence of necessary domain trust when applicable. Try to connect directly to the central file server (meaning, not via Expand) by using the same domain user. Run the diagnostic command via CLI or the web interface, to validate that FileBank is joined to the domain. Verify that FileBank is joined to the correct domain. If the FileBank is joined to a different domain than the centralized file server, ensure that a trust exists from the central domain to the FileBank domain. Cache pre-population failure Examine the errors in the fetch log. Validate the correctness of the path given to the fetch job. From a workstation browse directly to the FileBank giving the same fetch job path.
196
i i
Note: Fetch paths are case-sensitive. Ensure that a valid domain user is assigned to all fetch jobs. From a workstation, log in as the same user defined in the fetch job, and browse directly to FileBank. Verify that this user has read credentials by trying to read a file whose fetch has failed, according to the logs. If DFS is in use, ensure that the fetch job path is not a DFS path (namely, //<virtual server name>/<DFS root>/<path>), but instead points to the linked virtual server (namely, //<virtual server name>/<share name>/<path>). To view the FileBank virtual server names, use the CLI status command or the relevant web interface page. Replication failure The replication service requires the definition of a replication user. The replication user must have read and write permissions on the paths where files are to be replicated. The same replication user should be used for both FileBank Director and FileBank. Ensure that you set a valid domain user as the replication user. From a workstation, log in as the replication user, and browse directly to the FileBank. Verify that this user has read and write credentials by copying files to a replication folder. Validate the defined replication paths. From a workstation, browse directly to the FileBank, using the defined replication UNC path(s). If DFS is in use, ensure that the replication paths are not DFS paths (i.e. //<virtual server name>/<DFS root>/<path>), but instead point to the linked virtual server (namely, //<virtual server name>/<share name>/<path>). To view the FileBank virtual server names, use the CLI status command or the relevant web interface page. Some of the DFS shares/folders are inaccessible Find the physical server name that contains the inaccessible shares/folders. Ensure that it appears in the exported file server list (using FileBank Director cifs show CLI command or via FileBank Director web interface).
197
Performance
If the Expand network environment has not been deployed/configured correctly, users may experience the following problems: Long delays while opening and saving cached files (WAN like) Mapped network drive disconnections Network Interfaces View the NIC settings (use the CLI command ifconfig). Verify that no errors have accumulated on the interface. Errors may indicate a duplex/speed mismatch. Check the Switch/Hub port settings to which the Expand device is connected. The port settings must match the NIC settings of the Expand device. In the case of a mismatch, use the CLI command ifconfig to force settings on the NIC, such as the auto-negotiation mode, speed and duplex settings. For optimum performance, ensure that the Link supports 100Mbps FD settings. Quality of Service (QoS) Branch offices that utilize QoS should prioritize the DSFS protocol between FileBank and FileBank Director. This will generally result in an immediate and marked improvement in user experience. The protocol uses by default port 4049, but for QoS you are advised to use a different, distinguishable port. You can change protocol port by using listenport/fport commands on the FileBank Director/ FileBank respectively. Ensure that you change all communicating devices at the same time. Route Investigate the route legs along the communication path from a workstation to the FileBank to the FileBank Director, terminating at the file server. Network location Ensure that there is no significant latency (latency greater than 1ms) between the FileBank Director and its associated file servers. Improved performance may be achieved if the file servers and the FileBank Directors reside on the same LAN segment. Ensure that there is no significant latency (latency greater than 1ms), or any link mismatch, between the FileBank and the workstations. Improved performance may be achieved if the workstations and the FileBank reside on the same LAN segment Bandwidth issues
198
Use the ttcp command (for more details, refer to the Expand CLI Reference Guide) to check the available bandwidth between the FileBank and the FileBank Director. Ensure that you compare both directions (the FileBank should be the Client at the first check, the Server at the second). This check can reveal bottlenecks and bad settings along the network path. Name resolution: Failover (WAN) issues Several name resolution techniques, such as DNS masquerading and DFS, can add seamless failover capabilities to the Expand solution. For more details see section DNS Masquerading, on page 184. With DNS masquerading in place, in the case of a failure, workstations are automatically switched to resolve the virtual server name as the centralized file server name. Failover lets the user continue to work without interruption, though there may be a deterioration in user experience. Ensure that workstations resolve the correct virtual server name. You are advised to execute the nslookup command from the workstations command prompt, giving the virtual server name as a parameter. Verify that the IP returned is the same as the IP of the FileBank. Ensure that FileBank is defined as the workstation's primary DNS (use ipconfig /all at the workstation command prompt).
To regain the correct name resolution of the virtual server, execute the following steps from all workstation involved in the failover:
1. From each workstation's command prompt execute the following commands (you may want to aggregate the scenario in a batch process during workstations boot): ipconfig /flushdns nbtstat R nbtstat RR 2. Validate that the IP of the FileBank is returned upon querying the virtual server name (use the nslookup command). 3. If the problem persists, contact Expand support at: support@expand.com.
199
Advanced Expand Services

DHCP Services
When FileBank acts as a branch level DHCP, FileBanks network settings must all be static (DNS, NTP, IP, routes, DNS search path and so on). DNS lookup failed after defining a DHCP service Define a valid FQDN extension for the DHCP server.
DNS Services
Workstations cannot browse the Internet or network mapping when using the FileBank as a DNS proxy Verify that DNS masquerading is running (for more details see DNS Masquerading, on page 184). Ensure that the FileBank is defined as the workstation's primary DNS (use ipconfig /all at the workstation command prompt). Use the CLI dns command (or the relevant web interface page) to verify that the primary corporate DNS server is properly set on the FileBank. DNS lookup failed for branch workstations Ensure that the FileBank is defined as the primary DNS for that client, and that a secondary DNS points to an corporate DNS. Use the CLI prompt dns command (or the relevant Web Interface page) to verify that DNS servers are set onto the FileBank. Ensure that a search path (DNS suffix) is configured for the workstations. Duplicate IP error appeared when connecting in file server Error message: System error 52 has occurred: A duplicate name exists on the network. Global Name-Space support (exported virtual servers equals file server alias name): DNS masquerading might generate this error. To resolve, see Microsoft Knowledge Base 281308 http://support.microsoft.com/default.aspx?scid=kb;enus;281308.
200
Chapter 6: Applying QoS

This chapter describes the procedures necessary for configuring the Accelerators QoS plug-in. The QoS plug-in lets you prioritize traffic traversing the Accelerator network. The chapter is divided into the following basic sections: Accelerator QoS, on page 202 Carrying Out Basic QoS Configuration, on page 214 Working with Applications, on page 215 Viewing QoS Rules, on page 229 Setting QoS Rules, on page 229 Making Decisions for Specific Applications, on page 235 External QoS, on page 237 QoS Troubleshooting, on page 238 i Note: QoS settings take effect when there is congestion. Any minimum bandwidth guaranteed to a traffic type is set aside for this type of traffic only if enough of this type of traffic traverses the line.
202
C h ap t er 6: Applying QoS
Accelerator QoS
QoS, or Quality of Service, is designed to help manage traffic across the network in order to combat the congestion, latency and greedy and rogue applications that all contribute to poor application and network performance. Organizations need to be able to allocate bandwidth to mission-critical applications, slow down non-critical applications, and stop bandwidth abuse in order to efficiently deliver networked applications to the branch office. This section contains the following topics: About QoS, on page 202 How to Know What is on Your Network, on page 203 How to Prioritize Applications, on page 203 Studying the QoS Solution, on page 203
About QoS
QoS (Quality of Service) is a general term for the control mechanisms that can assign different priorities to different users, applications, or data flows. These control mechanisms or priority levels guarantee a certain level (or quality) of performance of the data flow (service) and simultaneously addresses the requests from the application. Quality of Service guarantees are important if the network capacity is limited, especially for real-time multimedia streaming applications, such as VoIP and IPTV. Such applications often require a fixed bit rate, are delaysensitive, and cannot tolerate packets dropping or being delivered in the wrong order. You can use the QoS feature to prevent such factors and to accelerate packets passing through the Accelerator based on your policy and reservation criteria. QoS allows you to maximize the bandwidth you pay for more effectively. The key to managing the traffic and achieving bandwidth effectiveness, is closely tied to your knowledge of the type of traffic that is on your network and to the demands of your users.
Ac ce le rator QoS
203
How to Know What is on Your Network

The Accelerators traffic detection, or sniffing, feature lets you obtain a complete picture of your bandwidth use. Traffic is classified according to hundreds of predefined applications, and statistics are gathered as to how much of each traffic type is traversing (or clogging) your network. Often you may find that the applications that should be receiving the most bandwidth are in fact being slowed down by bandwidth-greedy applications that are secondary, or even unwanted and potentially harmful.
How to Prioritize Applications

Once you know which applications are on your network and how they affect your traffic flow, understanding the building blocks of QoS is essential in order to prioritize applications correctly. Traffic shaping is accomplished primarily by guaranteeing or limiting the amount of bandwidth an application can receive, and by prioritizing applications. Setting a Minimum Bandwidth desired allocates a certain amount of bandwidth for a specific application during periods of congestion. You should set desired bandwidth for mission-critical, time-sensitive applications such as VoIP, which needs 8 to 16 Kb allocated throughput to function. Setting Maximum Bandwidth limit puts a ceiling on the amount of bandwidth that an application can consume. This is useful for bandwidth-greedy applications such as FTP or P2P, to limit the amount of bandwidth they consume. Additionally, you can allocate bandwidth proportionately among applications by setting the priority to Low, Medium or High. You can give critical traffic a higher priority than all these by setting it to RealTime. To prevent the flow of undesired traffic on the network, set it to Blocked. Applications that you may want to prioritize include VoIP, Citrix and video conferencing.
Studying the QoS Solution

The powerful QoS solution was designed with simplicity of management in mind. Traffic is automatically categorized into application classes - the Accelerator arrives with hundreds of applications predefined in the system. This makes it easier to generate a picture of exactly what is traversing the network, in order to then decide
204
what should be traversing the network. Once a clear picture of the current network and the ideal network is attained, easy to understand shaping policies like realtime or block govern the flow of traffic. The Accelerators QoS mechanism is single-sided, in that it can also work across a Virtual Link, in which the Local Accelerator does not work opposite a Remote Accelerator. For a complete explanation as to how the QoS mechanism functions and is implemented, see Setting QoS Rules, on page 229. For additional QoS Benefits see the following: Automatic Traffic Discovery, on page 204 End-to-end application performance monitoring, on page 205 Transparency to existing QoS infrastructure, on page 205 Priority treatment for critical applications, on page 205 Guaranteed bandwidth for specific applications, on page 205 Restricting rogue and greedy applications, on page 205 Seamless integration with compression, on page 205
Automatic Traffic Discovery

Accelerators automatically discover and classify hundreds of enterprise applications based on Layer-3 (IP), Layer-4 (TCP, UDP, and so on) and even Layer-7 parameters including web URLs, MIME types (for example: streaming audio) or Citrix (published applications over ICA). The default list of applications that can be discovered include:
cups discovery h225 discovery h245 discovery im-aol-icq discovery im-jabber discovery im-msn-messenger discovery im-qq discovery im-skype discovery im-yahoo discovery lotus-notes discovery mapi discovery mms discovery msn-messenger-video discovery p2p-bittorent discovery p2p-directconnect discovery p2p-edonkey discoveryp2p-gnutella discovery p2p-kazaa discovery p2p-soulseek discovery p2p-winmx discoveryq931 discovery rtcp discovery rtcp-h323 discovery rtcp-sip discovery rtp discovery rtp-h323 discovery rtp-sip discovery rtsp discovery sip discovery skinny discovery
Ac ce le rator QoS
205
End-to-end application performance monitoring

Accelerators provide complete network visibility and enable speedy response to application performance changes on an enterprise-wide scale with end-to-end monitoring and dozens of reports.
Transparency to existing QoS infrastructure

Accelerators are transparent to router-based QoS implementations by honoring and preserving priorities set on traffic flowing through them. Advanced networking features such as router-based QoS rely on IP packet header information to be effective. The Accelerators preserve packet header information and compress only the payload that integrates seamlessly with advanced networking features such as router-based QoS, load-balancing, WAN monitoring and MPLS tagging.
Priority treatment for critical applications

Accelerators enable important and urgent application traffic to get priority treatment with advanced traffic shaping for both inbound and outbound traffic. Packet fragmentation assures that VoIP/video latency budgets are not violated by large data packets, while packet aggregation ensures higher WAN capacity and stabilizes jitter.
Guaranteed bandwidth for specific applications

Accelerators can reserve bandwidth for specific applications. This guarantees that you can allocate delay-sensitive traffic such as VoIP a minimum amount of bandwidth to ensure optimal voice quality even when WAN links are congested or oversubscribed.
Restricting rogue and greedy applications

Accelerators restrict greedy applications like file sharing and Internet audio streaming to a maximum bandwidth budget in order to guarantee that other important applications are not bandwidth-starved. Traffic bursts allow applications to take advantage of free capacity if available.
Seamless integration with compression

When compression is enabled, the QoS mechanism automatically adjusts to account for the extra available bandwidth created when traffic is compressed. In the Accelerator, rule limit and desired shaping are applied to traffic before it is compressed. However, link shaping (bandwidth for the link and the WAN) is applied
206
to traffic after the traffic has been compressed, because the important result is enduser experience, not the physical link usage. While basic traffic management is simple via the My Applications menu, you can program complex QoS with nested rules, decision trees and other advanced features.
How QoS Works
H o w Q o S Wo r k s
207
The Accelerators QoS mechanism receives packets from the LAN, and passes them to the Accelerators compression mechanism. The QoS mechanism automatically adjusts the throughput it transmits to account for the extra available bandwidth created when traffic is compressed. i Note: While the Accelerator enables the same QoS capabilities on inbound and outbound traffic, most QoS is accomplished on outgoing bandwidth only. Incoming traffic shaping is useful for non-links and virtual links, and instances in which limiting or blocking incoming traffic is desired, for example blocking P2P traffic or limiting incoming Internet traffic. Note: Using inbound traffic shaping when the remote Accelerator uses outbound traffic shaping is not recommended; in such a case, the inbound shaping may have only a partial effect on the traffic. This section contains the following topics: Prerequisites, on page 207 Understanding QoS Rules, on page 208 How Traffic Filtering is Applied, on page 209 Studying QoS Bandwidth Allocation, on page 209 How Traffic Shaping is Applied, on page 209
Prerequisites
Follow these steps before working with QoS:
1. Set an accurate Bandwidth for the WAN. This setting ensures that all traffic shaping applied is relative to the actual physical bandwidth on the WAN pipe. The default bandwidth set for the default WAN is 100 Mbps (fast Ethernet). 2. This bandwidth setting assumes the largest possible bandwidth so that the Accelerator does not limit its throughput over the WAN due to a WAN bandwidth setting lower than the actual bandwidth. However, to get an accurate QoS shaping you are advised to modify the bandwidth setting to its actual rate. For
208
more information on setting WAN bandwidth see Performing Setup via the Wizard, on page 22. 3. You must set the bandwidth of each link on the WAN. For more information on setting the Link Bandwidth, see Performing Setup via the Wizard, on page 22.
Understanding QoS Rules

The Accelerators QoS works on the basis of rules. Rules define how QoS controls applications (streams or sessions). Rules are built out of a filter, a shaper, and can contain a marker. While these rules are transparent to the typical user and are not mentioned in the My Applications screen, for each application defined in the My Applications screen, you can create a rule that you can view and modify via the Services - QoS Menu in the Rules Table. The number of rules you can create is unlimited. To fine-tune traffic management, it is useful to understand the hierarchy that determines the order in which the QoS mechanism implements traffic shaping rules.
Rule
Filter
Description
The Filter defines what kind of traffic qualifies as part of an application. Filters are generally Layer-4 definitions such as port number, protocol number, and traffic type. For example, the application FTP is defined by the traffic type TCP and the port number 20. You can modify and add traffic type and port number for applications that already exist by default in the Accelerator, as well as defining new applications. The traffic shaper defines how to handle the traffic filtered into this application: what priority the application receives, and how the application is treated by the Accelerator. Shaping the traffic enables setting a desired (or guaranteed) amount of bandwidth to be preserved for a specific application, setting a limit on how much bandwidth an application can consume (to avoid starvation of other applications), and setting the CoS (Class of Service priority) and ToS (Type of Service) values for the application. Shaping is crucial for ensuring application integrity - that critical traffic applications get the bandwidth they need, and that other important applications are not starved completely. An application in the Accelerator can include a marker per application. You can save the ToS marking on the rules, either the original ToS value or a newly defined ToS value. This also means that you can set each application type to be Not-Accelerated or NotTunnelled. This is particularly useful for applications like HTTPS or Encrypted Citrix, whose packets do not compress, and ensures that the Accelerator does not waste resources attempting to process these packets.
Shaper
Marking
209
How Traffic Filtering is Applied

The QoS mechanism contains dozens of preconfigured traffic applications (that can be modified and shaped as needed). All preconfigured traffic applications, as well as new traffic applications created (see Working with Applications, on page 215), are filtered according to application type. Incoming traffic is matched against the applications one at a time, starting with the application with the highest Priority Order number, until a match is found. Once a match is found, the application is handled, despite the fact that it may match other applications as well (this is called overlapping traffic). Applications cannot overlap at the Layer-4 level. This means that because Application FTP is set on TCP port 20, another application cannot be created on port 20 (or including port 20). However, applications can overlap at the Layer-3 level. for example: a TCP application could exist and be set to include traffic over-IP protocol 6. In this case, the Priority Order number given to an application (or rule) determines which application rule governs overlapping traffic. In the above example, if the FTP traffic is set to 200 (the default) and TCP is given an order number of 100, all FTP traffic is treated according to the definition of TCP. If the two applications are set with the same order priority, applications are matched according to the highest level of specificity first. For example, if two applications have a priority of 210, but one application is created for all traffic in ports ranging from 2020 to 2060 and the other application is created for traffic on port number 2062, the 2062 traffic will be handled first. Another example of higher specificity is when one application defines Layer-7 values and another application with the same priority order defines values only up to Layer-4 values; the Layer-7 application shaping will be applied to the traffic.
How Traffic Shaping is Applied

The QoS mechanism works in a hierarchical fashion. In a complex QoS setup, it is often important to understand which shaping carries the greatest weight and is related to first by the QoS mechanism.
Studying QoS Bandwidth Allocation

The QoS mechanism allocates bandwidth as follows:
210
WAN Bandwidth
First, the bandwidth set for the WAN is honored. All further application QoS decisions are based on the WAN bandwidth.
Link Bandwidth
You can set the bandwidth of the Link with a maximum value, limiting the amount of the total throughput of the WAN available to a particular link. All Application decisions based on a particular link are bound by this bandwidth. i Note: Peer oversubscribing is allowed. For example, if the WAN bandwidth is T1 (1.5 Mbps), you can set 10 links at 256 Kbps each, and the bandwidth will be distributed relatively to all links according to the QoS mechanism. Like the WAN bandwidth setting, the bandwidth set for a link can never be exceeded. The bandwidth set for the links is divided by the WAN according to the priority of the traffic coming across the links. This means that if the WAN bandwidth is 128 Kbps, and Link 1 is set to 128 Kbps and Link 2 is set to 128 Kbps, if one link has high priority traffic, the lower priority traffic on the other link could be starved. However, if the Link bandwidth is set to a portion of the WAN bandwidth, then the link does not exceed this portion, and bandwidth is left over for other links.
Diagnostic Mode Traffic

Traffic set with a priority setting of Diagnostic Mode overrides the QoS mechanism. Diagnostic Mode traffic has all the bandwidth of the WAN at its disposal and supersedes all other traffic and all other QoS settings. The Diagnostic Mode Traffic setting should be used only in emergency cases, where an application is not responding to the QoS mechanism; Diagnostic Mode traffic is forced to override the QoS mechanism.
Bandwidth Limits
Maximum bandwidth limits set for applications are honored and the traffic throughput is limited according to this setting.
211
Bursts
In addition to the hierarchy, if, after all bandwidth is allocated, there is spare bandwidth, and an application is set to allow bursts, this application uses all spare bandwidth even if it is set to ordinarily have a maximum bandwidth limit. For example, if on a 64 Kbps link FTP is limited to 16 Kbps, with burst allowed FTP will be able to use the entire 64 Kbps if no other traffic traverses the link, and when there is traffic, the limit of 16 Kbps is enforced on FTP. To allow bursts on applications, you have to ensure that the default setting on the WAN, which allows bursts, is kept. The WAN Burst parameter also lets you set a maximum burst bandwidth, meaning that if the WAN bandwidth is 1 MB, you can set the WAN burst to limit burst traffic to 900 Kbps in order to avoid maximum utilization situations because of burst traffic. By default the WAN bursts are allowed to use the entire WAN bandwidth. In certain environments, lowering the WAN burst by up to 10% may be useful in order to protect the line from congestion caused by bursts. i Note: QoS settings take effect when the WAN link is full. Any limitations and guarantees placed on traffic apply only if not enough bandwidth exists for all traffic to flow freely. Note: In the Accelerator, rule limit and desired shaping are applied to traffic before it is compressed, while link shaping (bandwidth for the link and the WAN) is applied to traffic after the traffic has been compressed.
Desired Bandwidth
Minimum bandwidth Desired set for applications is allocated to all applications on which a desired minimum bandwidth was set. This is true even for low priority applications. For example, in a 64 Kbps link, the applications will divide up the 64 Kbps plus the Acceleration percentage, like a cake, with the desired bandwidth applications reserving the first piece. As long as no congestion exists, all applications set to Desired receive their guaranteed bandwidth. When there is congestion, if high priority applications are guaranteed bandwidth, they will receive it before low priority applications that were guaranteed bandwidth. If there is not enough bandwidth for numerous high priority applications that were guaranteed a desired bandwidth, the desired bandwidth will be divided proportionately between those applications.
212
Desired bandwidth is useful especially to prevent starvation of lower priority applications. Setting a desired bandwidth for a low priority application ensures that the application receives some small amount of bandwidth even when the high priority applications are consuming the bulk of the bandwidth. While the Minimum bandwidth desired is allocated hierarchically according to the application priority (first to real-time, then to high, then to average, and so on), the desired bandwidth setting is handled before relative spare bandwidth distribution among prioritized applications. For this reason it is important to use the Minimum bandwidth desired setting carefully. For example: If VoIP is prioritized as high priority traffic on a 1 Mbps connection, and HTTP traffic receives low priority, but a minimum desired bandwidth setting of 800 Kbps, these 800 Kbps will be allocated to HTTP traffic and the remaining 200 Kbps is divided proportionally between the VoIP application and the HTTP traffic.
Priority
The relative QoS priority set to the application is considered and bandwidth is divided proportionally among the applications as follows:
Block
Blocked traffic is discarded.
Real-time
Traffic set to real time receives strict priority. This means that as long as real-time traffic is traversing the network it will receive the entire bandwidth. All lower priority traffic types wait until there is free bandwidth, thus starving all lower priority applications (unless a Minimum bandwidth (desired) was set for them). For this reason it is important to use the Real-time setting with great care. If a chatty/ bandwidth-greedy application constantly transmits traffic, it is possible that no other application will receive bandwidth (except those set with a Minimum bandwidth (desired)). High/Average/Low: High, average and low traffic priorities divide the bandwidth that is still available (after desired and real-time traffic) in a proportional method based on time. High priority traffic waits the shortest amount of time before waiting to be sent, average priority traffic waits longer than the high priority and low priority traffic waits longer than the average traffic to be sent. This does not mean that high priority traffic transmits completely before average traffic starts transmitting, rather high traffic transmits at a faster rate.
213
Setting the priority to high/average/low is appropriate for most traffic types, setting the relative importance between the applications without causing starvation. In advanced configuration, you can set the WAN to handle QoS according to strict-priority. This would set the priorities to act deterministically rather than proportionally: high priority traffic receives all the available bandwidth (after desired and real-time traffic), average priority traffic receives bandwidth only if no high priority traffic exists, and so on. If there is constant high-priority traffic, average and low priority traffic are starved completely. i Note: Traffic that waits too long to be transmitted is discarded as obsolete so as not to cause application problems by transferring stale packets.
The Difference Between Real-time and Desired?

Realtime gets the highest priority; it can cause starvation up to the bandwidth allocated using the desired setting. Guaranteed bandwidth is not touched by applications because of their real-time priority setting. Because desired is useful to protect lower priority applications from being starved, the default desired setting allocates a minimal amount of bandwidth (1 Kbps) by default.
214
C arrying O u t B a s i c Qo S Con f igu ra tio n

Basic QoS configuration is accomplished via the My Applications menu, which is populated by all traffic types detected on your network. This menu lets you create new, user-defined applications for traffic not categorized automatically as a predefined application, and to set basic traffic shaping parameters for predefined and user-defined applications - how should the network prioritize and handle each application. i Note: In a non-link environment, if a local subnet is not defined as LOCAL, the Accelerator QoS and Monitoring features do not function properly. CAUTION! By default, the following encrypted applications are not accelerated: pop3s, https, ircs, nntps, ftps, ftps-data, telnets, ssh, sshell, ldaps, smtps, imaps. The following topics contain more information: Viewing Defined Applications, on page 216 Editing an Application, on page 217 Layer-7 Applications, on page 222 Creating Web Applications, on page 222 Creating Citrix Applications, on page 224 Creating Remote Desktop Services, on page 226
Working with Applications
Work in g wi th A p pl ic atio n s
215
In order to create a QoS Rule, an application must be defined. Applications should be created for all traffic types that do not already exist in the list of predefined (classified) traffic applications, or as subsets of these applications to further filter the traffic type selected. To see a list of the pre-defined applications (XYZ). Applications are created with either inbound or outbound traffic as follows:
Figure 1: Inbound and Outbound Traffic
The following applications can be created: General Applications, see Creating New Applications, on page 219 HTTP or Web applications, see Creating Web Applications, on page 222 Citrix applications, see Creating Citrix Applications, on page 224 Remote Desktop services, see Creating Remote Desktop Services, on page 226 The applications table shows the applications that were created. From the Applications table you can: View the defined applications, see Viewing Defined Applications, on page 216 Edit a defined application, see Editing an Application, on page 217 Delete an application, see Deleting an Application, on page 217 Or Create one of the applications listed above.
216
Viewing Defined Applications

The My Applications Menu in the Accelerator WebUI lets you view traffic per application, filtered by a certain criteria. From this screen the following additional actions are possible: Edit a defined application, see Editing an Application, on page 217 Delete an application, see Deleting an Application, on page 217 Or Create one of the applications listed below.
To view traffic per application:

1. Click on Setup followed by My Applications. 2. In the View drop-down menu, select the traffic type you want to view. Choose from the following: Allfor all traffic Defined Applicationsfor the applications you have defined Monitored Applicationsthe applications you have selected to be monitored Discovered Trafficthe applications that have been discovered Defined L7 Applicationspre-defined L7 applications 3. In the For Link drop-down menu, select the link for which you are gathering information. To select all links, select Total. 4. In the header of the table there is a drop-down that is used to select the Direction for which you want to view applications. For inbound traffic, choose From WAN to LAN. For outbound traffic, choose From LAN to WAN. The table displayed on the My Applications Menu details the Outbound Traffic (by default, only classified traffic is displayed). Basic data about the settings for each traffic type is provided, including Application Name, Minimum bandwidth set (if assigned), Maximum bandwidth set (if assigned), Priority assigned, and acceleration status. The From-LAN statistics pull-down menu lets you customize the statistics type to be viewed for the applications, LAN to WAN (outbound traffic) or WAN to LAN (inbound traffic).
To add an application to the My Applications Table:

Follow the instructions for the application type: General Applications, see Creating New Applications, on page 219
217
HTTP or Web applications, see Creating Web Applications, on page 222 Citrix applications, see Creating Citrix Applications, on page 224 Remote Desktop services, see Creating Remote Desktop Services, on page 226
Deleting an Application
To remove an application from the Applications Table:
1. Click the application name and then click Delete. 2. There is no confirmation for this action. The application is immediately deleted as well as all of the statistics that were collected for the application. To edit an application click the application name in the table and then click Edit. See Editing an Application, on page 217 to edit an application. To create a new application, see the information according to the application you want to create: General ApplicationsCreating New Applications, on page 219 HTTP or Web applicationsCreating Web Applications, on page 222 Citrix applicationsCreating Citrix Applications, on page 224 Remote Desktop servicesCreating Remote Desktop Services, on page 226
Editing an Application
Selecting an application lets you modify the application definition (the type of traffic, also known as the traffic rule, or filter) and set up the way the traffic is treated (or prioritized, also known as shaping).
To edit an application:
1. In the My Applications menu, click the application name (alternatively, highlight the application line and click the Edit button). The Edit Application menu opens. 2. The Edit Application menu lets you modify all application parameters as listed in Creating New Applications, on page 219. 3. In addition, you can select one or more of the following check boxes:
218
Collect Statistics - Collects statistics on the specified application for up to one year. Discover - enabled with L7 Applications. Applications that are discovered can also be defined so that their QoS criteria is enabled. Checking this check box allows the L7 Discovery to report this application on the Discovered Applications List in the Monitored Applications report. A list of discovered applications is found in Discovering Layer-7 Applications, on page 60. 4. Click Submit.
Figure 2: New Applications Menu
Note: When creating an Application Name, spaces are not allowed. You may use an underscore to create a visual space. For example, my_application. The compressed packets are aggregated in the link per class. The classes are defined via the CLI and set the aggregation packet limit, and allows a pre-defined delay (window) before sending the packets. For aggregation class configuration details via the CLI, see Aggregation Class Commands, on page 617. To Delete an application, see Deleting an Application, on page 217. To create a new application, see the information according to the application you want to create: General ApplicationsCreating New Applications, on page 219
219
HTTP or Web applicationsCreating Web Applications, on page 222 Citrix applicationsCreating Citrix Applications, on page 224 Remote Desktop servicesCreating Remote Desktop Services, on page 226
Creating New Applications

To create an application:
1. In the My Applications menu, click the Create Application button. The Create Application menu opens.
Note: When creating an Application Name, spaces are not allowed. You may use an underscore to create a visual space. For example, my_application. 2. Update the following parameters to define the Application and how it is handled:
Parameter Item
Application name
Description
The default name for a new application is new_application. You have to modify the name of the application to a name indicating the type of traffic considered in this application. Maximum of 31 characters, no spaces. Special characters are allowed. Enabling statistics history saves statistics for this application for up to one year. Click the checkbox to enable, clear to disable. The Application Criteria box lets you set the type of traffic to be considered in an application. These fields define a rule for identifying traffic as part of this application To set the application to be defined on the basis of a TCP port or a span of TCP ports: Select TCP port from the drop-down menu. In the From field enter the first port to be considered, in the To field enter the last port to be considered. For example, to change HTTP application 80 to HTTP application 8080, enter 8080 into the From field. To define a single port, enter the port number into the From field and leave the To field empty. Click the Add button. The Criteria created appears in the Criteria Table.
Collect statistics
Application criteria
TCP Port
220
Parameter Item
UDP Port
Description
To set the application to be defined on the basis of a UDP port or a span of UDP ports: Select UDP Port from the drop-down menu. In the From field enter the first port to be considered, in the To field enter the last port to be considered. For example, to change the TFTP application from port 69 to port 4444, enter 69 into the From field and 4444 into the To field. To define a single port, enter the port number into the From field and leave the To field empty. Click the Add button. The Criteria created appears in the Criteria Table. To define an application based on a specific protocol: Select Over IP from the drop-down menu. In the From field enter the first protocol number to be considered, in the To field enter the last protocol number to be considered. To define a single protocol, enter the number into the From field and leave the To field empty. Click the Add button. The Criteria created appears in the Criteria Table. The criteria table lists all the criteria that must be met in order for traffic to be considered part of this application. To delete entries in the Criteria Table, highlight them and click the Delete button The Prioritize box lets you set the shaping or prioritization to be applied to the traffic type. The order parameter sets the importance of this rule. Traffic that enters the Accelerator is dealt with by the QoS mechanism based on Prioritization order number. Traffic that matches the Application criteria set in order number 100 is handled according to the setting for this application type, even if it may match the criteria of other Applications with other, less important priority order numbers. If the two applications are set with the same order priority, applications are matched according to the highest level of specificity first. For example, if two applications have a priority of 210, but one application is created for all traffic in ports ranging from 2020 to 2060 and the other application is created for traffic on port number 2062, the 2062 traffic is handled first. Another example of higher specificity is when one application defines Layer-7 values and another application with the same priority order defines values only up to Layer-4 values; the Layer-7 application shaping will be applied to the traffic. Most QoS settings do not necessitate setting the Order field. You can set the order from 100 to 65534. The Minimum bandwidth desired setting should be used carefully. This parameter allocates a certain amount of bandwidth to be saved for a specific application type during periods of congestion. You should set desired bandwidth only for mission-critical, time-sensitive applications, such as VoIP, which need 8 to 16 Kbps allocated throughput to function. The Maximum bandwidth limit setting puts a ceiling on the amount of bandwidth that an application can consume. This is useful for bandwidth-greedy applications such as FTP or P2P, to limit the amount of bandwidth they consume.
Over-IP
Criteria Table Prioritize

Order
Minimum bandwidth (desired)
Maximum bandwidth (limited)
221
Parameter Item
ToS
Description
You can either preserve the original ToS setting of the packets or set a new ToS value for this application. To preserve the original ToS value, click the Preserve radio button. By default, ToS preservation is enabled. To set a new ToS value for this traffic, click the Set radio button and select one of the following options: ToS value - lets you select a ToS value (0-254) for the Accelerator. Code point - uses the first 6 bits of the ToS field, thereby giving 26 (= 64, namely: 63) different values. CoS ToS - combines the values of the IP precedence field (otherwise known as CoS, which stands for Class of Service) and the ToS (type of service field). To allow applications to have a burst of additional bandwidth, click the Enable checkbox. This is disabled by default. To disable, clear the checkbox. You can either preserve the original ToS setting of the packets or set a new ToS value for this application. Set the Priority of the application to: Blocked: Traffic set to Blocked is dropped. Low, Average and High: Traffic set to Low, Average and High are assigned bandwidth on a proportional scale: Low receives the lowest proportion of the bandwidth. Average receives a medium proportion of the bandwidth. High receives the greatest proportion of the bandwidth. Real Time: Real-time traffic always receives bandwidth allocation according to strict priority. This means that as long as real-time traffic is traversing the network, all lower priority traffic types waits until there is free bandwidth, thus starving all lower priority applications with the exception of applications that received a Minimum bandwidth (desired) setting. Diagnostic Mode: You should set traffic to Diagnostic Mode only if the Application is not responding at all to QoS settings. This is because Diagnostic Mode traffic overrides all other QoS settings and starves all other applications (including real-time and Desired bandwidth allocated). If a class is not transmitting at all and seems not to be working, set the class to Pass-thru/Diagnostic mode, thereby disabling the QoS from the traffic type. Clicking this button will disable the Priority section.
Burst Priority
Diagnostic Mode
CAUTION! Ensure that you click the Submit button to save configuration changes before exiting the Create Application menu.
222
Note: If you are running a version of AcceleratorOS previous to 5.0(6), note that two new preconfigured applications were added in this version that may affect user-defined applications on the same ports. If applications have been configured for port of 1928 (saved for the expand-internal application) or 2598 (citrix-ica-sr), rename these applications exactly as in the preconfigured application before performing an upgrade. If an application exists for a list of ports or range of ports that include the specified port numbers (1928 and 2598), remove these ports from the list or range, and create applications expand-internal with port 1928, and citrix-ica-sr with port 2598. Then change the policy rules to match this application as well. CAUTION! Ensure that you click the Submit button to save configuration changes before exiting the Edit Application menu. To edit an application see Editing an Application, on page 217 to delete an application, see Deleting an Application, on page 217.
Layer-7 Applications
The Accelerator lets you filter HTTP web applications, Citrix applications, and Remote Desktop Services at the application layer (Layer-7). This higher level of specification enables specific applications to receive tailored traffic prioritization within the Accelerator. Creating a Layer-7 or L7 application is the same procedure as described in Creating Web Applications, on page 222. Note that traffic is no longer limited to only port 80. Other ports are now used. For information on discovering Layer-7 applications, see Discovering Layer-7 Applications, on page 60. For more information on creating/defining specific Layer7 applications, see one of the following topics: Creating Web Applications, on page 222 Creating Citrix Applications, on page 224 Creating Remote Desktop Services, on page 226
Creating Web Applications

You can create and prioritize HTTP web applications per Layer-7 application. New web applications are created much in the same way as new Layer-4 applications, with the addition of Layer-7 (application specific) information.
223
Figure 3: Create Web Application menu
To create a web application:

1. In the My Applications menu, click the Create Web Application button. The Create
Web Application menu opens.
Note: When creating an Application Name, spaces are not allowed. You may use an underscore to create a visual space. For example, my_application. 2. The Web application parameters (see Working with Applications, on page 215) are identical to the parameters set for all applications, with the following additions.
Parameter Item
Application Criteria
Description
You cannot modify the Application Criteria box from within the Create Web Application box. The Layer-4 information for this web-based application is taken from the web definition. To modify the Layer-4 criteria, return to the My Applications menu and click on HTTP to edit the web application. This is also disabled for L7 Applications.
224
Parameter Item
Layer-7 Information
Description
Host Name: the host name of the web application. The Host Name is the internet address up until the first /, for example, for the address http:// 172.10.10.10/loginindex.asp, the Host Name is 172.10.10.10. For the Internet site http://www.expand.com/extranet/support the Host Name is www.expand.com URL Name: the URL name is the internet address after the first /. In the example above, extranet can be used as the URL name. MIME Type: enter the content type. User Agent: enter the name of the HTTP client (Netscape, Mozilla, and so on) All Layer-7 information criteria use pattern matching, meaning that, for example, if the Host Name is www.expand.com, using expand as the host name is sufficient (up to 128 character string for all HTTP Layer-7 parameters). Prioritizing the traffic based on rules is accomplished by setting the same parameters available when creating an application. For more information on available settings, see Working with Applications, on page 215.
Prioritize
CAUTION! Ensure that you click the Submit button to save configuration changes before exiting the Create Web Application menu.
Creating Citrix Applications

You can create and prioritize Citrix applications per Layer-7 application. New Citrix applications are created much in the same way as new Layer-4 applications, with the addition of Citrix Layer-7 specific information.
To create a Citrix application:

1. In the My Applications menu, click the Create Citrix Application button. The Create Citrix Application menu opens. Note: When creating an Application Name, spaces are not allowed. You may use an underscore to create a visual space. For example, my_application. 2. The Citrix application parameters are identical to the parameters set for all applications (see Creating Web Applications, on page 222), with the following additions.
225
Parameter Item
Application Criteria
Description
You cannot modify the Application Criteria box from within the Create Citrix Application box. The Layer-4 information for this Citrix-based application is taken from the Citrix definition. To modify the Layer-4 criteria, return to the My Applications menu and click on Citrix to edit the Citrix application. The Layer-7 information box lets you set the application-specific details necessary for filtering this web application. Enter any or all data to be treated as criteria for matching this web application type. This means that all traffic considered as part of this Citrix application has to meet all the criteria listed in this box, as follows Published application: List the Citrix application type, such as Word, Calc and Notepad. Client: List the user name of the device you want to set as part of this traffic type. For example, to set the priority of the CEOs Citrix Client to Real-time for Excel, enter the name of the CEOs PC into the Client field Layer-7 information for Citrix is not pattern matching, meaning that the published application listed must be the full name of the application traffic that is intended (these parameters can use strings up to 20 characters) Service: choose either Browsing, or Published Application. Priority: choose a priority from 0-3. Prioritizing the traffic based on rules is accomplished by setting the same parameters available when creating an application. For more information on available settings, see Working with Applications, on page 215.
Layer-7 Information
Prioritize
For more information on working with Citrix, see Calculating Acceleration using other Applications, on page 406.
226
Citrix Benefits
The Citrix Acceleration Plug-in feature has the following benefits: It utilizes network resources more efficiently in LAN-based Accelerator deployments and delivers improved acceleration results for Citrixhosted applications. Citrix MetaFrame users repeatedly access the same content from the network. The Accelerators Citrix Acceleration Plug-in feature enhances support for Citrix MetaFrame applications because, through the use of statistical multiplexing, the Citrix Acceleration plug-in allows more Metaframe data to traverse the WAN. The Accelerator achieves this increase in throughput by: Consolidating Citrix header data in pure IP implementations - IP header represents significant overhead in small packets generated by Citrix. It constitutes almost 30% of the Citrix packet. The Citrix Acceleration plug-in removes repeat header information and sends this data only once across the network. Consolidating Citrix payload in all environments - the Citrix Acceleration plug-in extracts data from small packets originating from different Citrix MetaFrame users, and sends packets optimized for specific WAN conditions. The Citrix Acceleration plug-in eliminates all redundant data transmissions across the WAN. Controlling latency and jitter - the Citrix Acceleration plug-in reduces latency and jitter, especially over slow WAN links that are commonly used for Citrix Metaframe deployments. The end-result is better, more consistent Citrix performance; and support of up to four times more Citrix users on the existing infrastructure. Aggregation is performed at the link-level and improves acceleration for traffic with small to medium packets (like Citrix/ICA traffic or Telnet traffic), and aggregates compressed packets. The Aggregation class sets the class to which this application is related. Aggregation reduces the size of the traffic by aggregating compressed packets, before sending them over the WAN.
Creating Remote Desktop Services

You can create and prioritize remote desktop services per Layer-7 application. New remote desktop services are created much in the same way as new Layer-4 applications, with the addition of RDP Layer-7 specific information.
227
To create a Remote Desktop Service:

1. In the My Applications menu, click the Create Remote Desktop Service button. The Remote Desktop Application menu opens. Note: When creating an Application Name, spaces are not allowed. You may use an underscore to create a visual space. For example, my_application. 2. Use the table to set the parameters, click Submit to save the application
Parameter Item
Application Name
Description
The default name for a new application is new_application. You have to modify the name of the application to a name indicating the type of traffic considered in this application. Maximum of 31 characters, no spaces. Special characters are allowed. If you want this application to be included when a discovery of applications is run, select this checkbox (selected by default). If not, clear the checkbox. This section is disabled
Discover Application Criteria
Layer-7 Information Window

Client Name Channel Name Type a name for the client Type a name for the channel
Prioritize Window
Order Minimum Desired Bandwidth Maximum Bandwidth Limit TOS Either select the default value (200) or select the open radio button, and in the field, type your own (100-65534) Choose a value from the drop-down box, or other and enter your own value, remembering to select the bit speed from the second drop-down box. This amount should be less than the Maximum Bandwidth. Choose a value from the drop-down box, or other and enter your own value, remembering to select the bit speed from the second drop-down box. This amount should be greater than the Minimum Bandwidth amount. You can either preserve the original ToS setting of the packets or set a new ToS value for this application. To preserve the original ToS value, click the Preserve radio button. By default, ToS preservation is enabled. To set a new ToS value for this traffic, click the Set radio button and select one of the following options: ToS value - lets you select a ToS value (0-254) for the Accelerator. Code point - uses the first 6 bits of the ToS field, thereby giving 26 (= 64, namely: 63) different values. CoS ToS - combines the values of the IP precedence field (otherwise known as CoS, which stands for Class of Service) and the ToS (type of service field).
228
Parameter Item
Burst Priority
Description
To allow applications to have a burst of additional bandwidth, click the Enable checkbox. This is enabled by default. To disable, clear the checkbox. You can either preserve the original ToS setting of the packets or set a new ToS value for this application. Set the Priority of the application to: Blocked: Traffic set to Blocked is dropped. Low, Average and High: Traffic set to Low, Average and High are assigned bandwidth on a proportional scale: Low receives the lowest proportion of the bandwidth. Average receives a medium proportion of the bandwidth. High receives the greatest proportion of the bandwidth. Real Time: Real-time traffic always receives bandwidth allocation according to strict priority. This means that as long as real-time traffic is traversing the network, all lower priority traffic types waits until there is free bandwidth, thus starving all lower priority applications with the exception of applications that received a Minimum bandwidth (desired) setting. Diagnostic Mode: You should set traffic to Diagnostic Mode only if the Application is not responding at all to QoS settings. This is because Diagnostic Mode traffic overrides all other QoS settings and starves all other applications (including real-time and Desired bandwidth allocated). If a class is not transmitting at all and seems not to be working, set the class to Pass-thru/Diagnostic mode, thereby disabling the QoS from the traffic type.
Setting QoS Rules
Setting QoS Rules
229
Advanced configuration of the Accelerators QoS mechanism is intended for expert users, and networks that are particularly complex. Understanding how QoS works is necessary in order to properly apply advanced QoS settings. The following sections provide an in-depth knowledge regarding the way QoS operates: Setting Inbound QoS, on page 229 Viewing QoS Rules, on page 229 Creating QoS Rules, on page 230 Editing QoS Rules, on page 234 Making Decisions for Specific Applications, on page 235
Setting Inbound QoS

For Inbound QoS, you can set a bandwidth limitation for the WAN or per link. If a link was created with a bandwidth limitation set for inbound traffic, a rule is automatically created on the sending side, limiting outbound traffic to the link. You can set inbound policy rules globally or per link.
Viewing QoS Rules

The Rules table displays the rules on a per application basis. To make a new Rule see, Creating QoS Rules, on page 230. To edit a rule see, Editing QoS Rules, on page 234.
To view a rule for a specific application:

1. Click on the QoS tab, and then select QoS Rules. 2. Open the View Rules for Application drop-down menu and scroll down until you have found the application you want to select. To view all rules for all applications, select Any. 3. The rules associated with the application appear in the Rules Table. 4. To delete a rule, select the rule in the table and click Delete.
230
Creating QoS Rules

Advanced QoS configuration is accomplished by creating and editing rules as they appear in the QoS menu.
To create a rule:
1. Click on the QoS tab, and then select QoS Rules. 2. Click the Create New Rule button. The Create Rule menu opens.
Figure 4: Create QoS Rule Menu
3. Use the Define and Prioritize sections to enter the necessary information per your networking requirements
Parameters Define Section
Application Select the Application onto which to apply this rule from the drop-down menu. You can define additional applications via the My Applications menu only. For information, see Working with Applications, on page 215.
Description
Setting QoS Rules
231
Parameters
Source IP
Description
If you want to filter the application by its source IP address: Choose from Other, Any, Single IP, Subnet, Range, or List. OtherDisplayed if advanced configuration was made via the CLI, which is more complex than the WebUI display. AnySet the Source IP to Any if the application should consider traffic coming from any device (this is the default). Single IPSelect this option if only traffic coming from a single device should receive the treatment defined in this rule. Enter the IP address Subnet MaskSelect Subnet if only traffic from a particular subnet should receive the treatment defined in this rule. Enter the subnet address and the subnet mask. RangeSelect Range if a particular range of source IP addresses should receive the treatment defined in this rule. Enter the first and last IP address to be considered. ListSelect List and enter up to four IP addresses to receive the treatment defined in this rule. If you want to filter the application by its destination IP address: Choose from Other, Any, Single IP, Subnet, Range, or List. OtherDisplayed if advanced configuration was made via the CLI, which is more complex than the WebUI display AnySet the Source IP to Any if the application should consider traffic coming from any device (this is the default). Single IPSelect single IP if only traffic headed to a single device should receive the treatment defined in this rule. Enter the IP address. SubnetSelect Subnet if only traffic toward a particular subnet should receive the treatment defined in this rule. Enter the subnet address and the subnet mask. RangeSelect range if a particular range of destination IP addresses should receive the treatment defined in this rule. Enter the first and last IP address to be considered. ListSelect List and enter up to four destination IP addresses to receive the treatment defined in this rule. To filter traffic based on its ToS setting, in the drop-down menu select from Other, Any, and Value. OtherDisplayed if advanced configuration was made via the CLI, which is more complex than the WebUI display AnyTo set the rule to apply to the applications traffic, if it has any ToS value set (this is the default). ValueTo set a ToS value, thereby limiting traffic on which this rule is applied to the applications traffic that has a particular ToS value (0 - 255). Traffic rules and shaping are applied per link. Select Global to apply to all links, a specific link to determine how traffic is categorized and prioritized over a specific link, or select Non-link. If a link is selected as a filter for this rule, you can select the direction of the traffic: Inboundtowards the LAN Outboundtowards the WAN
Destination IP
ToS Bits
Links
Direction
232
Parameters
Scope
Description
This allows you to create a rule on all links, specific links or if you have Mobile Accelerators, rules on a Collective Branch. Select one of the following radio buttons: Globalfor all links Linkfor a specific link. Select the link, using the drop-down menu. Make sure the link you want to set the rule for has already been defined. See Adding Links, on page 82 to add a new link. Collective Branchfor a specific Collective Branch. Choose the Collective Branch from the drop-down menu. Make sure the Collective Branch has already been defined. See Creating a Collective Branch, on page 327, to create a new Collective Branch.
Prioritize Section
Order The order parameter sets the importance of this rule. Traffic that enters the Accelerator is dealt with by the QoS mechanism based on Prioritization order number. If the two applications are set with the same order, applications are matched according to the highest level of specificity first. For example, if two applications have a priority of 210, but one application is created for all traffic in ports ranging from 2020 to 2060 and the other application is created for traffic on port number 2062, the 2062 traffic is handled first, as a specific port is more specific than a port range. Another example of higher specificity is when one application defines Layer-7 values and another application with the same priority order defines values only up to Layer-4 values; the Layer-7 application shaping will be applied to the traffic, as layer 7 is higher on the OSI model than layer 4. Note that, most QoS settings do not require setting the Order parameter. Acceptable values are from 100 to 65534. 200 is the default value. Minimum bandwidth (desired) The Minimum bandwidth desired setting should be used carefully. This parameter allocates a certain amount of bandwidth to be saved for a specific application type during periods of congestion. You should set desired bandwidth only for missioncritical, time-sensitive applications, such as VoIP, which need 8 to 16 Kbps allocated throughput to function. The Maximum bandwidth limit setting puts a ceiling on the amount of bandwidth that an application can consume. This is useful for bandwidth-greedy applications such as FTP or P2P, to limit the amount of bandwidth they consume.
Maximum bandwidth (limited)
Setting QoS Rules
233
Parameters
ToS
Description
You can either preserve the original ToS setting of the packets or set a new ToS value for this application. To preserve the original ToS value, click the Preserve radio button. By default, ToS preservation is enabled. To set a new ToS value for this traffic, click the Set radio button and select one of the following options: ToS value - lets you select a ToS value (0-254) and a ToS Mask (0-254). When entering a number in the ToS Mask field, this value is ANDed to the value entered in the TOS field in the packets header and compared against the TOS entered for this rule. You can use the TOS Mask for comparing specific bits (Precedence/Type of Service) from the TOS field in the packets IP header against the TOS value entered for this rule. Code point - uses the first 6 bits of the ToS field, thereby giving 26 (= 64, namely: 63) different values. CoS ToS - combines the values of the IP precedence field (otherwise known as CoS, which stands for Class of Service) and the ToS (type of service field). To temporarily allow this application to have bursts of bandwidth, click the checkbox to enable or clear the checkbox to disable. By default, this feature is enabled. You can either preserve the original ToS setting of the packets or set a new ToS value for this application. Set the Priority of the application to any of the following options: Blocked: Traffic set to Blocked is dropped. Low, Medium, and High: Traffic set to Low, Average and High are assigned bandwidth on a proportional scale: Low receives the lowest proportion of the bandwidth. Medium receives a medium proportion of the bandwidth. High receives the greatest proportion of the bandwidth. Real Time: Real-time traffic always receives bandwidth allocation according to strict priority. This means that as long as real-time traffic is traversing the network, all lower priority traffic types waits until there is free bandwidth, thus starving all lower priority applications with the exception of applications that received a Minimum bandwidth (desired) setting. Diagnostic Mode: You should set traffic to Diagnostic Mode only if the Application is not responding at all to QoS settings. This is because Diagnostic Mode traffic overrides all other QoS settings and starves all other applications (including real-time and Desired bandwidth allocated). If a class is not transmitting at all and seems not to be working, set the class to Pass-thru/Diagnostic mode, thereby disabling the QoS from the traffic type.
Burst Priority
234
Editing QoS Rules

Any changes made to Applications via the My Applications menu appear as rules in the QoS menu. You can use the QoS menu to edit these changes, and any other rules created.
To edit a rule:
1. Highlight the Rule to be edited in the Rules Table and click . 2. Make the necessary changes. For any necessary explanation, see section Creating QoS Rules, on page 230.
Making Decisions for Specific Applications
M aki ng De cis io n s fo r Spe ci fi c A p pl ic at io n s
235
The Decision screen lets you set various aggregation and acceleration parameters for a specific application, such as how many small packets to accumulate for one big packet (aggregation class), and whether the application is accelerated and tunneled. To create a new decision for a specific application, see Creating a New Application Decision, on page 236. To delete a decision, click the decision in the table to select it and click Delete. To edit a decision, click the decision in the table to select it and click Edit. The Field names and values are identical to those specified in Creating a New Application Decision, on page 236. Remember to click Submit to implement the changes.
Figure 5: Decision Screen
236
Creating a New Application Decision

To create a new decision for a specific application:
1. Click QoS, followed by Decisions. 2. Select an application from the Application Name drop-down menu. 3. Select the Acceleration mode (Enable to enable, Disable to disable, or Auto to allow the Accelerator to decide). 4. Select the Tunnel mode from the drop-down menu (Enable to enable, Disable to disable, or Auto to allow the Accelerator to decide). 5. Select the TCP-Acceleration mode (Enable to enable, Disable to disable, or Auto to allow the Accelerator to decide). 6. Select the Aggregation Class. Your choices are as follows: Default - enables acceleration on small-packet, encrypted applications such as pop3s, https and ftps. Thin Client - enables Citrix acceleration on Citrix, telnet and msterminal-server applications. User-Defined 1 - enables acceleration on a specific, user-defined link. User-Defined 2 - enables acceleration on a specific, user-defined link. 7. Select from the following ToS parameters: Auto ToS Valuescheck this checkbox if you want the Accelerator to decide ToS Valueplace a ToS value (0-254) in this field if you didnt check the auto checkbox ToS Maskplace a ToS mask (0-254) in this field if you didnt check the auto checkbox. 8. Click Add to add a decision for the application to the Decisions Table. If a decision already exists for this application, a message appears, requesting your confirmation to modify the existing settings. Click OK to confirm. 9. To delete a specific application from the list, highlight the application name in the table and click the Delete button.
External QoS
To set the Accelerator to enable external QoS:
1. 2. In the WebUI, in the Setup menu, click My Links.
External QoS
237
Select the link to be affected by a QoS device and set it to work in Router Transparency mode. For more information on Router Transparency mode and Link configuration, see Adding Links, on page 82.
Figure 6: Links Screen
3. If all links from the Accelerator are to be affected by the QoS device, you may find it useful to modify the default Link parameters, in order to make all newly created links use Router Transparency Mode as the default setting. To use Router Transparency Mode as the default setting: a. Select the My links command from the Setup menu. b. Click the Advanced button. c. Set the default link parameters as needed. d. Click the Save to template link button.
238
QoS Tro u b l e s h o o t i n g
If the QoS mechanism does not seem to be functioning properly, it could be a result of the Maximum Queue Length. If there is much latency on the line, the packet drops may be the result of the queue buffer size, which is normally set per link rate, or because the packets are waiting too long and are therefore being considered obsolete packets. By default the packets are considered obsolete after 500 ms. If limits do not seem to be enforced on traffic, check to see if it is because of the Burst status. When Burst is enabled during periods of no congestion, limits will appear not to be enforced properly. If a class is not transmitting properly and problems are encountered after QoS has been applied, try setting the class to Diagnostic mode, thereby disabling QoS for this traffic type. For additional troubleshooting, see Troubleshooting, on page 347 or Contacting TAC, on page 423.
Chapter 7: Optimizing Acceleration Services

Expands Accelerator lets you reduce the impact of the TCP protocol shortcomings by applying TCP Acceleration, a standards-based plugin that modifies TCP settings to optimize throughput in certain environments. In addition, the Accelerator provides Domain Name Server caching capabilities to shorten the round-trip-time and save bandwidth over the WAN. This chapter contains information about the following topics: Studying TCP Acceleration, on page 240 Configuring TCP Acceleration, on page 248 Understanding Web Acceleration, on page 254 Configuring HTTP Acceleration, on page 255 FTP Acceleration, on page 264 Configuring DNS Acceleration, on page 268 Enabling Aggregation, on page 271 Enabling Traffic Encryption, on page 273 Remote Desktop Protocol Services, on page 278 For information regarding WAFS service, see Configuring and Managing WAFS, on page 113.
240
C h ap t er 7: Optimizing Acceleration Services
Studying TCP Acceleration

TCP, which was designed to ensure reliable IP transmission, performs well on LANs but does not deal well with the high latency and high-packet-loss found on many WANs. These limitations are expressed in the long times required for file transfers over the WAN, degraded web performance and unresponsive applications. SCPS, the Space Communication Protocol Standards developed by NASA and the US is a collection of standards-based TCP enhancements designed to reduce the impact of TCP limitations in Long-Haul WANs. SCPS is implemented by using the TCP Acceleration feature, designed to optimize and better utilize WANs that suffer from distance-induced TCP limitations. Use the following table to determine whether your network suffers from high-latency and would benefit from enabling TCP Acceleration:
Window Size 8 KB
5 0 1 0 0 1 5 0 2 0 0 5 0 0 1 0 0 0 160 Kbps 80 Kbps
16 KB
320 Kbps 160 Kbps
32 KB
640 Kbps 320 Kbps 212 Kbps 160 Kbps 64 Kbps
64 KB
1280 Kbps 640 Kbps 424 Kbps 320 Kbps 128 Kbps 64 Kbps
53 Kbps
106 Kbps
40 Kbps
80 Kbps
Round Trip Time
16 Kbps
32 Kbps
8 Kbps
16 Kbps
32 Kbps
Topics in this section include: Understanding the Shortcomings of TCP, on page 241 The TCP Acceleration Solution, on page 243
St u d yin g T C P A cc el er a ti on
241
Understanding the Shortcomings of TCP

To understand how TCP Acceleration works, it is important to understand the shortcomings of TCP: Frequent packet retransmissions: In TCP transmissions, the sender receives an ACK (Acknowledgement packet) for each successful packet transmission. If the ACK is not received, the sender resends the packet. Often, on long distance lines, the packet is retransmitted before the ACK has time to arrive. Transmission Window: To ensure that the receiver gets all data items sent from the sender, TCP sends only part of the data to the receiver in small amounts called a window. The size of the window is specified by the receiver during the setup of a TCP session, and is measured in bytes. The sender transmits a window, and then waits to hear an acknowledgement back from the receiver if the window was received properly. After an acknowledgment is sent from the receiver, the sender transmits more data until all necessary data is sent. The following figure explains the handshake process involved in establishing a TCP connection:
Figure 1: TCP Connection
Once the connection is established, TCP data packets are sent in accordance with the TCP window set - each time the window threshold is met, the receiver responds with an acknowledge packet, as described in the following figure:
242
Figure 2:Acknowledge Packet Transmission
The time wasted waiting for ACK packets to be sent in a TCP connection dramatically increases latency. Slow StartBecause TCP transmissions have no way to know the size of the bandwidth over which they are being transmitted, each transmission begins slowly, gradually increasing speed until a packet is dropped - at which point TCP assumes that it has reached the maximum bandwidth. On high-bandwidth long-distance lines, this slow start wastes much expensive bandwidth. The more latency present, the slower the session will start. Congestion AvoidanceTCP assumes that any packet lost is due to congestion. Any time a packet is dropped, TCP reduces transmission rate by half, slowly increasing it until the maximum rate at which no drops are experienced. On long-distance lines over which packet drops are often the result of factors other than congestion, transmission is being slowed down unnecessarily.
243
While these TCP functions are useful in controlling and managing congestion over the LAN, they cause expensive long-distance links to appear slow.
The TCP Acceleration Solution

TCP Acceleration uses the SCPS protocol package to reduce the impact of these well-known TCP limitations according to the standard developed by NASA (http:// www.scps.org):
Scaling the Transmission Windows

Increases the maximum transmission window to enable ACKs to arrive across long distance links, thereby reducing the amount of unnecessary packet retransmissions. Once TCP Acceleration is enabled, the TCP packet transfer process causes less latency, as seen in the following figure:
Figure 3:TCP Acceleration Packet Transfer
A larger window enables sending more packets before an acknowledge packet is sent, minimizing the number of acknowledge packets sent and lowering latency.
244
Congestion Avoidance
SCPS enhances flexibility of Congestion avoidance mechanisms. TCP automatically uses congestion avoidance, which is not necessary in networks where drops are not the result of congestion. You can configure SCPS in such a way that congestion avoidance is not used when it is unnecessary. If there is congestion on the line, you can select the method of congestion avoidance and control (standard TCP, Vegas, or Hybla).
Local Network Isolation

The SCPS protocol uses TCP Spoofing to reduce the time required for establishing a TCP session, thereby enabling the transmission of data without waiting for the TCP slow-start. SCPS also enables congestion avoidance by preventing slow traffic build-up before achieving maximum capacity.
Asymmetric Networks Optimization

In asymmetric environments, if in one direction the bandwidth is significantly lower than the other, this direction can become congested with ACK packets being sent in the other direction. TCP Acceleration enables scaling of ACK packets (for example sending an ACK for only every other packet) to better match uplink/ downlink rates. SCPS-based TCP Acceleration enables the Accelerator to maximize capacity over Long-Haul links, thereby guaranteeing optimized throughput across WAN links.
245
TCP throughput - Kbps 540msec round-trip-time

4608 4096 3584 3072 2560 2048 1536 1024 512 0 1 2 3 4 5 6 7 8 9 10 Time Throughput Link Speed 11 12 13 14 15 16 17 18 19
Unutilized bandwidth
With TCP Acceleration and compression
No TCP Acceleration
With TCP Acceleration
Newly created bandwidth
Kbps
Figure 4:TCP Throughput
Computing Latency
The Accelerator automatically configures TCP Acceleration settings according to the computation that follows.
Figure 5: TCP Acceleration Computation elements
246
The network in the diagram above will be used for example purposes. The math used for calculating the theoretical maximum throughput is based on this drawing. Substitute the values from your specific network in order to learn the TCP theoretical limitation for a single session in your network. The network poses 150 milliseconds (msec) of latency between the Client (C) and the Server (S). You can use a ping for determining the end-to-end latency between a Client and Server by sending a ping 100 times from the client to the server during business hours with a 750 byte payload. This payload size ensures some stress on the network, and should provide a better measurement for latency than simply sending a 64 or 32 byte ping as some operating systems do. An example of this ping command used on Windows is:
ping x.x.x.x l 750 n 100
(x.x.x.x = the servers IP address, l is the payload size, and -n is the amount of pings) You can use the following formula to calculate the theoretical limitation: Bandwidth equals the window size divided by the round trip time WindowSize -------------- = Bandwidth -------------RoundTripTime
Figure 6: Bandwidth Calculation
Bandwidth (BW the maximum theoretical throughput. The bandwidth
of a link is normally represented in bits per second. Window Size (WS the amount of data TCP can send before waiting for an acknowledgement. This value is in bytes; ensure that any values in bytes are converted to bits. Round Trip Time (Rtt though this value is in seconds, most network tools, such as ping, report it in milliseconds. In the network example shown above, the latency was 150 msec, and because 1000 msec equals a full second, then the latency of this network can be represented in a fraction as 150/1000 msec. Always convert this fraction into decimal format when calculating the values. In this case the latency will be represented as.15. The default window size for Microsoft XP is 8 KBytes. For additional window size values please consult your operating system vendor. This example assumes that the client is running Windows XP.
247
Using the example network provided above, some of the values needed for this formula are known and can therefore be plugged into the formula in order to determine the maximum theoretical bandwidth for a single TCP session. BW = 64000 /.15 After calculating the values, the BW equals 426,666 Bytes. Remember that because this value is in bytes, it should be multiplied by 8 in order to get the bits per second (bps). The product shows that the theoretical maximum bandwidth is 3,413,328 bps. As seen in the example network shown above, the link is a 6 Mb link. 150 msec of latency has limited a session to about half of the link speed. The following Throughput table lists some common Round Trip Times and the effects on TCP:
Window Size
8 KB 16 KB 32 KB 64 KB
Round Trip Time
50 100 150 200 500 1000
As these calculations demonstrate, the maximum throughput was greatly reduced as the latency increased. The actual maximum throughput that a single TCP session can have in your network may be even lower.
248
Configuring TCP Acceleration

You can use the WebUI to configure basic TCP Acceleration, such as typical RTT and typical acceleration rate. In addition, using the advanced option, you can set the Send and Receive windows sizes, acknowledge rate and Keepalive. For these settings see TCP Acceleration Advanced Settings, on page 252. Additional information is available in the following topics: Enabling TCP Acceleration, on page 249 TCP Acceleration Advanced Settings, on page 252 Keepalive, on page 253
C o nf ig u r in g T C P A cc el er a ti on
249
Enabling TCP Acceleration

TCP Acceleration should be enabled only over long, high latency links. If you enable TCP Acceleration via the WebUI, the systems default values will be used for activating TCP Acceleration. Expand recommends configuring TCP Acceleration via the CLI. For CLI instructions see TCP Acceleration Commands, on page 572.
To enable TCP acceleration on all Links:

1. In the Accelerators WebUI, click on Services and then TCP Acceleration. 2. Select the Enable TCP Acceleration on All Links check box and change or set the parameters as shown in the following table:
Parameter/Section
Typical RTT
Description
Enter the typical RTT in miliseconds by choosing Other in the drop down menu and enter an amount in the field. Alternatively, you can allow the Accelerator to decide by selecting Auto from the drop down menu. Enter a percentage by selecting Other in the drop-down menu and enter a value in the field. Alternatively, you can allow the Accelerator to decide by selecting Auto from the drop down menu Select from one of the following: Noneno congestion avoidance is used Standardthe congestion avoidance conforms to the standard TCP/ IP protocol (Reno) VegasTCP Vegas reduces latency and increases overall throughout, by carefully matching the sending rate to the rate at which packets are successfully being transmitted by the network. The Vegas algorithm maintains shorter queues, and is therefore suitable either for low-bandwidth-delay paths, such as DSL, where the sender is constantly over-running buffers, or for high-bandwidth-delay WAN paths, where recovering from losses is an extremely timeconsuming process for the sender. The shorter queues should also enhance the performance of other flows that traverse the same bottlenecks. Hyblareduces penalization of TCP connections that incorporate a high-latency terrestrial or satellite radio link, due to their longer round trip times. It consists of a set of procedures which includes, among others: - An enhancement of the standard congestion control algorithm - The mandatory adoption of the SACK policy - The use of timestamps - The adoption of channel bandwidth estimates - The implementation and mandatory use of packet spacing techniques See TCP Acceleration Advanced Settings, on page 252.
Typical Acceleration Rate Congestion Control
TCP Acceleration Advanced

Keep Alive
See Keepalive, on page 253
250
3. Click the Submit button. Note: When TCP acceleration is enabled, all traffic is transferred through the Accelerator in routing-only mode and is not bridged. For additional information see Setting Routing Strategy, on page 30. If after enabling TCP Acceleration the Accelerator does not perform as expected, you should check the size of the window set by Windows:
To check the size of the window set by Windows:

1. Click the Start button on the main menu bar, followed by Run. In the Open field, type regedit. 2. In the Registry Editor, navigate to the following location: HKEY_local_machine\system\CurrentControlSet\Services\Tcpip\par ameters. 3. Search the listed parameters. If TcpWindowSize is not listed, the window size is set to the Windows default of 8 KB. If TcpWindowSize is listed, double-click on the registry entry to view the value set. ! WARNING! Editing the registry or using a Registry Editor incorrectly can cause serious, system-wide problems that may require you to reinstall Windows to correct them. Microsoft does not guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Back up your registry first and use Registry Editor at your own risk.
251
To calculate the necessary send window size and receive window size:
Use the following formula to calculate the required window size as set by the Accelerator:
OutboundBW ( Kbps ) ---------------------------------------------------------- CompressionRatio RTT ( mSec ) 2 1000 -------------------------------8 1000
Figure 7: Calculating Required Window Size
Outbound Bandwidth in Bytes/Secconvert the outgoing bandwidth to Bytes per second, for example T1 = 1,544 Kbps (193,000 Bytes per second) Compression Ratioexpected acceleration in a compression ratio format (200% acceleration = 3, 350% acceleration = 4.5) Round trip timein seconds (for example 500 ms round trip is 0.5 seconds, 650ms round-trip is 0.65 seconds) For example, a T1 line with 600 ms round trip time with outbound acceleration of 230%: Bandwidth in bytes/sec - 193000 Compression ratio 3.3 193000*3.3*0.6*3 = 1146420
Excluding Servers or Subnets from TCP Acceleration

This allows you to exclude either a client or server from TCP acceleration. In addition you can exclude the client or server by IP address, host name, or subnet group.
To exclude a client or a server:

1. Click Services > TCP Acceleration>Exclusion. 2. Choose Client or Server by clicking the relevant radio button. Clientexcludes traffic to the proxy from the Client.
252
Serverexcludes traffic to the Server from the proxy. 3. Using the drop-down menu choose one of the methods to exclude by: IP Addressput a valid IP address in the field. Subnetput a valid IP address and subnet in the fields. Host nameput a valid host name in the field. 4. Click Add and the entry is added to the Exclusion table. 5. To delete an entry from the Exclusion table click Delete.
TCP Acceleration Advanced Settings

Additional settings may be configured to make the TCP Acceleration even smoother.
To set additional TCP Acceleration Settings:

1. Click Setup, followed by My Links, followed by Links. 2. Click the + next to the TCP Acceleration Advanced title bar. 3. In the window that opens fill in the following parameters:
Parameter
Send Window Size
Value/Description
Choose Auto for the 10MByte default setting or choose Other and enter a different value (from 4Kb-50Mb) and select the byte value (Kbytes or Mbytes) from the drop down list accordingly. Choose Auto for the 10MByte default setting or choose Other and enter a different value (from 4Kb-50Mb) and select the byte value (Kbytes or Mbytes) from the drop down list accordingly. Enter the number of packets that the Accelerator will receive from a source before sending the source a confirmation message (called an Acknowledge Packet) that the packet was received successfully. By default the rate is set to two packets, and the preferred range is between two and eight packets. See Keepalive, on page 253.
Receive Window Size
Acknowledge Packet Rate
Keep Alive
Note: Even though the upper limit for the sizes of the receive and send windows is 50MB, setting the size to a value greater than 10MB may adversely affect the system performance, and therefore a warning message notifying you about such a possibility appears when you select a value that exceeds 10MB.
253
Keepalive
If for any reason there is a disconnect between an appliance and a network device (LAN) or between an appliance and another appliance, the keepalive setting ensures that the connection will not close until the time out interval has passed.
To set the time out settings:

1. Click Setup, followed by My Links, followed by Links. 2. 3. 4. 5. Click the Advanced icon. Click the + next to the TCP Acceleration Advanced title bar. Check the Keepalive checkbox. Decide the amount of time you want the appliance to wait before sending the first keep alive message and put this value in the Keepalive Time field (1-10000 seconds). Pick a direction (LAN, WAN, Both) Decide how many times you want to send the Keep alive message and put this value in the Keepalive Probes field (1-10000 probes). Decide what kind of waiting time you want in between messages and put this value in the Keepalive Interval field (1-50000 seconds). Click Submit.
6. 7. 8. 9.
254
Understanding Web Acceleration

The Web Acceleration plug-in improves response times for HTTP/FTP-based applications. i Note: Web Acceleration is supported in hard-drive versions of the Accelerator. On all other Accelerator platforms, HTTP traffic will continue to be accelerated by using Expand Networks patented caching and compression algorithms. Note: Because the Web Acceleration plugin consumes RAM, it affects the number of tunnels configurable on the Accelerator. Web Acceleration can cache objects up to 1 GB in size. The Web Acceleration plug-in serves requested objects from its cache. If the object is not in the cache, the plug-in retrieves the object on behalf of the client from the original server, caches it (when relevant) and serves the client's request. Web Acceleration guarantees network transparency. When the Accelerator is deployed on the network, there is no need for any configuration modification of connected LAN clients. In On-Path deploymentsHTTP transparency also applies to the Server side, meaning that if a sniffer is used between an Accelerator and the default gateway, HTTP packets will be seen to contain the client and server IP addresses. FTP traffic will be transparent only on the client side. In On-LAN deploymentstransparency applies only to the Client side. A sniffer placed between an Accelerator and the default gateway will see packets containing the Accelerator and server IP addresses. This later is necessary to guarantee that replies will travel via the Accelerators Web Cache engine and not be delivered directly to the client. Web Acceleration supports both FTP and HTTP caching. FTP cachingthe Web Acceleration cache guarantees that objects sent to the client from the cache are always fresh (only supported if the FTP server supports MDTM ex, vsftpd as well as SIZE headers). Both Passive and Active FTP caching modes are supported. HTTP cachingthe object will have an aging time in the cache until it is retrieved again from the server.
Configuring HTTP Acceleration

This section contains the following information: Enabling and Disabling HTTP Caching, on page 255 Setting the Cache Size, on page 255 Setting Cache Content, on page 256 Working with HTTP Read Ahead, on page 256 Clearing HTTP Cache, on page 257 Returning to Default Settings, on page 257 Setting Advanced HTTP Parameters, on page 258 Setting HTTP Acceleration Rules, on page 259 Excluding from HTTP Caching, on page 260 Working with Fetch Jobs, on page 261
Co n fi gu r i ng HT T P A cc el er a ti on
255
Enabling and Disabling HTTP Caching

By default, HTTP Caching is disabled.
To Enable or Disable HTTP Caching:

1. Click the following menu sequence: Services > Web Acceleration > HTTP Acceleration > Configuration. 2. In the HTTP Acceleration field, select Enable from the drop-down menu to enable HTTP Caching. To disable, select Disable.
Setting the Cache Size

To set the Cache Size:
1. Click the following menu sequence: Services > Web Acceleration > HTTP Acceleration > Configuration. 2. In the Cache Size field, enter a number to represent the size allotment for the cache (between 1 and 60 MB).
256
Setting Cache Content

To set the type of content to be cached:
1. Click the following menu sequence: Services > Web Acceleration > HTTP Acceleration > Configuration. 2. In the Cache content field, scroll down to select one of the following types of content to be cached. Enterprise caches all traffic from links and virtual links. Internet caches all traffic on the non-link. All caches all traffic, be it link, virtual link or non-link.
Working with HTTP Read Ahead

When the user accesses a web page, and Read Ahead is enabled, the accessible links that are present on the open web page will be processed in the background and the resulting cachable pages are saved, thereby cutting down on web page loading time for the subsequent web pages. Keep in mind that this option is a memory and bandwidth consuming feature. By Default, Read Ahead is disabled. To enable, click Enable and then decide the level of operation. Low, Normal, Aggressive. The higher the setting, the more memory you will be using and consequently more links will be fetched and more pages will be cached by the Accelerator. HTTP Acceleration must be enabled in order to use this feature. HTTP Acceleration is available on HD based Accelerators (physical and virtual) and on the 4GB compact flash version. You must also configure DNS and it is recommended that DNS Acceleration is enabled as well.
257
To enable Read Ahead:

1. Click the following menu sequence: Services > Web Acceleration > HTTP Acceleration > Configuration. 2. In the Read Ahead drop-down menu, select Enable to enable, Disable to disable. 3. In the Read Ahead Operation Mode drop-down menu, select one of the three operation modes: Low, Normal or Aggressive. 4. To fetch the entire page including graphics, select the Read Ahead Fetch Full Page. 5. Click Submit.
Clearing HTTP Cache

To clear the HTTP acceleration cache:
1. Click the following menu sequence: Services > Web Acceleration > HTTP Acceleration > Configuration. 2. Click the Clear Cache button.
Returning to Default Settings

To return HTTP Acceleration settings to factory default:
1. Click the following menu sequence: Services > Web Acceleration > HTTP Acceleration > Configuration. 2. Click the Set Default Values button and click Yes when prompted.
258
Setting Advanced HTTP Parameters

To open the Advanced HTTP Parameters menu:
1. Click the following menu sequence: Services > Web Acceleration > HTTP Acceleration > Configuration. 2. In the Advanced HTTP Parameters menu, click the + in the menu bar. 3. The Advanced HTTP Acceleration Configuration opens, letting you set the following parameters as shown in the following table:
Parameter Item
Connect Time out Maximum Cache Object Size
Description
The time period (in seconds) that should pass before disconnection (default: 60). To set the Connect time out, fill in a number (between 1 and 600 seconds) in the field Sets the Maximum size an object can be in order to be held in the cache. Object larger than this number are not held. This parameter is set in KB. To set the Maximum Cache Object Size, enter a number between 1 and 1,000,000 KB. By default, the size is 102,400 KB. Note that the Maximum Cache object size must be larger than the Minimum Cache object size. Sets the Minimum size an object can be in order to be held in the cache. Object smaller than this number are not held. This parameter is set in KB. To set the Minimum Cache Object Size, enter a number between 1 and 1,000,000 KB. By default, the size is 102,400 KB. Note that the Minimum Cache object size must be smaller than the Maximum Cache object size. Sets the amount of time the client (browser) can be connected to the cache process before a timeout is initiated. This is merely a safeguard against clients that disappear without properly shutting down. It is designed to prevent a large number of sockets from being tied up in a CLOSE_WAIT state. The default for this option is 1440 minutes, or 1 day. Acceptable values are between 1 and 5,000 minutes. To set the Maximum Client Connect time, enter a number in the field between 1 and 5,000 minutes Sets the amount of time to wait for an HTTP request from the client after the connection was established, or after the last request was finished. It is set in seconds with acceptable values between 1 and 10,000 seconds. To set the Persistent Time out value, enter a number between 1 and 10,000.
Minimum Cache Object Size
Maximum Client Connect Time
Persistent Time out
259
Parameter Item
Transparency
Description
This command configures the status of the interception proxy. The interception proxy can be configured as transparent (namely, the proxy servers IP address will not be detected by sniffing). Three statuses are possible: Semiapplying transparency only on the Client side. Fullapplying transparency on both the Client and the server sides. Autosetting the transparency status automatically according to deployment, namely: Semi in On-LAN deployment and Full in On-Path deployment. To set the transparency mode, select one of the options from the drop-down menu When enabled, preserves the original clients source port information. By default, this is disabled. When Transparency (above) is set to either Semi or Auto in an On-Lan deployment scenario, it is not recommended to set this feature to enable. When TCP Acceleration is configured in the TCP Acceleration menu, you must also enable this parameter in order for the acceleration to work correctly. By default, TCP Acceleration is disabled, but to enable TCP Acceleration, select Enable from the drop-down menu. Lets you define whether to cache data that arrives from authenticated servers, such as authentication requests. If you set this option to Enable, the data from such servers is cached even if no Public indication was set in the authenticated server. If any other condition exists, which prevents the data from being cached (for example: a Private flag), the data is not be cached, but it is still accelerated. Lets you start or stop the statistics collection. The list in this table represents the port numbers that will be intercepted by HTTP Acceleration. By default Port 80 is used for HTTP traffic. Using this table, you can add additional non-standard HTTP ports. Make sure the port number you add is not used for other types of traffic. Select this box to enable the proxy server. If this box is selected, you can set manually the proxy IP address and the proxy port number.
Port Transparency TCP Acceleration
Cache Authenticated Requests
Collect Statistics Cache Range Server Ports Table
Enable Proxy Server
Setting HTTP Acceleration Rules

The HTTP Acceleration Rules screen lets you configure Direct and No Cache rules supported by HTTP acceleration.
To set HTTP Acceleration rules:

1. Click the following menu sequence: Services > Web Acceleration > HTTP Acceleration > Rules. 2. In the Type field, scroll down to select either Direct Rule or No Cache Rule. You should enter regular expressions in the edit fields of both rules.
260
The expression entered in Direct Rule should be valid on a URL, and determines that all requests that match this expression are always forwarded directly to the origin server, without using the proxy server. For example: if you apply rule direct avaya, all requests that match the avaya regular expression are forwarded directly to the origin server. The expression entered in No Cache rule determines that traffic directed to a specific URL, which matches this specific expression (for example: no cache avaya) is neither cached nor retrieved from the cache, and after the traffic is retrieved from the server it will not be cached. In both cases (Direct and No Cache rules) you can define multiple rules.
Figure 8: HTTP Acceleration Rules
Excluding from HTTP Caching

You can exclude certain components of the traffic from either HTTP caching To exclude from FTP Caching, see Enabling and Disabling FTP Caching, on page 264.
261
To exclude from HTTP caching:

1. Click the following menu sequence: Services > Web Acceleration > HTTP Acceleration > Exclusion. 2. In the Exclude by drop-down list choose whether to exclude by IP address, Subnet or Hostname. 3. If you select to exclude by IP address, check the appropriate button to indicate whether this IP Address comes from the Client or from the Server. 4. Enter the IP address you want to exclude. 5. If you previously selected the Server option, select now whether to let AcceleratorOS assign a port number for you, by selecting the All option, or enter a specific port number (preferably 80). 6. Click the Add button. 7. To exclude by Subnet, repeat steps 3. to 6. The only difference is that you have to enter the subnet mask as well. 8. To exclude by Hostname, repeat steps 3. to 6. This option also requires you to enter a Hostname. To enable excluding by Hostname, you first have to configure a DNS that resolves the hostname. For details, see Configuring DNS, on page 303.
Working with Fetch Jobs

Fetch allows users to cache data from a pre-determined destination thereby giving the user faster loading time for web pages. This is extremely useful in cases where multiple users will be accessing a specific URL at the same time. The Pre-fetch option will cache the information from the URL and store it locally on the Accelerator. Note that the following parameters/licenses are required to be set in order for a Fetch Job to work: A license for Web Cache is required (see About the AcceleratorOS License, on page 34). HTTP Acceleration needs to be enabled. HTTP Acceleration is available on HD based Accelerators (physical and virtual) and on the 4GB compact flash version. See Enabling and Disabling HTTP Caching, on page 255 for information on how to enable HTTP Acceleration.
262
DNS needs to be configured (see Configuring DNS Acceleration, on page 268)
To create a new fetch job:

1. Click the following menu sequence: Services > Web Acceleration > HTTP Acceleration > Fetch Jobs 2. Click Add Job. 3. Fill in the fields as directed in the table below and click Save to save.
Parameter
Job Name
Description
Type a name for this job. The job name can only contain alphanumeric characters. Special characters and spaces are not permitted You can use an underscore, but other non-alphanumeric characters are not allowed. Using the drop-down menu, decide when the job is to occur. Select from one of the following options: Nonethe job is created, but does not run Once immediatelyoccurs one time, immediately Once atoccurs one time on a specific date at a specific hour Once inoccurs one time at a specific hour in X amount of days Recur dailyoccurs every day at a specific hour Recur weeklyoccurs once very week on a specific day and a specific hour Recur monthly occurs once a month on a specific date and hour (not recommended to set this to 31, as not every month has 31 days). Type the complete URL in the field Dictates the level to go down to for caching the web pages. For example, if your main web site has 3 links that open 3 pages and each of those links has 2 links to open 2 separate pages, a depth of 1 would cache 3 pages and a depth of 2 would cache 9 pages. Note that the higher the number is, the more resources you will consume. To choose a depth select the level from the drop-down menu. Depth values from 1-16 are permitted. Some Web sites have User/Password requirements, if your URL requires it, enter the information in the appropriate field. Allows you to add additional URLs to the same fetch job.
Schedule
URL Depth
User / Password Add URL
263
To edit a fetch job:

1. Click the following menu sequence: Services > Web Acceleration > HTTP Acceleration > Fetch Jobs. 2. Select a fetch job from the table. 3. Click Edit. 4. Change the fields you want to change. Note that changing the parameters of the job will delete the history of the job under the old parameters. 5. Click Save.
To stop a fetch job already in progress:

1. Click the following menu sequence: Services > Web Acceleration > HTTP Acceleration > Fetch Jobs. 2. Select a fetch job from the table. 3. Click Stop Job. Note that if this job is set to recur, the recurrences will not be eliminated. To stop all future jobs, you should delete the job (see below).
To delete a fetch job:

1. Click the following menu sequence: Services > Web Acceleration > HTTP Acceleration > Fetch Jobs. 2. Select a fetch job from the table. 3. Click Delete. Note that any job currently running is immediately stopped and then deleted. The history is also deleted.
To see the history of the job:

1. Click the following menu sequence: Services > Web Acceleration > HTTP Acceleration > Fetch Jobs. 2. Select a fetch job from the table. 3. Click Edit. 4. The window shows the history of the last 10 times that the job ran. Note that if you edit the job itself, the history is deleted.
264
FTP Acceleration
Figure 9: FTP Acceleration screen
This section contains the following topics: Enabling and Disabling FTP Caching, on page 264 Setting the Cache Size, on page 265 Setting Cache Content, on page 265 Clearing FTP Cache, on page 265 Returning to Default Settings, on page 265 Setting Advanced FTP Parameters, on page 266 Excluding from FTP Caching, on page 267
Enabling and Disabling FTP Caching

By default, FTP Caching is disabled.
To Enable or Disable FTP Caching:

1. Click the following menu sequence: Services > Web Acceleration > FTP Acceleration > Configuration. 2. In the FTP Acceleration field, select Enable from the drop-down menu to enable FTP Caching. To disable, select Disable.
F T P A cc el er a ti on
265
Setting the Cache Size

To set the Cache Size:
1. Click the following menu sequence: Services > Web Acceleration > FTP Acceleration > Configuration. 2. In the Cache Size field, enter a number to represent the size allotment for the cache (between 1 and 60 MB).
Setting Cache Content

To set the type of content to be cached:
1. Click the following menu sequence: Services > Web Acceleration > FTP Acceleration > Configuration. 2. In the Cache content field, scroll down to select one of the following types of content to be cached: Enterprise caches all traffic from links and virtual links. Internet caches all traffic on the non-link. All caches all traffic, be it link, virtual link or non-link.
Clearing FTP Cache

To clear the FTP acceleration cache:
1. Click the following menu sequence: Services > Web Acceleration > FTP Acceleration > Configuration. 2. Click the Clear Cache button.
Returning to Default Settings

To return FTP Acceleration settings to factory default:
1. Click the following menu sequence: Services > Web Acceleration > FTP Acceleration > Configuration. 2. Click the Set Default Values button and click OK when prompted.
266
Setting Advanced FTP Parameters

To open the Advanced HTTP Parameters menu:
1. Click the following menu sequence: Services > Web Acceleration > FTP Acceleration > Configuration. 2. In the Advanced FTP Parameters menu, click the + in the menu bar. The Advanced FTP Acceleration Configuration opens, letting you set the following parameters as shown in the following table:
Parameter Item
Connect Time out Localization Minimum Cache Object size Cache per User
Description
The time period (in seconds) that should pass before disconnection (default: 600). Lets you enable or disable the option to view files in languages that require Unicode characters, such as Chinese. Lets you set a default for the minimum size of the cache object (05000KB, default: 1024). Ascribes a cache object to a single user. Namely, when a specific user accesses a file from the server, the file is cached per this user, and the next time a user with the same user accesses the file, it is served from the cache. However, for anyone who logs in with a different user name, the file is fetched directly from the origin server and not from the cache. Sets the interception proxy as transparent (namely, the proxy servers IP address will not be detected by sniffing), on both the Client and the Server sides.
Transparency
F T P A cc el er a ti on
267
Excluding from FTP Caching

To Exclude from FTP Caching:
1. Click the following menu sequence: Services > Web Acceleration > FTP Acceleration > Exclusion. 2. In the Exclude by drop-down list choose whether to exclude by IP address, Subnet or Hostname. 3. If you select to exclude by IP address, check the appropriate button to indicate whether this IP Address comes from the Client or from the Server. 4. Enter the IP address you want to exclude. 5. If you previously selected the Server option, select now whether to let AcceleratorOS assign a port number for you, by selecting the All option, or enter a specific port number (preferably 80). 6. Click the Add button. 7. To exclude by Subnet, repeat steps 3. to 6. The only difference is that you have to enter the subnet mask as well. To exclude by Hostname, repeat steps 3. to 6. This option also requires you to enter a Hostname. To enable excluding by Hostname, you first have to configure a DNS that resolves the hostname. For details, see Configuring DNS, on page 303.
268
Configuring DNS Acceleration

The Accelerators Domain Name Server (DNS) Acceleration plugin enables the Accelerator to act as a DNS caching device. By intercepting DNS requests and saving them on the local Accelerator, the DNS caching feature shortens the amount of time an end user waits for Web pages to appear and lessens unnecessary requests from your network to the Domain Name Server asking for Domain Name translations into IP addresses. DNS Caching is extremely useful when the DNS server that the clients are accessing is across the WAN over a high-latency link. You can use the WebUI to set all parameters relevant for DNS acceleration and DNS masquerading.
Figure 10: DNS Acceleration screen
C o n fi gu r i ng DN S A cc el er a ti on
269
To set the DNS parameters:

1. Under Services, click DNS Acceleration. 2. Adjust the parameters as follows, and click Submit when done:
Parameter
DNS Masquerade
Description
DNS masquerading enables the Accelerator to intercept traffic sent from the Client to the DNS server and back, and masquerade the DNS responses address. Select Enable to enable, or Disable to disable. Note that, the translation of host names into the Accelerators user-defined addresses is defined in the next section of this screen - the Static Hosts table. Enabling allows the Accelerator to cache the DNS addresses, thereby eliminating repetitive queries over the WAN. Select Enable to enable, Disable to disable. defining the Accelerator as a DNS client. By so doing, the Accelerator will always intercept traffic and use its setting to process it, even if that traffic was sent to another DNS server. If you enable this option, you have to configure a domain name server under Setup > Networking > DNS. For details, see Configuring DNS, on page 303. Caches DNS queries that were unresolved and will therefore not attempt to resolve them in the future. Select Enable to enable, Disable to disable. Select the appropriate transparency method: Semithe traffic is transparent to the Client, but the server sees it as coming from the Accelerator. Fullthe traffic is transparent to both the Client and the Server. Autothe transparency is determined automatically according to the deployment level: either Semi (in On-LAN deployment) or Full (in On-Path deployment). Determines whether to keep the Time-to-leave settings defined by the DNS server (Preserve TTL) or set your own settings (1-1440 minutes). If the TTL settings you defined here are longer than those set by the DNS Server (for example: 60 minutes compared with 10 minutes, respectively), for any period between these two values (as, in this example, 20 minutes) the Accelerator does not use the DNS Servers address and takes the address from its own cache. To view the statistics for the queries since the last time the DNS Acceleration feature was enabled, use the Statistics (lower most) section of the DNS Acceleration screen Defines the maximum number of records that are to be kept in the cache. You can either select Auto to keep the system-defined default, or select your own value.
DNS Acceleration
Use Accelerator DNS
Cache Unresolved Transparency
Min TTL
Cache Size
To clear the cache:

Click the Clear Cache button, and click Yes when asked to confirm the action.
To show the current cache:
270
Click the Show Cache button.
To edit the Static Hosts table:

1. Click DNS Acceleration, and click the + to open the Static Hosts Table, if it isnt already open. 2. Click the Add button and the Add New Static Host dialog box opens. 3. In the Host Name field, enter the requested host name (for example: www.expand.com). 4. In the IP Address field, enter a user-defined masquerading IP address the Accelerator will use for the host name you had just entered. 5. Click Submit and the information is added to the Static Hosts table. 6. To edit the static host details, click on the hosts IP address, within the Static Hosts table, and edit the details in the Edit Static Host dialog box. To delete a static host from the table, click anywhere on the hosts row to select it and then click the Delete button. When asked to confirm the action, click Yes.
To reset all parameters back to the default value:

Click the Set Default Values button, and click Yes when prompted.
Enabling Aggregation
E n ab li n g Ag g r eg a ti on
271
Aggregation optimizes applications by using small packets such as Citrix, rdp, and telnet. This menu allows you to configure aggregation, match applications to classes and enable the class on all links.
To add a new application:

1. From the Services tab, click Aggregation. The application names are predefined in the system. To add a new application, see Working with Applications, on page 215. 2. Choose an Application from the drop-down menu. 3. Choose an Aggregation class from the drop-down menu. The aggregation classes are as follows: User Defined 1enables Citrix acceleration on a specific, userdefined link. User Defined 2enables Citrix acceleration on a specific, userdefined link. Thin Clientenables Citrix acceleration on Citrix, telnet and msterminal-server applications.
To edit the match between an application name and an application class:

1. Select the application you want to change from the Application Name column in the Matching Application to Class table. 2. Select an Aggregation Class from the Select Class drop-down list. 3. Click Submit. The parameters are updated and the change is reflected in the table. i Note: The Citrix Acceleration screen lets you apply Citrix aggregation only on all links. To apply Citrix aggregation on a specific link, use the Post Acceleration Aggregation section of the My Links table under Setup tab. For details, see Editing Links, on page 89.
272
To apply a specific Citrix aggregation class on all links:

1. Select the Enable option for the relevant class. 2. Click the Apply to All Links button. 3. When prompted whether you want to configure Citrix acceleration on all links, click OK.
Enabling Traffic Encryption
E na bl in g Traf f ic En cry p ti on
273
The IPsec Encryption menu on the Services screen lets you encrypt the Accelerators outgoing traffic, as well as determine the crypto mode and IPsec policies. This menu comprises the following options: Configuring an IKE Policy, on page 273 Defining Crypto Mode, on page 274 Configuring IPsec Policies, on page 275 Applying IPsec Policies on a Link, on page 276 i i Note: When IPsec is enabled on a link, no clear traffic is allowed to pass. Therefore, by-pass mode cannot be enabled. Note: To prevent any option for by-pass mode, connect one cable to ETH 0 port and the other cable to either ETH 0/0 or ETH 0/1 port. However, you may want to use ETH 0 port for Management, in which case both ETH 0/0 and ETH 0/1 ports will be connected to cables, and a by-pass mode may be enabled. To connect cables to both ETH 0/0 and ETH 0/1 ports, and still prevent any option of by-pass mode, ensure that both cables are of the same type (either Cross or Straight), and that none of the devices connected to the ETH 0/0 and ETH 0/1 ports has an MDIX.
Configuring an IKE Policy

IKE (Internet Key Exchange) is a pre-shared key, entered manually into both Accelerators that exchange IPsec traffic, allowing each Accelerator to verify the identity of its peer.
To configure an IKE policy:

1. Click the Services tab, followed by IPSec Encryption. 2. In the Pre-shared Key field, enter a password. 3. Re-enter the password in the Re-enter field. i Note: The pre-shared key must be identical on both sides of the link, otherwise the link will not be established.
274
4.
Set up the parameters of ESP Algorithms 1, 2 and 3, by selecting the requested authentication method (either SHA1 or MD5), encryption method (AES-128, AES-192, AES-256 or 3DES) and Key group (PFS) - 1, 2 or 5. 5. Set up the requested SA lifetime (the time period after which the encryption key will be replaced) You can set this time either by hours or by seconds. 6. Enter the policy name in the Description field. 7. Click Submit.
Defining Crypto Mode

The Crypto Mode screen lets you control whether the Accelerators outgoing traffic is encrypted, as well as determine the crypto modes by selecting one of the following options: i Note: Defining crypto mode requires entering first a pre-shared key (password). For details, see Configuring an IKE Policy, on page 273. Nonedisables the configuration of IPSec links. Strictallows only encrypted traffic to pass the box at all times. Split-Tunnelingallows clear traffic to pass only after all IPSec links have been established. (See Note) Lenientallows clear links to pass traffic regardless of IPSec links status. i Note: If you choose strict mode, any traffic whose destination is a local subnet is not accelerated. This is because in Strict mode, the IPSec guards only the traffic exiting its subnet. This means if a packet comes through the non-link to a local subnet, the Accelerator will let it pass even if the packet contains clear text and the traffic will not be blocked. However, traffic that is sent to an unknown subnet or a remote subnet to which no link is present will be dropped.
275
To define Crypto mode:

1. Click the Services tab, followed by IPSec Encryption >Crypto Mode. 2. Use the Crypto Mode drop-down box, to select one of the options mentioned above. 3. Click Submit (at bottom of screen). 4. In addition, if you want to show the security information on the specific Accelerator, click the Show Security Information button.
Configuring IPsec Policies

Use the IPsec Policies screen to define the parameters to be applied to traffic that passes through the links. Unlike the IKE Policy screen, which lets you define only one IKE policy, you can define several IPsec policies and apply different policies to different links. Each IPsec policy lets you define three ESP algorithms. i Note: The ESP algorithm you define here as ESP algorithm 1 is the default algorithm that will be activated when enabling the IPsec on a link. In addition, IPSec services are license dependent. You are supplied with a temporary license when you install the software that is valid for 30 days. You will need to change this license into a permanent license to prevent loss of IPSec services. i Note: Should your license expire, the IPsec link will be down. This prevents the local Accelerator from informing the remote Accelerator that the license is dropped. The remote Accelerator therefore, will not be able to list in its log that its remote IPsec license is dropped. Note: When you edit existing links, you choose whether to enable IPsec on the link, and which IPsec policy to apply. For details, see Applying IPsec Policies on a Link, on page 276. Note: IPSec uses the primary IP address of the Accelerator to create the IPSec tunnel. If you use a protocol that uses an IP address other than the primary (as is done in virtual IP addresses) the traffic sent out will be dropped. Therefore it is not recommended to use IPsec in conjunction with features that use virtual IP addresses (as in HSRP and VRRP).
276
To configure an IPsec policy:

1. Ensure that the appropriate crypto mode is displayed. Otherwise, use the Crypto Mode screen to change it. For details, see section Defining Crypto Mode, on page 274. 2. 3. 4. 5. Define a name for the policy in the Policy Name field. Select the requested PFS Group (1, 2 or 5). Select the requested SA Lifetime (either by hours or by seconds). Set up the parameters of ESP Algorithms 1, 2 and 3, by selecting the requested authentication method (either SHA1 or MD5) and encryption method (AES-128, AES-192, AES-256 or 3DES). 6. Click Add.
Applying IPsec Policies on a Link

The Apply IPsec on Link screen lets you select one of the previously defined IPsec policies and assign them to a single link. You can also assign different policies to different links. This screen also lets you view the parameters of the IKE policy you defined. i Note: When IPsec is enabled, the only encapsulation method possible is IPComp, because Transparent encapsulation preserves the packet header and is therefore unsuitable.
To apply an IPsec policy on a link:

1. Ensure that the appropriate cyrpto mode is displayed. Otherwise, use the Crypto Mode screen to change it. For details, see section Defining Crypto Mode, on page 274. i Note: You will not be able to apply an IPsec policy on a link if the Crypto mode is None. 2. Select the requested link from the Link Name list. 3. Select the requested policy from the Policy Name list. 4. Click Enable IPsec on Link.
277
To terminate the SA time and replace the encryption key immediately, click the SA Link Renegotiate button. To disable the IPsec on the link, click the Disable IPsec on Link button. 5. Make sure that the remote and local NAT IP address has been configured, by clicking Setup > My Links and the Advanced button and then opening the IPSec Menu, by clicking on the + sign. Make sure that the Enable IPSec checkbox is checked and that the Local and Remote NATIP address fields are complete. For further assistance on the link setup, see Editing Links, on page 89.
278
Remote Desktop Protocol Services

The Remote Desktop Protocol service captures RDP Proxy traffic and removes the encryption and compression so that the you dont have to remember to change the settings on every remote desktop and server. This action is done automatically once it is enabled. Note that the RDP Proxy has the best performance on links that have TCP acceleration enabled as well. The following topics are included: Configuring Terminal Services, on page 278 Collecting RDP Proxy Statistics, on page 279 Excluding Terminal Services, on page 280
Configuring Terminal Services

Allows you to enable or disable the RDP Proxy. In addition, you can either use the certificate supplied on your Accelerator or transfer your own to the RDP.
To enable or disable the RDP Proxy:

1. Go to the Services Menu and click Remote Desktop Proxy > Configuration. 2. To enable the RDP Proxy, click the Proxy Enabled checkbox. 3. To disable the RDP Proxy, clear the Proxy Enabled checkbox. 4. To choose the certificate supplied with your Accelerator, click the Default Certificate checkbox and click Submit to save your changes. 5. To import your own certificate clear the Default Certificate checkbox and the Certification File menu opens. 6. In the Transfer Method drop-down menu, choose the method you will use to transfer the file (TFTP, FTP, HTTP, HTTPs) 7. Enter the User Name, Password, and IP address of the machine (from which you want to import the file) in the relevant fields. 8. Enter the location of certification file and file name by entering this information into the File Path/Name field. For example my path/myfilename. 9. Click Import and then click Submit. 10. To collect statistics for an RDP Proxy session, see Collecting RDP Proxy Statistics, on page 279.
R em o te D es kt o p Pro t oc ol Se rvi ce s
279
Collecting RDP Proxy Statistics

The RDP statistics are collected from the moment the RDP service is enabled and will be collected until it is disabled. The next time you re-enable the RDP service, the counters in the statistics are reset. Optionally, you can print the report or save it as an HTML or text file.
To view the RDP Proxy statistics:

1. Make sure you have configured RDP services. See Configuring Terminal Services, on page 278 to configure RDP. Note, that the statistics counters will be set to 0 until you have at least one RDP session established. 2. Go to the Services Menu and click Remote Desktop Proxy > Configuration. 3. On the Remote Desktop Proxy screen, click the Statistics button. 4. A pop-up opens with the following information: Peak Number of Concurrent Sessionsthis is the maximum number of RDP sessions that were detected running simultaneously from the time that the service was enabled. Current Number of Sessionsthis is the number of RDP sessions that are currently running. Average RDP PDU Sizethis is the average Protocol Data Unit size (in bytes) that have traversed the RDP session from the time the service was enabled. Maximum RDP PDU Sizethis is the maximum PDU detected (in bytes) for all units that have traversed the RDP session from the time the service was enabled. 5. To print this report: a. Click the Print button. b. Select the printer. c. Click Print. 6. To save this report: a. Click the Save button. b. Select the files location and choose the file type (HTML or Text). c. Click Save. 7. Click Close to close the window.
280
Excluding Terminal Services

This allows you to exclude a specific server or subnet from the RDP services. Note that enabling other services on an excluded machine will have to be done by hand.
To add a server to the exclusion list:

1. From the Services menu, click Remote Desktop Proxy > Exclusion. 2. Decide the direction you want to exclude by clicking one of the following radio buttons: Clientexcludes traffic to the proxy from the Client. Serverexcludes traffic to the Server from the proxy. 3. Decide how you will exclude the server or client, by selecting one of the following from the Exclude By drop-down box: IP Addressfill in a valid IP address in the field. Subnetfill in a valid IP address and a valid subnet. Host Namefill in a valid host name. 4. Click Add and the entry is added to the Excluded table. 5. To remove an entry from this table, select the row and click Delete.
Chapter 8: Configuring Management Options

You can configure the Accelerator via CLI via Telnet, SSH, or direct Console connection. Alternatively, you can configure the Accelerator via WebUI, accessed by using HTTP or HTTPS. Logging can be sent to SNMP or SyslogD servers and can be sent via email. i Note: By default, all options mentioned above are enabled (Telnet, SSH, direct console, HTTP and HTTPS). To disable a specific service, see Configuring AAA, on page 338. This chapter contains information on the following: Studying the ExpandView System, on page 282 Using Out-of-Band Management, on page 284 Using SNMP, on page 285 Receiving Log Error Messages, on page 287
282
C h ap t er 8: Configuring Management Options
Studying the ExpandView System

Expand Networks' ExpandView is a centralized monitoring and management system for Expand Accelerators. ExpandView gives you total visibility, via a Dynamic Network Map, into global WAN operations, thereby letting you implement global changes in minutes. Detailed graphs and reports, easy-to-use QoS templates and tight integration with Expand's award-winning Accelerators make ExpandView the ideal Centralized monitoring and management system for ensuring optimal application performance over the WAN.
Simplifying WAN Optimization

ExpandView takes the complexity out of deploying WAN optimization. Once new Accelerators are powered up, ExpandView automatically updates them with all preconfigured parameters and starts collecting statistics. This includes all Accelerator Platforms including Mobile and Virtual. Note: any change made outside of Expand View will be overwritten by the configuration settings that are sent from Expand View. If you have ExpandView installed, it is not recommended to make configuration changes via AcceleratorOS, or the CLI.
Generating Advanced Alerts for World-Class NOCs

ExpandView generates alerts on application performance thresholds for remote Accelerators, thus enabling proactive performance management. Acceleration percentage, traffic gauge, and a multitude of other parameters can be used to predict WAN performance incidents, before they happen, giving IT managers the tool to correct them.
Generating Proactive Reports for Network Provisioning

ExpandView lets you generate trend reports, which detail anticipated future utilization of WAN links based on previous usage and performance of the links.
St u dy in g t h e E xpa nd Vie w Sy st em
283
Such reports are useful in helping IT provision networks to accommodate business growth and expansion.
Figure 1: Statistics and Monitoring graph
Defining Scalable QoS

Centralized insight into network traffic and application performance enables informed and controlled use of available bandwidth. ExpandView enables group configuration of QoS and policy prioritizing. You can publish new policies to multiple devices in a single step, and enforce QoS policy consistency by creating QoS templates.
Updating the IP Address of ExpandView Server

To work with ExpandView, each Accelerator must be updated with the IP address of the ExpandView server. The following AcceleratorOS CLI commands enable interaction with ExpandView by setting the ExpandView server IP address and port number:
284
Using Out-of-Band Management

You can manage the Accelerator remotely from a management station on a LAN external to the accelerated network. When Out-of-band management is used, Ethernet 0 cannot participate in VLAN or HSRP/VRRP, should not be part of OSPF or RIP router polling support, and should not use WCCP or RIP route injection.
To use Out-of-band management:

1. Connect the Accelerators Ethernet 0 to the remote network. 2. Set Ethernet 0 to be removed from the Accelerators bridging capabilities 3. Add a separate IP address for this interface.
Using SNMP
Us in g SN MP
285
The Accelerator supports SNMP versions 1, 2c and 3, functioning as an SNMP agent for monitoring performance statistics from a Network Management System (NMS). In addition, the Accelerator can send SNMP traps to the NMS and other network devices. To work with the Accelerators SNMP management, you have to update the networks SNMP settings in the Accelerator. Define the following SNMP Communities and enable traps (if requested).
Figure 2: SNMP
286
To access configuration options:

1. Click on Setup, followed by Advanced, and then SNMP. The default Read Community is public. 2. 3. In the SNMP Agent drop-down, select Enable to enable the Accelerator to function as an SNMP agent. If you want the Accelerator to receive SNMP traps, make sure the SNMP Traps drop-down is set to Enable and then enter the Trap Community Name and Manager IP address in the relevant fields. Enter the SNMP Version 3 password (see note) and then enter a new password. To add a Community String that is different from Public, click Add in the Communities Table, and enter the new string in the pop-up window. Click the Submit button in the bottom right hand corner.
4. 5. 6. i
The SNMP Version 3 default initial user name is expand_user and the default initial password is expand_initial_password. If you are entering a new password, spaces may not be used.
Receiving Log Error Messages

The following sections detail how status updates are sent: Sending Updates to a Syslog Server, on page 287 Sending Updates via Email, on page 289
R ece iv in g L og E r r o r M es sa ge s
287
The Accelerator can send status updates about the Accelerator to a SYSLOG server, to an email address, or to both.
Figure 3: Logging screen
Sending Updates to a Syslog Server

Syslog is a method of collecting messages from devices to a server running a syslog daemon. Logging to a central syslog server helps in aggregation of logs and alerts. Accelerator devices can send their log messages to a SYSLOG service. A SYSLOG service simply accepts messages, and stores them in files or prints them according to a simple configuration file. This form of logging can provide protected long-term storage for logs. This is useful both in routine troubleshooting and in incident handling. Set the Syslog parameters to define the syslog servers IP address and the severity level of events by which error notifications are to be sent.
288
To set syslog parameters:

1. Click on Setup, followed by Advanced, and then Logging. 2. Enter the following parameters as necessary.
Parameter Item
Facility
Description
The Facility setting sets the Syslog level (0-23), as follows: 0kernel messages 1random user-level messages 2Mail system 3system daemons 4security/authorization messages 5messages generated internally by syslog 6line printer subsystem 7 network news subsystem 8UUCP subsystem 9 clock daemonother codes through 15 reserved for system use 16reserved for local use 17 reserved for local use 18reserved for local use 19reserved for local use 20 reserved for local use 21reserved for local use 22reserved for local use 23reserved for local use Enter the IP address of the Syslog server. Select the maximum severity that you want to be notified about by email, the default is Fatal. Other choices include: Error, Warning, or Information. It is best that the maximum level be higher than the minimum level. The hierarchy of error messages from least to most is information, warning, error and fatal. Select the minimum severity that you want to be notified about by email, the default is Information. Other choices include: Fatal, Error, and Warning. It is best that the minimum level be lower than the maximum level. The hierarchy of error messages from least to most is information, warning, error and fatal.
Server IP Address Severity Maximum
Severity Minimum
R ece iv in g L og E r r o r M es sa ge s
289
Sending Updates via Email

The Accelerator allows log error messages to be sent via email to notify you of Accelerator status changes.
To set the email logging feature:

1. Click on Setup, followed by Advanced, and then Logging. 2. To enable email notification to be sent, ensure that the Enable checkbox in the Mail section is selected. 3. Enter the following parameters as necessary:
Parameter Item
From
Description
Enter the information you want to appear in the From field of the e-mail when it is received. This can either be text (as in your name) or an e-mail address. Make sure you have checked your spam filter settings if needed. Enter the e-mail address to which the e-mail should be sent. Make sure the e-mail address is valid and correct. Enter the subject that you want to appear in the subject field of the e-mail. This subject will be used each time the mail message is sent. Enter the IP address of the e-mail server Enter the port number that the e-mail server uses. The default is 25 Select the maximum severity about which you want to be notified by email; the default is fatal. Other choices include: Error, Warning, or Information. It is best that the maximum level be higher than the minimum level. The hierarchy of error messages from least to most is information, warning, error and fatal. Select the minimum severity about which you want to be notified by email; the default is Information. Other choices include: Fatal, Error, and Warning. It is best that the minimum level be lower than the maximum level. The hierarchy of error messages from least to most is information, warning, error and fatal.
Recipient Subject Server IP Address Server port Severity Maximum
Severity Minimum
290
Chapter 9: Setting Advanced Parameters

Advanced setup includes complex configuration that should be attempted only by trained and certified Accelerator operators. You can set the following advanced parameters for the Accelerator: Adding WANs, on page 292 Handling Interfaces, on page 295 Creating Static ARP Entries, on page 301 Defining Authentication Settings, on page 302 Configuring DNS, on page 303 Dial-on-Demand, on page 305 Dial-on-Demand, on page 305
292
C h ap t er 9: Setting Advanced Parameters
Adding WANs
The Accelerator arrives preconfigured with one default WAN. To define the bandwidth setting for this default WAN, select Setup >My Accelerator > Basic menu, and then click the Advanced Settings button to open the Advanced Settings screen. See Defining Advanced Settings, on page 32. On large networks (for example in cases where there are two routers or one router with multiple WAN interfaces) in which the Accelerator will optimize the traffic of more than one WAN, you can add additional WANs to the Accelerator.
Figure 1:My WANs
To add an additional WAN to the Accelerator:

1. Click the Setup tab, followed by Networking, and then My WANs. 2. Enter the Name of the new WAN. 3. Fill in the remaining parameters as follows
A d d in g WAN s
:
293
Parameter
Bandwidth Out Strict Priority Out Burst Out
Description
Select the outbound bandwidth maximum value Select Enable to enable encrypted outbound traffic to have priority, Disable to disable. If you want to allow greedier outbound traffic to temporarily take more bandwidth (either fixed amount or auto adjusting) then you have allotted to it (it will only take what hasnt been taken by any other application, up to the fixed amount or up to the maximum available), then do one of the following: Select Always Allow Burst Out to always allow bandwidth bursts on outgoing traffic. This will allow the Accelerator to automatically adjust the bandwidth and to allow bursts in bandwidth where needed. Deselect Always Allow Burst Out and select a limit to the burst, using the Burst Out drop-down menu. This will allow bursts of bandwidth on the outbound traffic up to the amount selected. If there is more bandwidth available the application will not use it. Select the Enable Bandwidth In checkbox to set a bandwidth limit on incoming traffic, then select the Bandwidth In value. Select Enable to enable encrypted inbound traffic to have priority, Disable to disable. If you want to allow greedier inbound traffic to temporarily take more bandwidth (either fixed amount or auto adjusting) then you have allotted to it (it will only take what hasnt been taken by any other application, up to the fixed amount or up to the maximum available), then do one of the following: Select Always Allow Burst In to always allow bandwidth bursts on outgoing traffic. This will allow the Accelerator to automatically adjust the bandwidth and to allow bursts in bandwidth where needed. Deselect Always Allow Burst In and select a limit to the burst, using the Burst In drop-down menu. This will allow bursts of bandwidth on the outbound traffic up to the amount selected. If there is more bandwidth available the application will not use it.
Enable Bandwidth In Strict Priority In Burst In
4.
Click Add and the new WAN will appear below the default-WAN in the WAN table.
To delete a WAN:
Highlight a WAN and use the Delete button if at any point you want to delete a WAN.
294
To edit a WAN:
To edit an existing WAN, highlight the WAN in the WAN Table and click the Edit WAN button. The Edit WAN popup appears, letting you modify the fields you set previously (explained in the table above). Click Submit to confirm your changes.
Handling Interfaces
i
H an d lin g I nt e r fa ce s
295
Note: The total WAN bandwidth will always be enforced. It is the sum of all WANs configured for the Accelerator The Accelerator automatically detects the MAC address and Speed and Duplex settings for each of its interfaces. You can perform all required speed and duplex setting modifications via the My Interfaces menu. The interface name corresponds to the name printed on the back panel of the Accelerator and cannot be modified. The MAC address is permanent and cannot be modified. The Speed and Duplex settings let you define the link as either 10 or 100 Mbits (or 1000 Mbits for the Accelerator 6800 series) and as either Half or Full duplex. The Auto setting automatically configures the Accelerator to the detected link speed and duplex setting (this is the default setting).
Note: Setting wrong interface speed and duplex values for the Accelerator may result in many errors on the line towards the router, and even loss of connectivity. If you are uncertain as to the speed and duplex setting required, you can use the Auto setting; however, you are advised to manually set the speed and duplex. Note: When the Accelerator is installed in an On-Path deployment, ensure that both interface 0/0 and 0/1 have the same link speed and duplex settings. If the Accelerator operates in by-pass mode for any reason, this will enable the two devices adjacent to the Accelerator to interact.
296
Viewing Available Interfaces

The Interfaces Table shows all detected Accelerator interfaces. Additional ports are shown only for platforms which support multi-port. If optional panels are used, 4 pairs are shown, otherwise 2 pairs. In other words, the UI shows only the amount of available ports, as indicated in the following figure:
Figure 2: My Interfaces screen
To view all detected interfaces:

1. Click the following sequence: Setup > Advanced > My Interfaces. 2. The interface table appears, displaying all detected interfaces. The status of each
To edit an interface:
1. Click the following sequence: Setup > Advanced > My Interfaces. 2. In the Interfaces Table, click on the name of the Interface to be modified. 3. The edit dialog box opens. Information about the interface (MAC address, name, hardware type, etc.) is given and cannot be modified. 4. The following parameters however can be modified as follows:
297
Parameter
Link Mode Bridged State
Description
Choose the link speed in Mbits and if the link is to be full or half duplex. When enabled, allows all Interfaces to receive the same logical IP as the Accelerator. When disabled, you will have to enter the IP address and subnet mask of the interface in the fields that follow. The IP address of the interface. This is only enabled, when the Bridged state (above) is Disabled. The Subnet mask of the interface. This is only enabled, when the Bridged state (above) is Disabled.
IP Address Mask
5. Click Submit.
Working with VLAN

The Accelerator supports protocol 802.1q VLAN. VLAN is a virtual layer on top of the Ethernet that enables the Ethernet to be divided into smaller virtual groups. You can add up to 255 VLAN groups to the Accelerator. You can set Each VLAN group, identifiable by a number, on any basis (precise location, department, primary application, type of user, and so on). The Accelerator can incorporate itself into a VLAN network as follows: you can assign the Accelerator a VLAN ID, enabling it to be considered as part of a VLAN group. If VLANs are defined on the Accelerator, all VLAN traffic passes as bridged traffic. Defining a VLAN as Native means that the Accelerator uses the IP address from its local interface as the IP address for a particular VLAN. The Accelerator will handle packets arriving tagged from the Native VLAN, but will forward them without the tag (this is especially useful in setups in which the router does not support VLAN). Setting the Accelerator to work in with Native tagged will enable the Accelerator to set one VLAN as Native with the IP address from its local interface, but will forward packets received from the native VLAN with the tag. If traffic is already handled (for example if VoIP is set on a separate network and receives priority), the traffic that is not to be handled by the Accelerator should not be set as a VLAN and it should not be advertised anywhere in the Accelerator network - the traffic should be bridged through the Accelerator. The following figure depicts working with VLAN in an On-LAN configuration.
298
Figure 3: VLAN in an On-LAN Configuration
In the setup depicted, VLAN 1, 2, and 3 are defined in the Accelerator. VLAN 1 is defined as native, meaning that it takes its IP address from the Accelerators Local interface. A second 802.1q trunk is created from the Layer-2 switch to the Accelerator enabling VLAN support in an On-LAN environment.
299
The following figure depicts working with VLAN in an On-Path configuration:
Figure 4: VLAN in On-Path Configuration
The Accelerator is connected directly to a Layer-2 switch via a VLAN (802.1q) trunk. VLAN 1, 2 and 3 are defined in the Accelerator and VLAN 1 is defined as Native.
Viewing the VLAN Interfaces

To view the VLAN interfaces:
1. Click the following menu sequence: Setup > Advanced > VLAN Interfaces. 2. The VLAN interfaces are displayed in the table. 3. To Add an interface, see Adding a VLAN Interface, on page 300. To delete an interface, select it in the table and click Delete.
300
Adding a VLAN Interface

To include the Accelerator in a VLAN group:
1. Click the following menu sequence Setup > Advanced > VLAN Interfaces. 2. 3. In the VLAN Interfaces menu, enter the necessary VLAN ID number (1 to 4094). The Accelerator must have an extra IP address and Subnet Mask for each VLAN group it joins. To enter an IP address and subnet mask to be used within the VLAN group, select the IP address radio button and enter the IP address and subnet mask into the supplied fields. To use the Accelerators original IP address and subnet mask as its address within the VLAN group, select the Native IP setting radio button. When Native is selected, it is possible to select the Tagged checkbox to include the VLAN tag in the packets sent from the Native VLAN. 4. Click the Add button. All VLAN interfaces added will appear in the VLAN Interfaces table, at the bottom of the screen. To Delete an interface from the table, select it within the table and click Delete. Note: It is unusual for the Native VLAN to be tagged. Please check if indeed it is. Otherwise the IP address in the Local Interface will act in the Native VLAN
Figure 5: VLAN Interfaces screen
Creating Static ARP Entries

To map a static ARP entry:
Cre at i n g Stat i c A RP E n t r i e s
301
If you want to make a replacement within the ARP table, you can add a static ARP entry, by mapping a specific IP address to a specific MAC address.
1. Click the Setup tab, followed by Networking, and then ARP. 2. In the ARP menu, add the IP address and MAC address to be mapped. 3. If this change is to be permanent, select the Permanent checkbox. Otherwise, this entry will remain until the next Accelerator reboot, or until it is deleted from the ARP table. 4. Click the Add Static Entry button. The entry appears in the ARP table. If you want to delete the entry, click the Delete button. To delete the entire ARP table, including all its entries, click the Clear All button.
Figure 6: ARP Table
302
Defining Authentication Settings

The Accelerator lets you modify the password necessary for logging in.
To modify the password:

1. Click on Setup, followed by Security, and then Users. 2. In the Users table, double-click the name of the user whose password you want to modify. Alternatively, highlight the line of this user and click the Edit button. The Edit User Details dialog box appears:
Figure 7: User Details
3. Enter the local password and re-enter it for confirmation. 4. Click the Submit button.
Configuring DNS
Co n fi g ur in g DN S
303
The Domain Name Server (DNS) Configuration screen lets you manage Domain Name Servers and define domain name, domain name search path and static hosts.
To set a domain name:

1. Click the Setup tab, followed by Networking, and then DNS. 2. Enter the domain name in the Domain Name field. 3. Make sure that there is at least one entry in either the servers table or static host table (see below if you need to add entries). 4. Select whether to enable or disable IP Domain Lookup. 5. Click Apply. The domain now appears in the Domain Name Table.
To add a new server:

1. In the Servers table, click Add. 2. In the Add New Server dialog box that opens now, enter the new servers IP address. 3. By default, the order is sequential and the newest entry is last. If you want to 4. change this order, select the new position in the Order drop down box. The order may also be changed by using the arrows on the side of the table. 5. Click Submit. The newly added server now appears in the Servers Table.
To delete an existing server:

1. In the Servers table, highlight the line that contains the server address, in order to select it. 2. Click Delete. You are now prompted to confirm the deletion. 3. Click OK. The server is now removed from the Servers Table.
To add a domain name:

1. In the Domain Name table, click Add. 2. In the Add Domain dialog box that opens now, enter the new Domain Name. 3. By default, the order is sequential and the newest entry is last. If you want to 4. change this order, select the new position in the Order drop down box. The order may also be changed by using the arrows on the side of the table. 5. Click Submit. The newly added server now appears in the Domain Name Table.
304
To delete an existing domain name:

1. In the Domain Name table, highlight the line that contains the domain name, in order to select it. 2. Click Delete. You are now prompted to confirm the deletion. 3. Click OK. The server is now removed from the Domain Name Table.
To add a static host:

1. In the Static Host table, click Add. 2. 3. 4. 5. 6. In the Add Static Host dialog box that opens now, enter the new Host Name. Enter a valid IP address. Click Submit. The newly added server now appears in the Servers Table. To delete an existing static host: In the Static Host table, highlight the line that contains the Static Host name, in order to select it. 7. Click Delete. You are now prompted to confirm the deletion. 8. Click OK. The server is now removed from the Static Host Table.
Dial-on-Demand
Di al- o n -D em a nd
305
You can deploy the Accelerator in environments that have routers with dial-up (dialon-demand) interfaces. These interfaces initiate a call (dial to) the remote end (typically over ISDN or Satellite links) when interesting traffic is being sent. After a specific quiet period, the link goes down again until new interesting traffic is sent. Link establishment of the dial-up interfaces and connectivity time can be fairly expensive. Therefore you may sometimes want to keep the link down until new interesting traffic is forwarded via the link. The Accelerator poses a problem in these environments as it uses a keep-alive mechanism to check the health of the link between the remote sites. By default, the keep alive messages are considered interesting and will keep the dial-up link alive (and costly). The dial-on-demand solution enables the Accelerator to support dial-on-demand environments by not sending keepalive messages. i Note: Both peers must configure the link in dialup mode with the same time out.
Note: The ExpandView agent must be disabled
Note: Connecting to a link by using its HSRP address will not work.
306
Chapter 10: Resiliency and Redundancy

This chapter explains how to get added resiliency and redundancy with the use of one or more Accelerators. The features documented in this chapter are hardware specific and the Accelerator you purchased may or may not feature all of these benefits. Where noted the feature is model specific. If you want to change your Accelerator model to be able to use these features, contact your account representative. The topics in this chapter include: RAID, on page 308 Multi-Port Support, on page 311 Router Redundancy Protocols, on page 315
308
C h ap t er 10: Resiliency and Redundancy
RAID
Topics in this section include: About RAID, on page 308 RAID Support in Accelerators' Hard Drives, on page 308
About RAID
RAID (redundant array of independent disks) is a way of storing the same data in different places (thus, redundantly) on multiple hard disks. By placing data on multiple disks, I/O (input/output) operations can overlap in a balanced way, improving performance. Since multiple disks increases the mean time between failures (MTBF), storing data redundantly also increases fault tolerance. A RAID appears to the operating system to be a single logical hard disk. RAID employs the technique of disk striping, which involves partitioning each drive's storage space into units ranging from a sector (512 bytes) up to several megabytes. The stripes of all the disks are interleaved and addressed in order. In a single-user system where large records, such as medical or other scientific images, are stored, the stripes are typically set up to be small (perhaps 512 bytes) so that a single record spans all disks and can be accessed quickly by reading all disks at the same time. In a multi-user system, better performance requires establishing a stripe wide enough to hold the typical or maximum size record. This allows overlapped disk I/O across drives.
RAID Support in Accelerators' Hard Drives

There are at least nine types of RAID plus a non-redundant array (RAID-0). Accelerator models 79xx feature RAID-5 support with hot-swappable disk drives. Accelerator model 6950 uses RAID-1 support and the drives are not hotswappable. The two RAID types supported with current Accelerator equipment includes: RAID-1 Mirrored set without parity, on page 309 RAID-5 Striped set with distributed parity, on page 309
R AI D
309
RAID-1 Mirrored set without parity

Provides fault tolerance from disk errors and failure of all but one of the drives. Increased read performance occurs when using a multi-threaded operating system that supports split seeks, very small performance reduction when writing. Array continues to operate so long as at least one drive is functioning. RAID-1 is sometimes called duplexing, disk shadowing, real-time copy, or t1 copy.
Figure 1: RAID-1
RAID-5 Striped set with distributed parity

Distributed parity requires all drives but one to be present to operate; drive failure requires replacement, but the array is not destroyed by a single drive failure. In fact, the drive failure is masked from the end user and all data is read from the subsequent drives. Keep in mind however that the array will have data loss in the event of a second drive failure and the data is vulnerable until the data that was on the failed drive is rebuilt onto a replacement drive.
310
Figure 2:RAID-5
Using the CLI, you can view the list of disk drives, the disk status, and remove faulty disks. To get the CLI commands for these options, click on one of the following links: (RAID) (RAID) (RAID) (RAID) add-disk, on page 614 remove-disk, on page 615 show, on page 616 exit, on page 615
Multi-Port Support
M u lt i- P o r t S u p p or t
311
Specific Accelerator models (6850, 6950, 7930, and 7940) feature ports that are designed with optical or copper fail-to-wire circuitry in order to provide maximum up time for the network. This feature is particularly useful in the event of a host system failure, power off, or upon software request. In such instances, a crossed connection loop-back is created between the Ethernet ports and traffic is not affected. Hence, in by-pass mode all packets received from one port are transmitted to the other port and vice versa. This feature enables the ports to by-pass a failed system and provides maximum up time for the entire network.
Figure 3: Multi-Port Accelerator in a Network
Using a multi-port design in your network topology allows you to create more redundancy in networks that are configured in an On-Path deployment scenario (as shown above). In the case of an Accelerator failure, power off, or software requested by-pass, the ports will re-route the traffic as shown.
312
Figure 4: Accelerator Failure in Multi-port Scenario
In addition, you can create groups or specify a maintenance/management link. Using the CLI, you can manually set one pair or all port pairs to by-pass mode. The by-pass status is reflected in the LED next to the port pair. Green indicates that by-Pass is disabled. Red indicates by-pass is enabled.
M u lt i- P o r t S u p p or t
313
Figure 5: LED Locations
Accelerator models 6850, 6950, 7930 and 7940 have port pairs. In the 6x50, the port number is the numerator (the top of the fraction) and you should make sure to use both ports from the same pair. For example, ETH0/0 and ETH0/1 are pairs. The port pairs are shown in below:
Theseportsarea pair
Theseportsarea pair
314
Figure 6: Port Pairs
Your Accelerator may not be configured with these ports. In the 7930 and 7940, the ports not labeled. The ports may be a pair or set of 2 pairs depending on which card you ordered. In the case of a 4 port pair the first two are a pair and the second two are a pair.
These ports are a pair These ports are a pair
Figure 7: Port Pairs
See the table below for links to more specific information:

For information on
Installing a multi-port Accelerator Getting information on, or selecting a specificAccelerator interface Enabling NetFlow on a specific Accelerator interface Receiving a statistic detailing the data displayed on the monitoring graphs per a specific Accelerator interface Enabling AccDump on a specific Accelerator interface Initiating by-pass
Go to
Connecting and Configuring Multi-Port Accelerators, on page 14 Handling Interfaces, on page 295 Enabling NetFlow, on page 72 Configuring the Ethernet Statistics Display Fields, on page 69 Accdump, on page 377 Working with By-pass Mode, on page 16 and in the CLI, By-pass Mode Commands, on page 762.
Router Redundancy Protocols
R o ut e r R ed u nd a nc y Pro to c ol s
315
Hot Standby Router Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP) are router redundancy protocols that provide network resilience for IP networks, ensuring that user traffic immediately and transparently recovers from first-hop failures in network edge devices or access circuits. In HSRP and VRRP, multiple network devices can act in concert to present the illusion of a single virtual router to the hosts on the LAN, by sharing an IP address (known as a Virtual IP Address or VIP) and a MAC address. HSRP is a Router Protocol developed by Cisco (RFC 2281), while VRRP is the IETF standard for redundancy protocols (RFC 2338). The main differences between the two are that HSRP requires you to dedicate an extra IP address as a virtual IP address for the group, while VRRP takes up less network overhead by letting you use the IP address of one of the devices already in the group, or set a dedicated VIP. In HSRP the devices are all configured with a priority status within the group. In general, the device with the highest priority is naturally the Active device; the device with the next-highest priority is the Standby device that takes over in the event of Active device failure or unavailability. Dominant devices in the virtual HSRP group continually exchange status messages, enabling one device to assume the routing responsibility of another, should it stop operating for either planned or unplanned reasons. If the Active device fails, the Standby device assumes the packet-forwarding duties of the Active device. If the Standby device fails or becomes the Active device, another device is selected as the Standby device.
VRRP works in much the same way. In general, the Master device is configured to have the highest priority and is active in the group. It acquires the Virtual IP address of the group, but does not have management functionality of the Virtual IP, only the transfer capabilities. The Backup devices perform the standby function. The VRRP can include many backup devices, and this protocol does not support knowing, at any given time, which backup device takes over in the event of failure. Hosts continue to forward IP packets to a consistent IP and MAC address, and the changeover of devices is transparent. The recovery time of the VRRP is about three
316
times faster than HSRP (the HSRP default is 10 seconds instead of 3 seconds in VRRP).
Figure 8: VRRP Group
Accelerators can take part in HSRP and VRRP and work in tandem with the routers that provide backup for the network. The following figures display an Accelerator application working with routers in a virtual HSRP and VRRP group. The Accelerator and routers are configured with the MAC address and the IP network address of the virtual HSRP/VRRP group. The Accelerator is configured to have the highest priority and work as the Active/ Master device. It is configured with the IP address and MAC address of the virtual router and forwards any packets addressed to the virtual router. In HSRP, one of the routers acts as the Standby router, so that if, due to severe power failure or any other unlikely event, the Accelerator stops transferring packets, the router protocol gets into effect and the router assumes the duties of the Accelerator and becomes the Active device. In VRRP, both routers are configured as backup routers. Therefore, if due to severe power failure or any other unlikely event the Accelerator stops transferring packets, one of the backup routers assumes the duties of the Accelerator.
HSRP
The AcceleratorOS lets you set up HSRP groups, either manually or by automatic detection. The following sections describe the options for configuring HSRP groups. Enabling HSRP Automatic Detection, on page 317 Setting Manual HSRP Configuration, on page 318 (config) HSRP autodetect, on page 641
317
(config) HSRP, on page 640
Enabling HSRP Automatic Detection

The Accelerator can auto-detect HSRP groups on its networks and add them to its Group Table. When the groups are added, by default the Accelerator does not join the groups. i Note: If you have a network with multiple Accelerators, you must enable the same HSRP services on every appliance. Note: IPSec uses the primary IP address of the Accelerator to create the IPSec tunnel. If you use a protocol that uses an IP address other than the primary (as is done in virtual IP addresses) the traffic sent out will be dropped. Therefore it is not recommended to use IPsec in conjunction with features that use virtual IP addresses (as in HSRP and VRRP).
Figure 9: HSRP screen
To automatically detect all HSRP groups:

1. Click the following menu sequence: Setup > Networking > HSRP. 2. In the HSRP screen, select the Auto Detect checkbox. The HSRP table automatically fills up with the details of the HSRP groups detected on the network. 3. While the Accelerator adds these groups, by default its status in the groups is Not Joined. 4. To Join the HSRP group or to modify other HSRP parameters, highlight the HSRP group in the table and click the Edit button.
318
Setting Manual HSRP Configuration

If the Automatic detection does not find an HSRP group, or if you want to manually add or edit an HSRP group, you can modify the parameters as follows.
To manually modify the HSRP configuration:

1. Click the Setup tab, followed by Networking, and then HSRP. 2. In the HSRP menu, enter the Group ID number (0 - 255), the Virtual IP address, the Priority (0 - 255), the Virtual MAC address and the status of the Accelerator in the group (whether the Joined option is Disabled or Enabled). 3. Click Add. The HSRP group immediately appears in the HSRP table. 4. To modify the information, highlight the row in the HSRP table and click the Edit button to modify the following parameters: i Note: If you have a network with multiple Accelerators, you must enable the same HSRP services on every appliance.
Description
You must enter a group number, even if the target group is group 0 All devices in the HSRP group must have the same Virtual IP address. Adding a virtual IP address of 0.0.0.0 puts the group into Learn mode, in which the selected group tries to learn the IP address from the network. Setting the Accelerators priority lets you select its status in the HSRP group. If two devices in the HSRP group have the same priority, the Active router is set according to IP address. Expand does not recommend this setup. All devices in the HSRP group must have the same Virtual MAC address. Enable or Disable the Accelerators status in the group. Joining the group enables the Accelerator to function as any other router in the HSRP group. If Authentication is enabled in the HSRP group, the Authentication command lets you set the authentication password to communicate with the routers in the group. The default setting for the authentication command is cisco. If you change the default authentication setting, verify that all other devices in the HSRP group have the same authentication setting. Gives the Accelerator the highest priority in the HSRP group at all times. When this setting is enabled, Preempt is also enabled automatically. Force Priority is done per group and enables the Accelerator to hold the highest priority of the selected group. Once the Accelerator is set to have the highest priority, it becomes the active router in the HSRP group.
Parameter Item
Group ID Virtual IP Address
Priority
Virtual MAC Address Joined Authentication
Force Priority
319
Parameter Item
Preempt
Description
Used for determining how to react when a higher priority router joins the group. When enabled, the higher priority router prevails; when disabled, the higher priority router assumes the Standby mode until the current Active router experiences a failure. Setting the Accelerator to enable preempt is useful when you want the Accelerator to remain active as much as possible. On the other hand, the change-over between one device and another can take two to three seconds, during which the network has no default gateway, so you have to use preempt carefully. Set the packet rate between the devices in the HSRP group. Hello time is the interval between Hello messages (an exchange of HSRP priority and state information) and the Hold Time is the interval between a receipt of a Hello message and the presumption that the sending router/Accelerator has failed. You are advised not to change the default timer setting: 3 seconds Hello Time and 10 seconds Hold Time. These definitions comply with the recommended settings of having the Hold Time length more than three times the length of the Hello Time. Decreasing timer-default rates shortens the time that the network has without a default gateway during Active router changeover, but increases the protocol bandwidth overhead and conversely. If the Accelerator is not currently the Active device in the HSRP group, Timer settings are derived from the Active device and any timer configurations that you set in the Accelerator are not saved. All members of the HSRP group must have the same Hello Time and Hold Time. If you change the default parameters, ensure that you update all members of the HSRP group with the new parameters. If the Accelerator is part of a VLAN, operating with HSRP requires updating the VLAN group number (1 to 4094).
Hello and hold timers
HSRP over VLAN
320
VRRP
Unlike HSRP, you cannot configure VRRP automatically and must add it manually.
Figure 10: VRRP Group
To manually modify the VRRP configuration:

1. Click the Setup tab, followed by Networking, and then VRRP. 2. In the VRRP menu, enter the Group ID number (0-255), the Virtual IP address, the Priority (1-254), the preempt status and the timer setting. 3. Click Add. The VRRP group immediately appears in the VRRP table. 4. To modify the information, highlight the row in the VRRP table and click the Edit button to change the following parameters:
Parameter Item
Group ID Virtual IP Priority
Description
You must enter a group number, even if the target group is group 0. Accelerator VRRP does not have a default group number. All devices in the VRRP group must have the same Virtual IP address. Setting the Accelerators priority lets you select its status in the VRRP group. If two devices in the VRRP group have the same priority, the Active router is set according to IP address. Expand does not recommend this setup. Once the Accelerator is set to have the highest priority, it becomes the active router in the VRRP group.
321
Parameter Item
Preempt
Description
Preempt is used for determining how to react when a higher priority router joins the group. When enabled, the higher priority router will prevail, when disabled, the higher priority router will assume the Standby mode until the current Active router experiences a failure. Setting the Accelerator to enable preempt is useful when you want the Accelerator to remain active as much as possible. On the other hand, the change-over between one device and another can take two to three seconds, during which the network has no default gateway, so you have to use preempt carefully. Sets the interval between the Hello messages sent between VRRP group members. All devices in the VRRP group must have the same Timer setting. If for some reason you have to modify this setting, you should modify it for all devices in the group. The default setting is 1. If the Accelerator is part of a VLAN, operating with VRRP requires updating the VLAN group number (1 to 4094).
Timer
VRRP over VLAN
322
Chapter 11: Working with Mobile Accelerators

In the event that ExpandView is not available, you can use the AcceleratorOS WebUI to configure a MACC without using ExpandView. On the PC that has the Mobile Accelerator Client installed, you can edit the XML file that contains the MACC configuration and then import this file to the Mobile Accelerator Client. Additional configurations can be implemented via the AcceleratorOS CLI. Topics in this chapter include: Overview, on page 324 Configuring the Mobile Accelerator Client, on page 326 Monitoring Collective Branch Statistics, on page 330
324
C h ap t er 11: Working with Mobile Accelerators
Overview
If this is your first time working with the Mobile Accelerator Client, a basic understanding of the terminology may prove to be helpful. See the diagram below.
Figure 1: Mobile Network Diagram
In the above network scenario, there is a datacenter, which houses the Accelerators and ExpandView Server. There is a remote office, that has a small group of users. In addition, there are mobile users who enter and exit the network as needed and are not part of the same subnet as the small office. When a Mobile Accelerator (MACC) connects to the network, it will connect first with ExpandView. It will receive from ExpandView its configuration settings and will also be associated with the appropriate Accelerator in the Datacenter. This configuration setting can either be a Default configuration, a Unique User configuration, or a Collective Branch configuration as dictated below: Collective Branch refers to the group of MACCs that are a members of the same subnet as a defined remote branch (Collective Branch). Members of the Collective Branch will adhere to the same QoS rules and configuration settings as dictated in the Collective Branch templates.
Ove rvi ew
325
Mobile User refers to a MACC that registers with ExpandView using the Default Configuration setting. This user connects to the network in a subnet that is not part of the Collective Branch and will by default, be associated to the Default Associated Set. Unique Mobile User refers to a MACC that registers with ExpandView using a unique user-defined setting. Associated Set refers to a group of Accelerators to which the Mobile Accelerator Client will connect. Currently, only one Accelerator is supported in an Associated Set. Default Associated Set refers to the Associated Set which all Mobile Users that are not pre-registered will connect to using the Default Configuration settings from ExpandView. Only one Accelerator in the network can be set as the Default Associated Set.
326
Configuring the Mobile Accelerator Client

The following configurations are available with the WebUI: Viewing the Collective Branches, on page 326 Creating a Collective Branch, on page 327 Creating a Collective Branch Template, on page 328 Creating Mobile Accelerator Link Templates, on page 329
Viewing the Collective Branches

The My Collective Branches Table lists all collective branches that are known by the Accelerator.
To view the collective branches

1. In the AcceleratorOS WebUI, select Setup, followed by My Collective Branches. 2. The Collective Branch Table displays the following information: IDthis is the ID number for the Collective Branch. Clicking on this number allows you to edit the branch parameters. Collective Branch Namethis is the name that was assigned to the Collective Branch. Destination Subnetthis is the subnet to which the collective branch belongs. Bandwidth out and Inthese parameters are set when the Collective branch is created. Concurrent MACC Connectionsthis is the number of Mobile Accelerators currently connected within this Subnet. 3. To add a collective branch to the table, see Creating a Collective Branch, on page 327. To delete a Collective Branch, select the branch you want to delete (make sure the whole table line is highlighted in yellow), and click Delete.
Co n f ig u r in g t he M ob il e Ac ce ler a t or Cl ie nt
327
Creating a Collective Branch

Extreme care should be used in creating Collective Branches without ExpandView, as this can cause an asynchronous configuration settings.
To add a collective branch:

1. In the AcceleratorOS WebUI, select Setup, followed by My Collective Branches. 2. Click Add. 3. In the Collective Branch Name field, give the collective branch a name, using no spaces. 4. In the IP address field, enter the Mobile Accelerators Subnets IP address. Note that once defined, all Mobile Accelerators within this subnet are automatically assigned to the Collective Branch. 5. In the Subnet Mask field, enter the subnet mask of the subnet 6. Optionally, you can select the Inward and Outward bandwidth for the collective branch. Inward is from the WAN and Outward is to the WAN. Note that this is optional and should not be set unless required. 7. In the WAN field, use the drop-down menu to select the default WAN. 8. In the POAA (Post Acceleration Aggregation) section configure the dPOAA (distributed POAA) Parameters. See note below. Note: A note about distributed POAA: In order to help links that are subject to congestion, you can implement POAA (or Post Acceleration Aggregation) parameters. Unlike standard POAA, where packets are aggregated and sent to one Accelerator, distributed POAA, combines the packets meant for multiple MACCs within the Collective Branch and sends them as one large packet to the first MACC whose destination is received by the Accelerator. The MACC that receives the packet will deliver the smaller packets to the other recipients over the LAN. This allows the bandwidth to be maximized and doesn't congest the pipe with smaller packets and lots of ACK replies. 9. To delete the Collective Branch, go to the My Collective Branches screen, select the Collective Branch from the table and click Delete. 10. To edit a Collective Branch, go to the My Collective Branches screen, select the ID number from the ID row in the table and click Edit.
328
Creating a Collective Branch Template

This template sets the parameters for the link between the Accelerator and the Collective Branch. The MACC template and ACC template are different.
To create a collective branch template:

1. In the AcceleratorOS WebUI, select Setup, followed by My Collective Branches. 2. Click the ID number of the collective branch whose template you want to create. 3. Click Collective Branch Template 4. Fill in the parameters as described in the table:
Parameter Name
Parameters Section Link Name Remote Name Collective Branch name Source IP Destination IP MTU Metric Fragmentation Acceleration Section Tunneling Section TCP Acceleration Section Advanced TCP Acceleration Section Post Acceleration Aggregation Section Bandwidth Adjustment Section Give a name for the Link. Spaces are not valid This field cannot be edited. This is the name you set when you created the Collective Branch The Accelerator IP The Subnet the Collective Branch belongs to See Advanced Link Configurations, on page 84 See Advanced Link Configurations, on page 84 See Advanced Link Configurations, on page 84 See Advanced Link Configurations, on page 84 See Advanced Link Configurations, on page 84 See Advanced Link Configurations, on page 84 See Advanced Link Configurations, on page 84 See Advanced Link Configurations, on page 84 See Advanced Link Configurations, on page 84
Description
Co n f ig u r in g t he M ob il e Ac ce ler a t or Cl ie nt
329
Creating Mobile Accelerator Link Templates

The Mobile Accelerator Link template dictates the settings between a MACC and an Associated Set, where the MACC is to receive the default configuration. To create a link template for the link between the MACC and the Collective Branch, see Creating a Collective Branch Template, on page 328. In cases where you have a unique setting, the link to the MACC needs to be created via the CLI. See interface link mobile, on page 680 for instructions. Once the Link is created, it appears in the Links table. Clicking on the link in the Links Table allows you to edit its settings. Make sure the link status is set as Idle before making changes.
To create a Mobile Accelerator Link Template for stand-alone MACCs that will use the default configuration:
1. Select the following menu sequence: Setup > My Links > Link Templates 2. In the Template Type drop-down menu, select MACC. 3. Fill in the parameters as described in the table:
Parameter Name
Parameters Section Link Name Remote Name Collective Branch name Source IP Destination IP MTU Metric Fragmentation Acceleration Section Tunneling Section TCP Acceleration Section Post Acceleration Aggregation Section Bandwidth Adjustment Section Give a name for the Link. Spaces are not valid This field cannot be edited. This is the name you set when you created the Collective Branch The Accelerator IP The Subnet the Collective Branch belongs to See Advanced Link Configurations, on page 84 See Advanced Link Configurations, on page 84 See Advanced Link Configurations, on page 84 See Advanced Link Configurations, on page 84 See Advanced Link Configurations, on page 84 See Advanced Link Configurations, on page 84 See Advanced Link Configurations, on page 84 See Advanced Link Configurations, on page 84
Description
330
Monitoring Collective Branch Statistics

Using the Monitor tab, you can view different statistical graphs for the Collective Branch in the same manner as Links and Applications. Topics in this section include: Viewing Viewing Viewing Viewing Viewing Collective Collective Collective Collective Collective Branch Branch Branch Branch Branch Throughput Statistics, on page 330 Utilization Statistics, on page 330 Acceleration Statistics, on page 331 Compression Statistics, on page 331 Statistics, on page 332
Viewing Collective Branch Throughput Statistics

The Throughput Statistics graph lets you monitor how much traffic passed though the Collective Branch. This graph lets you compare between accelerated throughput, (what actually goes over your WAN link) and the pre-accelerated throughput, which is the throughput that would have been used without the Accelerators compression mechanisms. The blue area represents the actual bandwidth used with the Accelerator, while the yellow represents the amount of bandwidth that would have been used without the Accelerator.
Viewing Collective Branch Utilization Statistics

The Utilization Statistics graph lets you monitor how much of the Collective Branch is being utilized. The traffic displayed is accelerated traffic, and therefore cannot exceed 100% of the link speed. Selecting the link speed is necessary in order for the Utilization graph to display accurate data.
M o ni to ri ng Co ll ec ti ve Br an ch Sta ti st ic s
331
Viewing Collective Branch Acceleration Statistics

The Acceleration Statistics graph lets you view acceleration percentages for inbound and outbound traffic on the Collective Branch per interface/link or for the total for the Collective Branch.
Viewing Collective Branch Compression Statistics

The Compression Statistics graph displays the amount by which traffic was reduced by the Collective Branch. This graph represents in percents, how much less data is passing over the physical link because of acceleration.
332
Viewing Collective Branch Statistics

The Accelerators Statistics table displays data presented in the Link graphs in table format per link or for the entire traffic.
To view a statistics table:

1. Click the following menu sequence: Monitor > Collective Branches > Statistics. 2. Select a Collective Branch from the Collective Branch drop-down menu. 3. From the drop-down menu, select the statistics to be displayed: All, Throughput, Errors, or Acceleration. For a description of the information that is displayed in the table, see the following table below: All statistic items are displayed according to: DataLists type of statistic gathered. System upData transferred over the link selected that was collected since the Accelerator was powered on. Data is listed in KB, in percentages, or in number of packets. Since ClearData transferred over the link selected that was collected since the Accelerators counters were last cleared. Data is listed in KB, in percentages, or in number of packets. Last 5 SecondsData transferred over the link selected that was collected over the last 5 seconds. Data is listed in Kbps or in percentages.
Parameter Item Bytes Information
In Bytes Out Bytes Raw In Bytes Raw Out Bytes Exceeded License Bytes Number of input bytes Number of outgoing bytes Total incoming bytes being accelerated using this link Total outgoing bytes being accelerated using this link Number of bytes that are not optimized because the bandwidth limit as set by the AcceleratorOS license is exceeded
Description
Packets
In Packets Out Packets Number of input packets Number of outgoing packets
Packets
Discarded In Packets Incoming packets that were discarded by a rule with discard policy
M o ni to ri ng Co ll ec ti ve Br an ch Sta ti st ic s
333
Parameter Item
Discarded Out Packets Dropped In Packets Dropped Out Packets Dropped Out IPsec Packets Traffic-Gauge Packets
Description
Outgoing Packets that were discarded by a rule with discard policy Incoming packets that were dropped by QoS enforcements, such as queues and obsolete Outgoing Packets that were dropped by QoS enforcements, such as queues and obsolete Outgoing Packets that were dropped by QoS enforcements, such as queues and obsolete on a secure link. Outgoing Packets that were not optimized due to being sent through the Traffic-Gauge mechanism in order to enhance performance Number of small packets aggregated, or combined, after transmission Number of small packets aggregated, or combined, before transmission Incoming packets that were aggregated as part of the default postacceleration aggregation policy. Outgoing Packets that were aggregated as part of the default postacceleration aggregation policy Incoming Packets that were aggregated as part of the user defined-1 post-acceleration aggregation policy. Outgoing Packets that were aggregated as part of the user defined-1 post-acceleration aggregation policy. Incoming Packets that were aggregated as part of the user defined-2 post-acceleration aggregation policy. Outgoing Packets that were aggregated as part of the user defined-2 post-acceleration aggregation policy Incoming Packets that were aggregated as part of the Thin Client post-acceleration aggregation policy Outgoing Packets that were aggregated as part of the Thin Client post-acceleration aggregation policy Number of packets sent out marked as Do not Accelerate. Number of packets sent out marked not to be routed into the link. Number of packets that are not optimized because the bandwidth limit as set by the AcceleratorOS license is exceeded
Poly In Packets Poly Out Packets Agg Default In Packets Agg Default Out Packets Agg User-Defined 1 In Packets Agg User-Defined 1 Out Packets Agg User-Defined 2 In Packets Agg User-Defined 2 Out Packets Agg Thin Client In Packets Agg Thin Client Out Packets Do Not Acc Packets Do Not Tunnel Packets Exceeded License Packets
Errors
CRC Errors Other Errors Number of CRC-errored packets received Unexpected errors received
Errors Acceleration
In Acceleration Out Acceleration Inbound Acceleration percentage Outbound Acceleration percentage
334
Parameter Item
In Actual Acceleration Out Actual Acceleration In Compression Out Compression
Description
Acceleration that considers all incoming throughput Acceleration that considers all outgoing throughput Inbound compression percentage Outbound compression percentage
To clear all of the statistics counters:
Note: This will clear all of the statistics counters, so make sure you want to do this before proceeding. 1. Click the Clear Counters button. 2. Click Yes when prompted.
Chapter 12: Security

This chapter describes the various methods for ensuring security within the Accelerator. This chapter includes the following sections: Studying the AcceleratorOS AAA, on page 336 Configuring AAA, on page 338 Auditing Administration Activities, on page 343 Locking and Unlocking the Keypad, on page 344
336
C h ap t er 12: Security
Studying the AcceleratorOS AAA

The Accelerator lets you manage access by means of Authentication, Authorization, and Accounting (sometimes called Auditing), also known as AAA. The Accelerator, normally installed in enterprises, government and military organizations, requires strict security for the networks with which it interacts. Therefore, the Accelerators AAA enables the system to be secured. AuthenticationValidates users' identity in advance of granting login. The Accelerators authentication lets you define the users and set the location in which passwords are stored. Each user must be defined locally in the Accelerator as well as in remote AAA servers. AuthorizationLets users access networks and commands. The Accelerators authorization lets you define the users and their roles. AccountingTracks usage patterns of individual users, service, host, time of day, day of week, and so on. The Accelerators accounting lets you receive logs detailing who signed in, when, and whether their attempt to access the Accelerator succeeded or failed. To view the log of these events, use the logging > show events command. These events can be sent via email or sent to a Syslog server. The Accelerators AAA functionality includes the Accelerators ability to use remotely accessed user-repositories for authenticating users. This functionality enables controlling different levels of users in the system with different authorities and lists the auditing functions performed for various operations. You can configure the Accelerator to make use of a security server via either the TACACS+ or RADIUS security protocols, or both. Authentication is the part of the system that lets users define how they authenticate to the system, allowing the authentication to be based on external authentication servers. On the authentication side, the new functionality will include per-user settings to control access to the Accelerator as well as passwords quality verification functionality and password aging (to be implemented at a later stage). The Accelerators AAA supports multiple users per Accelerator, allowing end-users to define additional accounts besides the default expand user. AAA includes control over provided management services, and allows limiting access to certain management options available on the Accelerator, as well as control access to the services from a defined set of sources (subnets for ACL).
Stu d yi n g th e A cce le rat o rOS A A A
337
Setting different user roles, allowing different access levels to the system is supported with pre-defined roles available in the system. Definition of new roles is user-configurable. AAA includes auditing of all major operations performed on the Accelerator into log entries saved in the system log files and routable to email message, syslog server and SNMP trap.
338
Configuring AAA
The following Configuration options are available: Configuring Users, on page 338 Viewing the Authentication Servers, on page 340 Defining the Security Settings, on page 342
Configuring Users
Figure 1: Users screen
To add a new Accelerator user:

1. Click on Setup followed by Security. 2. In the Users menu, enter a name for the user in the User Name field. 3. Scroll down in the User Role field to select one of the following:
Administratorcomplete access to the Accelerator and its commands. Only Administrator users can modify AAA settings. Monitoraccess the Accelerators CLI but cannot modify configuration. NetAdmincomplete access to the Accelerator and its commands with the exception of the Security commands and WAFS management screen. WAFS-Administratorcomplete access to WAFS management screen and console, in addition to web acceleration and DNS configuration. 4. If a local password is to be set for this user, select the Enable Local Password checkbox, then enter and confirm a new password for this user. If the checkbox is not checked, only remote authentication servers will be able to authenticate passwords. Passwords must be at least 6 characters in length and cannot be
C o nf i gu ri ng A A A
339
keyboard sequences (qwertyu, 123456), palindromes, or simple recognized dictionary words. i 5. Click the Add button to apply settings. Note: when working with a TACACS server, you must add each user name into the Accelerator.
To modify an Accelerator user:

1. Click on Setup followed by Security. 2. In the Users menu, click on the name of the user in the Users Table, or alternatively, click in the row in the table, make sure the user whose information you want to change is highlighted, and click Edit. 3. Modify details as needed. (see section above for help on the fields) 4. Click the Submit button to apply settings.
Deleting Users
To delete an Accelerator user:
1. Click on Setup followed by Security. 2. In the Users menu, highlight the line in the Users Table that includes the name of the user to be deleted. Click the Delete button. 3. Click the Submit button to apply settings.
340
Viewing the Authentication Servers

The Authentication screen lets you set Authentication Servers (Radius, TACACS+ and Local) and manage these servers and their preference order in the Accelerator.
To view the authentication servers:

1. Click the following menu sequence: Setup > Security > Authentication. 2. The Authentication Servers table displays all configured authentication servers.
Figure 2: Authentication Preferences screen
To delete an authentication server:

Click on a server name in the table and click Delete.
To edit the settings for a specified authentication server:

Click on a server name in the table and click Edit. The parameters that you can edit are the same as those you filled out in Adding a New Authentication Server, on page 340.
Adding a New Authentication Server

To add a new authentication server:
1. Click the following sequence: Setup > Security > Authentication. 2. In the Authentication menu, click the Add button above the Authentication Servers Table.
C o nf i gu ri ng A A A
341
Note: If you select Radius or TACACS+ as the Server Authentication Method, you will need to add all of the users you wish to allow access to the Accelerator on the Local Accelerator. Though the users credentials exist on the Authentication Server, as all users must have local identification in order to be authenticated. See Configuring Users, on page 338, for information on adding new users. 3. In the Add New Authentication Server dialog box, enter the following information:
Name
Server Name Server Type IP Address Server Port Server Order Encryption Key Server Time out
Description
The name of the server you want to add. The server type (Radius or Tacacs). The new servers IP address. The servers port. Defines whether the server is the first, second or third to be addressed. The servers encryption key Time period after which the connection times out.
4. Click Submit.
Setting the Authentication Method

The authentication method lets you define which servers are to be checked. If more than one authentication type is used, select the server types in the order in which they are to be authenticated.
To set the authentication method:

1. Click on Setup followed by Security.
Figure 3: Authentication Method
342
In the Authentication menu, scroll down in the 1 field to set the first level of Authentication. In the 2 field set the second level of Authentication and so on. It is recommended that the first level be set to Local. 2. Click the Submit button.
Defining the Security Settings

The Settings screen lets you define security settings, such as which access methods to use when connecting to the Accelerator and the maximum failed login attempts before an account would be disabled. By default, all transport types are set to Enabled, except for FTP and TFTP, which are set to Disabled.
Figure 4: Security Settings screen
To define security settings:

1. Click Setup followed by Security. 2. In the Settings menu, select the checkboxes of the types of access methods allowed for connecting to the Accelerator. 3. Click the Submit button to apply settings.
Auditing Administration Activities
Au d it in g A dm in i st r at io n A ct iv it ie s
343
The Audit screen lets you select which administration activities to audit (for example: changing the configuration, creating links and adding users.)
Figure 5: Audit screen
To select which activities to audit:

1. Click the Setup tab, followed by Security, and then Audit. 2. In the Accelerators audit table, select or deselect the boxes that refer to the activities you want to audit or to stop auditing. 3. Click Submit.
344
Locking and Unlocking the Keypad

The LCD keypad on the front panel of the Accelerator (if included) can be locked. To set the lock key combination sequence, see section Installing the Accelerator, on page 13.
Figure 6: Keypad Settings screen
To lock/unlock the keypad via the WebUI:

1. Click the following sequence: Setup > Security > Keypad. 2. In the Keypad status drop-down menu select one of the following: Lockedimmediately locks the LCD Auto-Lockedautomatically locks the LCD when not in use Unlockedkeeps the LCD unlocked 3. Click the Submit button.
Setting the Keypad Lock Definitions

Selecting the Auto-Locked value for the keypad lets you set the number of times after which the keypad will automatically lock, as well as the key sequence to be entered for unlocking the keypad once it is locked.
To set the auto-lock timer:

1. In the Keypad screen, enter a number (in seconds) into the auto-lock timer field. 2. Click the Submit button.
Lo c kin g a n d Un lo c kin g t h e Ke ypad
345
To set an unlock sequence:

The unlock sequence sets a the sequence of keypad buttons that must be pressed in order to unlock the LCD. The default is as follows: Up arrow, Down arrow, Right arrow, Left arrow, Enter button. The unlock sequence set should be a combination of the buttons, in any order, up to five depressions.
Figure 7: Unlocking the Keypad
1. In the Keypad screen, in the Unlock Sequence fields, scroll down in the fields to select the button to be pressed in the order intended. 2. Click the Submit button.
Defining Other LCD Settings

Turning By-pass On
Locking the Keypad
You can lock the Accelerators keypad via the LCD, the WebUI or the CLI. To unlock the keypad, enter the unlock sequence. The default unlock sequence is Right button, Left button, Up button, Down button, Enter. You can modify the lock sequence via the WebUI as described in section Locking and Unlocking the
346
Keypad, on page 344, or via the CLI, as described in section (config) lcd lock, on page 755.
Product ID
Management IP
Management Mask
Chapter 13: Troubleshooting

This chapter describes troubleshooting procedures for the Accelerator and explains Accelerator alerts and events, as follows: Carrying out the Troubleshooting Procedure, on page 348 Password Issues, on page 349 Checking the Event Log, on page 352 Displaying Information for Troubleshooting, on page 355 Checking the Link Status, on page 356 Checking Ethernet Settings, on page 357 Checking Lack of Acceleration, on page 360 Checking Link Malfunction, on page 361 Checking for a Corrupted Terminal, on page 362
348
C h ap t er 13: Troubleshooting
Carrying out the Troubleshooting Procedure

If there is a problem with your Accelerator, try using the following steps to help diagnose the source of the problem: Check the Event log Check the topology and host settings - is the default gateway set correctly? What is being affected? All the links? Particular links? Use Tools to find the source of the problem Put the local Accelerator and then the remote Accelerator into by-pass mode
Password Issues
Topics in this section include: Resetting the Password, on page 349 Choosing a Legal Password, on page 349
P as sw o r d I ss ue s
349
Resetting the Password

If you forget your password, you can use the reset command from the login prompt instead of the password. This command deletes all passwords and configurations and resets all of the Accelerators settings, including the devices passwords, to their default values. You will need to re-configure all links, acceleration and QoS settings. After resetting, you can use the default login (expand) and password (Expand) to log in and reconfigure the Accelerator.
T r yi ng 17 2. 1 6. 3 1. 12 (P OR T :2 3 ). .. C o nn ec t ed t o 1 7 2. 16 . 31 .1 2 .. . A c ce le r at or O S, Ac ce l er at o r 6 80 0 S er ie s V e rs io n 7 .0 . 1 ( Bu il d 3. 53 ) l o gi n: re se t
Note: You must connect to the Accelerator you want to reset using a Console connection.
Choosing a Legal Password

Your Accelerator is supplied with a default password and you need to change it once you enter the Setup Wizard. A password is variable in length and may contain one, some, or, all of the following character types: Upper case letters Lower case letters Numerals Symbols
350
Password Strength
A password that is strong enough is considered to be valid. A strong password has the following: At least 6 characters if in mixed character types At least 8 characters if in the same character type Is not composed of a dictionary word (meaning a string of letters that can be recognized as an English word) or a reverse dictionary word (in either mixed case or with letters separated by other characters) Is not a keyboard sequence Is not a numerical sequence Is not a palindrome Is not considered to be too simplistic or too systematic There are no maximum limits for character length, but it is not advised to make the password too long, which increases the possibility of a typographical error.
Examples of Good and Bad Passwords

For examples see the following table:
Password Choice
dfghkeg dfghke9 AeFgL9 31415926 1122332211 Network Admin223 Li!tt!le Qwerty Zaq1xsw2cde3vfr4 5rtgvb q1w2bghn975lhkp o5tgx45tym4sj0 Li!tfeL
Good/Bad
Bad Good Good Good Bad Bad Good Bad Bad Bad Good
Comments
characters in all the same character type. This password is too short if it is to be of the same character type 7 characters, but it is combined of two character types Only 6 characters but it has 3 character types 8 characters in length meets the minimum for a single character type password Although this password is appropriate in length, it is a palindrome. Although it is appropriate in length and is mixed case, it is a dictionary word. Contains mixed text of appropriate length. Contains a dictionary word Contains keyboard sequence Too simplistic and too sequential Meets minimum length, is complex, and does not contain any dictionary words or palindromes. Contains a reverse dictionary word (Left)
Pas sw o rd I ss ue s
351
Additional Notes About Passwords

If Authentication is applied via TACACS or RADIUS, those individuals attempting login whose IDs exist within the authentication server will be required to use the passwords associated with that authentication server. If the ID does not exist within the authentication server, the login request will be forwarded to the next identified authentication method (local if set) and they will be authenticated to that database. Password changes to the Expand administrative account also affect access to the kernel when using the start-shell command, but do NOT impact the password associated with root access within WAFS. Password changes to the root password appear to impact the root access in both kernels. Maximum length for a WAFS password is 15 characters.
352
Checking the Event Log

The first thing to do when you encounter problems with Accelerator performance is to check the Event log for any unusual errors. The following logging levels are supported: For Informational messages, see Checking Info Events, on page 352. To check if Warning conditions exist, see Checking Warning Events, on page 352. If you think Error conditions exist, see Checking Error Events, on page 352. If you think you have Unit failure, see Checking Fatal Events, on page 353. These levels are related to the severity levels used by email and broadcast functions. When used with these, the user can define the minimum and maximum event logging (range) that will be emailed or broadcasted.
Checking Info Events

Info events notify regarding status changes that occur in the normal operation of the system, for example:
06-Jun-07 10:38:41 <INFO> #1 Add QoS global rule, rule id=1, direction outbound
Checking Warning Events

Warning events identify issues or configuration errors within the Accelerator. The system continues to run, but action may be required to return the Accelerator to normal operating standards, for example:
06-Jun-07 10:29:07 <WARNING> #1 HSRP Message authentication has failed due t11
Checking Error Events

Error events occur sporadically, but the Accelerator easily recovers from them, for example:
06-Jun-07 10:38:41 <ERROR> #1 Configuration-load: 'Line# 16, Error:Warning
Ch e cki n g th e Ev en t L og
353
Checking Fatal Events

Fatal events are events for which you have to take corrective action in order to return the Accelerator to operation, for example:
06-Jun-07 07:37:59 <fatal> #1 TWDSupervisor.cpp(26) TWDSupervisor:TWDSupervisor Watch Dog: Reboot system due to a failure of client, named: TelnetDaemon.
The Accelerator event log records changes in the state of Accelerator links and changes to configuration, saving them in a list format. In the CLI, use the following commands to view events.
ACC1# show events 06-Jun-07 10:29:07 <WARNING> #1 HSRP Message authentication has failed due t11, 06-Jun-07 10:29:07 <WARNING> #1 _peer.cppLink 222.0.0.1 status changed from acc 29-Jun-07 10:19:19 <INFO> #2 Link ID 1 was Updated 29-Jun-07 10:20:51 <INFO> #1 Subnets for Remote link CP Id 1 changed 29-Jun-07 10:38:41 <INFO> #1 Link 1 was Added 29-Jun-07 10:38:41 <INFO> #1 Add QoS global rule, rule id=1, direction outbound 29-Jun-07 10:38:41 <ERROR> #1 Configuration-load: 'Line# 16, Error:Warning
Studying Log Message Formats

Log messages are displayed in the following format:
TIMESTAMP: <LEVEL of SEVERITY> #OCCURRENCE: Message-text;
Timestamp: Log date and time, in the following format: dd/mmm/ yy hh:mm:ss Level of Severity: Debug, information, warning, error, or fatal. Occurrence: The number of times this log has been recorded. Message-text: Text string containing detailed information about the event being reported. Check the Accelerators system time when viewing any event the Accelerator generates. All events are given a timestamp relative to the Accelerators local time.
354
To view the Accelerator system time:

ACC1#show clock System time is: THU SEP 04 17:37:57 2003 Time zone offset: 0 minutes
Displaying Information for Troubleshooting
D is p lay in g I nf o r m at io n f o r Tro ub le sh o o ti ng
355
The Accelerators Show Tech-Support command lets you aggregate all necessary troubleshooting information in the Accelerator via one simple command - providing a window into the Accelerators inner workings and configuration. See Gathering Statistics for Technical Support, on page 372 for information on gathering and saving information that the technical support team will require prior to opening a case. To create a compressed archived file, see Displaying Statistics in a Compressed, Archived File, on page 355.
Displaying Statistics in a Compressed, Archived File

The statistics displayed by using the method described above is one of the logs that you can concentrate to create one compressed archive file. For details, see section Archiving Log Files, on page 376.
356
Checking the Link Status

The status of the link may point to the source of a problem. An initial probe is used during the Accelerators initial link connection stage. If this probe fails, it attempts to retry until the Accelerator responds. If a link is inactive, a keepalive will be automatically sent to the remote Accelerator. If 10 keepalive packets do not receive a response, the Accelerator assumes that the remote Accelerator is down and the local Accelerator automatically passes the link traffic transparently through to the WAN. ACC1# show interface link summary
-------------------------------------------------------LINK|DEST IP ADDRESS|DESCRIPTION|BANDWIDTH|LINK STATUS ----+---------------+-----------+---------+----------1 | 10.2.0.6 | L-10.2.0.6|15000/N/A |dropped | non-link | 100000/ N/A | virtual non | N/A
---------------------------------------------------------
Link Status states are as follows:

Link
Initialize Inactive Trying to Connect Negotiating Remote Found Accelerating Active
Status
The remote Accelerator is initializing. The remote Accelerator is not active. Link is establishing connection. Link parameters are being negotiated (cache size, and so on). Link is active. Link is active and acceleration is on. Link is active and the link is tunnelling but not accelerating traffic. Active can be either No local license, meaning that the link is inactive because the local Accelerator is not properly licensed; or No remote license, meaning that the remote Accelerator is not properly licensed. Communication has been lost. Internal error occurred during definition of the link in the system. A Virtual link (no far-end Accelerator). Remote Accelerator is not available.
Drop Load Error Virtual Unknown
Checking Ethernet Settings
C h eck in g E t h er n e t S et t in g s
357
Although Ethernet level compatibility is not an issue unique to the Accelerator, it should be considered in all hardware installations. If an Accelerator goes into hardware by-pass, the two devices that are cabled to the Accelerator are directly connected, and any incompatibilities between them may cause problems. Ensure that Ethernet settings are correct.
Figure 1: Ethernet Settings diagram
As a symptom of incorrect Ethernet settings, discarded packets and loss of connectivity may be experienced on the Accelerator. You can check this by using the appropriate show interface ethernet commands, as follows. ACC1# show interface ethernet 0/0? <cr> continuous output ACC1# show interface ethernet 0/0 Description.............................ethernet 0/0 MAC.....................................00:02:B3:C8:4E:9C Hardware type...........................mii Link mode...............................auto (100Mbit-Full) link is up Link detected...........................yes Supports auto-negotiation...............yes Supports link modes.....................10baseT/Half 10baseT/ Full 100baseT/Half 100baseT/Full
358
LAN throughput data

In Bytes In Packets Dropped In Packets Out Bytes Out Packets Dropped Out Packets
System Up
3826461 23240 0 159363519 1723079 0
Since Clear
N/A N/A N/A N/A N/A N/A
Last 30 Secs
N/A N/A N/A N/A N/A N/A
LAN throughput data

In Frame Error In Overruns Dropped In Packets In Total Errors Out Collisions Out Lost Carrier Out Underruns Out Total Errors
System Up
0 0 0 0 0 92 0 92
Since Clear
N/A N/A N/A N/A N/A N/A N/A N/A
Last 30 Secs
N/A N/A N/A N/A N/A N/A N/A N/A
Command Description Parameters Example with Syntax
ACC1#show interface ethernet [0 | 0/0 | 0/1] [continuous]

Lists all ethernet interface configuration and statistics information per interface, 0, 0/ 0 and 0/1. Continuous enables the entire output instead of one screen at a time. Enter the interface port number and continuous if you want the entire output in a scrolling window.
ACC1#show interface ethernet 0 Continuous
Ensure that Speed and Duplex settings are set correctly. Expand recommends using the following command to manually set Speed and Duplex values:
Command
l i nk -m o de 1 0 0M bi t -f u ll 1 0 0 Me g a b it f u ll d u pl e x 1 00 Mb i t- h al f 1 00 M e ga bi t h al f d up l ex 1 0M bi t -f u ll 1 0 M eg a b i t fu l l du p le x 1 0M bi t -h a lf 1 0 M eg a b i t ha l f du p le x a ut o A u to
C h eck in g E t h er n e t S et t in g s Description Parameters Example with Syntax Enters the mode to set Ethernet interface 0 parameters. No additional parameters necessary
359
A CC 1 # c on fi g ur e A CC 1 (c o nf ig ) # in t er f ac e e th er n et 0 A CC 1 (i n te rf a ce )# li n k- mo d e 10 M bi t- h al f
360
Checking Lack of Acceleration

If applications are not being accelerated, often the source of the problem is missing information in the subnets, links and routing tables. Check the following tables to ensure that they contain everything they should: Subnets tablecontains all subnets that are part of the Accelerators network that need to be advertised. Links tablecontains all remote networks that the Accelerator is aware of for Acceleration and QoS, and remote networks that have no Accelerator for QoS only. Local and Remote Subnetsuse the CLI show subnets command to view all local and remote subnets known to the Accelerator. Routing tablemust list all next hops necessary to reach all remote networks. If acceleration percentages are not as expected, it is often due to one or more of the following reasons: Traffic is not associated with the correct link Another link is being used QoS classification (application definition) is wrong QoS rule order is incorrect for the setup Check link utilization - if the link is underutilized, check for greedy applications
Accessing Remote Devices

If all necessary connections have been made, but the Accelerator is still not functioning as expected, use the tools Sending a Ping to the Remote Accelerator, on page 371 and Sending a Traceroute Packet, on page 371 to check routes to remote Accelerators and networks. Can you access a remote device? Can you access the remote Accelerator? Can you access the remote router? From the remote Accelerator, can you ping its router?
Checking Link Malfunction
C he ck in g L in k M a lf un c ti on
361
If the link is not operating as expected, ensure that the Accelerator configuration reflects the hardware and software infrastructure. Some external devices may require that the Accelerator be transparent - consider using RTM encapsulation. Perhaps performance is being affected by misapplied MPLS or load balancing in the network. Consider the following: Is by-pass disabled on the other side of the link? Are the bandwidth settings correct? Is Acceleration enabled on both sides of the link? Is the MTU size set correctly and not larger than the maximum MTU of the link path? Are the correct subnets advertised to the remote site? Is there bandwidth oversubscription on the WAN or on a link? Are packets being dropped on the link? In case there is a firewall in the path, are IPComp and TCP port 1928 open? Is the correct link destination address configured?
362
Checking for a Corrupted Terminal

If the terminal settings become corrupted, exit to the login prompt and log into the Accelerator as the user named 'r' with no password. This will reset the terminal settings and let you log in as expand, as usual. Ensure that the terminal settings on your terminal emulation are correct: 9600 baud; 8 data bits; no parity; 1 stop bit; no flow control.
Checking HSRP Malfunction
Ch e ck in g HS RP Ma lf un c ti on
363
Ensure that you join the HSRP group. In AcceleratorOS 5.0 and above, after HSRP group parameters are updated, the Accelerator must join the group. In the CLI this is accomplished using the join command. Ensure that the correct HSRP group is configured - check the configuration on the other units in the group. Ensure that the correct Priority is configured so the Accelerator does not conflict with the same priority on another unit in the group. Ensure that the correct virtual IP address is configured. If authentication is used, ensure that you use the same password (default cisco)
364
Checking QoS Malfunction

QoS on a non-link: if QoS is not functioning as expected for non-link traffic, it could be due to the definition of the local subnet. If a local subnet is not defined as LOCAL, the Accelerator QoS and monitoring features do not function properly. Ensure that all local subnets are defined as local. Ensure that the bandwidth statements on the links are correct. Check that the policy rules are applied on the correct links. Check that the application definitions are correct.
Chapter 14: Using the Accelerator Tools

The Accelerator Tools let you manage AcceleratorOS upgrade versions, save and replace the Accelerators configuration file and perform tasks such as traceroute and ping. This chapter contains the following sections: Upgrading the AcceleratorOS Software, on page 366 Using the Configuration Tools, on page 368 Using the General Tools, on page 370 Managing User Files, on page 374 Viewing System Information, on page 375 Archiving Log Files, on page 376 Accdump, on page 377
366
C h ap t er 14: Using the Accelerator Tools
Upgrading the AcceleratorOS Software

You can upgrade the AcceleratorOS software by uploading software from a remote server or from the local drive.
To upgrade software:
1. Click on the Tools tab, followed by Upgrade. 2. Scroll down in the Copy method field, to select the way the file will be copied (FTP, TFTP or HTTP). 3. In the fields provided, enter the User Name, Password and IP address of the device from which the files are to be copied. 4. Enter the path to the file, followed by the file name (the file will be a *.tgz file). 5. Click the Submit button to copy the file to the user area. 6. Reboot the Accelerator with the new file name. After rebooting, the Accelerator extracts the file and runs it. 7. Select Locally stored on Accelerator to upgrade to an AcceleratorOS version that is stored locally on the Accelerator, in case of a hard drive-based Accelerator. Alternatively, if your Accelerator uses a Compact Flash card, at least 10 MB of free space is provided on the card for file extraction.
Figure 1: Copy Upgrade Package screen
U pgra di n g the Ac ce le ratorOS S oft wa re
367
Note: If you are running a version of AcceleratorOS previous to 5.0(6), note that two new preconfigured applications were added in this version that may affect user-defined applications on the same ports. If applications have been configured for port of 1928 (saved for the expand-internal application) or 2598 (citrix-ica-sr), rename these applications exactly as in the preconfigured application before performing an upgrade. If an application exists for a list of ports or range of ports that include the specified port numbers (1928 and 2598), remove these ports from the list or range, and create applications expand-internal with port 1928, and citrix-ica-sr with port 2598. Then change the policy-rules to match also this application.
368
Using the Configuration Tools

Changes made to the Accelerators configuration are automatically saved to the Accelerators Running Configuration and are applied until changed or until the Accelerator is shut down. Any changes that you want to remain configured on the Accelerator, even after shutdown, must be saved to the Accelerators Startup Configuration.
Figure 2: Configuration Tools screen
To save a startup configuration:

1. In the WebUI, make any changes to be saved. 2. Scroll down in the Copy method field, to select the way the file is copied (FTP, TFTP or HTTP). i Note: The running configuration is saved as the startup configuration, and therefore all changes made to the Accelerator since its last shutdown are now saved as the startup configuration 3. Click on Tools, followed by Configuration Tools. 4. Click the Write Startup Configuration button.
To erase the startup configuration saved on the Compact Flash Card:

1. Click on Tools, followed by Configuration Tools. 2. Click the Erase Startup Configuration button.
U sin g t h e Co n fi g ur at io n To ol s
369
To export the startup configuration:

Exporting the startup configuration opens a web page dialog that displays the Accelerators startup configuration in CLI command format. You can either save this file for future reference or upload it to other Accelerators. 1. Click on Tools, followed by Configuration Tools. 2. Click the Export Startup Configuration button.
To export the running configuration:

Exporting the running configuration opens a web page dialog that displays the Accelerators running configuration in CLI command format. You can either save this file for future reference or upload it to other Accelerators. 1. Click on Tools, followed by Configuration Tools. 2. Click the Export Running Configuration button.
To import the startup configuration:

Importing the startup configuration opens a web page dialog that lets you browse to select a configuration file to be uploaded to the Accelerator. 1. Click on Tools, followed by Configuration Tools. 2. Click the Import Configuration button.
370
Using the General Tools

General tools are provided to let you use basic networking tools and commands via the Accelerator WebUI.
Figure 3: General Tools
The general tools are as follows: Sending a Ping to the Remote Accelerator, on page 371 Sending a Traceroute Packet, on page 371 Rebooting the Accelerator, on page 372 Gathering Statistics for Technical Support, on page 372
U si n g th e G en e ral To ol s
371
Sending a Ping to the Remote Accelerator

The Accelerator lets you use the WebUI to Ping network devices and remote Accelerators.
To ping a network device:

1. Click Tools followed by General Tools. 2. Under Ping, in the Destination IP Address field, enter the IP address of the device to which the ping is to be sent. 3. In the Packet Size field, enter the size of the ping packets to be sent (default is 64 bytes). 4. In the Number of Times field, enter the number of times to try sending packets to the remote device. 5. Click the Ping button.
Sending a Traceroute Packet

The Accelerator lets you send a traceroute packet to network devices and remote Accelerators from the Accelerator via the WebUI.
To send a traceroute:
1. Click Tools followed by General Tools. 2. Under Traceroute, in the Destination IP Address field, enter the IP address of the device to which the traceroute is to be sent. 3. In the Maximum Number of Hops field, enter the maximum length the packet can travel before arriving at the designated destination (default is 30). 4. Click the Trace Route button.
372
Rebooting the Accelerator

Rebooting the Accelerator does not save changes from the current running configuration to the Startup configuration. The Accelerator reboots using the previously saved Startup configuration, unless other changes were saved. All users logged into this machine will be logged out.
To reboot the Accelerator:

1. Click Tools followed by General Tools. 2. Under Reboot, click the Reboot button. 3. When prompted, click Yes to continue.
Gathering Statistics for Technical Support

In the unlikely event of Accelerator malfunction or error, it may be necessary to gather many statistics for Expand Networks Technical Support. You can use one command to gather all of the necessary information. To create a compressed archived file, see Displaying Statistics in a Compressed, Archived File, on page 355.
To view Accelerator troubleshooting statistics:

1. Click on Tools, followed by General Tools. 2. Click the Show Technical Support button. The Technical Support dialog box appears, it may take a minute to load.
U si n g th e G en e ral To ol s
373
3. Click the Save button to save this data in the requested location, as either a text or an HTML file. 4. Send an E-mail to technical support at TAC@expand.com and attach the file. Alternatively, you can contact customer support in the methods described in Contacting TAC, on page 423. 5. Click the Print button to print the data. 6. Click Close to close the pop-up.
Figure 4: Troubleshooting Information
374
Managing User Files

The User Files screen lets you manage the files that are located in the User Area of your Flash card (or hard drive, for hard drive-based Accelerators). If more space is needed on the Flash card/hard drive, you can use the User Files screen for deleting unneeded files. The date listed for the file is the date when the file was copied.
Figure 5: User Files screen
To remove files from the Flash card or hard drive:

1. Click Tools followed by User Files. 2. Highlight the files to be deleted. 3. Click the Delete button.
Viewing System Information
Vie w in g Sy st em In fo rm a ti on
375
The System Information screen lets you view information regarding several aspects of the system, such as the CPU operating frequency and model name as well as CPU and Memory Utilization Information. To display system information in the Accelerators WebUI, click Tools followed by System Information.
Figure 6: CPU and Memory Information screen
Almost all parameters shown in this screen are for display only and cannot be changed. The only parameter that you can set is Requested Maximum Links.
To set up the requested maximum links:

1. Click Setup followed by My Accelerator. 2. Select the Basic tab. 3. Under Basic, click the Advanced Setting Configuration button. 4. In the Maximum Links section, enter a value in the Requested Max Links field.
376
Archiving Log Files

The log archiving feature lets you concentrate all existing log archives in the Accelerator, to create one compressed archive file. You can create archive files for the following types of logs: AOS Webcache WAFS Statistics
To create an archive log file:

1. Click Tools followed by Archiving.
Figure 7: Archiving Screen
2. Use the Log Archive Prefix field to set the prefix for the log file you want to create (default: acclog). The suffix is predetermined by the system (time stamp). 3. Click the Create Log Archive button to create a new log archive. The newly created log file now appears in the log archive files table. To download one file or more, select these files in the table and click the Download button. To delete one file or more, select these files in the table and click the Delete button.
Accdump
i
Ac cd u mp
377
Note: This feature is only available to Accelerators that are configured with a hard drive. The Accdump feature lets you download and display tcpdump information from the system, namely: to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is connected. You can capture the tcpdump information from various sources, and select whether to receive this information from all these sources or only from a single source. Note that once the Accdump is activated a new file will be created for approximately every 10MB of data. This data is stored in the user area of the Accelerator as a zip file in the following format/location: /user_area/ACCDumpfiles*.zip. See the following for more information: Enabling Accdump, on page 378 Deleting Accdump Files, on page 380 Downloading Accdump Files, on page 380
Figure 8: AccDump screen
378
Enabling Accdump
For more information on Accdump, see Accdump, on page 377. To download an Accdump file, see Downloading Accdump Files, on page 380. To delete an Accdump file, see Deleting Accdump Files, on page 380.
To enable Accdump:
1. Click Tools followed by Accdump. 2. Click on the scroll box near the Accdump field, and select the Enabled option to start the Accdump operation. 3. Under Interface, select whether to enable all interfaces (Any), none available (N/ A) or a particular interface. The Interface drop-down menu shows all detected Accelerator interfaces. Additional ports are shown only for platforms which support multi-port. If optional panels are used, 4 pairs are shown, otherwise 2 pairs. In other words, the UI shows only the amount of available ports, as indicated in the following figure:
Figure 9: AccDump Interface Port Selection
4. Under Number of Files, you can select the Auto option, in which case the default number of files (100) and file size (10MB) is used. Alternatively, select Other and insert your customized values. i Note: The number of files cannot exceed 999, and the maximum size of all files combined must not exceed 1GB. Note too, the files are saved in a cyclic manner.
Ac cd u mp
379
5. If you want to use one or more optional flags, enter these flags in the Optional Flags field. For a detailed description of the optional flags, see TCPDump Optional Flags, on page 425. 6. If you do not want to dump all of the packets (default), you can use the Filter Expression field to intercept only packets that come from a specific source or IP address, are destined to a specific port or IP address, or belong to a specific type. For some examples, see the following table which also uses the TCP optional flags as part of the expression for the filter. The entire flag list is found in the section TCPDump Optional Flags, on page 425:
Filter Expression
-e -v -s 0 tcp port 1928 or tcp port 80
Explanation
For all traffic on port 1928 or all TCP traffic on port 80, produce a report that: -e: includes the link-level header on each dump line. -s0 includes all TCP sequence numbers -v produces (slightly more) verbose output. For example, the time to live, identification, total length and options in an IP packet are printed. Also enables additional packet integrity checks such as verifying the IP and ICMP header checksum. For all traffic between the two hosts (1.2.3.4 and 5.6.7.8) produce a report that: -v produces (slightly more) verbose output. For example, the time to live, identification, total length and options in an IP packet are printed. Also enables additional packet integrity checks such as verifying the IP and ICMP header checksum. For all traffic belonging to network 1.2.3.0/24 produce a report that: -q produces a report that includes less protocol information so that the output lines are shorter.
-v host 1.2.3.4 and host 5.6.7.8
-q net 1.2.3.0 mask 255.255.255.0
7. Use the File Format scroll box to select in which file format the files are to be saved and downloaded to the local host. The available types are Pcap (saves the default format) and Enc (reformats the file). Having set all the requested definitions, you are now ready to enable Accdump and download the tcpdump files. Alternatively, if you want to
380
revert to default values, click the Set Default Values button and confirm this operation. 8. Click the Submit button. 9. Click OK to confirm the operation. To stop the Accdump operation, click on the scroll box near the Accdump field and select the Disabled option. When you enable the Accdump feature again, all existing Accdump files are deleted. 10. if you want to download the Accdump file, see Downloading Accdump Files, on page 380.
Deleting Accdump Files

To delete an Accdump file, select the file in the Accdump table and click Delete.
Downloading Accdump Files

To download Accdump files:
1. In the Accdump Files Table, select the checkbox to highlight the files you want to download. 2. Click the Download button. You are prompted that downloading the Accdump files will delete the existing files. 3. Click OK. The dialog box that appears now requests you to select a location for saving the file. 4. Select the requested location and click Save.
Appendix A: Pre-Defined Applications

The following table lists all applications that are predefined in the Accelerator, their port/protocol number and whether they are monitored by the Accelerator by default.
Automatically Monitored?
No No No No No No No No No No Yes Yes Yes Yes No Yes No No No No No No No No No
Application
tcpmux compressnet-mgmt compressnet echo discard systat daytime qotd msp chargen ftp-data ftp ssh telnet priv-mail smtp nsw-fe msg-icp msg-auth dsp priv-print time rap graphics nicname
Port/Protocol Number
1 2 3 7 9 11 13 17 18 19 20 21 22 23 24 25 27 29 31 33 35 37 38 41 43
382
A p pe n di x A: Pre-Defined Applications
Application (Continued)
ni-ftp auditd tacacs xns-time domain xns-ch isi-gl xns-auth priv-term xns-mail priv-file ni-mail acas whois++ covia tacacs-ds sql*net gopher priv-dialout deos priv-rje vettcp finger http-www hosts2-ns xfer mit-ml-dev ctf mfcobol priv-termlink su-mit-tg dnsix mit-dov npp dcp objcall dixie
47 48 49 52 53 54 55 56 57 58 59 61 62 63 64 65 66 70 75 76 77 78 79 80 81 82 83 84 86 87 89 90 91 92 93 94 96
No No No No Yes No No No No No No No No No No No No No No No No No No Yes No No No No No No No No No No No No No
383
swift-rvf tacnews metagram newacct hostname iso-tsap gppitnp acr-nema csnet-ns 3com-tsmux snagas pop2 pop3 mcidas auth audionews ansanotify uucp-path sqlserv nntp erpc smakynet ansatrader locus-map unitary locus-con gss-xlicen pwdgen cisco-fna cisco-tna cisco-sys ingres-net endpoint-mapper profile netbios-ns netbios-dgm netbios-ssn
97 98 99 100 101 102 103 104 105 106 108 109 110 112 113 114 116 117 118 119 121 122 124 125 126 127 128 129 130 131 132 134 135 136 137 138 139
No No No No No No No No No No No No Yes No No No No No No No No No No No No No No No No No No No No No Yes Yes Yes
384
emfis-data emfis-cntl bl-idm imap2 uma uaac iso-tp0 iso-ip jargon aed-512 sql-net bftp netsc-prod netsc-dev sqlsrv knet-cmp pcmail-srv nss-routing snmp snmptrap xns-courier s-net namp rsvd send print-srv multiplex cl-1 xyplex-mux mailq vmnet genrad-mux nextstep bgp ris unify audit
140 141 142 143 144 145 146 147 148 149 150 152 154 155 156 157 158 159 161 162 165 166 167 168 169 170 171 172 173 174 175 176 178 179 180 181 182
No No No Yes No No No No No No No No No No No No No No Yes Yes No No No No No No No No No No No No No No No No No
385
ocbinder ocserver remote-kis kis aci mumps qft gacp prospero osu-nms srmp irc dn6-nlm-aud dn6-smm-red dls dls-mon smux src at-rtmp at-nbp at-3-5-7-8 at-echo at-zis quickmail z39-50 914c-g anet vmpwscs softpc cai-lic dbase mpp uarps imap3 fln-spx rsh-spx cdc
18 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 206 209 210 211 212 214 215 216 217 218 219 220 221 222 223
No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No Yes No
386
peer-direct sur-meas daynachip link dsp3270 bh-fhs ldap https smtps exec login shell printer talk ntalk ibm-db2 uucp rtsp nntps banyan-vip alternate-http sshell ldaps doom ftps-data ftps telnets ircs pop3s notes timbuktu-srv ms-sql-server ms-sql-monitor ms-sna-server ms-sna-base citrix-ica sybase_sqlany
242 243 244 245 246 248 389 443 465 512 513 514 515 517 518 523 540 554 563 573 591, 8008, 8080 614 636 666 989 990 992 994 995 1352 1419 1433 1434 1477 1478 1494 1498
No No No No No No Yes Yes No No No No No No No No No No No No No No No No No No No No No Yes No No No No No Yes Yes
387
t-120 oracl-tns ingres-lock oracl-srv oracl-coauthor oracl-remdb oracl-names america-online h323 oracl-em1 oracl-em2 ms-streaming ms-sms ms-mqs oracl-vp2 oracl-vp1 openwindows gupta-sqlbase cvs-pserver citrix-ica-sr sybase-sqlanywhere ccmail ms-terminal-server sap-r3 ibm-db2-conn-svc ibm-db2-int-svc ichat pc-anywhere-data xwin ircu vdolive realaudio cu-seeme alternate-rtsp the-palace quake filenet-RPC
1503 1521, 1526, 1527 1524 1525 1529 1571 1575 1720 1748 1754 1755 1801, 2101, 2103, 2105 1808 1809 2000 2155 2401 2598 2638 3264 3389 3200 3700 3701 4020 5631
No No No Yes No No No No No No No No No No No No No No No No No No Yes No No No No No Yes No
7000 7070 8554 26000 32769
No No No No No No No
388
filenet-NCH kazaa gnutella-svc gnutella-rtr edonkey radius radius-acct groupwise smaclmgr nameserver wins pcanywhere bittorent winmx microsoft-ds rlp re-mail-ck la-maint bootps bootpc tftp kerberos cfdptkt ntp xdmcp ipx-tunnel subnet-bcast-tftp backweb timbuktu biff who syslog ip-xns-rip streamworks-xing-mpeg citrix-icabrowser h323-gatekeeper-disc h323-gatekeeper-stat
32770 1214 6346 6347 4662 1812 1813 1677 4660 42 1512 65301 6699, 6257 445 39 50 51 67 68 69 88 120 123 177 213 247 370 407 512 513 514 520 1558 1604 1718 1719
No No No No No No No No No No No No No No Yes No No No No No Yes Yes No Yes No No No No No No No No No No No No No
389
ms-mqs-discovery ms-mqs-ping rtp rtcp pc-anywhere-stat ivisit l2tp sgcp hsrp timed nfs dhcp mimix-dr1 mimix-ha1 mimix-rj novel-netware-over-ip icmp igmp ipencap egp igp trunk-1 trunk-2 leaf-1 leaf-2 ipv6 rsvp gre ipv6-crypt ipv6-auth ipv6-icmp eigrp ospf ipip pim scps ipcomp
1801 3527 5004 5005 5632 9943, 9945, 56768 1701 2427 1985 525 2049 546, 547, 647, 847
No No No No No No No No No No Yes Yes Yes Yes
3777 396 1 2 4 8 9 23 24 25 26 41 46 47 50 51 58 88 89 94 103 105 108
Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
390
ipx-in-ip vrrp l2tp-over-ip stp isis
111 112 115 118 124
Yes Yes Yes Yes Yes
Appendix B: Accelerator Integration

Integrating the Accelerator into environments in which third party applications run on the network sometimes requires a certain amount of fine tuning. This appendix describes various environments and applications and how to best set them for Accelerator performance. This appendix covers the following topics: Acceleration and Citrix Traffic, on page 392 Configuring NetFlow, on page 401 Disabling Compression on SAP, on page 404 Calculating Acceleration using other Applications, on page 406
392
A p pe n di x B: Accelerator Integration
Acceleration and Citrix Traffic

The Accelerator utilizes network resources efficiently and delivers improved acceleration results for Citrix-hosted applications. Citrix users repeatedly access the same content from the network. The Accelerator enhances support for Citrix applications, because acceleration allows more Citrix data to traverse the WAN. The Accelerator achieves this increase in throughput by: Consolidating Citrix header data in pure IP implementations: IP header represents significant overhead in small packets generated by Citrix. It constitutes almost 30% of the Citrix packet. The Accelerator removes repeat-header information and sends this data only once across the network. Consolidating Citrix payload in all environments: the Accelerator extracts data from small packets originating from different Citrix users, and sends packets optimized for specific WAN conditions. The Accelerator eliminates all redundant data transmissions across the WAN. Controlling latency and jitter: the Accelerator reduces latency and jitter, especially over slow WAN links that are commonly used for Citrix deployments. The end result is better, more consistent Citrix performance; and support of up to four times more Citrix users on the existing infrastructure. Citrix has its own internal compression mechanism. The results achieved by this mechanism are not at all comparable to the throughput increase achieved by the Accelerator. When accelerating Citrix traffic, Citrixs internal compression mechanism must be disabled so that the Accelerator can access the original data.
Disabling Citrix NFuse Compression

You can disable Citrix compression on each Citrix client PC, but disabling compression via the WebUI will cause all links that are not accelerated to become congested and unusable.
A cc el era ti on an d Ci t rix Tra f fi c
393
To disable Citrix compression:

1. Back up the current copy of the following files: template.ica, launch.vbs, Clogin.vbs, Chtmllogin.vbs. 2. Copy the two ica files provided here into the following directory: C:\Program Files\Citrix\NFuse 3. Copy the three vbs files into the following directory: C:\inetpub\wwwroot\Citrix\MetaFrameXP\site\include\serverscripts 4. This will modify the Web Interface server by creating a drop-down menu on the login page, which will allow users to specify which type of connection is required. Any link connected to an Accelerator should be set to No Compression. Links not connected to Accelerators should be set to With Compression. 5. Restart the World Wide Web service by opening a command prompt and typing: iisreset 6. Select No Compression for all Accelerated clients in the Web Interface Login page.
Figure 1: Citrix Login
Disabling Citrix Encryption and Compression

Citrix is a popular application installed on top of Microsofts Remote Desktop Protocol (RDP) that was created in joint development by Microsoft and Citrix. Citrix, also referred to as ICA, adds quite a few features that RDP does not have and therefore is popular for terminal and thin client deployments.
394
Both RDP and Citrix can compress traffic sent to and from the servers. However, these capabilities are limited, and do not perform as well as Expands Accelerator. Both RDP and Citrix can encrypt traffic sent to and from the servers. However, because encryption is random by definition, its very nature limits the ability of the Accelerators to remove repetitive data.
Defining Settings on the Server

An administrator can set encryption and compression settings on the server for the RDP and Citrix connections by modifying the protocols properties. For Encryption, all Citrix and RDP communications to the server must meet the minimal encryption settings of the ICA and RDP protocol listener. Settings made to the ICA or RDP listener apply to all traffic and applications.
Setting/checking ICA or RDP listener traffic

To disable compression and encryption in RDP:
1. Open the Terminal Server Configuration console: All Programs>Administrative Tools>Terminal Server Configuration. 2. In the Connections tab, double-click the RDP-Tcp connection. 3. The RDP-Tcp properties window opens
Figure 2: RDP-TCP Connection Properties

395
4. Under the General Tab, set the encryption level to Low. 5. Click OK, and close the configuration console.
To use group policies for disabling compression and encryption in RDP:

1. Open the Default Domain Group Policies on the Domain Controller (AD) 2. Browse to Computer Configurations > Administrative Templates > Windows Components > Terminal Services > Encryption and Security. 3. Double-click the Set client connection encryption level setting.
Figure 3: Properties window
4. Select the option Enabled from the radio button. 5. Set the Encryption Level to Low Level 6. Click OK, and close the configuration console. Once set, the setting will replicate to the environment. To speed up the process, you can manually update the group policy by running the following command from the command line:
gpupdate /force
396
To disable compression and encryption in Citrix:

1. Open the Citrix Connection Configuration tool and double click on the ICA-TCP connection type. 2. Within the Advanced Connection Settings, set encryption to None. 3. For Published Applications, you can configure each application type individually for encryption. 4. Open the Published Applications Manager tool and view the properties of the application being used. Click on the Client tab and view the encryption required from the Client. If the application is already published, the encryption required is Read only. Publishing the application and recreating the application with the lowest encryption level of Basic can remove encryption. Setting the encryption level for Published Applications can require an identical encryption level from the client. Any company that uses published applications normally requires a certain encryption level via the Published Applications Manager. These encryption levels are the same choices available on the client (see below).
To disable compression and encryption in NFUSE and NFUSE Elite Server:

Compression and encryption configurations are set during the publishing of the application and are stored within a file called template.ica. The location of this file can vary, however it is typically stored on the web server within the web directory (if necessary, consult with a Citrix administrator for the specific location). Compression is enabled by default even though there is not a specific entry within the template.ica file that mentions this. 1. Edit the template.ica file by adding a line entered under the application name that reads Compress=Off. If multiple applications exist, you have to enter multiple times the command Compress=Off. For additional information on turning off compression, see Citrix documentation: CTX554864 and CTX101865. 2. To disable encryption, publish the application again with the lowest encryption level of Basic. 3. In addition, if SSL certificates are used for creating secure web connections (web connections that begin with HTTPS: instead of HTTP), SSL also provides
397
encryption for the session. Therefore, disabling encryption requires you to remove SSL.
Speed Screen Latency Reduction Manager

SpeedScreen Latency Reduction Manager allows an administrator to enable compression for an application depending on the latency of the connection. When enabled, Citrix will monitor the round trip time for responses to and from the server and client and enable compression when needed. Remove any configured application by clicking Delete.
Defining Settings on the Client For Citrix

NFUSE is controlled via the server, so no settings need to be altered on the client. Custom Connections and Published Applications allow for changes to be made on the clients. Each client has a Citrix Program Neighborhood that contains settings for the connections that can override the settings on the server. For both of these, deselect compression and set encryption to Basic. Published applications use a farm concept in which these applications can be grouped together with settings that apply for all the applications. Within the farm settings, a client can set the encryption and compression.
To disable compression and encryption for farms:

1. Right-click the farm and choose Application Set settings. Once the Properties menu is displayed, click on the tab labelled Options to view and/or change the settings. 2. Each specific published application can also have settings for encryption and compression. 3. Right click the specific application and choose Application Set settings. Once the Properties menu is displayed, click on the Options tab to view and or change the settings. 4. Custom connections are created from the client, and you can use the Properties page to set all settings during creation or afterwards. Right-click the custom connection and choose Properties. Once you see the Properties menu, click on the Options tab to view and/or change the settings.
398
For RDP Only compression can be set on the client and not encryption as previously discussed regarding the Citrix client. The place to set these values depends on how the RDP session is being launched. For most environments this will be done through the Client Connection Manager.
To disable compression on the RDP client:

1. Within the Client Connection Manager, right-click the connection and choose Properties. Navigate to the Connection Options tab and deselect the box labelled Enable data compression if it is selected. 2. When the session for RDP is launched from the raw Terminal Services Client icon, the option for compression is presented when choosing the server to log into.
Turning Compression off in the PNAgent Client

This section instructs you how to resolve the Citrix PNA problem by turning of compression in the PNAgent client.
Understanding the PNA Problem

Citrix Program Neighborhood Agent (PNA) is a combination of published applications and NFUSE. Data compression in the PNAgent is ON by default if the value disabling it is not present.
Resolving the PNA Problem

Edit the PNAgent template.ica file on the Web Interface server. This template.ica file is different than the one used by NFUSE, although the same is required for NFUSE as well.
To edit the PNA template.ica file:

1. Access the template.ica file: Default location: C:\Inetpub\wwwroot\Citrix\PNAgent\template.ica If you are unsure of the location on your server, search for the PNAgent directory and look there for a template.ica file. 2. Add the value Compress=Off under the Application tag, as follows:
399
[ [ NF us e _A pp N am e ]] A dd re s s= [N F us e _A pp S er ve r Ad d re ss ] I n it ia l Pr og r am = #[ NF u se _A p pN a me ] L o ng Co m ma nd L in e = [N F us e_ A pp C om ma n dL in e ] D e si re d Co lo r =[ N Fu se _ Wi nd o wC o lo rs ] T r an sp o rt Dr i ve r =T CP / IP W i nS ta t io nD r iv e r= IC A 3 .0 A u to Lo g on Al l ow e d= On C o mp re s s= Of f .
Identifying Citrix Layer-7 Applications

Monitoring Citrix/ICA Layer-7 traffic requires each Layer-7 application running through Citrix to open a separate TCP session; the Accelerator does not support Citrix session sharing. Citrix Applications work as follows: Applications are published, meaning that the Administrator defines certain applications on the server for users to use on their desktop. The Administrator also assigns names for these applications. The users can either download the applications and their names from the server, or define them manually. When applications are downloaded, for each Citrix application session run between the client and the server, Citrix creates a TCP session for running the application and a UDP session that serves as a control for the application. The Accelerators Layer-7 monitoring is aware of both of these sessions, and identifies the open sessions by the new published application name. If Citrix is configured to work in single-session (virtual channel) TCP, in which each application does not open a new TCP session, the Accelerator is unable to access the Layer-7 information it needs. i Note: The Accelerator supports both Automatic and Direct Citrix application discovery mode.
When applications are added manually, the Accelerator still has to monitor the control session (UDP), which is never encrypted or compressed.
400
To disable session sharing in the Citrix server:

1. At the command prompt of the Citrix server, open the registry editor by entering the regedit command. 2. Create the following entry in the servers registry (which overrides session sharing): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\WFS HELL\TWI 3. Add the following value: Name: SeamlessFlags Data type: REG_DWORD Data value: 1 4. Setting this registry value to 1 overrides session sharing. Note that this flag is SERVER GLOBAL. i Note: When creating Layer-7 Citrix applications in the Accelerator, the application names defined must match the application names exactly as entered into the Citrix server WARNING! Editing the registry or using a Registry Editor incorrectly can cause serious, system-wide problems that may require you to reinstall Windows to correct them. Microsoft does not guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Back up your registry first and use Registry Editor at your own risk. Due to this requirement, take into account the following considerations: You are advised to create Citrix Layer-7 applications via the Monitoring > Layer-7 Discovery menu, where traffic types are collected and listed, instead of entering them manually. All Citrix application names entered into the Accelerator must be in ALL CAPS. This is because in some environments, when the client communicates with the server, the client converts the published application name to capitals.
Configuring NetFlow
C o nf i gu ri ng Ne tF lo w
401
The following configuration modifications are needed in order to use NetFlow with the Expand Accelerator. While previous versions of AcceleratorOS included RMON, the AcceleratorOS 6.0 and up integrates NetFlow support for detailed reporting. This combination enables extracting statistics like in RMONs Top Talker. The main focus of NetFlow is Traffic Measurement, Traffic Monitoring, Network Optimization and Planning and Detection of Network Security Violations, as follows.
Studying Traffic Measurement

Traffic Measurement measures usage of relevant traffic activities. NetFlow tracks network usage, generating a series of statistics for hosts sending data through the interface. The necessary information is collected by the host running NetFlow by observing the traffic on the network. This arrangement offloads the processing requirements from operational nodes to the NetFlow host. All packets in the subnet are captured and associated with a sender/receiver pair, thereby letting you track all traffic activities of a particular host. The following are some of the statistics and reports that you can collect by using NetFlow Traffic Measurement: DATA SENT /RECEIVED(TOP 10) the total traffic (volume and packets) generated or received by the host. The traffic is classified according to network protocol (IP, IPX, AppleTalk, and so on) and IP protocol (FTP, HTTP, NFS, and so on). USED BANDWIDTHActual, average and peak bandwidth usage. IP MULTICASTTotal amount of multicast traffic generated or received by the host. TCP SESSIONS HISTORYCurrently active TCP sessions established/accepted by the host and associated traffic statistics. UDP TRAFFICTotal amount of UDP traffic sorted by port. TCP/UDP - USED SERVICESList of IP-based services (for example: open and active ports) provided by the host with the list of the last five hosts that used them. TRAFFIC DISTRIBUTIONLocal traffic, local to remote traffic, remote to local traffic (local hosts are attached to the broadcast network). IP TRAFFIC DISTRIBUTIONUDP vs. TCP traffic, relative distribution of the IP protocols according to the host name.
402
Studying Traffic Monitoring

Traffic Monitoring lets you identify those situations where network traffic does not comply with specified policies or when it exceeds a defined threshold. In general, network administrators specify policies that apply to the behavior of elements in the managed network. If a monitoring tool has already been implemented on the network, it may be possible to integrate NetFlow into the existing tool (for example, Concord, and HP OpenView support NetFlow). Several open source NetFlow software platforms are available for free download. Expand recommends NTop-XTRA, which can be downloaded from http://www.openxtra.co.uk/products/ntop-xtra.htm Some NetFlow collectors, such as Crannogs NetFlow Monitor, require enabling SNMP, because the graphs can be interface-based (IF.Index). The Accelerators SNMP feature, even when enabled, does not include the IF.Index for flows because the Accelerator functions as a bridge. Therefore, the NetFlow Monitor software does not present any statistics when working with an Accelerator. Use software that does not require the IF.Index. For example, Crannog software has another Netflow collector called NetFlow Tracker, which does not require the IF.Index for the Netflow statistics and works very well with the Accelerator. When configuring NetFlow on the Accelerator, it is important to specify the version number. i Note: Only NetFlow Version 5 is supported.
Configuring Accelerator NetFlow

accelerator#config accelerator (config) #netflow accelerator (NetFlow) #? exit current node ip ip NetFlow command no remove collector show NetFlow parameters
Here is an example of the config needed if 172.16.80.21 is the PC running the NetFlow application:
accelerator(NetFlow) ip flow-export 172.16.80.21 port 2055 version 5 interface ethernet 0/0
C o nf i gu ri ng Ne tF lo w
403
accelerator (NetFlow) # show --------------------------------------------------------# | COLLECTOR IP | PORT | VERSION | INTERFACE --------------------------------------------------------1| 172.16.80.21|2055 | 5 | Ethernet 0/0
Note: In On-Path installations, use Ethernet 0; in On-LAN installations use Ethernet 0/1 when configuring NetFlow. KNOWN LIMITATIONYou can enable NetFlow only on ethernet or bridge and not per link or virtual link. You can configure only one NetFlow probe.
404
Disabling Compression on SAP

If SAP compression must be disabled in order to achieve higher Accelerator efficiency, the following procedure describes how to disable SAP compression. 1. From My Computer, click on Properties, or from the Control Panel click on System. 2. Click on Advanced, followed by Environment Variables.
Figure 4: System Properties-Advanced Tab
3. In the Environment Variables window, click the New button. 4. Type TDW_NOCOMPRESS in the Variable Name field, and 1 in the Variable Value field.
D is ab li n g Co m p r es sio n o n S A P
405
Figure 5: New User Variables
To undo this procedure and restore SAP compression, delete this variable, or set the Variable Value to 0.
406
Calculating Acceleration using other Applications

The following section explains how to calculate the acceleration percentage achieved on the Accelerator via Excel, by using data captured from a Management Application other than ExpandView. If you are using ExpandView to monitor Accelerators, and capture the relevant data, ExpandView will automatically record the acceleration values, and use the Throughput Recorder for generating the graphs. For these reasons it is preferable to use ExpandView for this purpose. Alternatively, you can use the Private MIB to view acceleration figures via external applications, such as Whats Up Gold, HP OpenView, or SNMPc, as follows:
ac cI n te rf a ce P er fo r ma nc e In A cc el e ra ti o nP e ri od OI D: 1. 3. 6 .1 . 4. 1. 3 40 5. 3 .4 . 2. 1. 3 1
Full path:
is o( 1 ). or g (3 ) .d od ( 6) .i n te r ne t( 1 ). pr i va t e( 4) . en te r pr i se s( 1 ) . ex pa n dn et w or k s( 34 0 5) .a c ce l er at o rO s( 3 ). a cc In t er fa c es ( 4) .a c c In te r fa ce T ab l e( 2) . ac cI n te r fa ce E nt ry ( 1) . ac cI n te rf a ce P er fo r m an ce I nA cc e le r at io n Pe ri o d( 3 0)
Module: EXPAND-ACCLERETOROS-MIB Description: Inbound traffic acceleration percentage during last sampling period. accInterfacePerformanceOutAccelerationPeriod
OI D: 1. 3. 6 .1 . 4. 1. 3 40 5. 3 .4 . 2. 1. 3 4
Full path:
is o( 1 ). or g (3 ) .d od ( 6) .i n te r ne t( 1 ). pr i va t e( 4) . en te r pr i se s( 1 ) . ex pa n dn et w or k s( 34 0 5) .a c ce l er at o rO s( 3 ). a cc In t er fa c es ( 4) .a c c In te r fa ce T ab l e( 2) . ac cI n te r fa ce E nt ry ( 1) . ac cI n te rf a ce P er fo r m an ce O ut Ac c el e ra ti o nP er i od ( 33 )
Module: EXPAND-ACCLERETOROS-MIB Description: Outbound traffic acceleration percentage during last sampling period. In AcceleratorOS versions lower than 4.0, in which the Private MIB was not supported, using external applications to view acceleration statistics can be complex and it may be necessary to follow the method outlined below to avoid errors being generated by Excel. Use the standard method for calculating the acceleration percentage:
C al cu la ti ng Ac cel era ti o n u sin g o t he r A p pl ic at io n s
407
((Raw Data/Accelerated Data)-1) x 100 In low traffic, when keepalives are sent and no data is transferred, this causes the raw data to be low or the accelerated data to be high, causing Excel to return error messages, or even negative acceleration figures, as seen in the screen capture below: Working with a small amount of data, this does not cause too much of a problem, as it is quite easy to alter the resulting acceleration figure to a zero. However, when working with a large amount of data, it will be almost impossible to remove all these errors, thus resulting in a graph with gaps, and negative acceleration. To avoid this, you can use the following formula: =IF({Accelerated Data}=0,"0",IF({Raw Data}<{Accelerated Data},"0",((({Raw Data}/ {Acc. Data})-1)*100))) Although this looks difficult, the real formula is: =IF(D2=0,"0",IF(C2<D2,"0",(((C2/ D2)-1)*100))) In effect, what this formula tells Excel, is: If the Accelerated Data value is 0, then the output, or acceleration percentage will be 0, if the Raw Data value is less than the Accelerated data, then the output will be 0. Only if neither of these statements is true will Excel calculate the acceleration percentage. Although this may be true in terms of the Accelerated Data value being zero, it is a workaround enabling Excel to calculate the acceleration figures needed to produce a graph.
408
Appendix C: MIME Types

Thousands of possible MIME types can be used as part of Web application definition. For a definition of and information about MIME types, please see http:// www.faqs.org/rfcs/rfc2045.html, http://www.iana.org/assignments/media-types and http://www.faqs.org/rfcs/rfc2046.html. This appendix provides a list of some very common MIME types, divided into the following categories: Application, on page 410 Audio, on page 415 Image, on page 416 Message, on page 417 Model, on page 418 Multipart, on page 419 Text, on page 420 Video, on page 421
410
A p pe n di x C: MIME Types
Application
Application MIME Types
andrew-inset batch-SMTP cnrp+xml csta+xml dca-rft dicom EDI-Consent epp+xml font-tdpfr iges index.cmd index.vnd isup mac-binhex40 mathematica mpeg4-generic news-transmission octet-stream parityfec pgp-keys pkcs10 pkix-cert pkix-pkipath prs.cww rdf+xml remote-printing rls-services+xml samlmetadata+xml set-payment set-registration-initiation shf+xml simple-messagesummary
applefile beep+xml commonground CSTAdata+xml dec-dx dns EDIFACT eshop http im-iscomposing+xml index.obj iotp kpml-request+xml macwriteii mbox msword ocsp-request oda pdf pgp-signature pkcs7-mime pkixcmp postscript prs.nprend qsig resource-lists+xml rtf sbml+xml set-payment-initiation sgml sieve slate
atomicmail cals-1840 cpl+xml cybercash dialog-info+xml dvcs EDI-X12 fits hyperstudio index index.response ipp kpml-response+xml marc mikey news-message-id ocsp-response ogg pgp-encrypted pidf+xml pkcs7-signature pkix-crl prs.alvestrand.titrax-sheet prs.plucker reginfo+xml riscos samlassertion+xml sdp set-registration sgml-open-catalog simple-filter+xml soap+xml
Ap p li ca ti on
411
spirits-event+xml tve-trigger vnd.3gpp.pic-bw-small vnd.3M.Post-it-Notes vnd.acucobol vnd.aether.imp vnd.anser-web-fundstransfer-initiation vnd.bmi vnd.canon-lips vnd.commerce-battelle vnd.contact.cmsg vnd.cups-postscript vnd.curl vnd.dna vnd.dxr vnd.ecowin.filerequest vnd.ecowin.seriesreques t vnd.epson.esf vnd.epson.salt vnd.eudora.data vnd.fints vnd.fsc.weblaunch vnd.fujitsu.oasys3 vnd.fujixerox.ddd vnd.fut-misnet vnd.groove-account vnd.groove-injector vnd.groove-vcard vnd.hhe.lesson-player vnd.hp-hps vnd.httphone
timestamp-query vemmi vnd.3gpp.pic-bw-var vnd.accpac.simply.aso vnd.acucorp vnd.amiga.ami vnd.audiograph vnd.businessobjects vnd.cinderella vnd.commonspace vnd.criticaltools.wbs+xml vnd.cups-raster vnd.cybank vnd.dpgraph vnd.ecdis-update vnd.ecowin.fileupdate vnd.ecowin.seriesupdate vnd.epson.msf vnd.epson.ssf vnd.fdf vnd.FloGraphIt vnd.fujitsu.oasys vnd.fujitsu.oasysgp vnd.fujixerox.docuworks vnd.genomatix.tuxedo vnd.groove-help vnd.groove-tool-message vnd.hbci vnd.hp-HPGL vnd.hp-PCL vnd.hzn-3d-crossword
timestamp-reply vnd.3gpp.pic-bw-large vnd.3gpp.sms vnd.accpac.simply.imp vnd.adobe.xfdf vnd.anser-web-certificateissue-initiation vnd.blueice.multipass vnd.canon-cpdl vnd.claymore vnd.cosmocaller vnd.ctc-posml vnd.cups-raw vnd.data-vision.rdz vnd.dreamfactory vnd.ecowin.chart vnd.ecowin.series vnd.enliven vnd.epson.quickanime vnd.ericsson.quickcall vnd.ffsns vnd.framemaker vnd.fujitsu.oasys2 vnd.fujitsu.oasysprs vnd.fujixerox.docuworks.bin der vnd.grafeq vnd.groove-identitymessage vnd.groove-tool-template vnd.hcl-bireports vnd.hp-hpid vnd.hp-PCLXL vnd.ibm.afplinedata
412
vnd.ibm.electronicmedia vnd.ibm.rightsmanagement vnd.intercon.formnet vnd.intu.qbo vnd.irepository.package +xml vnd.japannet-jpnstorewakeup vnd.japannetregistrationwakeup vnd.japannetverificationwakeup vnd.kde.kchart vnd.kde.kontour vnd.kde.kword vnd.Kinar vnd.llamagraphics.lifebalance.desktop vnd.lotus-approach vnd.lotus-organizer vnd.mcd vnd.mfmp vnd.mif vnd.Mobius.DAF vnd.Mobius.MQY vnd.Mobius.TXF vnd.motorola.flexsuite vnd.motorola.flexsuite.g otap vnd.motorola.flexsuite.w em vnd.ms-asf
vnd.ibm.MiniPay vnd.ibm.secure-container vnd.intertrust.digibox vnd.intu.qfx vnd.is-xpr vnd.japannet-payment-wakeup vnd.japannet-setstore-wakeup
vnd.ibm.modcap vnd.informix-visionary vnd.intertrust.nncp vnd.ipunplugged.rcprofile vnd.japannet-directoryservice vnd.japannet-registration vnd.japannet-verification
vnd.jisp
vnd.kde.karbon
vnd.kde.kformula vnd.kde.kpresenter vnd.kenameaapp vnd.koan vnd.llamagraphics.lifebalance.exchange+xml vnd.lotus-freelance vnd.lotus-screencam vnd.mediastation.cdkey vnd.micrografx.flo vnd.minisoft-hp3000-save vnd.Mobius.DIS vnd.Mobius.MSL vnd.mophun.application vnd.motorola.flexsuite.adsi vnd.motorola.flexsuite.kmr vnd.mozilla.xul+xml vnd.mseq
vnd.kde.kivio vnd.kde.kspread vnd.kidspiration vnd.liberty-request+xml vnd.lotus-1-2-3 vnd.lotus-notes vnd.lotus-wordpro vnd.meridian-slingshot vnd.micrografx.igx vnd.mitsubishi.mistyguard.trustweb vnd.Mobius.MBK vnd.Mobius.PLC vnd.mophun.certificate vnd.motorola.flexsuite.fis vnd.motorola.flexsuite.ttc vnd.ms-artgalry vnd.ms-excel
Ap p li ca ti on
413
vnd.msign vnd.ms-project vnd.ms-wpl vnd.nervana vnd.noblenet-sealer vnd.nokia.landmark+wbx ml vnd.nokia.radio-presets vnd.novadigm.EXT vnd.omads-file+xml vnd.palm vnd.picsel vnd.powerbuilder6-s vnd.powerbuilder75-s vnd.publishare-deltatree vnd.pwg-xhtml-print+xml vnd.RenLearn.rlprint vnd.sealed.eml vnd.sealed.ppt vnd.sealedmedia.softse al.pdf vnd.shana.informed.for mtemplate vnd.smaf vnd.sss-ntf vnd.svd vnd.syncml.+xml vnd.truedoc vnd.uplanet.alert vnd.uplanet.bearerchoice-wbxml vnd.uplanet.channel vnd.uplanet.listcmd vnd.uplanet.signal
vnd.ms-lrm vnd.ms-tnef vnd.musician vnd.netfpx vnd.noblenet-web vnd.nokia.landmarkcollection+xml vnd.novadigm.EDM vnd.obn vnd.omads-folder+xml vnd.paos.xml vnd.pg.osasli vnd.powerbuilder7 vnd.powerbuilder7-s vnd.pvi.ptid1 vnd.Quark.QuarkXPress vnd.s3sms vnd.sealed.mht vnd.sealed.xls vnd.seemail vnd.shana.informed.interchange vnd.sss-cod vnd.street-stream vnd.swiftview-ics vnd.triscape.mxs vnd.ufdl vnd.uplanet.alert-wbxml vnd.uplanet.cacheop vnd.uplanet.channel-wbxml vnd.uplanet.listcmd-wbxml vnd.vcx
vnd.ms-powerpoint vnd.ms-works vnd.music-niff vnd.noblenet-directory vnd.nokia.landmark+xml vnd.nokia.radio-preset vnd.novadigm.EDX vnd.omads-email+xml vnd.osa.netdeploy vnd.pg.format vnd.powerbuilder6 vnd.powerbuilder75 vnd.previewsystems.box vnd.pwg-multiplexed vnd.rapid vnd.sealed.doc vnd.sealed.net vnd.sealedmedia.softseal.ht ml vnd.shana.informed.formdat a vnd.shana.informed.packag e vnd.sss-dtf vnd.sus-calendar vnd.syncml.ds.notification vnd.trueapp vnd.uiq.theme vnd.uplanet.bearer-choice vnd.uplanet.cacheop-wbxml vnd.uplanet.list vnd.uplanet.list-wbxml vnd.vectorworks
414
vnd.vidsoft.vidconferenc e vnd.vividence.scriptfile vnd.wap.slc vnd.wap.wmlscriptc vnd.wqd vnd.wv.csp+xml vnd.xara vnd.yamaha.hv-script vnd.yamaha.smafphrase whoispp-query wordperfect5.1 xml xmpp+xml
vnd.visio vnd.vsf vnd.wap.wbxml vnd.webturbo vnd.wrq-hp3000-labelled vnd.wv.csp+wbxml vnd.xfdl vnd.yamaha.hv-voice vnd.yellowriver-custom-menu whoispp-response x400-bp xml-dtd xop+xml
vnd.visionary vnd.wap.sic vnd.wap.wmlc vnd.wordperfect vnd.wt.stf vnd.wv.ssp+xml vnd.yamaha.hv-dic vnd.yamaha.smaf-audio watcherinfo+xml wita xhtml+xml xml-external-parsed-entity zip
Audio
3gpp basic clearmode dsr-es201108 dsr-es202212 EVRC0 G.722.1 G726-24 G728 G729E iLBC L20 MPA mpeg PCMA QCELP SMV0 tone vnd.audiokoz vnd.cns.inf1 vnd.lucent.voice vnd.nuera.ecelp4800 vnd.octel.sbc vnd.vmx.cvsd AMR BV16 CN dsr-es202050 DVI4 EVRC-QCP G723 G726-32 G729 GSM L8 L24 MP4A-LATM mpeg4-generic PCMU RED SMV-QCP VDVI vnd.cisco.nse vnd.digital-winds vnd.nokia.mobile-xmf vnd.nuera.ecelp7470 vnd.rhetorex.32kadpcm
Au d io
415
AMR-WB BV32 DAT12 dsr-es202211 EVRC G722 G726-16 G726-40 G729D GSM-EFR L16 LPC mpa-robusta parityfec prs.sid SMV telephone-event vnd.3gpp.iufp vnd.cns.anp1 vnd.everad.plj vnd.nortel.vbk vnd.nuera.ecelp9600 vnd.sealedmedia.softseal. mpeg
416
Im age
cgm gif jpeg naplps prs.pti tiff-fx vnd.dwg vnd.fpx vnd.fujixerox.edm ics-rlc vnd.mix vnd.sealed.png vnd.svf fits ief jpm png t38 vnd.cns.inf2 vnd.dxf vnd.fst vnd.globalgraphics.pgb g3fax jp2 jpx prs.btif tiff vnd.djvu vnd.fastbidsheet vnd.fujixerox.edmics-mmr vnd.microsoft.icon
vnd.ms-modi vnd.net-fpx vnd.sealedmedia.softseal.gif vnd.sealedmedia.softseal.jpg vnd.wap.wbmp vnd.xiff
M e ssage
CPIM external-body partial sip delivery-status http rfc822 sipfrag disposition-notification news s-http tracking-status
Me ss ag e
417
418
Model
iges vnd.flatland.3dml vnd.gtw vnd.parasolid.transmit.text mesh vnd.gdl vnd.mts vnd.vtu vnd.dwf vnd.gs-gdl vnd.parasolid.transmit.binary vrml
Multipart
alternative digest header-set related voice-message appledouble encrypted mixed report
M ul ti part
419
byteranges form-data parallel signed
420
Text
calendar directory enriched javascript (obsolete) RED rtx troff vnd.IPTC.NITF [IPTC] xml css dns example parityfec rfc822-headers sgml uri-list xml-external-parsedentity csv ecmascript (obsolete) html plain richtext t140 vnd.IPTC.NewsML [IPTC]
Video
3gpp BMPEG DV H263 H264 MP1S mp4 mpeg parityfec rtx 3gpp2 BT656 example H263-1998 JPEG MP2P MP4V-ES mpeg4generic pointer SMPTE292M 3gpp-tt CelB H261 H263-2000 MJ2 MP2T MPV nv raw vc1
Vid eo
421
422
Appendix D: Contacting TAC

Expand Networks is dedicated to delivering both excellent products and customer support. From our Technical Assistance Center (TAC) to our online Knowledge Base, we are committed to solving your networking problems. TAC is available to all partners and registered customers and allows posting support inquiries directly to Expands help desk. The Expand Technical Assistance Center provides around-the-clock support to customers worldwide. Customer call center agents answer calls and dispatch problems to Support Engineers (SEs) for resolution. The SE becomes the call owner and is responsible for ensuring that the problem is addressed and fixed quickly. You can open Priority 1 and 2 cases by calling TAC; to open Priority 3 cases, use Expands Extranet or Channel Portal. The TAC works closely with customers to isolate and replicate problems. In a critical network-down problem, TAC SEs work with customers until their problems are resolved. In other instances, SEs may replicate a customer's environment in the TAC laboratory. When deemed necessary, SEs may involve R&D engineers in order to ensure that problem cases are resolved to the customer's satisfaction. The TAC includes highly trained engineers, including Cisco Certified Internetwork Experts (CCIEs) and Microsoft Certified Professionals (MCPs). Expand Networks wishes to offer you the best tech support it can. To do this, call our toll free TAC number at: International: +1-920-490-7337 North America: +1-877-4-EXPAND (877-439-7263) UK 08004049236 Ireland 1800559803 Netherlands 08000233047 France 0800906560 When contacting the TAC, it is essential that information about the nature of the problem be at your disposal. To gather Accelerator troubleshooting information, use the show tech-support command as described in Displaying Information for Troubleshooting, on page 355.
424
A p pe n di x D: Contacting TAC
Figure 1: Opening a Support Case
Appendix E: TCPDump Optional Flags

You may encounter several TCP flags when using TCPDump. The AcceleratorOS supports the following flags: -A, -e, -f, -l, -O, -p, -q, -R, -S, -t, -u, -v, -x, -X. This chapter describes the uses of each of these flags. i Note: The -a flag is not supported when ethereal is used. -a Print each packet (minus its link level header) in ASCII. Handy for capturing web pages. -e Print the link-level header on each dump line. -f Print `foreign' IPv4 addresses numerically rather than symbolically (this option is intended to get around serious brain damage in Sun's NIS server --- usually it hangs forever translating non-local internet numbers). The test for `foreign' IPv4 addresses is done using the IPv4 address and netmask of the interface on which capture is being done. If that address or netmask are not available, either because the interface on which capture is being done has no address or netmask or because the capture is being done on the Linux any interface, which can capture on more than one interface, this option will not work correctly. -l Make stdout line buffered. Useful if you want to see the data while capturing it. i Note: The use of the -l flag by the | pipe is not supported in the WebUI, and any attempt for such a use results in an error message.
426
A p pe n di x E: TCPDump Optional Flags
-O Do not run the packet-matching code optimizer. This is useful only if you suspect a bug in the optimizer. -p Don't put the interface into promiscuous mode. Note that the interface might be in promiscuous mode for some other reason; hence, `-p' cannot be used as an abbreviation for èther host {local-hw-addr} or ether broadcast'. -q Quick (quiet?) output. Print less protocol information so output lines are shorter. -R Assume ESP/AH packets to be based on old specification (RFC1825 to RFC1829). If specified, tcpdump will not print replay prevention field. Since there is no protocol version field in ESP/AH specification, tcpdump cannot deduce the version of ESP/ AH protocol. -S Print absolute, rather than relative, TCP sequence numbers. -t Don't print a timestamp on each dump line. -u Print undecoded NFS handles. -v When parsing and printing, produce (slightly more) verbose output. For example, the time to live, identification, total length and options in an IP packet are printed. Also enables additional packet integrity checks such as verifying the IP and ICMP header checksum. -w When writing to a file with the -w option, report, every 10 seconds, the number of packets captured. -x Print each packet (minus its link level header) in hex. The smaller of the entire packet or snaplen bytes will be printed. Note that this is the entire link-layer packet, so for link layers that pad (For example Ethernet), the padding bytes will also be printed when the higher layer packet is shorter than the required padding.
427
-X Print each packet (minus its link level header) in hex and ASCII. This is very handy for analyzing new protocols. type qualifiers say what kind of thing the id name or number refers to. Possible types are host, net and port. For example, `host foo', `net 128.3', `port 20'. If there is no type qualifier, host is assumed. dir qualifiers specify a particular transfer direction to and/or from id. Possible directions are src, dst, src or dst and src and dst. For example, `src foo', `dst net 128.3', `src or dst port ftp-data'. If there is no dir qualifier, src or dst is assumed. For some link layers, such as SLIP and the ``cooked'' Linux capture mode used for the `àny'' device and for some other device types, the inbound and outbound qualifiers can be used to specify a desired direction. proto qualifiers restrict the match to a particular protocol. Possible protos are: ether, fddi, tr, wlan, ip, ip6, arp, rarp, decnet, tcp and udp. For example, èther src foo', àrp net 128.3', `tcp port 21'. If there is no proto qualifier, all protocols consistent with the type are assumed. For example, `src foo' means `(ip or arp or rarp) src foo' (except the latter is not legal syntax), `net bar' means `(ip or arp or rarp) net bar' and `port 53' means `(tcp or udp) port 53'. [`fddi' is actually an alias for èther'; the parser treats them identically as meaning ``the data link level used on the specified network interface.'' FDDI headers contain Ethernet-like source and destination addresses, and often contain Ethernet-like packet types, so you can filter on these FDDI fields just as with the analogous Ethernet fields. FDDI headers also contain other fields, but you cannot name them explicitly in a filter expression. Similarly, `tr' and `wlan' are aliases for èther'; the previous paragraph's statements about FDDI headers also apply to Token Ring and 802.11 wireless LAN headers. For 802.11 headers, the destination address is the DA field and the source address is the SA field; the BSSID, RA, and TA fields aren't tested.] In addition to the above, there are some special `primitive' keywords that don't follow the pattern: gateway, broadcast, less, greater and arithmetic expressions. All of these are described below.
428
More complex filter expressions are built up by using the words and, or and not to combine primitives. For example, `host foo and not port ftp and not port ftp-data'. To save typing, identical qualifier lists can be omitted. For example, `tcp dst port ftp or ftp-data or domain' is exactly the same as `tcp dst port ftp or tcp dst port ftp-data or tcp dst port domain'. Allowable primitives are: dst host host True if the IPv4/v6 destination field of the packet is host, which may be either an address or a name. src host host True if the IPv4/v6 source field of the packet is host. host host True if either the IPv4/v6 source or destination of the packet is host. Any of the above host expressions can be pre-pended with the keywords, ip, arp, rarp, or ip6 as in: ip host host which is equivalent to: ether proto \ip and host host If host is a name with multiple IP addresses, each address will be checked for a match. ether dst ehost True if the ethernet destination address is ehost. Ehost may be either a name from /etc/ethers or a number (see ethers(3N) for numeric format). ether src ehost True if the ethernet source address is ehost. ether host ehost True if either the ethernet source or destination address is ehost. gateway host True if the packet used host as a gateway. I.e., the ethernet source or destination address was host but neither the IP source nor the IP destination was host. Host must be a name and must be found both by the machine's host-name-to-IPaddress resolution mechanisms (host name file, DNS, NIS, etc.) and by the machine's host-name-to-Ethernet-address resolution mechanism (/etc/ethers, etc.). (An equivalent expression is ether host ehost and not host host
429
which can be used with either names or numbers for host / ehost.) This syntax does not work in IPv6-enabled configuration at this moment. dst net net True if the IPv4/v6 destination address of the packet has a network number of net. Net may be either a name from /etc/networks or a network number (see networks(4) for details). src net net True if the IPv4/v6 source address of the packet has a network number of net. net net True if either the IPv4/v6 source or destination address of the packet has a network number of net. net net mask netmask True if the IP address matches net with the specific netmask. May be qualified with src or dst. Note that this syntax is not valid for IPv6 net. net net/len True if the IPv4/v6 address matches net with a netmask len bits wide. May be qualified with src or dst. dst port port True if the packet is ip/tcp, ip/udp, ip6/tcp or ip6/udp and has a destination port value of port. The port can be a number or a name used in /etc/services (see tcp(4P) and udp(4P)). If a name is used, both the port number and protocol are checked. If a number or ambiguous name is used, only the port number is checked (For example, dst port 513 will print both tcp/login traffic and udp/who traffic, and port domain will print both tcp/domain and udp/domain traffic). src port port True if the packet has a source port value of port. port port True if either the source or destination port of the packet is port. Any of the above port expressions can be prepended with the keywords, tcp or udp, as in: tcp src port port which matches only tcp packets whose source port is port. less length True if the packet has a length less than or equal to length. This is equivalent to: len <= length.
430
greater length True if the packet has a length greater than or equal to length. This is equivalent to: len >= length. ip proto protocol True if the packet is an IP packet (see ip(4P)) of protocol type protocol. Protocol can be a number or one of the names icmp, icmp6, igmp, igrp, pim, ah, esp, vrrp, udp, or tcp. Note that the identifiers tcp, udp, and icmp are also keywords and must be escaped via backslash (\), which is \\ in the C-shell. Note that this primitive does not chase the protocol header chain. ip6 proto protocol True if the packet is an IPv6 packet of protocol type protocol. Note that this primitive does not chase the protocol header chain. ip6 protochain protocol True if the packet is IPv6 packet, and contains protocol header with type protocol in its protocol header chain. For example, ip6 protochain 6 matches any IPv6 packet with TCP protocol header in the protocol header chain. The packet may contain, for example, authentication header, routing header, or hop-by-hop option header, between IPv6 header and TCP header. The BPF code emitted by this primitive is complex and cannot be optimized by BPF optimizer code in tcpdump, so this can be somewhat slow. ip protochain protocol Equivalent to ip6 protochain protocol, but this is for IPv4. ether broadcast True if the packet is an ethernet broadcast packet. The ether keyword is optional. ip broadcast True if the packet is an IPv4 broadcast packet. It checks for both the all-zeroes and all-ones broadcast conventions, and looks up the subnet mask on the interface on which the capture is being done. If the subnet mask of the interface on which the capture is being done is not available, either because the interface on which capture is being done has no netmask or because the capture is being done on the Linux "any" interface, which can capture on more than one interface, this check will not work correctly.
431
ether multicast True if the packet is an ethernet multicast packet. The ether keyword is optional. This is shorthand for èther[0] & 1 != 0'. ip multicast True if the packet is an IP multicast packet. ip6 multicast True if the packet is an IPv6 multicast packet. ether proto protocol True if the packet is of ether type protocol. Protocol can be a number or one of the names ip, ip6, arp, rarp, atalk, aarp, decnet, sca, lat, mopdl, moprc, iso, stp, ipx, or netbeui. Note these identifiers are also keywords and must be escaped via backslash (\). [In the case of FDDI (For example, `fddi protocol arp'), Token Ring (For example, `tr protocol arp'), and IEEE 802.11 wireless LANS (For example, `wlan protocol arp'), for most of those protocols, the protocol identification comes from the 802.2 Logical Link Control (LLC) header, which is usually layered on top of the FDDI, Token Ring, or 802.11 header. When filtering for most protocol identifiers on FDDI, Token Ring, or 802.11, tcpdump checks only the protocol ID field of an LLC header in so-called SNAP format with an Organizational Unit Identifier (OUI) of 0x000000, for encapsulated Ethernet; it doesn't check whether the packet is in SNAP format with an OUI of 0x000000. The exceptions are: iso tcpdump checks the DSAP (Destination Service Access Point) and SSAP (Source Service Access Point) fields of the LLC header; stp and netbeui tcpdump checks the DSAP of the LLC header; atalk tcpdump checks for a SNAP-format packet with an OUI of 0x080007 and the AppleTalk etype. In the case of Ethernet, tcpdump checks the Ethernet type field for most of those protocols. The exceptions are: iso, sap, and netbeui tcpdump checks for an 802.3 frame and then checks the LLC header as it does for FDDI, Token Ring, and 802.11;
432
atalk tcpdump checks both for the AppleTalk etype in an Ethernet frame and for a SNAP-format packet as it does for FDDI, Token Ring, and 802.11; aarp tcpdump checks for the AppleTalk ARP etype in either an Ethernet frame or an 802.2 SNAP frame with an OUI of 0x000000; ipx tcpdump checks for the IPX etype in an Ethernet frame, the IPX DSAP in the LLC header, the 802.3-with-no-LLC-header encapsulation of IPX, and the IPX etype in a SNAP frame. decnet src host True if the DECNET source address is host, which may be an address of the form ``10.123'', or a DECNET host name. [DECNET host name support is only available on ULTRIX systems that are configured to run DECNET.] decnet dst host True if the DECNET destination address is host. decnet host host True if either the DECNET source or destination address is host. ifname interface True if the packet was logged as coming from the specified interface (applies only to packets logged by OpenBSD's pf(4)). on interface Synonymous with the ifname modifier. rnr num True if the packet was logged as matching the specified PF rule number (applies only to packets logged by OpenBSD's pf(4)). rulenum num Synonymous with the rnr modifier. reason code True if the packet was logged with the specified PF reason code. The known codes are: match, bad-offset, fragment, short, normalize, and memory (applies only to packets logged by OpenBSD's pf(4)). rset name True if the packet was logged as matching the specified PF ruleset name of an anchored ruleset (applies only to packets logged by pf(4)).
433
ruleset name Synonymous with the rset modifier. srnr num True if the packet was logged as matching the specified PF rule number of an anchored ruleset (applies only to packets logged by pf(4)). subrulenum num Synonymous with the srnr modifier. action act True if PF took the specified action when the packet was logged. Known actions are: pass and block (applies only to packets logged by OpenBSD's pf(4)). ip, ip6, arp, rarp, atalk, aarp, decnet, iso, stp, ipx, netbeui Abbreviations for: ether proto p where p is one of the above protocols. lat, moprc, mopdl Abbreviations for: ether proto p where p is one of the above protocols. Note that tcpdump does not currently know how to parse these protocols. vlan [vlan_id] True if the packet is an IEEE 802.1Q VLAN packet. If [vlan_id] is specified, only true is the packet has the specified vlan_id. Note that the first vlan keyword encountered in expression changes the decoding offsets for the remainder of expression on the assumption that the packet is a VLAN packet. tcp, udp, icmp Abbreviations for: ip proto p or ip6 proto p where p is one of the above protocols. iso proto protocol True if the packet is an OSI packet of protocol type protocol. Protocol can be a number or one of the names clnp, esis, or isis. clnp, esis, isis Abbreviations for: iso proto p where p is one of the above protocols.
434
l1, l2, iih, lsp, snp, csnp, psnp Abbreviations for IS-IS PDU types. vpi n True if the packet is an ATM packet, for SunATM on Solaris, with a virtual path identifier of n. vci n True if the packet is an ATM packet, for SunATM on Solaris, with a virtual channel identifier of n. lane True if the packet is an ATM packet, for SunATM on Solaris, and is an ATM LANE packet. Note that the first lane keyword encountered in expression changes the tests done in the remainder of expression on the assumption that the packet is either a LANE emulated Ethernet packet or a LANE LE Control packet. If lane isn't specified, the tests are done under the assumption that the packet is an LLCencapsulated packet. llc True if the packet is an ATM packet, for SunATM on Solaris, and is an LLCencapsulated packet. oamf4s True if the packet is an ATM packet, for SunATM on Solaris, and is a segment OAM F4 flow cell (VPI=0 & VCI=3). oamf4e True if the packet is an ATM packet, for SunATM on Solaris, and is an end-to-end OAM F4 flow cell (VPI=0 & VCI=4). oamf4 True if the packet is an ATM packet, for SunATM on Solaris, and is a segment or end-to-end OAM F4 flow cell (VPI=0 & (VCI=3 | VCI=4)). oam True if the packet is an ATM packet, for SunATM on Solaris, and is a segment or end-to-end OAM F4 flow cell (VPI=0 & (VCI=3 | VCI=4)). metac True if the packet is an ATM packet, for SunATM on Solaris, and is on a meta signaling circuit (VPI=0 & VCI=1).
435
bcc True if the packet is an ATM packet, for SunATM on Solaris, and is on a broadcast signaling circuit (VPI=0 & VCI=2). sc True if the packet is an ATM packet, for SunATM on Solaris, and is on a signaling circuit (VPI=0 & VCI=5). ilmic True if the packet is an ATM packet, for SunATM on Solaris, and is on an ILMI circuit (VPI=0 & VCI=16). connectmsg True if the packet is an ATM packet, for SunATM on Solaris, and is on a signaling circuit and is a Q.2931 Setup, Call Proceeding, Connect, Connect Ack, Release, or Release Done message. metaconnect True if the packet is an ATM packet, for SunATM on Solaris, and is on a meta signaling circuit and is a Q.2931 Setup, Call Proceeding, Connect, Release, or Release Done message. expr relop expr True if the relation holds, where relop is one of >, <, >=, <=, =, !=, and expr is an arithmetic expression composed of integer constants (expressed in standard C syntax), the normal binary operators [+, -, *, /, &, |, <<, >>], a length operator, and special packet data accessors. To access data inside the packet, use the following syntax: proto [ expr : size ] Proto is one of ether, fddi, tr, wlan, ppp, slip, link, ip, arp, rarp, tcp, udp, icmp or ip6, and indicates the protocol layer for the index operation. (ether, fddi, wlan, tr, ppp, slip and link all refer to the link layer.) Note that tcp, udp and other upperlayer protocol types only apply to IPv4, not IPv6 (this will be fixed in the future). The byte offset, relative to the indicated protocol layer, is given by expr. Size is optional and indicates the number of bytes in the field of interest; it can be either one, two, or four, and defaults to one. The length operator, indicated by the keyword len, gives the length of the packet. For example, èther[0] & 1 != 0' catches all multicast traffic. The expression ìp[0] & 0xf != 5' catches all IP packets with options. The expression ìp[6:2] & 0x1fff = 0' catches only un-fragmented datagrams and frag zero of fragmented
436
datagrams. This check is implicitly applied to the tcp and udp index operations. For instance, tcp[0] always means the first byte of the TCP header, and never means the first byte of an intervening fragment. Some offsets and field values may be expressed as names rather than as numeric values. The following protocol header field offsets are available: icmptype (ICMP type field), icmpcode (ICMP code field), and tcpflags (TCP flags field). The following ICMP type field values are available: icmp-echoreply, icmpunreach, icmp-sourcequench, icmp-redirect, icmp-echo, icmp-routeradvert, icmproutersolicit, icmp-timxceed, icmp-paramprob, icmp-tstamp, icmp-tstampreply, icmp-ireq, icmp-ireqreply, icmp-maskreq, icmp-maskreply. The following TCP flags field values are available: tcp-fin, tcp-syn, tcp-rst, tcppush, tcp-ack, tcp-urg.
437
438
Appendix F: Command Line Interface

This chapter lists and describes the commands that you can use with the Command Line Interface (CLI). Unless noted, the commands herein may also be configured using the WebUI and are referenced accordingly. This chapter is built hierarchically, based on the tree created in the CLI. For a alphabetical listing of commands, see the CLI index. Topics in this chapter include: Getting Started, on page 440 Configuration Commands, on page 452 Configuring Security, on page 748 Technical Information and Trouble Shooting Tools, on page 762
440
A p pe n di x F: Command Line Interface
Getting Started
The following command topics are available: Understanding the CLI Documentation, on page 440 Accessing the CLI, on page 441 Login and Logout Commands, on page 442 Licensing Commands, on page 444 Basic Setup Commands, on page 447 Configuration Settings Commands, on page 448 Customizing the CLI, on page 450
Understanding the CLI Documentation

The Accelerator CLI enables complete configuration of the Accelerator, including basic and advanced configuration via a Command Line Interface (CLI). Use of the CLI is for experts and technicians familiar with CLI configuration that you will see and use with a typical router or switch. Each node is documented separately and the commands within are shown in alphabetical order. Each command node supports specific commands. For example, the by-pass enable command can only be used within the configuration node. Command conventions are displayed in tables as shown:
Command Description Parameters Shows the command as seen in the CLI A description of the command is given. Any parameters with accepted values is listed. In some cases only the command is needed. If this is the case, then the wordsno additional parameters are necessary are displayed. An example with parameters is given. In some cases a screen shot is included. Links to related commands will be listed
Example with Syntax Related Commands
The following conventions are used in examples: The ()# prompt indicates the current command node. For example, the following prompt indicates you are within the global configuration node: Acc1(config)# Non-printing characters, are in angle brackets < >.
G et t i n g Start e d /
441
Accessing the CLI

To access configuration options:
1. Run your terminal-based application, configuring it as follows: Baud rate: 9600 bps Parity: none Data bits: 8 Stop bits: 1 2. Connect to AcceleratorOS Command Line Interface (CLI). Press <Enter> several times until the Accelerator prompt is displayed: accelerator>. 3. Login to the Accelerator
442
Login and Logout Commands

Secure Shell (SSH) is an application program that provides authentication and encryption capabilities for secure Internet communications. This lets you log in to the Accelerator via SSH, if SSH is installed.
To log into the Accelerator via SSH:

In the Accelerators CLI, type the command ssh followed by the Accelerators IP address.
login
Logging into the Accelerator is accomplished in a series of steps. When accessing the Accelerator from the CLI, at the login prompt, enter your user name and password. The default user name is expand (case sensitive), and the default password is Expand (case sensitive).
Command Description Parameters Example Related Commands
lo g i n: Pa s s wo r d
Logs you into the CLI Both login and password are case sensitive
lo g i n: e x pa n d Pa s s wo r d :E x p an d
exit, on page 442
exit
At any point you can use the Exit command to log out of the Accelerator. The Exit command exits each level of the CLI hierarchy one at a time, so you may need to use the Exit command a number of times to leave the Accelerator session.
ex i t
Logs you out of the CLI No additional parameters are necessary
ex i t
login, on page 442
443
Basic CLI Actions

You have to enter only enough characters for the Accelerator to recognize the command as unique, as described in detail below. For example, the following string is enough for the Accelerator to recognize the show startup configuration command: Acc1# show startup config
To get help in a terminal session:

1. You can use the question mark (?) and arrow keys to help you enter commands. 2. For a list of available commands under each command, enter a question mark. For example: Acc1(config)#?
To complete a command:
To complete a command, enter a few known characters followed by a tab. The CLI will fill in the missing letters For example if you type and press the Tab key: Acc1(config)#sh By pressing the Tab key, the CLI will fill in the following: Acc1(config)#show
To get a list of acceptable commands or values:

For a list of command variables, enter the command followed by a space and a question mark for example: Acc1(config)# show?
To re-display a command previously entered:

To re-display a command you previously entered, press the up-arrow key. You can continue to press the up arrow key earlier entered commands.
444
Licensing Commands
Licensing the Accelerator is accomplished by logging into the Accelerator via the enable mode by using the show licensing command, as shown in (config) show licensing, on page 446. This section contains the following commands: (config) (config) (config) (config) (config) activate-license, on page 445 interface link refresh-acceleration, on page 460 licensing server, on page 445 show interface link summary, on page 462 show licensing, on page 446
445
(config) activate-license
You must have a valid license key or file which is supplied to you from Expand Networks<>. If you use a license key copy it from the letter you receive in your email and paste it where shown. If you use a license file, FTP it to the /user_area/ of the Accelerator and note its name.
AC C1 ( co nf i g) # a c ti v at e- l ic en s e [ ke y| f il e]
Activates an Accelerators license via a license key or file. Key - copy the license key (supplied via e-mail) and paste it File - FTP the file and type its name.
AC C1 ( co nf i g) # a c ti v at e- l ic en s e k ey my LI c en Se K eY 39 2
(config) interface link refresh-acceleration, on page 460 (config) licensing server, on page 445 (config) show interface link summary, on page 462 (config) show licensing, on page 446
(config) licensing server

You must be logged into a Virtual Accelerator to be able to use this command. Make sure that you have connected the Dongle to the Licensing Server. All Virtual Accelerators require a connection to the licensing server in order to provide acceleration services. Note that, if for any reason the connection to the licensing server is lost, the license state will default to a grace-period state, requiring you to fix the problem before the grace-period ends. Failure to do so will result in your license being invalidated.
Command Description Parameters
A CC 1( c on f ig )# l ic en s in g s er v er [ I P| Ho s t| a ut od is co v er y |f or c e]
Connects to the Licensing server by the method entered. A.B.C.D type the licensing server IP address WORD type the licensing server hostname auto-discovery the Accelerator will automatically discover the Licensing Server (if it is on the same LAN and connected force forces the licensing mechanism activation
Example Related Commands
A CC 1( c on f ig )# l ic en s in g s er v er 1.1.1.1
(config) activate-license, on page 445 (config) licensing server, on page 445 (config) show interface link summary, on page 462 (config) show licensing, on page 446
446
(config) show licensing

Shows the licensing state of the Accelerator
Command Description Parameters Example with Syntax Related Commands
AC C1 ( co nf i g) # sh ow li ce n si n g
Lets you view the entire details of Accelerators licensing state, such as the licensed features and the maximum possible links. No additional parameters are required.
AC C1 ( co nf i g) # sh ow li ce n si n g
(config) activate-license, on page 445 (config) licensing server, on page 445
A c c2 21 _ 10 (c o nf i g) # s ho w l ic e ns in g D i sp la y w ar n in g s. .. . .. .. . .. . .. .. . .e na b le W a rn in g d ay s .. . .. .. . .. .. . .. . .. .. . .3 0 A l lo ca t ed m a x l in ks . .. .. . .. . .. .. . .3 75 R e qu es t ed m a x l in ks . .. .. . .. . .. .. . .0 M a x po s si bl e l i nk s. . .. .. . .. . .. .. . .4 00
C u rr en t l ic e ns e s ta t e: F e at ur e - - -- -- B a nd wi d th Al l ow an c e I P se c L 7 -Q oS W A FS -F B W A FS -F B D T C P A cc e le ra t io n W e b Ca c hi n g QoS L a st l o ad ed li c en se ke y: L ic e ns e - -- - -- 1 00 Mb p s D i sa bl e d E n ab le d Di s ab l ed Di sa b le d E n ab l ed En a bl ed E na b le d T im e L ef t - -- - -- -- Un li m it e d Un l im i te d Un l im i te d Un l im i te d Un l im it e d U nl i mi te d Un li m it e d U nl i mi te d
447
Basic Setup Commands

The Basic Accelerator CLI Configuration needed to get the Accelerator up and running consists of setting the following parameters: License keyLicensing Commands, on page 444 IP address/subnet maskLocal Interface Commands, on page 454 IP default gateway(local interface) ip default-gateway, on page 456 Hostname(local interface) hostname, on page 455 Deployment(local interface) deployment, on page 454 Link destination(config) interface link, on page 459 and (link) link, on page 481 Link bandwidth(link) bandwidth, on page 466
448
Configuration Settings Commands

The following commands are explained: (config) write, on page 448 (config) show running-config, on page 448
(config) write
ACC1(config)#wr it e
Saves the basic configuration as the startup configuration. [Mandatory] No additional parameters
ACC1(config)#wr it e
(config) show running-config, on page 448
(config) show running-config

ACC1(config)#s ho w r un n in g- c on fi g
Displays the configuration that was set to the Accelerator. This is optional No additional parameters are required.
ACC1(config)#s ho w r un n in g- c on fi g
(config) write,
o n p ag e 4 48
ACC1(config)#s ho w r un n in g- c on f ig
AcceleratorOS, Accelerator 4900 Series Version: v6.1 (0) (Build 5.29) login: expand Password: Expand Version: 7.0.1 accelerator> enable accelerator# configure terminal accelerator(config)# activate-license key ENX1-FUXF-HBJ2K3Y6 License successfully activated. The new License state is: Feature License Time Left
449
------- ------- --------Bandwidth Allowance 45 Mbps Unlimited Last loaded license key: ENX1-FUXF-HBJ2-K3Y6 accelerator(config)# interface local accelerator(local interface)# hostname ACC1 ACC1(local interface)# ip address 10.1.0.6 255.255.0.0 ACC1(local interface)#ip default-gateway 10.1.0.1 ACC1(local interface)#deployment onpath ACC1(local interface)#exit ACC1(config)#wan default ACC1(wan)#bandwidth 256 kbps ACC1(wan)#exit ACC1(config)#interface link ACC1(LINK)#link destination 10.2.0.6 ACC1(LINK)#bandwidth 128 ACC1(LINK)#encapsulation transparent ACC1(LINK)#exit ACC1(config)#write ACC1(config)show running-config
450
Customizing the CLI

You can customize the CLI banner for your viewing pleasure. The standard banner appears as follows: Connected to 10.0.32.99... AcceleratorOS, Accelerator 6800 Series Version 7.0.1 (Build3.53) This section contains the following commands: copy banner, on page 450 (config) banner apply, on page 451
copy banner
You can customize the following fields, which can be displayed as part of the banner: Name, Title, URL, Label, Label LTD., Product Name, Extranet, Product ID, Series, Serial Number, Software Version, Time and Date.
To customize the fields:

1. Create a text file called banner.txt and save it in /user_area by using the CLI command: copy <ftp/scp/tftp/http/sftp> <[path]/banner.txt> 2. In the body of the text file, use the following variables to set the desired values: i i Note: Each variable must be preceded by a $ sign. The default banner is: " $ OE M_ P RO D _N AM E , Ac c el e ra to r $ SE R IE S S er i es $ SO FT W AR E _V ER S IO N ( em p ty - li ne ) $OEM_NAME (for example: expand) $OEM_NAME_TITLE (for example: Expand) $OEM_URL (www.expand.com) $OEM_LABEL (Expand Networks<>) $OEM_LABEL_LTD (Expand Networks LTD.) $OEM_PROD_NAME (AcceleratorOS)
451
$OEM_EXTRANET (extranet.expand.com) $PRODUCT_ID (4820) $SERIES (4800) $SERIAL_NUMBER (0030.0257.0005) $SOFTWARE_VERSION (Version v5.0(7) (Build1.03)) $TIME = hh:mm:ss (24-hour format) $DATE = DD-MMM-YYYY (the day-of-month DD is two-digit number, with leading '0' if needed).
(config) banner apply

ACC1(config)#b an n er a p pl y
Causes the CLI to use the uploaded banner. No additional parameters
ACC1(config)#b an n er a p pl y
copy banner, o n pa g e 4 50
452
Configuration Commands
The following sections are configurable in this section: General Commands, on page 453 Local Interface Commands, on page 454 Link Commands, on page 458 Subnet Commands, on page 504 Alias Commands, on page 507 OSPF Commands, on page 509 Router Polling Commands, on page 514 RIP Commands, on page 517 WCCP Commands, on page 522 SNTP Server Commands, on page 527 DHCP Server Commands, on page 528 DHCP Relay Commands, on page 531 WEB Acceleration Commands, on page 533 HTTP Acceleration Commands, on page 536 TCP Acceleration Commands, on page 572 Keep Alive Commands, on page 579 FTP Acceleration Commands, on page 581 Studying a Subnet Configuration Network, on page 587 Ethernet Statistics Display Commands, on page 588 NetFlow Commands, on page 593 QoS Commands, on page 594 Aggregation Class Commands, on page 617 DNS Acceleration Commands, on page 624 Traffic Encryption Commands, on page 632 ARP Commands, on page 638 Additional Commands, on page 640 Link Commands, on page 646 Expand View Commands, on page 653 SNMP Commands, on page 655 Log Commands, on page 658 Log Archives Commands, on page 665 Configuration Tool Commands, on page 667 Accdump Commands, on page 671 RDP Proxy Commands, on page 676 Mobile Accelerator Commands, on page 680
Co n f ig u r at io n C om m an d s /
453
General Commands
The following commands are explained: enable, on page 453 config, on page 453
enable
To make any configuration changes to your Accelerator, you must be in configuration mode. This section describes how to enter configuration mode while using a terminal or PC that is connected to your router CONSOLE port.
Command Description
ac c el er a to r >e na b le [ M an d at or y ]
Enters enable mode. This is necessary for beginning work with the Accelerator. Once you have entered Enable mode, the prompt at the end of the command line changes from > to # No additional parameters
Parameters Example with Syntax Related Commands
ac c el er a to r > enable
config, on page 453
Enable mode is indicated by the # in the prompt. You can now carry out various operations in the system, such as deleting data, printing and sending messages.
config
To make any configuration changes to your Accelerator, you must be in configuration mode. This section describes how to enter configuration mode while using a terminal or PC that is connected to your router CONSOLE port.
Command Description
ac c 1# co n fi g
Enters enable mode. This is necessary for beginning work with the Accelerator. Once you have entered Enable mode, the prompt at the end of the command line changes from > to # No additional parameters
ac c 1# config
enable,
o n p ag e 4 53
The config mode is indicated by the (config) in the prompt.
454
Local Interface Commands

(local interface) deployment, on page 454 (local interface) hostname, on page 455 (local interface) ip address, on page 455 (local interface) ip address secondary, on page 456 (local interface) ip default-gateway, on page 456 (local interface) routing-strategy, on page 457 (wan) bandwidth, on page 457
(local interface) deployment

ACC1(local interface)#d ep l oy m en t
Set the deployment type to On-Path or On-LAN. Choose the way you want to deploy the Accelerartor. This is dictated by the way you set-up the Accelerator. For information about On Path deployment see, See OnPath, on page 14. For information about On-LAN deployment, see See On-LAN, on page 14. Parameters include: onpath - for On-path deployment onlan - for On-LAN deployment
ACC1(local interface)#deployment[onpath]
(local interface) hostname, on page 455 (local interface) ip address, on page 455 (local interface) ip address secondary, on page 456 (local interface) ip default-gateway, on page 456 (local interface) routing-strategy, on page 457 (wan) bandwidth, on page 457
455
(local interface) hostname

To set the device name:
Enter the command string that is shown in the table below:
Command Description
ACC1(local interface)#h os tn a me
Sets a name for the Accelerator. Changing the hostname will affect the prompt (in the Example, the hostname set is ACC1). The hostname can be up to 60 characters, and cannot contain spaces or special characters. You can also set the hostname from the conf mode. Enter up to a 60 character string with no spaces or special characters.
ACC1(local interface)#h os tn a me [ ACC1]

(local interface) deployment, on page 454 (local interface) ip address, on page 455 (local interface) ip address secondary, on page 456 (local interface) ip default-gateway, on page 456 (local interface) routing-strategy, on page 457 (wan) bandwidth, on page 457
(local interface) ip address

i i Note: When executing the no command for primary IP address, the IP address reverts
to the AcceleratorOS default IP address - 10.0.99.99/24.
Command
A C C1 (l o ca l i nt e rf ac e )# IP ad d re ss x. x. x .x x .x .x . x or A C C1 (l o ca l i nt e rf ac e )# IP ad d re ss x. x. x .x / x
Description
Sets an IP address and subnet mask for the Accelerator. You can add the parameter secondary after the command, to set this IP address as the Accelerators secondary IP address. Valid IP address must be supplied
ACC1(local interface)#IP address 10.0.99.99/24

(local interface) deployment, on page 454 (local interface) hostname, on page 455 (local interface) ip address secondary, on page 456 (local interface) ip default-gateway, on page 456 (local interface) routing-strategy, on page 457 (wan) bandwidth, on page 457
456
(local interface) ip address secondary

ACC1(local interface)#i p a dd r es s x.x.x.x/xx

secondary
Sets a secondary IP for the Accelerator. Valid IP address must be supplied
ACC1(local interface)#IP address 10.0.99.99/22 secondary

(local interface) deployment, on page 454 (local interface) hostname, on page 455 (local interface) ip address, on page 455 (local interface) ip default-gateway, on page 456 (local interface) routing-strategy, on page 457 (wan) bandwidth, on page 457
(local interface) ip default-gateway

AC C1( lo ca l in te rf ac e) # i p d ef au l t- g at ew a y
Sets a default gateway for the Accelerator. Valid IP address must be supplied
AC C1( lo ca l in te rf ac e) # i p d ef au l t- g at ew a y 10.0.99.99/24
(local interface) deployment, on page 454 (local interface) hostname, on page 455 (local interface) ip address, on page 455 (local interface) ip address secondary, on page 456 (local interface) routing-strategy, on page 457 (wan) bandwidth, on page 457
457
(local interface) routing-strategy

Command Description
ACC1(local interface)#r ou t in g- s tr a te gy
Set the routing strategy to On-Path or On-LAN. If you select bridge-route, the Accelerator transfers the packets in Layer-2, regardless of the routing tables. This routing strategy is carried out only in On-Path deployment, on non-link and local traffic. auto for automatic, bridge-route for layer 2 (on-path only) and routing-only for
ACC1(local interface)#r ou t in g- s tr a te gy [ auto]

(local interface) deployment, on page 454 (local interface) hostname, on page 455 (local interface) ip address, on page 455 (local interface) ip address secondary, on page 456 (local interface) ip default-gateway, on page 456 (wan) bandwidth, on page 457
(wan) bandwidth
ACC1(wan)#ba n dw id t h
Set the precise bandwidth (in Kbps) of the WAN. 0 is not a valid bandwidth. A number in Kbps larger than 0 and smaller than 1000000
ACC1(wan)#ba n dw id t h 10000
(local interface) deployment, on page 454 (local interface) hostname, on page 455 (local interface) ip address, on page 455 (local interface) ip address secondary, on page 456 (local interface) ip default-gateway, on page 456 (local interface) routing-strategy, on page 457
458
Link Commands
These commands are link specific commands. If you want to apply global commands on all links, see the specific command within the config menu. Commands within this section include: (config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495
459
(link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
(config) interface link

ACC1(config)#i nt e rf ac e l i nk
Creates a link to the remote Accelerator. No additional parameters necessary.
A CC 1( co nf ig )# interface link 1
(config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
460
(config) interface link refresh-acceleration

A CC 1 (c on f ig ) # in t er fa c e l in k 1 r ef r es h a cc e le ra t io n
Refreshes the interface link. This is necessary when renewing or changing a license. No Additional Parameters Needed
A CC 1 (c on f ig ) # in t er fa c e l in k 1 r ef r es h a cc e le ra t io n
461
(config) interface link template

ACC1(config)# i nt er f ac e l in k t em p la te
Opens the specified template Template number <0-33> is required. Currently only templates 0 and 1 are supported. Template number 0 is the default Accelerator Link template Template number 1 is the default Mobile Accelerator Client Link template
ACC1(config)# i nt er f ac e l in k t em p la te 0
462
(config) show interface link summary

When the Accelerator license has expired, or if the Accelerator was installed but its license was not yet activated, the Accelerators status is Active, meaning: it would pass the data but not accelerate it (Work in pass-through mode). Also, if there is an active license, but the Bandwidth allocation has been exceeded, the Status is displayed as partial, as shown below:
A CC 1 (c on f ig ) # sh o w in t er f ac e l in k s um m ar y
Shows the status of all interfaces. No Additional Parameters Needed
A CC 1 (c on f ig ) # sh o w in t er f ac e l in k s um m ar y
463
ACC1(config)# show interface link summary Destination IP Address 28.0.214.6 28.0.224.6 N/A
Link 1 2 non
Description L-28.0.214.6 L-28.0.224.6 non-link
Bandwidth 2000 6000 100000
Link Status N/A |active N/A|partial N/A |active
Once you have Renewed or updated the license, you will need to refresh the link in order to start Accelerating on it. See (config) interface link refresh-acceleration, on page 460.
464
(link) acceleration
ACC1(LINK)# a cc e le ra t io n
Enables or disables acceleration on the specified link. Enable to enable Disable to disable.
ACC1(LINK)# a cc e le ra t io n enable
465
(link) aggregation auto

ACC1(LINK)# a gg re g at io n a u to <n u mb er |p o st |
d i sa b le >
Enables or disables aggregation on a specified link. Choose one of the following parameters: For a specific aggregation value, enter a packet size (68-2500) To allow the Accelerator to define and adjust accordingly, do not enter a value To open the Post Acceleration Aggregation menu, use the Post parameter To disable aggregation on this link, type disable.
ACC1(LINK)# a gg re g at io n auto 230

466
(link) bandwidth
ACC1(LINK)# b an d wi dt h < n um be r >

Sets the bandwidth limit for the specified link. Enter the bandwidth amount (1 - 1000000).
ACC1(LINK)# b an d wi dt h 2000
467
(link) bandwidth adjust

ACC1(LINK)# b an dw i dt h a dj u st
Opens the bandwidth adjust node. No additional parameters necessary
ACC1(LINK)# b an dw i dt h adjust
468
(link) bandwidth unlimited

ACC1(LINK)# b an d wi dt h u n li mi t ed i n bo u nd
Allocates unlimited inbound bandwidth on the specified link. No additional parameters necessary
ACC1(LINK)# b an d wi dt h unlimited inbound

469
(link) cancel
ACC1(LINK)# c an ce l
Exits the Link node and moves to the parent node. No additional parameters necessary
ACC1(LINK)# c an ce l
470
(link) checksum
ACC1(LINK)# c he c ks um <e n ab le |d is a bl e >

Enables or disables checksum Enable to enable, Disable to disable
ACC1(LINK)# c he c ks um enable
471
(link) clear counters

ACC1(LINK)# c le ar co un t er s
Clears the traffic counters on the specified link. There is no confirm. No additional parameters necessary.
ACC1(LINK)# c le ar co un t er s
472
(link) crypto
ACC1(LINK)# c ry p to
Opens the IP Sec node. Requires an IPsec License. No additional parameters necessary.
ACC1(LINK)# c ry p to
Crypto Commands, on page 503 for the Crypto node commands (config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
473
(link) description
ACC1(LINK)# d es cr i pt io n
Gives a description for the link. Provide a description that contains no spaces or special characters
ACC1(LINK)# d es cr i pt io n link_to_branch_office
474
(link) encapsulation
ACC1(LINK)# en ca p su la t io n <i p- c om p |t ra n sp ar e nt |
ud p >
Sets the type of encapsulation that is to be done on the specific link. Choose from one of the following: IP-comp Transparent UDP
ACC1(LINK)# e nc a ps ul a ti o n ud p
475
(link) encapsulation transparent

i i Note: Encapsulation settings can be asymmetric. This means that you can set one Accelerator to Router Transparency while setting the other Accelerator to IPComp in the opposite direction. This is useful when RTM mode is desired and one of the Accelerators is On-LAN and the other is On-Path. However, IPCOMP encapsulation will not function if the IPCOMP protocol is blocked by a firewall. Therefore, ensure that the IPCOMP protocol is not blocked before selecting either IPCOMP or RTM encapsulation. Note: Once the link parameters have been modified, saving the parameters requires you to exit the link mode. If after changing the requested parameters you press Cancel instead of Exit, the parameters are not saved
i i
476
ACC1(link)#e nc a ps ul a ti o n tr a ns pa r en t
[ O pt io n al ]
Sets the link to work in router transparent mode. This setting is optional No additional parameters
ACC1(link)#e nc a ps ul a ti o n tr a ns pa r en t
477
(link) exit
ACC1(LINK)# e xi t
Exits the Link node and goes to the parent node. No additional parameters necessary.
ACC1(LINK)# e xi t
478
(link) fragmentation
ACC1(LINK)# f ra g me nt a ti o n <d i sa bl e | a ut o>

Enables or disables fragmentation on a specific link To set fragmentation, use the auto command, followed by a packet size (68-6000) if you want to set a specific packet size or click enter if you want the Accelerator to decide. To disable fragmentation type disable and click Enter.
ACC1(LINK)# f ra g me nt a ti o n auto 900

479
(link) header
ACC1(LINK)# h ea de r < co m pr e ss io n | p r es e rv at i on >

Enables or disables either header compression or preservation. Use one of the above choices (compression or preservation), followed by enable to enable, or disable to disable.
ACC1(LINK)# h ea de r compression enable

480
(link) keepalive dialer

ACC1(LINK)# k ee p al iv e d i al er
Creates a keepalive value for a specified link. Enter an acceptable keepalive value in seconds (3-86400).
ACC1(LINK)# k ee p al iv e d i al er 10000
481
(link) link
ACC1(LINK)# l in k < de st i na t io n| s er vi c e| s ou rc e >

Sets the links source, destination, and service parameters Enter one/all of the following parameters Destination +IP address for the link destination IP Service + tos + tos value (0-255) to update the link service ToS Source + IP address for the link source IP address
ACC1(LINK)# l in k service tos 20 ACC1(LINK)# l in k source 1.1.1.1

482
(link) metric
ACC1(LINK)# l in k m et r ic <n um b er >

Sets the Metrics for the specified link. Enter the links metric value (11-10000)
ACC1(LINK)# m et r ic 100
483
(link) mss
ACC1(LINK)# l in k m ss < n um b er | au to |n o ne >

Sets the MSS value for the specified link Enter one/all of the following parameters: A specific packet size (68-6000) auto - to allow the Accelerator to decide automatically none - to have MSS be disabled
ACC1(LINK)# m ss auto
484
(link) mtu
ACC1(LINK)# m tu <n um b er >

Sets the links mean transmission unit value Enter the packet size (68-6000)
ACC1(LINK)# m tu 100
485
(link) no
ACC1(LINK)# n o <c o mm an d >

Negates any set command. No + the command you want to negate
ACC1(LINK)# n o mtu
486
(link) ping
ACC1(LINK)# p in g < de s ti n at io n >

Sends a ping to a specific destination Enter a valid IP address of the destination.
ACC1(LINK)# p in g 1.1.1.1
487
(link) priority
ACC1(LINK)# p ri or i ty < m ax - ql en | ob so l et e |w ei g ht s>

Sets priority flags for the specific link Enter one of the following: max-qlen+auto max-qlen+discard+prioroty value (0-1000000) obsolete+auto obsolete+discard+prioroty value (0-1000000) weights+auto weights+discard+priority value (0-1000000)
Example with Syntax
ACC1(LINK)# p ri or i ty max-qlen discard 500 ACC1(LINK)# p ri or i ty obsolete auto ACC1(LINK)# p ri or i ty weights discard 800
Related Commands
488
(link) remote-unique-id
ACC1(LINK)# r em o te -u n iq u e- id <I D>

Sets the ID for the remote site Enter a valid 27 character ID string.
ACC1(LINK)# r em o te -u n iq u e- id 7a 6b 9 -c 4 5r 56 - b9 j2 3 56 3 0- 63
489
(link) show
ACC1(LINK)# s ho w
Shows the current configuration of the specific link No additional parameters necessary.
ACC1(LINK)# s ho w
490
(link) subnet
ACC1(LINK)# s ub n et < a dd |e xc l ud e>

Adds or excludes a specific subnet to the specific link Use one of the following parameters: add - requires the IP address and or subnet mask of the subnet exclude - requires the IP address and or the subnet mask of the subnet
ACC1(LINK)# s ub n et a d d 1.1.1.1
491
(link) system encapsulation

ACC1(LINK)# s ys t em en c ap su l at i on <a u to | i p- c om p
| ud p >
Sets the system encapsulation type. Use one of the following parameters: auto - the Accelerator will decide ip-comp - IP-comp encapsulation udp - UDP encapsulation
ACC1(LINK)# s ys te m e nc a ps u la ti o n udp
492
(link) system udp-destination-port

ACC1(LINK)# s ys t em u d p- d es ti n at io n -p o rt < n um be r >

Sets the systems UDP destination port Enter a valid port number (1-65535)
ACC1(LINK)# s ys t em u d p- d es ti n at io n -p o rt 422
493
(link) system udp-source-port

ACC1(LINK)# s ys te m u dp - so u rc e- p or t < nu m be r>

Sets the systems UDP source port Enter a valid port number (1-65535)
ACC1(LINK)# s ys te m u dp - so u rc e- p or t 222
494
(link) tcp-acceleration
ACC1(LINK)# t cp - ac ce l er a ti on
Opens the TCP acceleration node No additional parameters are necessary
ACC1(LINK)# t cp - ac ce l er a ti on
TCP Acceleration Commands, on page 572, for commands within the TCP acceleration node (config) interface link, on page 459 (config) interface link refresh-acceleration, on page 460 (config) interface link template, on page 461 (config) show interface link summary, on page 462 (link) acceleration, on page 464 (link) aggregation auto, on page 465 (link) bandwidth, on page 466 (link) bandwidth adjust, on page 467 (link) cancel, on page 469 (link) checksum, on page 470 (link) clear counters, on page 471 (link) crypto, on page 472 (link) description, on page 473 (link) encapsulation, on page 474 (link) encapsulation transparent, on page 475 (link) exit, on page 477 (link) fragmentation, on page 478 (link) header, on page 479 (link) keepalive dialer, on page 480 (link) link, on page 481 (link) metric, on page 482 (link) mss, on page 483 (link) mtu, on page 484 (link) no, on page 485 (link) ping, on page 486 (link) priority, on page 487 (link) remote-unique-id, on page 488 (link) show, on page 489 (link) subnet, on page 490 (link) system encapsulation, on page 491 (link) system udp-destination-port, on page 492 (link) system udp-source-port, on page 493 (link) tcp-acceleration, on page 494 (link) traffic-gauge, on page 495 (link) udp-destination-port, on page 496 (link) udp-source-port, on page 497 (link) wan-id, on page 498
495
(link) traffic-gauge
ACC1(LINK)# t ra ff i c- ga u ge <e na b le |d i sa b le >

Sets the traffic gauge for the specific link Enable to enable, disable to disable
ACC1(LINK)# t ra ff i c- ga u ge en ab l e
496
(link) udp-destination-port
ACC1(LINK)# u dp - de st i na t io n- p or t < nu m be r>

Sets the links UDP destination port Enter a valid port number (1-65535)
ACC1(LINK)# u dp - de st i na t io n- p or t 422
497
(link) udp-source-port
ACC1(LINK)# u dp -s o ur ce - po r t <n u mb er >

Sets the links UDP source port Enter a valid port number (1-65535)
ACC1(LINK)# u dp -s o ur ce - po r t 222
498
(link) wan-id
ACC1(LINK)# w an - id < n um b er | d ef au l t>

Sets the links WAN ID Use one of the following parameters: For a non-default ID, enter a valid ID number (1-5) For the default WAN ID, enter default
ACC1(LINK)# w an - id default ACC1(LINK)# w an - id 3

499
Bandwidth Adjust Commands

This section includes the following commands: (BW-ADJ) (BW-ADJ) (BW-ADJ) (BW-ADJ) (BW-ADJ) (BW-ADJ) (BW-ADJ) (BW-ADJ) (BW-ADJ) adjust, on page 499 decrease interval, on page 499 decrease rate, on page 500 exit, on page 500 increase interval, on page 501 increase rate, on page 501 minimal-bandwidth, on page 502 no, on page 502 show, on page 502
(BW-ADJ) adjust
ACC1(BW-ADJ)# a dj us t <e na b le |d is a bl e>

Enables or disables bandwidth adjustment Enable to enable, Disable to disable
ACC1(BW-ADJ)# a dj us t enable
(link) bandwidth adjust, on page 467 (BW-ADJ) adjust, on page 499 (BW-ADJ) decrease interval, on page 499 (BW-ADJ) decrease rate, on page 500 (BW-ADJ) exit, on page 500 (BW-ADJ) increase interval, on page 501 (BW-ADJ) increase rate, on page 501 (BW-ADJ) minimal-bandwidth, on page 502 (BW-ADJ) no, on page 502 (BW-ADJ) show, on page 502
(BW-ADJ) decrease interval

ACC1(BW-ADJ)# d ec re a se i n te r va l < nu mb e r>

Decreases bandwidth adjustment over a specific interval of time for a specific link. Enter the interval in seconds (1-20)
ACC1(BW-ADJ)# d ec re a se i n te r va l 10
500
A p pe n di x F: Command Line Interface Related Commands (link) bandwidth adjust, on page 467 (BW-ADJ) adjust, on page 499 (BW-ADJ) decrease interval, on page 499 (BW-ADJ) decrease rate, on page 500 (BW-ADJ) exit, on page 500 (BW-ADJ) increase interval, on page 501 (BW-ADJ) increase rate, on page 501 (BW-ADJ) minimal-bandwidth, on page 502 (BW-ADJ) no, on page 502 (BW-ADJ) show, on page 502
(BW-ADJ) decrease rate

ACC1(BW-ADJ)# d ec r ea se ra te <n u mb er | fi r st >

Decreases bandwidth on a specified link to a specified percentage. Enter the percentage (1-20%). If you want to have a first decrease rate, enter first and then a percentage (1-50%). The accepted percentage is higher for the first decrease rate.
ACC1(BW-ADJ)# d ec r ea se ra te 10
(BW-ADJ) exit
ACC1(BW-ADJ)# e xi t
Exits the Bandwidth Adjust node and goes to the parent node No Additional parameters are necessary.
ACC1(BW-ADJ)# e xi t
Co n f ig u r at io n C om m an d s / Related Commands (link) bandwidth adjust, on page 467 (BW-ADJ) adjust, on page 499 (BW-ADJ) decrease interval, on page 499 (BW-ADJ) decrease rate, on page 500 (BW-ADJ) exit, on page 500 (BW-ADJ) increase interval, on page 501 (BW-ADJ) increase rate, on page 501 (BW-ADJ) minimal-bandwidth, on page 502 (BW-ADJ) no, on page 502 (BW-ADJ) show, on page 502
501
(BW-ADJ) increase interval

ACC1(BW-ADJ)# i nc re a se i n te r va l < nu mb e r>

Increases bandwidth adjustment over a specific interval of time for a specific link. Enter the interval in seconds (1-20)
ACC1(BW-ADJ)# i nc re a se i n te r va l 10
(BW-ADJ) increase rate

ACC1(BW-ADJ)# i nc re a se r a te <n um b er >

Increases bandwidth on a specified link to a specified percentage. Enter the percentage (1-50%).
ACC1(BW-ADJ)# i nc re a se r a te 10
502
(BW-ADJ) minimal-bandwidth
ACC1(BW-ADJ)# m in i ma l- b an dw i dt h < nu m be r>

Configures the minimal bandwidth percentage Enter the percentage (5-95%). This number should be lower than the bandwidth limit.
ACC1(BW-ADJ)# m in i ma l- b an dw i dt h 10
(BW-ADJ) no
ACC1(BW-ADJ)# n o < pa ra m et er >

Negates a command, or resets the parameter to its default setting. Enter the parameter you want to negate.
ACC1(BW-ADJ)# n o increase rate

(BW-ADJ) show
ACC1(BW-ADJ)# s ho w < pa r am et e r>

Shows the current settings for the specified parameter. Enter the parameter whose settings you want to view.
Co n f ig u r at io n C om m an d s / Example with Syntax Related Commands
503
ACC1(BW-ADJ)# s ho w increase rate

Crypto Commands
This section covers the following commands:
504
Subnet Commands
This section describes subnet configuration and management. The section includes the following commands: (link) link source, on page 504 (link) subnet exclude, on page 504 (subnets) advertise, on page 505 (subnets) advertise, on page 505 (subnets) no network, on page 505 (subnets) show, on page 506
(link) link source

ACC1(link)#li n k s ou rc e [ pr i ma r y] [ x .x .x . x]
This command lets you define a link source. The valid link source IPs are as follows: Primary IP, Secondary IP, VLAN IP, HSRP IP and VRRP IP. Use only a valid IP addresses
ACC1(link)#li n k s o ur c e [ pr i ma r y] [ 10.0.99.99]
(link) subnet exclude, on page 504 (subnets) advertise, on page 505 (subnets) advertise, on page 505 (subnets) no network, on page 505 (subnets) show, on page 506
(link) subnet exclude

ACC1(LINK)#s ub n et e x cl ud e x . x. x. x x .x . x. x
Excludes the subnet from the interface. Enter the IP address od the subnet
ACC1(LINK)subnet exclude 10.0.99.99

(link) link source, on page 504 (subnets) advertise, on page 505 (subnets) advertise, on page 505 (subnets) no network, on page 505 (subnets) show, on page 506
505
(subnets) advertise
ACC1(SUBNETS)#a d ve rt i se or n o t- ad v er t is e
x. x. x .x x. x. x .x | me t ri c [ number]
Sets the subnet to be advertised or not advertised (can optionally add the subnet mask). Adds a metric value to the subnet. Choose advertise to advertise the subnet and not-advertise to not advertise it.
ACC1(SUBNETS)#advertise 10.0.99.99/24 | metric [ 10]

(link) link source, on page 504 (link) subnet exclude, on page 504 (subnets) advertise, on page 505 (subnets) no network, on page 505 (subnets) show, on page 506
(subnets) network
ACC1(SUBNETS)#ne tw o rk
Adds a subnet Enter a valid IP address for the subnet, followed by the subnet mask.
ACC1(SUBNETS)#ne tw o rk 125.125.2.5 101.120.15.2

(link) link source, on page 504 (link) subnet exclude, on page 504 (subnets) advertise, on page 505 (subnets) no network, on page 505 (subnets) show, on page 506
(subnets) no network
ACC1(SUBNETS)#n o n et w or k x .x . x. x
Deletes the subnet (can optionally add the subnet mask). Enter the IP address of the subnet
ACC1(SUBNETS)#n o n et w or k 10.0.99.99
(link) link source, on page 504 (link) subnet exclude, on page 504 (subnets) advertise, on page 505 (subnets) advertise, on page 505 (subnets) show, on page 506
506
(subnets) show
ACC1(SUBNETS)#s ho w
Displays the configured subnet. No additional parameters
ACC1(SUBNETS)#s ho w
(link) link source, on page 504 (link) subnet exclude, on page 504 (subnets) advertise, on page 505 (subnets) advertise, on page 505 (subnets) no network, on page 505
507
Alias Commands
Displays and manages virtual server aliasing. The following commands are available: alias alias alias alias alias show, on page 507 set, on page 507 map, on page 508 map add, on page 508 map delete, on page 508
alias show
Displays alias information and manages prefix/suffix for exported names.
{hostname}:filecontroller0#alias [show]
Shows alias information No additional parameters
{hostname}:filecontroller0#alias [show]
alias set, on page 507 alias map, on page 508 alias map add, on page 508 alias map delete, on page 508
alias set
Command
{hostname}:filecontroller0#alias set/delete prefix {prefix}

Changes/removes prefix for all exported aliases. No additional parameters
Description Parameters Example with Syntax Related Commands
{hostname}:filecontroller0#alias set/delete prefix {prefix}

alias show, on page 507 alias map, on page 508 alias map add, on page 508 alias map delete, on page 508
508
alias map
{hostname}:filecontroller0#alias map [list]

Shows virtual servers alias information No additional parameters
{hostname}:filecontroller0#alias map [list]

alias show, on page 507 alias set, on page 507 alias map add, on page 508 alias map delete, on page 508
alias map add

Command
{hostname}:filecontroller0#alias map add {VSERVER} {ALIAS}

Adds an alias to a virtual server. If you are enabling WAFS transparency, do not add an Alias. No additional parameters
{hostname}:filecontroller0#alias map add {VSERVER} {ALIAS}

alias show, on page 507 alias set, on page 507 alias map, on page 508 alias map delete, on page 508
alias map delete

Command
{hostname}:filecontroller0#alias map delete {ALIAS}

Deletes a virtual server alias. No additional parameters
{hostname}:filecontroller0#alias map delete {ALIAS}

alias show, on page 507 alias set, on page 507 alias map, on page 508 alias map add, on page 508
509
OSPF Commands
The following commands are available: (config-ospf) (config-ospf) (config-ospf) (config-ospf) (config-ospf) (config-ospf) (config-ospf) (config-ospf) area number, on page 509 authentication-key string, on page 510 authentication-mode enable, on page 510 high locality-metric, on page 511 neighbor, on page 511 network (ip address), on page 512 ospf-mode enable, on page 512 show, on page 513
(config-ospf) area number

ACC1(config-ospf)#a r ea n u mb e r or (x.x.x.x)
Sets the Area ID for the OSPF group, either as a decimal value or in IP address format Enter a valid IP address or area ID
ACC1(config-ospf)# 120.129.23.3
(config-ospf) authentication-key string, on page 510 (config-ospf) authentication-mode enable, on page 510 (config-ospf) high locality-metric, on page 511 (config-ospf) neighbor, on page 511 (config-ospf) network (ip address), on page 512 (config-ospf) ospf-mode enable, on page 512 (config-ospf) show, on page 513
510
(config-ospf) authentication-key string

A CC 1( con fi g- os pf )# a u th en t ic at i on - ke y s tr in g
Sets a non-encrypted authentication password for the Accelerator. No additional parameters
A CC 1( con fi g- os pf )# a u th en t ic at i on - ke y s tr in g
(config-ospf) area number, on page 509 (config-ospf) authentication-mode enable, on page 510 (config-ospf) high locality-metric, on page 511 (config-ospf) neighbor, on page 511 (config-ospf) network (ip address), on page 512 (config-ospf) ospf-mode enable, on page 512 (config-ospf) show, on page 513
(config-ospf) authentication-mode enable

ACC1(config-ospf)# a ut he n ti c at io n -m od e e n ab le /
d is a bl e /M D5
Sets the Accelerator to require a password to work with other OSPF devices. Authentication mode enables MD5 encrypted authentication. Enable to enable, disable to disable, MD5 to enable MD5 encrypted authentication
ACC1(config-ospf)# a ut he n ti c at io n -m od e e n ab le
(config-ospf) area number, on page 509 (config-ospf) authentication-key string, on page 510 (config-ospf) high locality-metric, on page 511 (config-ospf) neighbor, on page 511 (config-ospf) network (ip address), on page 512 (config-ospf) ospf-mode enable, on page 512 (config-ospf) show, on page 513
511
(config-ospf) high locality-metric

ACC1(config-ospf)# h ig h l o ca li t y- me t ri c [ number] l ow lo c al it y -m et r ic [ number]

These two different commands determine a range of subnets to be advertised. If a subnet is between the high value and the low value, it should be advertised Enter a high locality metric and a low locality metric. Make sure that the high locality metric is a larger number then the low.
ACC1(config-ospf)# h ig h l o ca li t y- me t ri c [ 10] l o w l oc al i ty -m e tr i c [ 5]
(config-ospf) area number, on page 509 (config-ospf) authentication-key string, on page 510 (config-ospf) authentication-mode enable, on page 510 (config-ospf) neighbor, on page 511 (config-ospf) network (ip address), on page 512 (config-ospf) ospf-mode enable, on page 512 (config-ospf) show, on page 513
(config-ospf) neighbor
AC C1 (c on fi g-o sp f) # ne i gh b or x . x. x. x
Defines an OSPF neighbor for the Accelerator via the IP address. Enter a valid IP address
AA CC 1( co nf ig- os pf )# n e ig hb o r 1 00 .1 0 0. 10 . 3
(config-ospf) area number, on page 509 (config-ospf) authentication-key string, on page 510 (config-ospf) authentication-mode enable, on page 510 (config-ospf) high locality-metric, on page 511 (config-ospf) network (ip address), on page 512 (config-ospf) ospf-mode enable, on page 512 (config-ospf) show, on page 513
512
(config-ospf) network (ip address)

A CC 1( con fi g- os pf )# network ( ip a d dr e ss )
x .x . x. x ( su bn e t m as k) x. x. x .x
Sets the networks that the Accelerator broadcasts to its OSPF neighbors. Enter a valid IP address
A CC 1( con fi g- os pf )# network (ip ad dress) 100 .100.5 0.5

(config-ospf) area number, on page 509 (config-ospf) authentication-key string, on page 510 (config-ospf) authentication-mode enable, on page 510 (config-ospf) high locality-metric, on page 511 (config-ospf) neighbor, on page 511 (config-ospf) ospf-mode enable, on page 512 (config-ospf) show, on page 513
(config-ospf) ospf-mode enable

Command
ACC1(config)#ro u te r o sp f AC C1 (c on fi g- os pf )# ospf-mode
Enables OSPF on the Accelerator enable to enable, disable to disable.
ACC1(config)#ro u te r o sp f AC C1 (c on fi g- os pf )# ospf-mode enable

(config-ospf) area number, on page 509 (config-ospf) authentication-key string, on page 510 (config-ospf) authentication-mode enable, on page 510 (config-ospf) high locality-metric, on page 511 (config-ospf) neighbor, on page 511 (config-ospf) network (ip address), on page 512 (config-ospf) show, on page 513
513
(config-ospf) show
A CC 1( co nf ig -o sp f) # sh ow
Displays OSPF settings. No additional parameters
A CC 1( co nf ig -o sp f) # sh ow
(config-ospf) area number, on page 509 (config-ospf) authentication-key string, on page 510 (config-ospf) authentication-mode enable, on page 510 (config-ospf) high locality-metric, on page 511 (config-ospf) neighbor, on page 511 (config-ospf) network (ip address), on page 512 (config-ospf) ospf-mode enable, on page 512
514
Router Polling Commands

The following options are available: (config) router-polling, on page 514 (router-polling) router-polling enable, on page 514 (router-polling) poll [protocol name(s)], on page 515 (router-polling) polling-interval, on page 515 (router-polling) router ip, on page 515 (router-polling) snmp version, on page 516 (router-polling) snmp community, on page 516
(config) router-polling
ACC1(config)# r o u t e r - p o ll i n g
Opens the Router-polling node. No additional parameters
AC C1 (c on fi g) # ro ut e r- p ol li n g
(router-polling) router-polling enable, on page 514 (router-polling) poll [protocol name(s)], on page 515 (router-polling) polling-interval, on page 515 (router-polling) router ip, on page 515 (router-polling) snmp version, on page 516 (router-polling) snmp community, on page 516
(router-polling) router-polling enable

ACC1(router-polling)# r ou t er -p o ll i ng [e n ab le |
di sa b le ]
Enables / disables router-polling. Enable to enable, disable to disables
ACC 1( co nf ig )# r o ut er - po ll i ng en ab l e
(config) router-polling, on page 514 (router-polling) poll [protocol name(s)], on page 515 (router-polling) polling-interval, on page 515 (router-polling) router ip, on page 515 (router-polling) snmp version, on page 516 (router-polling) snmp community, on page 516
515
(router-polling) poll [protocol name(s)]

ACC1(router-polling)#p o ll [protocol name(s)]

Lists the protocols that can be polled. Enter a specific protocol name
AC C1 (r ou te r- po ll ing )# p ol l [ p ro t o c o l n a me ( s )]
(config) router-polling, on page 514 (router-polling) router-polling enable, on page 514 (router-polling) polling-interval, on page 515 (router-polling) router ip, on page 515 (router-polling) snmp version, on page 516 (router-polling) snmp community, on page 516
(router-polling) polling-interval
ACC1(router-polling)#p ol l in g- i nt e rv al
Sets the frequency with which the router is polled (in seconds). Default is 180 seconds Enter a frequency in seconds
A CC 1( ro ut er -p ol li ng )# po ll i ng - in te r va l 1 80
(config) router-polling, on page 514 (router-polling) router-polling enable, on page 514 (router-polling) poll [protocol name(s)], on page 515 (router-polling) router ip, on page 515 (router-polling) snmp version, on page 516 (router-polling) snmp community, on page 516
(router-polling) router ip
ACC1(router-polling)# ro ut e r ip ( x.x.x.x)
Sets the IP address of the router to be polled. Enter a valid IP address
AC C1 (r ou te r- po ll in g) # ro ut e r ip ( 1 0 0 . 1 0 0 . 5 0 . 5 )
(config) router-polling, on page 514 (router-polling) router-polling enable, on page 514 (router-polling) poll [protocol name(s)], on page 515 (router-polling) polling-interval, on page 515 (router-polling) snmp version, on page 516 (router-polling) snmp community, on page 516
516
(router-polling) snmp version

ACC1(router-polling)#s n mp v e rs i on [ 1 | 2 c ]
Sets the SNMP version to be used for polling the router. Enter the SNMP version either 1 or 2c
AC C1 (r ou te r-p ol li ng )# sn m p v er si o n [1 ]
(config) router-polling, on page 514 (router-polling) router-polling enable, on page 514 (router-polling) poll [protocol name(s)], on page 515 (router-polling) polling-interval, on page 515 (router-polling) router ip, on page 515 (router-polling) snmp community, on page 516
(router-polling) snmp community

ACC1(router-polling)#s nm p c om m un it y [ name]
Sets the SNMP community to be used for polling the router. Enter the name of the SNMP community
A CC 1( ro ut er -p ol li ng )# po ll i ng -i n te r va l 1 80
(config) router-polling, on page 514 (router-polling) router-polling enable, on page 514 (router-polling) poll [protocol name(s)], on page 515 (router-polling) polling-interval, on page 515 (router-polling) router ip, on page 515 (router-polling) snmp version, on page 516
517
RIP Commands
The following commands are available: (config) router rip, on page 517 (config-rip) authentication-mode enable, on page 518 (config-rip) authentication-key string, on page 518 (config-rip) network, on page 520 (config-rip) neighbor, on page 518 (config-rip) passive-mode enable, on page 520 (config-rip) rip-mode enable, on page 521 (config-rip) show, on page 521
(config) router rip

ACC1(config)#r ou t er r i p
Enters the RIP node No additional parameters necessary
ACC1(config)#r ou t er r i p
(config) router rip, on page 517 (config-rip) authentication-mode enable, on page 518 (config-rip) authentication-key string, on page 518 (config-rip) network, on page 520 (config-rip) neighbor, on page 518 (config-rip) passive-mode enable, on page 520 (config-rip) rip-mode enable, on page 521 (config-rip) show, on page 521
518
(config-rip) authentication-key string

ACC1(config-rip)# a ut he n ti ca t io n -k ey string
Sets a non-encrypted authentication password for the Accelerator. Enter the name of the authentication key
A CC 1( co nf ig -r ip) # a ut he n ti ca t io n -k ey st ri ng
(config-rip) authentication-mode enable

ACC1(config-rip)# a ut h en ti c at i on -m o de e n ab l e/
d i sa bl e /M D 5
Sets the Accelerator to need a password to work with other RIP devices. authentication mode enables MD5 encrypted authentication. Enable to enable, disable to disable
A CC 1( co nf ig -r ip )# a ut h en ti c at io n -m o de e n ab le
(config-rip) neighbor
ACC1(config-rip)# n ei g hb or x. x. x .x
Defines a RIP neighbor for the Accelerator via the IP address. Enter a valid IP address
ACC1(config-rip)# n ei g hb or x. x. x .x
Co n f ig u r at io n C om m an d s / Related Commands (config) router rip, on page 517 (config-rip) authentication-mode enable, on page 518 (config-rip) authentication-key string, on page 518 (config-rip) network, on page 520 (config-rip) neighbor, on page 518 (config-rip) passive-mode enable, on page 520 (config-rip) rip-mode enable, on page 521 (config-rip) show, on page 521
519
520
(config-rip) network
AC C1 (c on fi g- ri p) # ne tw o rk ( i p a d d r e s s ) x . x. x . x ( s u b n e t m a s k ) x. x . x . x
Sets the networks that the Accelerator broadcasts to its RIP neighbors. Enter a valid IP address and subnet mask
AC C1 (c on fi g- ri p) # network ( i p a d d r e s s ) x . x . x . x ( s u b n e t m a s k ) x. x . x . x
(config-rip) passive-mode enable

ACC1(config-rip)# pa s si v e- mo d e [e n ab le |
d is a bl e]
Sets RIP to work in Passive mode. Enable to enable, Disable to disable
ACC1(config-rip)# pa s si v e- mo d e en a bl e
521
(config-rip) rip-mode enable

ACC1(config-rip)#r ip -m o de en a bl e /d is a bl e
Enables RIP on the Accelerator Enable to enable, disable to disable
ACC1(config)#r ou te r r i p A CC 1( co nf ig -ri p) # rip-mode en a bl e

(config) router rip, on page 517 (config-rip) authentication-mode enable, on page 518 (config-rip) authentication-key string, on page 518 (config-rip) network, on page 520 (config-rip) neighbor, on page 518 (config-rip) passive-mode enable, on page 520 (config-rip) show, on page 521
(config-rip) show
ACC1(config-rip)# s h ow
Displays RIP settings No additional parameters required
ACC1(config-rip)# s h ow
(config) router rip, on page 517 (config-rip) authentication-mode enable, on page 518 (config-rip) authentication-key string, on page 518 (config-rip) network, on page 520 (config-rip) neighbor, on page 518 (config-rip) passive-mode enable, on page 520 (config-rip) rip-mode enable, on page 521
522
WCCP Commands
The following options are available: (config) packet-interception wccp, on page 522 (packet interception WCCP) authentication, on page 523 (packet interception WCCP) priority, on page 523 (packet interception WCCP) router-ip, on page 524 (packet interception WCCP) show, on page 524 (packet interception WCCP) tcp-service id, on page 525 (packet interception WCCP) udp-service id, on page 526 (packet interception WCCP) wccp-mode, on page 526
(config) packet-interception wccp

Note that if you have multiple Accelerators deployed on your network the same WCCP services should be enabled on each appliance.
ACC1(config)#p a ck et - in te r ce p ti on wc cp
Enters the WCCP configuration node. No additional parameters required
ACC1(config)#p a ck et - in te r ce p ti on wc cp
(packet interception WCCP) authentication, on page 523 (packet interception WCCP) priority, on page 523 (packet interception WCCP) router-ip, on page 524 (packet interception WCCP) show, on page 524 (packet interception WCCP) tcp-service id, on page 525 (packet interception WCCP) udp-service id, on page 526 (packet interception WCCP) wccp-mode, on page 526
523
(packet interception WCCP) authentication

ACC1(packet interception WCCP)#a ut h en t ic at i on

[n o ne | pa ss w or d word]
Sets a password for WCCP authentication. None for no password, or enter a password string.
ACC1(packet interception WCCP)#a ut h en t ic at i on

pa s sw or d E xp a nd
(config) packet-interception wccp, on page 522 (packet interception WCCP) priority, on page 523 (packet interception WCCP) router-ip, on page 524 (packet interception WCCP) show, on page 524 (packet interception WCCP) tcp-service id, on page 525 (packet interception WCCP) udp-service id, on page 526 (packet interception WCCP) wccp-mode, on page 526
(packet interception WCCP) priority

ACC1(packet interception WCCP)#p r io r it y [0-254]

Sets the WCCP priority. Enter a number from 0-254
ACC1(packet interception WCCP)#p r io r it y 1

(config) packet-interception wccp, on page 522 (packet interception WCCP) authentication, on page 523 (packet interception WCCP) router-ip, on page 524 (packet interception WCCP) show, on page 524 (packet interception WCCP) tcp-service id, on page 525 (packet interception WCCP) udp-service id, on page 526 (packet interception WCCP) wccp-mode, on page 526
524
(packet interception WCCP) router-ip

ACC1(packet interception WCCP)#r ou t er - ip [x.x.x.x]

Sets the WCCP router IP address. Enter a valid IP address
ACC1(packet interception WCCP)#r ou t er - ip [x.x.x.x]

(config) packet-interception wccp, on page 522 (packet interception WCCP) authentication, on page 523 (packet interception WCCP) priority, on page 523 (packet interception WCCP) show, on page 524 (packet interception WCCP) tcp-service id, on page 525 (packet interception WCCP) udp-service id, on page 526 (packet interception WCCP) wccp-mode, on page 526
(packet interception WCCP) show

ACC1(packet interception WCCP)#s h ow

Displays the status of the WCCP service (activated/deactivated) and the services and routers lists. No additional parameters required
ACC1(packet interception WCCP)#s h ow

(config) packet-interception wccp, on page 522 (packet interception WCCP) authentication, on page 523 (packet interception WCCP) priority, on page 523 (packet interception WCCP) router-ip, on page 524 (packet interception WCCP) tcp-service id, on page 525 (packet interception WCCP) udp-service id, on page 526 (packet interception WCCP) wccp-mode, on page 526
525
ACC1(packet interception WCCP)#show The status is shown as in the figure below.
(packet interception WCCP) tcp-service id

ACC1(packet interception WCCP)#t cp - se r vi ce id

[51-99]
Sets the WCCP TCP service ID. Enter a valid ID from 51-99
ACC1(packet interception WCCP)#t cp - se r vi ce id 6 0

(config) packet-interception wccp, on page 522 (packet interception WCCP) authentication, on page 523 (packet interception WCCP) priority, on page 523 (packet interception WCCP) router-ip, on page 524 (packet interception WCCP) show, on page 524 (packet interception WCCP) udp-service id, on page 526 (packet interception WCCP) wccp-mode, on page 526
526
(packet interception WCCP) udp-service id

ACC1(packet interception WCCP)#u d p- s er vi c e id

[51-99]
Sets the WCCP UDP service ID. Enter a valid ID from51-99
ACC1(packet interception WCCP)#u d p- s er vi c e id 65

(config) packet-interception wccp, on page 522 (packet interception WCCP) authentication, on page 523 (packet interception WCCP) priority, on page 523 (packet interception WCCP) router-ip, on page 524 (packet interception WCCP) show, on page 524 (packet interception WCCP) tcp-service id, on page 525 (packet interception WCCP) wccp-mode, on page 526
(packet interception WCCP) wccp-mode

ACC1(packet interception WCCP)#w c cp -m o de [ en a bl e

| d is a bl e]
Activates/deactivates WCCP mode. Enable to enable, Disable to disable
ACC1(packet interception WCCP)#w c cp - mo de en ab l e

(config) packet-interception wccp, on page 522 (packet interception WCCP) authentication, on page 523 (packet interception WCCP) priority, on page 523 (packet interception WCCP) router-ip, on page 524 (packet interception WCCP) show, on page 524 (packet interception WCCP) tcp-service id, on page 525 (packet interception WCCP) udp-service id, on page 526
527
SNTP Server Commands

The following commands are available: (config) SNTP enable/disable, on page 527 (config) SNTP interval hours, on page 527 (config) SNTP server, on page 527
(config) SNTP enable/disable

ACC1(config)#SNTP en ab l e/ di s ab l e
Enables the SNTP server. Enable to enable, disable to disable
ACC1(config)#SNTP en ab l e
(config) SNTP interval hours, on page 527 (config) SNTP server, on page 527
(config) SNTP interval hours

ACC1(config)#SNTP in te r va l h ou rs [ 1-24] |
m i nu te s [ 1-1440]
Polls the SNTP server for time updates by intervals set by this command. Enter the time in hours from 1-1440
ACC1(config)#SNTP in te r va l h ou rs 24
(config) SNTP enable/disable, on page 527 (config) SNTP server, on page 527
(config) SNTP server

ACC1(config)#SNTP se rv e r [ x.x.x.x]
Enter IP address X.X.X.X as the address of the SNTP server. Enter a valid IP address
ACC1(config)#SNTP se rv e r 100.100.10.5
(config) SNTP enable/disable, on page 527 (config) SNTP interval hours, on page 527
528
DHCP Server Commands

The following commands are available: (config) dhcp, on page 528 (DHCP) enable, on page 528 (DHCP) reload, on page 529 (DHCP) show DHCP, on page 529 (DHCP) show lease, on page 529 (DHCP) test, on page 530 (DHCP) upload, on page 530
(config) dhcp
ACC1(config)#dh cp
Enters the DHCP node Enable to enable, disable to disable
ACC1(config)#dhcp
(DHCP) enable, on page 528 (DHCP) reload, on page 529 (DHCP) show DHCP, on page 529 (DHCP) show lease, on page 529 (DHCP) test, on page 530 (DHCP) upload, on page 530
(DHCP) enable
Command Description
ACC1(DHCP)#en a bl e/ d is ab l e
Enables or disables the DHCP Server. Enabling the Server requires having a DHCP configuration file. If this file does not exist, you are prompted to upload it. The DHCP configuration file should be in the user_area, otherwise you have to use the copy command to copy it. Alternatively, upload the DHCP configuration file via the WebUI, thereby copying it directly to the user_area. Enable to enable, disable to disable
AC C1 (D HC P) # enable
(config) dhcp, on page 528 (DHCP) reload, on page 529 (DHCP) show DHCP, on page 529 (DHCP) show lease, on page 529 (DHCP) test, on page 530 (DHCP) upload, on page 530
529
(DHCP) reload
ACC1(DHCP)#r el o ad [path] [filename]

Reloads the DHCP configuration file from the user_area, if you want to update this file with changes you have made in it. Enter a valid path and filename
ACC1(DHCP)#reload/user_area/dhcp/dhcpfile
(config) dhcp, on page 528 (DHCP) enable, on page 528 (DHCP) show DHCP, on page 529 (DHCP) show lease, on page 529 (DHCP) test, on page 530 (DHCP) upload, on page 530
(DHCP) show DHCP

ACC1(DHCP)#s ho w D H CP
Displays the DHCP status (enabled/disabled). no additional parameters necessary
ACC1(DHCP)#s ho w D H CP
(config) dhcp, on page 528 (DHCP) enable, on page 528 (DHCP) reload, on page 529 (DHCP) show lease, on page 529 (DHCP) test, on page 530 (DHCP) upload, on page 530
(DHCP) show lease

ACC1(DHCP)#s ho w l ea s e [hostname] [IP address]

Displays the end date of the DHCP lease server period. Enter a valid IP address
ACC1(DHCP)#s ho w l ea s e [hostname] [IP address]

(config) dhcp, on page 528 (DHCP) enable, on page 528 (DHCP) reload, on page 529 (DHCP) show DHCP, on page 529 (DHCP) test, on page 530 (DHCP) upload, on page 530
530
(DHCP) test
ACC1(DHCP)#t es t [path] [filename]

Tests the syntax of the DHCP configuration file. Enter a valid path and file name
ACC1(DHCP)#test/user_area/dhcp/dhcpfile
(config) dhcp, on page 528 (DHCP) enable, on page 528 (DHCP) reload, on page 529 (DHCP) show DHCP, on page 529 (DHCP) show lease, on page 529 (DHCP) upload, on page 530
(DHCP) upload
ACC1(DHCP)#u pl o ad [path] [filename]

Uploads the DHCP configuration file from the user_area. Enter a valid path and a file name.
ACC1(DHCP)#upload /user_area/dhcp/dhcpfile
(config) dhcp, on page 528 (DHCP) enable, on page 528 (DHCP) reload, on page 529 (DHCP) show DHCP, on page 529 (DHCP) show lease, on page 529 (DHCP) test, on page 530
531
DHCP Relay Commands

Follow these steps to configure an Accelerator for functioning as a DHCP relay agent: (local (local (local (local interface) interface) interface) interface) dhcrelay, on page 531 dhcrelay enable, on page 531 dhcrelay option, on page 532 ip helper address, on page 532
(local interface) dhcrelay

ACC1(local interface)#d hc re l ay
Enters the DHCP relay node No additional parameters needed
ACC1(local interface)#d hc re l ay
(local interface) dhcrelay enable, on page 531 (local interface) dhcrelay option, on page 532 (local interface) ip helper address, on page 532
(local interface) dhcrelay enable

ACC1(local interface)#d hc re l ay en ab l e
Enter IP helper address X.X.X.X as the address of the DHCP server Enable to enable, Disable to disable, Option to enable the dhcp relay option
ACC1(local interface)#d hc re l ay enable

(local interface) dhcrelay, on page 531 (local interface) dhcrelay option, on page 532 (local interface) ip helper address, on page 532
532
(local interface) dhcrelay option

A DHCP relay agent may receive a client DHCP packet forwarded from a BOOTP/ DHCP relay agent closer to the client and may or may not already have a DHCP relay agent option on it.
Command
ACC1(local interface)#d hc r el ay op t io n [a pp e nd |d i sc a rd |f o rw ar d |r e pl ac e |d ro p -n o ma tc h |m ax - le n gt h]
Enter IP helper address X.X.X.X as the address of the DHCP server Append - if the append flag is set, the relay agent appends an agent option field to each request before forwarding it to the server. Discard - discards all options sent by another DHCP relay. Forward - forwards all options from another DHCP relay. Replace - replaces the options sent by another DHCP relay with options set on the Accelerator. Drop-no-match - drops the options without counting the packets. Max-length - this is the maximum length allowed.
Description Parameters
ACC1(local interface)#i p h el pe r a d dr es s 1.1.1.1

(local interface) dhcrelay, on page 531 (local interface) dhcrelay enable, on page 531 (local interface) ip helper address, on page 532
(local interface) ip helper address

ACC1(local interface)#i p h el pe r a d dr es s [IP address]

Enter IP helper address X.X.X.X as the address of the DHCP server Enter a valid IP address
ACC1(local interface)#i p h el pe r a d dr es s 1.1.1.1

(local interface) dhcrelay, on page 531 (local interface) dhcrelay enable, on page 531 (local interface) dhcrelay option, on page 532
533
WEB Acceleration Commands

Some parameters common to both HTTP and FTP Acceleration are configurable as follows: (config) web-acceleration, on page 533 (web-acceleration) cache clear, on page 533 (web-acceleration) cancel, on page 534 (web-acceleration) exit, on page 534 (web-acceleration) http-acceleration, on page 534 (web-acceleration) show, on page 535 (web-acceleration) tcp-acceleration, on page 535
(config) web-acceleration
A C C1 (c o nf i g) #w e b- ac c el e ra ti o n
Enters Web-Acceleration configuration mode No additional parameters needed
A C C1 (c o nf i g) # web-acceleration
(web-acceleration) cache clear, on page 533 (web-acceleration) cancel, on page 534 (web-acceleration) exit, on page 534 (web-acceleration) http-acceleration, on page 534 (web-acceleration) show, on page 535 (web-acceleration) tcp-acceleration, on page 535
(web-acceleration) cache clear

A C C1 (w e b- ac c el e ra ti o n) #c a ch e c le a r
Clears the HTTP and FTP caches. No additional parameters required
A C C1 (w e b- ac c el e ra ti o n) # cache clear
(config) web-acceleration, on page 533 (web-acceleration) cancel, on page 534 (web-acceleration) exit, on page 534 (web-acceleration) http-acceleration, on page 534 (web-acceleration) show, on page 535 (web-acceleration) tcp-acceleration, on page 535
534
(web-acceleration) cancel
AC C 1( c on fi g )# we b -a c ce le r at io n
Exits without updating web acceleration parameters No additional parameters needed
AC C 1( c on fi g )# web-acceleration
(config) web-acceleration, on page 533 (web-acceleration) cache clear, on page 533 (web-acceleration) exit, on page 534 (web-acceleration) http-acceleration, on page 534 (web-acceleration) show, on page 535 (web-acceleration) tcp-acceleration, on page 535
(web-acceleration) exit
AC C1 ( we b- a cc e le ra t io n) # e x it
Exits the web acceleration node No additional parameters needed
AC C1 ( we b- a cc e le ra t io n) # exit
(config) web-acceleration, on page 533 (web-acceleration) cache clear, on page 533 (web-acceleration) cancel, on page 534 (web-acceleration) http-acceleration, on page 534 (web-acceleration) show, on page 535 (web-acceleration) tcp-acceleration, on page 535
(web-acceleration) http-acceleration
A CC 1 (w eb - ac ce l er a ti on ) #h tt p -a c ce le r at io n
Enters the HTTP acceleration node. No additional parameters are needed.
A CC 1 (w eb - ac ce l er a ti on ) # http-acceleration
(config) web-acceleration, on page 533 (web-acceleration) cache clear, on page 533 (web-acceleration) cancel, on page 534 (web-acceleration) exit, on page 534 (web-acceleration) show, on page 535 (web-acceleration) tcp-acceleration, on page 535 see HTTP Acceleration Commands, on page 536 for the HTTP Acceleration Commands
535
(web-acceleration) show
AC C1 ( we b- a cc e le ra t io n) # sh ow
Displays Web-Acceleration parameters. No additional parameters required
AC C1 ( we b- a cc e le ra t io n) # show
(config) web-acceleration, on page 533 (web-acceleration) cache clear, on page 533 (web-acceleration) cancel, on page 534 (web-acceleration) exit, on page 534 (web-acceleration) http-acceleration, on page 534 (web-acceleration) tcp-acceleration, on page 535
(web-acceleration) tcp-acceleration
AC C 1( w eb -a c ce le r at i on )# tc p- a cc e le ra t io n
Opens the TCP acceleration node No additional parameters needed
AC C 1( w eb -a c ce le r at i on )# tcp-acceleration
(config) web-acceleration, on page 533 (web-acceleration) cache clear, on page 533 (web-acceleration) cancel, on page 534 (web-acceleration) exit, on page 534 (web-acceleration) http-acceleration, on page 534 (web-acceleration) show, on page 535
536
HTTP Acceleration Commands

The following configurations are available: (web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
537
(web-acceleration) http-acceleration
AC C 1( w eb -a c ce le r at i on )# h tt p- a cc e le ra t io n
Enters the HTTP acceleration node. No additional parameters are needed.
AC C 1( w eb -a c ce le r at i on )# http-acceleration
(http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
538
(http-acceleration) cache-auth-requests
A CC 1 (h tt p -a cc e le r at io n )# ca h ce - au th - re qu e st s
Allows you to enable or disable cache authenticated requests. Enable to enable Disable to disable.
A CC 1 (h tt p -a cc e le r at io n )# cache-auth-requests
enable
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
539
(http-acceleration) cache clear

AC C1 ( ht tp - ac c el er a ti on ) # c a ch e c le ar
Clears the HTTP Acceleration cache. No additional parameters needed.
AC C1 ( ht tp - ac c el er a ti on ) #m a x ca c he d- o bj e ct si ze [n um b er in M B ]
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
540
(http-acceleration) cache-content
Command Description
A CC 1 (h tt p -a cc e le r at io n )# ca c he - co nt e nt [ en t er pr i se | in t er ne t | a l l]
Sets the type of content to be cached: Enterprise caches all traffic from links and virtual links. Internet caches all traffic on the non-link. All caches all link, virtual link and non-link traffic. Enterprise, Internet or All, as described above.
A CC 1 (h tt p -a cc e le r at io n )# ca c he - co nt e nt all
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
541
(http-acceleration) cache-range
AC C 1( ht t p- a cc el e ra ti o n) #ca ch e -r an g e [ en ab l e | d is ab l e]
Enables or disables (disabled by default) the cache range Enable to enable, Disable to disable
AC C 1( ht t p- a cc el e ra ti o n) #ca ch e -r an g e enable
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
542
(http-acceleration) cache-size
A C C1 (h t tp -a c ce l er at i on )# c ac h e- si z e [n u m b e r i n MB]
Sets the size of the cache (between 1 and 60 GB). Default is 16 GB. Enter a valid size (between 1-60 GB). Note that, Approximately 10 MB of RAM is needed for each 1 GB of data cached.
A C C1 (h t tp -a c ce l er at i on )# c ac h e- si z e 16
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
543
(http-acceleration) cancel
A CC 1 (h tt p -a c ce le r at io n )# c an ce l
Exits the node without updating the parameters. No additional parameters are necessary
A CC 1 (h tt p -a c ce le r at io n )# c an ce l
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
544
(http-acceleration) connect-timeout
A CC 1 (h t tp -a c ce le r at i on )# c on ne c t- t im eo u t [ nu m be r ]
Sets the amounts of time (in seconds, between 1 and 600) for a client to remain connected with no traffic being cached. Default is 600 seconds. Enter the time amount in seconds, as described above.
A CC 1 (h t tp -a c ce le r at i on )# connect-timeout 600
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
545
(http-acceleration) collect statistics

A CC 1( h tt p -a cc e le ra t io n )# co l le ct st a ti st i cs
Enables or disables statistics collection for http acceleration Enable to enable Disable to disable.
A CC 1( h tt p -a cc e le ra t io n )# co l le ct st a ti st i cs
enable
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
546
(http-acceleration) deny-content-encoding
A CC 1 (h t tp -a c ce le r at i on )# d en y- c on t en te nc o di n g
Enables or disables web page content from being encoded. Enable to enable Disable to disable.
A CC 1 (h t tp -a c ce le r at i on )# d en y- c on t en te nc o di n g enable
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
547
(http-acceleration) exit
A CC 1( h tt p -a cc e le ra t io n )# ex i t
Exits the current node and returns to the node that is the parent node. No additional parameters are necessary
A CC 1( h tt p -a cc e le ra t io n )# ex i t
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
548
(http-acceleration) fetch job

A CC 1 (h t tp -a c ce le r at i on )# f et ch jo b
Enters the Fetch node Fetch job number or name
A CC 1 (h t tp -a c ce le r at i on )# f et ch jo b 1
Fetch Job Commands, on page 568, for additional configuration parameters (web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
549
(http-acceleration) http-acceleration enable

A CC 1 (h tt p -a cc e le ra t io n )# ht t p- ac c el e ra ti o n [ en a bl e | d is a bl e]
Enables/disables HTTP Acceleration. By default HTTP Acceleration is disabled. Enable to enable, disable to disable.
A CC 1 (h tt p -a cc e le ra t io n )# http-acceleration
enable
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
550
(http-acceleration) ie-refresh
A CC 1 (h t tp -a c ce le r at i on )# i e- re f re s h [e n ab le | d is a bl e ]
Refreshes Internet Explorer. Enable to enable, disable to disable.
A CC 1 (h t tp -a c ce le r at i on )# ie-refresh enable
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
551
(http-acceleration) log-level
Command Description
A C C1 ( ht tp - ac ce l er a ti on ) #l og - le v el [ a le rt | e r ro r | i n fo | wa r ni ng ]
You can set the Accelerators log file to accumulate events that occur in HTTP Acceleration. To set the type of alerts to be accumulated, set the lowest level of alert to be logged. By default, logging is disabled. When enabled, the default level is Error. Enter the time ammount in seconds, as described above.
A C C1 ( ht tp - ac ce l er a ti on ) #l og - le v el error
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
552
(http-acceleration) max-client-connect-time
AC C 1( ht t p- ac c el e ra ti o n) #m a x- c li en t -c on n ec t ti m e
Sets in minutes the time limit the client will remain connected to the cache process. Enter the time ammount in minutes 1-5000.
AC C 1( ht t p- ac c el e ra ti o n) #m a x- c li en t -c on n ec t ti m e 300
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
553
(http-acceleration) max cached-object-size

Sets the maximum size for objects stored in the cache. Default is 4096 KB. Enter a valid size (between 1-60 GB). Note that, Approximately 10 MB of RAM is needed for each 1 GB of data cached.
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
554
(http-acceleration) min cached-object-size

AC C 1( ht t p- a cc el e ra ti o n) # mi n c ac he d -o b je ct si z e [n u mb e r in KB ]
Sets the maximum size for objects stored in the cache. Enter a valid size (between 0-5000 KB). Note that, Approximately 10 MB of RAM is needed for each 1 GB of data cached. This number should not be bigger than the Max value.
AC C 1( ht t p- a cc el e ra ti o n) # ma x c ac he d -o b je ct si z e 300
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
555
(http-acceleration) no
A C C1 ( ht tp - ac ce l er a ti on ) #n o
Negates a command within a rule. Enter a configured regular expression
A C C1 ( ht tp - ac ce l er a ti on ) # no rule direct avaya

(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
556
(http-acceleration) persistent-timeout
AC C 1( ht t p- ac c el er a ti o n) #p e rs is t en t -t im e ou t <1 - 10 00 0 >
Allows persistent connections to be timed out. Enter a value in seconds. 1-10000 seconds.
AC C 1( ht t p- ac c el er a ti o n) # persistent-timeout 1000
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
557
(http-acceleration) port
AC C 1( ht t p- a cc el e ra ti o n) # po rt [p or t n u mb er ]
Sets the default port on which HTTP traffic generally arrives. The default is 80. Enter a valid port number
AC C 1( ht t p- a cc el e ra ti o n) # port 80
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
558
(http-acceleration) port-transparency
Note: Preserving the port may have bad implications on outgoing traffic from the Web cache. On the other hand, you cannot activate the QoS mechanism according to the source port, if the source port is not preserved.
AC C 1( ht t p- ac c el er a ti o n) #p o rt -t r an s pa re n cy [e n ab le | di s ab le ]
This command configures whether the Client's original source port will be preserved. By default, port transparency is disabled. Enable to enable, disable to disable
AC C 1( ht t p- ac c el er a ti o n) #p o rt -t r an s pa re n cy
enable
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
559
(http-acceleration) proxy outgoing host
Note: After proxy was enabled, disabling DNS requires you to disable proxy first.
AC C1 ( ht t p- ac c el er a ti o n) # proxy outgoing host <proxy IP> <proxy listening port>

Configures the proxy server IP and listening port. You should configure this command only if DNS is configured. Enter a valid IP address and port If you want to un-configure this port enter the no command prior.
AC C1 ( ht t p- ac c el er a ti o n) # proxy outgoing host
<x.x.x.x> <xxx>
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
560
(http-acceleration) read-ahead
AC C 1( ht t p- a cc el e ra ti o n) #re ad - ah ea d
Enables or disables read-ahead Enable to enable Disable to disable.
AC C 1( ht t p- a cc el e ra ti o n) # read-ahead enable
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
561
(http-acceleration) read-ahead fetch-full-page

AC C1 ( ht t p- ac c el er a ti o n) # r e ad -a h ea d f et c hfu ll - pa g e
When read ahead is enabled, will fetch the entire page including graphics. Enable read ahead in order for this to work No additional parameters are required.
AC C1 ( ht t p- ac c el er a ti o n) # read-ahead fetch-full-
page
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
562
(http-acceleration) read-ahead operation-mode

AC C 1( ht t p- a cc el e ra ti o n) #re ad - ah ea d op e ra ti o n- m od e < no rm a l| l ow |a g gr es s iv e >

When read ahead is enabled, will set the level of fetch operation. Keep in mind that the higher the setting, the more memory will be consumed. Low, Medium, or High.
AC C 1( ht t p- a cc el e ra ti o n) #re ad - ah ea d operation-
mode low
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
563
(http-acceleration) reset-to-default
AC C1 ( ht t p- ac c el er a ti o n) # r e se t- t o- d ef au l t
Erases the HTTP Acceleration configuration, including statistics, and resets all values to the factory default settings. Y to confirm N to deny.
AC C1 ( ht t p- ac c el er a ti o n) # reset-to-default Th e c on f ig ur a ti on of HT TP ac ce l er a ti on wi ll be e r as e d an d r es e t t o fa c to ry va l ue s. Ar e yo u s ur e ? (Y / N) Y
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
Related Commands
564
(http-acceleration) rule
i i i
Note: You should configure this command only if proxy server is configured. You can
define multiple rules.
Note: The CLI does not allow regular expression using the following characters: # ,. A message error will be displayed as a result of any attempt to insert such a character. Note: Before configuring a rule direct regular expression, you must configure in the
clients browser the same settings configured in the Accelerator. A CC 1( h tt p -a cc e le ra t io n )# ru l e
Defining a regular expression that is valid on a URL. For example: rule direct avaya. When this rule is applied, all requests for the avaya URL will be forwarded directly to the avaya server, without passing through the proxy server. Enter a valid URL
Command Description
A CC 1( h tt p -a cc e le ra t io n )# rule direct avaya

(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
565
(http-acceleration) show
A C C1 ( ht tp - ac ce l er a ti on ) #s ho w
Displays the settings of the specified rule or parameter Enter the name of the rule or setting.
A C C1 ( ht tp - ac ce l er a ti on ) #s ho w direct avaya A C C1 ( ht tp - ac ce l er a ti on ) #s ho w read-ahead

(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) tcp-acceleration, on page 566 (http-acceleration) transparency, on page 567
566
(http-acceleration) tcp-acceleration
AC C 1( ht t p- ac c el er a ti o n) #t c p- ac c el e rt io n <e n ab le | di sa b le >
Enables or disables TCP Acceleration Enable to enable, Disable to disable.
AC C 1( ht t p- ac c el er a ti o n) #t c p- ac c el e ra ti o n enable.
TCP Acceleration Commands, on page 572, for additional TCP Acceleration configuration options (web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) transparency, on page 567
567
(http-acceleration) transparency
Command Description
AC C 1( h tt p- a cc el e ra t io n) # tr an s pa r en cy [a ut o | se m i | f ul l ]
This command configures the status of the interception proxy. You can configure the interception proxy as transparent, thereby preventing the detection of the proxy servers IP address by sniffing). The following statuses are possible: Semi - applying transparency only on the Client side. Full - applying transparency on both the Client and the server sides. Auto - setting the transparency status automatically according to deployment, namely: Semi in On-LAN deployment and Full in On-Path deployment. Semi, Full, or Auto as explained above.
AC C 1( h tt p- a cc el e ra t io n) # transparency full
(web-acceleration) http-acceleration, on page 537 (http-acceleration) cache-auth-requests, on page 538 (http-acceleration) cache clear, on page 539 (http-acceleration) cache-content, on page 540 (http-acceleration) cache-range, on page 541 (http-acceleration) cache-size, on page 542 (http-acceleration) cancel, on page 543 (http-acceleration) connect-timeout, on page 544 (http-acceleration) collect statistics, on page 545 (http-acceleration) deny-content-encoding, on page 546 (http-acceleration) exit, on page 547 (http-acceleration) fetch job, on page 548 (http-acceleration) http-acceleration enable, on page 549 (http-acceleration) ie-refresh, on page 550 (http-acceleration) log-level, on page 551 (http-acceleration) max-client-connect-time, on page 552 (http-acceleration) max cached-object-size, on page 553 (http-acceleration) min cached-object-size, on page 554 (http-acceleration) no, on page 555 (http-acceleration) persistent-timeout, on page 556 (http-acceleration) port, on page 557 (http-acceleration) port-transparency, on page 558 (http-acceleration) proxy outgoing host, on page 559 (http-acceleration) read-ahead, on page 560 (http-acceleration) read-ahead fetch-full-page, on page 561 (http-acceleration) read-ahead operation-mode, on page 562 (http-acceleration) reset-to-default, on page 563 (http-acceleration) rule, on page 564 (http-acceleration) show, on page 565 (http-acceleration) tcp-acceleration, on page 566
568
Fetch Job Commands

Fetch allows users to cache data from a pre-determined destination thereby giving the user faster loading time for web pages. This is extremely useful in cases where multiple users will be accessing a specific URL at the same time. The Pre-fetch option will cache the information from the URL and store it locally on the Accelerator. Note that the following parameters/licenses are required to be set in order for a Fetch Job to work: A license for Web Cache is required (see (config) show licensing, on page 446). HTTP Acceleration needs to be enabled. HTTP Acceleration is available on HD based Accelerators (physical and virtual) and on the 4GB compact flash version. See (http-acceleration) http-acceleration enable, on page 549 for information on how to enable HTTP Acceleration. DNS needs to be configured (see (Conf) dns-acceleration, on page 624) This section contains the following commands: (http-acceleration) fetch job, on page 569 (config-fetch-job) cancel, on page 569 (config-fetch-job) exit, on page 569 (config-fetch-job) no, on page 570 (config-fetch-job) schedule, on page 570 (config-fetch-job) show, on page 571 (config-fetch-job) url, on page 571
569
(http-acceleration) fetch job

A CC 1( h tt p -a cc e le ra t io n )# fe t ch j o b < nu mb e r| n am e>
Enters the Fetch node, per job name or number Fetch job number or name
A CC 1( h tt p -a cc e le ra t io n )# fe t ch j o b 1
(config-fetch-job) cancel, on page 569 (config-fetch-job) exit, on page 569 (config-fetch-job) no, on page 570 (config-fetch-job) schedule, on page 570 (config-fetch-job) show, on page 571 (config-fetch-job) url, on page 571
(config-fetch-job) cancel
A CC 1( c on f ig -f e tc h- j ob )#c an c el
Exits the current node without updating and returns to the parent node. No additional parameters required.
A CC 1( c on f ig -f e tc h- j ob )#c an c el
(http-acceleration) fetch job, on page 569 (config-fetch-job) exit, on page 569 (config-fetch-job) no, on page 570 (config-fetch-job) schedule, on page 570 (config-fetch-job) show, on page 571 (config-fetch-job) url, on page 571
(config-fetch-job) exit
A CC 1( c on f ig -f e tc h- j ob )#e xi t
Exits the current node and returns to the parent node. No additional parameters required.
A CC 1( c on f ig -f e tc h- j ob )#e xi t
(http-acceleration) fetch job, on page 569 (config-fetch-job) cancel, on page 569 (config-fetch-job) no, on page 570 (config-fetch-job) schedule, on page 570 (config-fetch-job) show, on page 571 (config-fetch-job) url, on page 571
570
(config-fetch-job) no
A CC 1 (c o nf ig - fe tc h -j o b) #n o < co m ma n d>
Removes commands Command that you want to remove
A CC 1 (c o nf ig - fe tc h -j o b) #n o url www.expand.com
To delete an entire fetch job, exit to the HTTP acceleration node and apply the command no fetch job <job number|job name> (http-acceleration) fetch job, on page 569 (config-fetch-job) cancel, on page 569 (config-fetch-job) exit, on page 569 (config-fetch-job) schedule, on page 570 (config-fetch-job) show, on page 571 (config-fetch-job) url, on page 571
(config-fetch-job) schedule
A CC 1 (c o nf ig - fe tc h -j o b) #s c he du l e < im m ed i at e| n on e| o nc e |r ec u rr in g >
Schedules the fetch job according to the parameters defined. Enter one of the following options nonethe job is created, but does not run immediateoccurs one time, immediately once atoccurs one time on a specific date at a specific hour once inoccurs one time at a specific hour in X amount of days recurring dailyoccurs every day at a specific hour recurring weeklyoccurs once very week on a specific day and a specific hour recurring monthly occurs once a month on a specific date and hour (not recommended to set this to 31, as not every month has 31 days).
Example with Syntax
A CC 1 (c o nf ig - fe tc h -j o b) #s c he du l e once at 11:45
This will run the job one time at 11:45
A CC 1 (c o nf ig - fe tc h -j o b) #s c he du l e recurring weekly monday 11:45

This will run the job every Monday at 11:45 Related Commands (http-acceleration) fetch job, on page 569 (config-fetch-job) cancel, on page 569 (config-fetch-job) exit, on page 569 (config-fetch-job) no, on page 570 (config-fetch-job) show, on page 571 (config-fetch-job) url, on page 571
571
(config-fetch-job) show
A CC 1( c on f ig -f e tc h- j ob )#s ho w
Shows the parameters for all fetch jobs No additional parameters required
A CC 1( c on f ig -f e tc h- j ob )#s ho w
(http-acceleration) fetch job, on page 569 (config-fetch-job) cancel, on page 569 (config-fetch-job) exit, on page 569 (config-fetch-job) no, on page 570 (config-fetch-job) schedule, on page 570 (config-fetch-job) url, on page 571
(config-fetch-job) url
A CC 1( c on f ig -f e tc h- j ob )#u rl
Defines the URL to use for the fetch job. Enter a valid complete URL. You may add multiple URLs. To delete a URL, use the no command.
A CC 1( c on f ig -f e tc h- j ob )#u rl www.expand.com
(http-acceleration) fetch job, on page 569 (config-fetch-job) cancel, on page 569 (config-fetch-job) exit, on page 569 (config-fetch-job) no, on page 570 (config-fetch-job) schedule, on page 570 (config-fetch-job) show, on page 571
572
TCP Acceleration Commands

This section contains the following commands: (conf) tcp-acceleration, on page 572 (tcp-acc) acknowledge packet rate, on page 573 (tcp-acc) congestion-control, on page 574 (tcp-acc) exclude, on page 575 (tcp-acc) show, on page 575 (tcp-acc) tcp-acceleration enable, on page 576 (tcp-acc) typical-acceleration rate, on page 576 (tcp-acc) typical round-trip, on page 577 (tcp-acc) window receive, on page 577 (tcp-acc) window send, on page 578
(conf) tcp-acceleration
A CC 1( c on f )# tc p -a cc e le r at io n
Opens the TCP acceleration node. No additional parameters needed.
A CC 1( w eb - ac ce l er at i on ) # tcp-acceleration
(tcp-acc) acknowledge packet rate, on page 573 (tcp-acc) congestion-control, on page 574 (tcp-acc) exclude, on page 575 (tcp-acc) show, on page 575 (tcp-acc) tcp-acceleration enable, on page 576 (tcp-acc) typical-acceleration rate, on page 576 (tcp-acc) typical round-trip, on page 577 (tcp-acc) window receive, on page 577 (tcp-acc) window send, on page 578
573
(tcp-acc) acknowledge packet rate

A CC 1( t cp - ac ce l er at i on )# a ck no w le dg e pa ck e t r at e < 2- 8>
Determines the number of packets transmitted before sending an ACK message. Choose the number of packets within the parameter requirements (between 2 and 8).
A CC 1( t cp - ac c) #ac kn o wl ed g e p ac ke t r at e 3
(conf) tcp-acceleration, on page 572 (tcp-acc) congestion-control, on page 574 (tcp-acc) exclude, on page 575 (tcp-acc) show, on page 575 (tcp-acc) tcp-acceleration enable, on page 576 (tcp-acc) typical-acceleration rate, on page 576 (tcp-acc) typical round-trip, on page 577 (tcp-acc) window receive, on page 577 (tcp-acc) window send, on page 578
574
(tcp-acc) congestion-control
AC C 1( tc p -a c c) # c on ge s ti o n- co n tr ol [n o ne |s t an d ar d| v eg as ]
Selects the type of congestion control to be used. Choose from one of the following: Noneno congestion avoidance is used Standardthe congestion avoidance conforms to the standard TCP/IP protocol (Reno) VegasTCP Vegas reduces latency and increases overall through-out, by carefully matching the sending rate to the rate at which packets are successfully being transmitted by the network. The Vegas algorithm maintains shorter queues, and is therefore suitable either for low-bandwidth-delay paths, such as DSL, where the sender is constantly over-running buffers, or for high-bandwidth-delay WAN paths, where recovering from losses is an extremely time-consuming process for the sender. The shorter queues should also enhance the performance of other flows that traverse the same bottlenecks.
AC C 1( tc p -a c c) # c on ge s ti o n control vegas
(conf) tcp-acceleration, on page 572 (tcp-acc) acknowledge packet rate, on page 573 (tcp-acc) exclude, on page 575 (tcp-acc) show, on page 575 (tcp-acc) tcp-acceleration enable, on page 576 (tcp-acc) typical-acceleration rate, on page 576 (tcp-acc) typical round-trip, on page 577 (tcp-acc) window receive, on page 577 (tcp-acc) window send, on page 578
575
(tcp-acc) exclude
A CC 1( t cp - ac c) ex cl u de [c li e nt |s e rv e r| wo r d| IP ]
Adds a server or client to the exclude list. Client - choose client to exclude the client Server - choose server to exclude the server Word - servers logical name IP - IP address of the server or subnet
A CC 1( t cp - ac c) # e xc l ud e 120.44.10.2
(conf) tcp-acceleration, on page 572 (tcp-acc) acknowledge packet rate, on page 573 (tcp-acc) congestion-control, on page 574 (tcp-acc) show, on page 575 (tcp-acc) tcp-acceleration enable, on page 576 (tcp-acc) typical-acceleration rate, on page 576 (tcp-acc) typical round-trip, on page 577 (tcp-acc) window receive, on page 577 (tcp-acc) window send, on page 578
(tcp-acc) show
A C C1 (t c p- ac c )# s ho w
Shows the TCP Acceleration data. No additional parameters required.
A C C1 (t c p- ac c )# show
(conf) tcp-acceleration, on page 572 (tcp-acc) acknowledge packet rate, on page 573 (tcp-acc) congestion-control, on page 574 (tcp-acc) exclude, on page 575 (tcp-acc) tcp-acceleration enable, on page 576 (tcp-acc) typical-acceleration rate, on page 576 (tcp-acc) typical round-trip, on page 577 (tcp-acc) window receive, on page 577 (tcp-acc) window send, on page 578
576
(tcp-acc) tcp-acceleration enable

AC C 1( tc p -a c c) #t c p- ac c el e ra ti o n [e n ab l e | di s ab le ]
Enables/disables TCP Acceleration. By default TCP Acceleration is disabled. Enable to enable, Disable to disable.
AC C 1( tc p -a c c) # tcp-acceleration disable
(conf) tcp-acceleration, on page 572 (tcp-acc) acknowledge packet rate, on page 573 (tcp-acc) congestion-control, on page 574 (tcp-acc) exclude, on page 575 (tcp-acc) show, on page 575 (tcp-acc) typical-acceleration rate, on page 576 (tcp-acc) typical round-trip, on page 577 (tcp-acc) window receive, on page 577 (tcp-acc) window send, on page 578
(tcp-acc) typical-acceleration rate

A CC 1( t cp -a c c) #ty pi c al -a c ce l er at i on r a te [ au to | <0 -5 0 00 0 >]

Configures the TCP acceleration rate in seconds. Enter an ammount within the range or select Auto and the Accelerator will chose the value for you.
A CC 1( t cp -a c c) # typical-acceleration-rate 20000
(conf) tcp-acceleration, on page 572 (tcp-acc) acknowledge packet rate, on page 573 (tcp-acc) congestion-control, on page 574 (tcp-acc) exclude, on page 575 (tcp-acc) tcp-acceleration enable, on page 576 (tcp-acc) typical round-trip, on page 577 (tcp-acc) show, on page 575 (tcp-acc) window receive, on page 577 (tcp-acc) window send, on page 578
577
(tcp-acc) typical round-trip

AC C1 ( tc p -a cc ) # t yp i ca l r ou n d- tr i p [ au to | <1 -6 0 00 0 >
Configures the RTT in milliseconds. Enter an ammount in milliseconds within the accepted range.
AC C1 ( tc p -a cc ) # typical round-trip auto

(conf) tcp-acceleration, on page 572 (tcp-acc) acknowledge packet rate, on page 573 (tcp-acc) congestion-control, on page 574 (tcp-acc) exclude, on page 575 (tcp-acc) show, on page 575 (tcp-acc) tcp-acceleration enable, on page 576 (tcp-acc) typical-acceleration rate, on page 576 (tcp-acc) window receive, on page 577 (tcp-acc) window send, on page 578
(tcp-acc) window receive

Command Description
AC C 1( tc p -a cc ) w i nd ow re ce i ve [ a ut o |m ax <4 00 0 50 0 00 00 0 >
Restricts the size of packets received to X ammount (if entered) before sending an ACK request. You can enter your own amount, Max to enter a maximum amount, or enter Auto and the value will dynamically change depending on network and bandwidth conditions. auto - the Accelerator will decide the ammount max - sets the maximum ammount 4000-50000000 the accepted range
Parameters
AC C 1( tc p -a cc e le r at io n )# window receive auto

(conf) tcp-acceleration, on page 572 (tcp-acc) acknowledge packet rate, on page 573 (tcp-acc) congestion-control, on page 574 (tcp-acc) exclude, on page 575 (tcp-acc) show, on page 575 (tcp-acc) tcp-acceleration enable, on page 576 (tcp-acc) typical-acceleration rate, on page 576 (tcp-acc) typical round-trip, on page 577 (tcp-acc) window send, on page 578
578
(tcp-acc) window send

Command Description
A CC 1 (t cp - ac c) wi n do w s en d [ au t o| ma x < 40 0 05 00 0 00 00 > |< 40 0 0- 5 00 00 0 00 >

Restricts the size of packets sent to X ammount (if entered) before sending an ACK request. You can enter your own amount, Max to enter a maximum amount, or enter Auto and the value will dynamically change depending on network and bandwidth conditions. auto - the Accelerator will decide the ammount max - sets the maximum ammount 4000-50000000 the accepted range
Parameters
A CC 1 (t cp - ac c) # window send max 20000

(conf) tcp-acceleration, on page 572 (tcp-acc) acknowledge packet rate, on page 573 (tcp-acc) congestion-control, on page 574 (tcp-acc) exclude, on page 575 (tcp-acc) show, on page 575 (tcp-acc) tcp-acceleration enable, on page 576 (tcp-acc) typical-acceleration rate, on page 576 (tcp-acc) typical round-trip, on page 577 (tcp-acc) window receive, on page 577
579
Keep Alive Commands

This section contains the following: (tcp-acceleration) keepalive, on page 579 (tcp-acceleration) keepalive direction, on page 579 (tcp-acc) keepalive interval, on page 580 (tcp-acc) keepalive probes, on page 580 (tcp-acc) keepalive time, on page 580
(tcp-acceleration) keepalive
A CC 1 (t c p- ac c ) ke e pa l iv e [ di sa b le | en ab l e]
Enables or disables Keep Alive messaging. Choose Enable to enable, Disable to disable.
A CC 1 (t c p- ac c )# k e ep a li ve enable
(tcp-acceleration) keepalive direction, on page 579 (tcp-acc) keepalive interval, on page 580 (tcp-acc) keepalive probes, on page 580 (tcp-acc) keepalive time, on page 580
(tcp-acceleration) keepalive direction

AC C1 ( tc p- a cc ) k ee p al iv e d i re ct i on [b ot h |l an | wa n ]
Configures the direction of the Keep alive messages. Choose either LAN only, WAN only, or both.
AC C1 ( tc p- a cc ) # keepalive direction both

(tcp-acceleration) keepalive, on page 579 (tcp-acc) keepalive interval, on page 580 (tcp-acc) keepalive probes, on page 580 (tcp-acc) keepalive time, on page 580
580
(tcp-acc) keepalive interval

A CC 1 (t cp - ac c) ke e pa li v e in t er v al < 1- 5 00 00 >
Configures the ammount of time to wait between sending keep alive messages. Choose a time in seconds (between 1 and 50000).
A CC 1 (t cp - ac c) # keepalive interval 300

(tcp-acceleration) keepalive, on page 579 (tcp-acceleration) keepalive direction, on page 579 (tcp-acc) keepalive probes, on page 580 (tcp-acc) keepalive time, on page 580
(tcp-acc) keepalive probes

A CC 1 (t cp - ac c ) ke e pa li v e p ro be s < 1- 1 00 00 >
Configures the ammount of keep alive probes to send before initiating a time out. Choose a time in seconds (between 1 and 10000).
A CC 1 (t cp - ac c )# keepalive probes 10
(tcp-acceleration) keepalive, on page 579 (tcp-acceleration) keepalive direction, on page 579 (tcp-acc) keepalive interval, on page 580 (tcp-acc) keepalive time, on page 580
(tcp-acc) keepalive time

A CC 1 (t c p- ac c ) ke e pa l iv e t im e < 1- 1 00 00 >
Configures the ammount of time to wait (in seconds) before sending the first keep alive probe. Choose a time in seconds (between 1 and 10000).
A CC 1 (t c p- ac c )# keepalive time 2000

(tcp-acceleration) keepalive, on page 579 (tcp-acceleration) keepalive direction, on page 579 (tcp-acc) keepalive interval, on page 580 (tcp-acc) keepalive probes, on page 580
581
FTP Acceleration Commands

This section includes the following commands: (web-acceleration) ftp-acceleration, on page 581 (ftp-acceleration) cache-size, on page 583 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) ftp-acceleration, on page 584 (ftp-acceleration) min cached-object-size, on page 585 (ftp-acceleration) localization, on page 584 (ftp-acceleration) transparency, on page 585 (ftp-acceleration) transparency exclude, on page 586 (ftp-acceleration) transparency excluded-servers, on page 586
(web-acceleration) ftp-acceleration
AC C1 ( we b -a cc e le ra t io n )# ft p -a cc e le r at io n
Enters the FTP acceleration node. No additional parameters are necessary.
AC C1 ( we b -a cc e le ra t io n )# ftp-acceleration
(ftp-acceleration) cache-size, on page 583 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) ftp-acceleration, on page 584 (ftp-acceleration) min cached-object-size, on page 585 (ftp-acceleration) localization, on page 584 (ftp-acceleration) transparency, on page 585 (ftp-acceleration) transparency exclude, on page 586 (ftp-acceleration) transparency excluded-servers, on page 586
582
(ftp-acceleration) cache-content
Command Description
A C C1 ( ft p- a cc el e ra t io n) #ca ch e -c o nt en t [ e nt e rp ri s e | i nt e rn et | al l ]
Sets the type of content to be cached: Enterprise caches all traffic from links and virtual links. Internet caches all traffic on the non-link. All caches all link, virtual link and non-link traffic. Enter a valid content type as described above.
A C C1 ( ft p- a cc el e ra t io n) #ca ch e -c o nt en t a ll
(web-acceleration) ftp-acceleration, on page 581 (ftp-acceleration) cache-size, on page 583 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) ftp-acceleration, on page 584 (ftp-acceleration) min cached-object-size, on page 585 (ftp-acceleration) localization, on page 584 (ftp-acceleration) transparency, on page 585 (ftp-acceleration) transparency exclude, on page 586 (ftp-acceleration) transparency excluded-servers, on page 586
(ftp-acceleration) cache-per-user
AC C1 ( ft p -a cc e le ra t io n) # cache-per-user [enable
| disable]
Enables/disables the allocation of cache memory per a specific user. Enable to enable, Disable to disable
AC C1 ( ft p -a cc e le ra t io n) # cache-per-user enable
(web-acceleration) ftp-acceleration, on page 581 (ftp-acceleration) cache-size, on page 583 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) ftp-acceleration, on page 584 (ftp-acceleration) min cached-object-size, on page 585 (ftp-acceleration) localization, on page 584 (ftp-acceleration) transparency, on page 585 (ftp-acceleration) transparency exclude, on page 586 (ftp-acceleration) transparency excluded-servers, on page 586
583
(ftp-acceleration) cache-size
A CC 1( f tp -a c ce l er at i on )# c ac h e- si z e [ n um b er i n M B]
Sets the size of the cache (between 1 and 60 GB). Default is 50 GB. Approximately 360 KB + 8 MB of RAM is needed for each 1 GB of data cached Enter a valid size as described above.
A CC 1( f tp -a c ce l er at i on )# cache-size 50
(web-acceleration) ftp-acceleration, on page 581 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) ftp-acceleration, on page 584 (ftp-acceleration) min cached-object-size, on page 585 (ftp-acceleration) localization, on page 584 (ftp-acceleration) transparency, on page 585 (ftp-acceleration) transparency exclude, on page 586 (ftp-acceleration) transparency excluded-servers, on page 586
(ftp-acceleration) connect-timeout
AC C 1( f tp -a c ce le r at i on )# c on ne c t- t im eo u t [n u mb e r]
Sets the amount of time (in seconds, between 1 and 600) for a client to remain connected with no traffic being cached. Default is 60 seconds. Enter a valid time as described above.
AC C 1( f tp -a c ce le r at i on )# c on ne c t- t im eo u t 60
(web-acceleration) ftp-acceleration, on page 581 (ftp-acceleration) cache-size, on page 583 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) ftp-acceleration, on page 584 (ftp-acceleration) min cached-object-size, on page 585 (ftp-acceleration) localization, on page 584 (ftp-acceleration) transparency, on page 585 (ftp-acceleration) transparency exclude, on page 586 (ftp-acceleration) transparency excluded-servers, on page 586
584
(ftp-acceleration) ftp-acceleration
A CC 1( f tp - ac ce l er at i on ) #f tp - ac ce l er a ti on [ en ab l e | d is a bl e]
Enables/disables FTP Acceleration. By default FTP Acceleration is disabled. Enable to enable, Disable to disable.
A CC 1( f tp - ac ce l er at i on ) #f tp - ac ce l er a ti on d is ab l e
(web-acceleration) ftp-acceleration, on page 581 (ftp-acceleration) cache-size, on page 583 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) min cached-object-size, on page 585 (ftp-acceleration) localization, on page 584 (ftp-acceleration) transparency, on page 585 (ftp-acceleration) transparency exclude, on page 586 (ftp-acceleration) transparency excluded-servers, on page 586
(ftp-acceleration) localization
AC C1 ( ft p -a cc e le ra t io n )# lo c al iz a ti o n [e n ab le | di s ab l e]
Lets you enable or disable the option to view files in languages that require Unicode characters, such as Chinese. Enable to enable, Disable to disable.
AC C1 ( ft p -a cc e le ra t io n ) #localization enable
(web-acceleration) ftp-acceleration, on page 581 (ftp-acceleration) cache-size, on page 583 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) ftp-acceleration, on page 584 (ftp-acceleration) min cached-object-size, on page 585 (ftp-acceleration) transparency, on page 585 (ftp-acceleration) transparency exclude, on page 586 (ftp-acceleration) transparency excluded-servers, on page 586
585
(ftp-acceleration) min cached-object-size

A C C1 ( ft p- a cc el e ra t io n) # mi n c ac h ed -o b je ct s i ze [n um b er i n K B ]
Lets you configure a minimal value for the objects stored in the cache. Enter a number in KB that is smaller than the Max value.
A C C1 ( ft p- a cc el e ra t io n) # mi n c ac h ed -o b je ct s i ze 60
(web-acceleration) ftp-acceleration, on page 581 (ftp-acceleration) cache-size, on page 583 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) ftp-acceleration, on page 584 (ftp-acceleration) localization, on page 584 (ftp-acceleration) transparency, on page 585 (ftp-acceleration) transparency exclude, on page 586 (ftp-acceleration) transparency excluded-servers, on page 586
(ftp-acceleration) transparency
Command Description
AC C 1( f tp -a c ce le r at i on )# t ra ns p ar e nc y [ au to | se m i | f ul l ]
This command configures the status of the interception proxy. You can configure the interception proxy as transparent, thereby preventing the detection of the proxy servers IP address by sniffing). The following statuses are possible: Semi - applying transparency only on the Client side. Full - applying transparency on both the Client and the server sides. Auto - setting the transparency status automatically according to deployment, namely: Semi in On-LAN deployment and Full in On-Path deployment. Semi, Full, or Auto as explained above.
AC C 1( f tp -a c ce le r at i on )# transparency full
(web-acceleration) ftp-acceleration, on page 581 (ftp-acceleration) cache-size, on page 583 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) ftp-acceleration, on page 584 (ftp-acceleration) min cached-object-size, on page 585 (ftp-acceleration) localization, on page 584 (ftp-acceleration) transparency exclude, on page 586 (ftp-acceleration) transparency excluded-servers, on page 586
586
(ftp-acceleration) transparency exclude

Command Description
AC C1 ( ft p- a cc e le ra t io n) # tr a ns pa r en cy ex c lu de [s ou r ce | de s ti na t io n | W O RD | ip ]
Excludes servers from caching, as defined by the following parameters: Source - source traffic direction Destination - destination traffic direction WORD - server name IP - server IP or subnet Enter a valid parameter as described above.
AC C1 ( ft p- a cc e le ra t io n) # tr a ns pa r en cy ex c lu de
source
(web-acceleration) ftp-acceleration, on page 581 (ftp-acceleration) cache-size, on page 583 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) ftp-acceleration, on page 584 (ftp-acceleration) min cached-object-size, on page 585 (ftp-acceleration) localization, on page 584 (ftp-acceleration) transparency, on page 585 (ftp-acceleration) transparency excluded-servers, on page 586
(ftp-acceleration) transparency excludedservers

Command Description
AC C1 ( ft p- a cc e le ra t io n) # tr a ns pa r en cy ex cl u de d- s er v er s [ cl ea r ]
Removes all servers from the list of excluded servers. This command does not affect traffic that traversed these servers when they were excluded, but only traffic that passes after the command entered into effect. No additional parameters are necessary
AC C1 ( ft p- a cc e le ra t io n) # tr a ns pa r en cy ex cl u de d- s er v er s clear
(web-acceleration) ftp-acceleration, on page 581 (ftp-acceleration) cache-size, on page 583 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) cache-per-user, on page 582 (ftp-acceleration) ftp-acceleration, on page 584 (ftp-acceleration) min cached-object-size, on page 585 (ftp-acceleration) localization, on page 584 (ftp-acceleration) transparency, on page 585 (ftp-acceleration) transparency exclude, on page 586
587
Studying a Subnet Configuration Network
The sample Subnet Configuration is as follows:

A CC 1 # co n fi gu r e t er mi n al A CC 1 (c on f ig )# ro u te r o sp f A CC 1 (c on f ig -o s pf ) #a re a 2 0. 0 .0 . 6 A CC 1 (c on f ig -o s pf ) # au t he nt i ca t io n- m od e e na b le A CC 1 (c on f ig -o s pf ) # au t he nt i ca t io n- k ey a c ce l er at o r A CC 1 (c on f ig -o s pf ) # ne i gh bo r 3 0 .0 .0 . 0/ 8 A CC 1 # co n fi gu r e t er mi n al A CC 1 (c on f ig )# ro u te r r ip A CC 1 (c on f ig -r i p) # a ut h en ti c at i on -m o de m d 5 A CC 1 (c on f ig -r i p) # a ut h en ti c at i on -k e y ac c el e ra to r A CC 1 (c on f ig -r i p) # n ei g hb or 30 . 0. 0. 0 /8 A CC 1 # co n fi gu r e t er mi n al A CC 1 (c on f ig )# su b ne ts A CC 1 (S UB N ET S) # ne t wo rk 30 .0 . 0. 0 2 55 . 25 5. 0 .0 A CC 1 (S UB N ET S) # no t -a dv e rt is e 3 0 .0 .0 . 0 25 5 .2 5 5. 0. 0 A CC 1 (S UB N ET S) # ex i t
588
Ethernet Statistics Display Commands

The following commands are available: (config) monitored-application, on page 588 (config) show application, on page 589 (config) show discovered, on page 589 (config) show interface link, on page 590 (config) show traffic-discovery, on page 590 (statistic) discover, on page 591 (config) [application name] statistics-history, on page 591 (config) clear counters link, on page 592
(config) monitored-application
ACC1(config)# m o ni t or ed - ap pl i ca t io n [ application name] no r ma l [ link number | Total]

Sets a specified application to be monitored over a certain link or over all links. Enter the application name and link number
ACC1(config)# m o ni t or ed - ap pl i ca t io n [ application name] no r ma l [ link number | Total]

(config) show application, on page 589 (config) show discovered, on page 589 (config) show interface link, on page 590 (config) show traffic-discovery, on page 590 (statistic) discover, on page 591 (config) [application name] statistics-history, on page 591 (config) clear counters link, on page 592
589
(config) show application

ACC1(config)# sh o w ap p li ca t io n
Displays statistics for all applications. No additional parameters required.
ACC1(config)# sh o w ap p li ca t io n
(config) monitored-application, on page 588 (config) show discovered, on page 589 (config) show interface link, on page 590 (config) show traffic-discovery, on page 590 (statistic) discover, on page 591 (config) [application name] statistics-history, on page 591 (config) clear counters link, on page 592
(config) show discovered

ACC1(config)# sh o w di s co v er ed ht tp |
c it ri x |m s -t er m in al - se r ve r
Displays list of discovered HTTP or Citrix traffic traversing the network. Http: for HTTP traffic Citrix for Citrix MS-Terminal-Server for RDP
ACC1(config)# sh o w di s co v er ed http
(config) monitored-application, on page 588 (config) show application, on page 589 (config) show interface link, on page 590 (config) show traffic-discovery, on page 590 (statistic) discover, on page 591 (config) [application name] statistics-history, on page 591 (config) clear counters link, on page 592
590
(config) show interface link

A CC 1 # ( co nf i g) s h ow in te r fa ce li n k
Displays Throughput and Performance statistics for all links since up time, since last cleared and for the last 5 seconds. No additional parameters are necessary
ACC1# ( co n fi g) sh o w in t er fa c e l in k
(config) monitored-application, on page 588 (config) show application, on page 589 (config) show discovered, on page 589 (config) show traffic-discovery, on page 590 (statistic) discover, on page 591 (config) [application name] statistics-history, on page 591 (config) clear counters link, on page 592
(config) show traffic-discovery

ACC1(config)# s h ow tr af f ic -d i sc o ve ry [a ll |
application name]
Displays all applications traversing the network. Enter all for all applications or a specific application name.
ACC1(config)# s h ow tr af f ic -d i sc o ve ry all
(config) monitored-application, on page 588 (config) show application, on page 589 (config) show discovered, on page 589 (config) show interface link, on page 590 (statistic) discover, on page 591 (config) [application name] statistics-history, on page 591 (config) clear counters link, on page 592
591
(statistic) discover
ACC1(statistic)# d is co v er [ h tt p | c i tr ix ]
[ en a bl e | d i sa bl e ]
Enables traffic discovery of HTTP or Citrix traffic traversing the network. Enter the name of the link.
A CC 1( st at is tic )# discover http enable

(config) monitored-application, on page 588 (config) show application, on page 589 (config) show discovered, on page 589 (config) show interface link, on page 590 (config) show traffic-discovery, on page 590 (config) [application name] statistics-history, on page 591 (config) clear counters link, on page 592
(config) [application name] statistics-history

ACC1(c on f ig )# [ ap pl i ca t io n n am e] s ta t is ti c sh is t or y [ en a bl e/ d is ab l e]
Enables gathering statistics for a particular application. Application Name: choose an application from the list Enable to enable, Disable to disable
ACC1(config)#application src st a ti st i cs h is t or y enable

(config) monitored-application, on page 588 (config) show application, on page 589 (config) show discovered, on page 589 (config) show interface link, on page 590 (config) show traffic-discovery, on page 590 (config) clear counters link, on page 592
592
(config) clear counters link

ACC1# (config) c le ar co u nt er s l in k [ a ll |l i nk
I D| n on - li nk ]
Clears link counters for a specific link as identified by its link ID, all of the links, or the non-link. All - clears counters for all links Link ID - clears counters for a specific link as identified by its link ID non-link - clears counters for the non-link
ACC1# c le a r co u nt er s l i nk all
(config) monitored-application, on page 588 (config) show application, on page 589 (config) show discovered, on page 589 (config) show interface link, on page 590 (config) show traffic-discovery, on page 590 (config) [application name] statistics-history, on page 591
593
NetFlow Commands
netflow
Command
ACC1# ne tf l ow ACC1(netflow)# i p f l ow -e x po rt [x . x. x. x ] po r t
[1 to 6 5 53 5] ve r si on [5 ]i n te rf a ce et he r ne t [0 , 0 /0 , 0 /1 ] t e mp la t e [f u ll , l on g , sh o rt ]
Description
Sets the Accelerator to forward all statistic information to the NetFlow server for monitoring and analysis. Enter the IP address and port number of the NetFlow collector, as well as the NetFlow version number. In addition, enter the interface ethernet to be monitored (the LAN interface Ethernet). For more information on NetFlow statistics collected, see NetFlow Monitored Statistics, on page 323, on page 357 Enable to enable, Disable to disable
Parameters Example with Syntax
ACC1# ne tf l ow ACC1(netflow)# i p f l ow -e x po rt 100.100.10.5 po r t 80 v er s io n [ 5] in t er f ac e e th er n et 0 te m pl at e full

Setting the Max Queue Length, on page 593
Related Commands
Setting the Max Queue Length

To set the Max Queue length:
1. In the Accelerators CLI, in interface link configuration mode, type priority max-qlen discard [number] low [number] medium [number] high [number] realtime [number] pass-through [number] 2. Follow each parameter by the size of the queue desired. 3. The default greedy-threshold size is 1. ACC1(LINK)#priority max-qlen discard 1000 low 1000 medium 1000 high 1000 real-time 1000 pass-through 1000.
594
QoS Commands
The following lists the commands necessary to perform QoS configuration as described above via the CLI. The following configurations are available: (config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
595
(config) application name

Command
ACC1(config)#a pp l ic a ti on name
t c p [p o rt nu mb e r] u d p [p o rt nu mb e r/ ra n ge ] o v er -i p [ p or t/ r an ge ]
Description Parameters Example with Syntax
Defines a new application and application criteria. Enter a valid TCP port number, a valid UDP port number and range and a valid over-IP port number and range.
ACC1(config)#a pp l ic a ti on name t c p 80 u d p 60 o v er -i p 55
(config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
Related Commands
596
(config) application l-7 name http

Command
ACC1(config)#a pp li c at i on l - 7 name h t tp h os t -n am e [x.x.x.x or name] u rl - na me [name] m im e -t yp e [name] u se r -n am e [name]

Define a new web application and criteria on the basis of the specified parameters. Enable to enable, Disable to disable
ACC1(config)#a pp li c at i on l - 7 name h t tp h os t -n am e [x.x.x.x or name] u rl - na me [name] m im e -t yp e [name] u se r -n am e [name]

(config) application name, on page 595 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
Related Commands
597
(config) decision
ACC1(config)#d ec i si on
Enters the Decision node No additional Parameters
ACC1(config)#d ec i si on
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
598
(config) policy-rule global

ACC1(config)#p o li cy - ru l e gl o ba l o ut b ou nd /
in bo u nd
Defines a new rule for globally handling an application. Inbound for inbound, outbound for outbound
ACC1(config)#p o li cy - ru l e gl o ba l inbound
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
599
(config) policy-rule link number

ACC1(config)#po li c y- r ul e l in k number ou tb o un d /
in b ou n d
Defines a new rule for a specific link. Inbound for inbound, outbound for outbound
ACC1(config)#po li c y- r ul e l in k number outbound

(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
600
(config) show application

ACC1(config)#sh o w a pp li c at io n
Displays all detected applications. No additional parameters needed.
ACC1(config)#sh o w a pp li c at io n
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
601
(config) wan
ACC1(config)#w a n [name] /[default]

Enters the WAN node WAN name.
ACC1(config)#w a n
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
602
(decision) match application

ACC1(decision)#m a tc h a pp li c at i on [name]
Creates an application matcher A valid application name
ACC1(decision)#m a tc h a pp li c at i on [name]
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
603
(decision) set accelerate

ACC1(decision)#s et ac ce l er at e d i sa bl e /en ab l e
Sets a specific application to accelerate or do not accelerate. Enable to enable, Disable to disable
ACC1(decision)#m at c h ap p li ca t io n [name]
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
604
(decision) set tunnel

ACC1(decision)#se t t u nn el di sa b le /en a bl e
Sets a specific application to tunnel or do not tunnel. Enable to enable, Disable to disable
ACC1(decision)#se t t u nn el enable
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
605
(rule) match
Command
ACC1(rule)#ma t ch a pp li c at io n [ name o r l - 7 name]

i p [a n y, s o ur c e, d e st in a ti o n] x . x. x. x t o s b it s
Defines the filter for what type of traffic is handled by this rule per IP, tos bits and/or application name. Enter the application name and a valid IP address
ACC1(rule)#ma t ch a pp li c at io n [ name o r l - 7 name]

i p [a n y, s o ur c e, d e st in a ti o n] x . x. x. x t o s b it s
Related Commands
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
606
(rule) set policy order

ACC1(rule)#s e t po l ic y o rd e r
[ 1 00 to 6 5 53 4]
Defines the importance of the rule. Enter a valid policy order
ACC1(rule)#s e t po l ic y o rd e r 1000
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
607
(rule) set policy pass-through

A C C1 (r u le )# s et po li c y pa s s- t hr ou g h
Sets the traffic type to override the entire QoS mechanism and pass through critical/ Diagnostic traffic Enter a valid policy priority.
ACC1(rule)#s et po li c y p as s- t hr ou g h
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
608
(rule) set policy priority

Command
ACC1(rule)#s e t po l ic y p ri o ri ty
h i gh low m e di u m r e al - ti me
Defines the Priority for the application. Enter a valid policy priority.
ACC1(rule)#s e t po l ic y p ri o ri ty
h i gh low m e di u m r e al - ti me
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
Related Commands
609
(rule) set policy rate burst enable

A C C1 (r u le )# s et p oli cy r at e bu rs t en ab le
Sets the traffic defined for this rule to be allowed to send bursts No additional parameters required
A C C1 (r u le )# s et p oli cy r at e bu rs t en ab le
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
610
(rule) set policy rate desired number

ACC1(rule)#s et p ol i cy ra t e d es i re d number ( 1 t o
1 0 00 00 0 )
Sets a minimum bandwidth for the application. Enter a valid policy rate
ACC1(rule)#s et p ol i cy ra t e d es i re d number 10000

(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
611
(rule) set policy rate limit number

ACC1(rule)#se t p ol i cy r a te li mi t number (1 to
10 0 00 0 0)
Sets a maximum bandwidth for the application. Enter a valid policy rate larger than the minimum
ACC1(rule)#se t p ol i cy r a te li mi t number 100000

(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (WAN) strict-priority, on page 612 (WAN) burst, on page 613
612
(WAN) strict-priority
AC C 1( WA N )# st r ic t -p ri o ri ty [e n ab le | di sa b le ] [i n bo un d |o ut b ou n d| bo t h]
Sets strict-priority for inbound and/or outbound traffic. Inbound for inbound Outbound for outbound Both for both
AC C 1( WA N )# st r ic t -p ri o ri ty enable both
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) burst, on page 613
613
(WAN) burst
ACC1(WAN)#b u rs t [ nu mb e r]
Enables bursts on the WAN up to the set bandwidth (1 to 1000000). Enter the bandwidth
ACC1(WAN)#b u rs t [ nu mb e r]
(config) application name, on page 595 (config) application l-7 name http, on page 596 (config) decision, on page 597 (config) policy-rule global, on page 598 (config) policy-rule link number, on page 599 (config) show application, on page 600 (config) wan, on page 601 (decision) match application, on page 602 (decision) set accelerate, on page 603 (decision) set tunnel, on page 604 (rule) match, on page 605 (rule) set policy pass-through, on page 607 (rule) set policy priority, on page 608 (rule) set policy rate burst enable, on page 609 (rule) set policy rate desired number, on page 610 (rule) set policy rate limit number, on page 611 (WAN) strict-priority, on page 612
614
RAID Commands
For general information on RAID, see About RAID, on page 308. The 6950 has 2 RAID arrays with up to two disks. The 79xx has 1 RAID array and up to 8 disks. Your specific Accelerator, may be configured differently. The following commands are available: (config) raid, on page 614 (RAID) add-disk, on page 614 (RAID) exit, on page 615 (RAID) remove-disk, on page 615 (RAID) show, on page 616
(config) raid
Acc(config)# r ai d
Enters the RAID node No additional parameters are necessary
Acc(config)# r ai d
(RAID) add-disk, on page 614 (RAID) exit, on page 615 (RAID) remove-disk, on page 615 (RAID) show, on page 616
(RAID) add-disk
A cc 2 3- 79 4 0( RA I D) a dd -d i sk [ d is k -n am e ]
Adds a disk to the RAID array. Enter the disk name, HDD01 for example
A cc 2 3- 79 4 0( RA I D) add-disk HDD01
(config) raid, on page 614 (RAID) exit, on page 615 (RAID) remove-disk, on page 615 (RAID) show, on page 616
615
(RAID) exit
Ac c( R AI D) ex i t
Exits the RAID menu and returns to the Configuration Menu. No additional parameters needed
Ac c( R AI D) exit
(config) raid, on page 614 (RAID) add-disk, on page 614 (RAID) remove-disk, on page 615 (RAID) show, on page 616
(RAID) remove-disk
A cc (R A ID ) r em o ve -d i sk [d is k -n am e ]
Removes a disk from the RAID array. Enter the disk name, HDD01 for example
A cc (R A ID ) remove-disk HDD01
(config) raid, on page 614 (RAID) add-disk, on page 614 (RAID) exit, on page 615 (RAID) show, on page 616
616
(RAID) show
This command allows you to view the RAID array list and the disk list that are included in the RAID array. This list is dependent on the model of Accelerator that you have deployed.
Note: Should the status of the RAID disk be displayed as dirty, no errors it is not
indicative of a problem.
A cc 23 - 79 40 ( RA I D) sh o w
Shows the RAID Arrays list and the Disk List (list will be different for each Accelerator) No additional parameters are necessary
A cc 23 - 79 40 ( RA I D) show raid arr0

(config) raid, on page 614 (RAID) add-disk, on page 614 (RAID) exit, on page 615 (RAID) remove-disk, on page 615
A similar screen is shown:

A c c2 3- 7 94 0( R AI D ) show raid arr0 T h is o p er at i on ma y t ak e a f e w se c on ds . P l ea se be p a ti e nt .. A r ra y T yp e. . .. . .. .. . .. .. . .. . .. .. . .R AI D 1 A r ra y S ta te . .. . .. .. . .. .. . .. . .. .. . .d ir t y, no -e r ro rs A r ra y S iz e. . .. . .. .. . .. .. . .. . .. .. . .4 88 2 79 4 88 A r ra y N um be r O f D ev i ce s. . .. . .. .. . .1 A r ra y A ct iv e D e vi ce s .. .. . .. . .. .. . .1 A r ra y F ai le d D e vi ce s .. .. . .. . .. .. . .0 A r ra y S pa re De v ic es . .. .. . .. . .. .. . .0 A r ra y D ev ic e L i st : A r ra y D ev ic e 0 . .. .. . .. .. . .. . .. .H D D0 0 A r ra y D ev ic e 1 . .. .. . .. .. . .. . .. .H D D0 1
617
Aggregation Class Commands

The following commands are covered: (config) aggregation post class, on page 618 (config) interface link, on page 619 (decision) set aggregation-class, on page 619 (LINK) aggregation post, on page 620 (LINK) aggregation post class, on page 620 (LINK) aggregation post limit, on page 621 (LINK) aggregation post threshold, on page 622 (LINK) aggregation post window, on page 623
618
(config) aggregation post class

Command
ACC1(config)#a gg r eg at i on po st cl a ss [d ef a ul t | c u st om - 1 | c us t om 2 | c it ri x ] gl o ba l [ en a bl e | di sa b le ]
Sets the Citrix aggregation classes globally. Citrix Aggregation on a link has 4 predefined classes that let you configure and apply different Citrix Aggregation settings to different types of traffic: default custom-1 custom-2 citrix Different applications may require different Citrix Aggregation class configuration (for example: different window size and aggregated packet size). Several well-known applications are defined as belonging to 'default' or 'citrix' aggregation class (for example: Citrix and Telnet applications predefined to belong to the 'citrix' class, which is preconfigured to properly handle these applications). You can disable, enable or configure each class. You can set each application that exists in the Accelerator to belong to one of the Citrix Aggregation classes. By default, Citrix is enabled but default, custom-1 and custom-2 are disabled. The Citrix Aggregation class parameter configuration is available only per-link. The Global command is for ease of use. This command is not saved in the configuration file, but goes over each link and changes its configuration to enable/disable. To view Citrix Aggregation statistics, use the show interface link command from the config prompt.
Example with Syntax
ACC1(config)#a gg r eg at i on po st cl a ss [d ef a ul t |
c u st om - 1 | c us t om 2 | c it ri x ] gl o ba l [ en a bl e | di sa b le ]
(config) interface link, on page 619 (decision) set aggregation-class, on page 619 (LINK) aggregation post, on page 620 (LINK) aggregation post class, on page 620 (LINK) aggregation post limit, on page 621 (LINK) aggregation post threshold, on page 622 (LINK) aggregation post window, on page 623
Related Commands
619

ACC1(config)#in t er f ac e l in k [ number]
Opens the node for the configuration of a specific link Enter the link number
ACC1(config)#in t er f ac e l in k [ number]
(config) aggregation post class, on page 618 (decision) set aggregation-class, on page 619 (LINK) aggregation post, on page 620 (LINK) aggregation post class, on page 620 (LINK) aggregation post limit, on page 621 (LINK) aggregation post threshold, on page 622 (LINK) aggregation post window, on page 623
(decision) set aggregation-class

Command Description
ACC1(decision)#s et a g gr eg a ti o n- cl a ss [ c it r ix | d e fa ul t | cu st o m- 1 | c u st om - 2]
Sets the post-acceleration class of an application. An application is coupled with a Citrix Aggregation class through a decision. To see which application belongs to which class, type the show decision command. Enter the application name and the correct aggregation class.
ACC1(decision)#m at ch a p pl ic a ti o n myapplication ACC1(decision)#s et a g gr eg a ti o n- cl a ss citrix

(config) aggregation post class, on page 618 (config) interface link, on page 619 (LINK) aggregation post, on page 620 (LINK) aggregation post class, on page 620 (LINK) aggregation post limit, on page 621 (LINK) aggregation post threshold, on page 622 (LINK) aggregation post window, on page 623
620
(LINK) aggregation post

ACC1(LINK)#a gg re g at io n p o st [e na b le | d is ab l e]
Sets the Citrix aggregation classes per link. Enter the bandwidth
ACC1(LINK)#a gg re g at io n p o st enable
(config) aggregation post class, on page 618 (config) interface link, on page 619 (decision) set aggregation-class, on page 619 (LINK) aggregation post class, on page 620 (LINK) aggregation post limit, on page 621 (LINK) aggregation post threshold, on page 622 (LINK) aggregation post window, on page 623
(LINK) aggregation post class

Command
ACC1(LINK)#a gg r eg at i on p o st cl as s [ de f au l t |
c us t om - 1 | c us to m 2 | ci t ri x] [d i sa bl e | e na b le | li m it | t hr e sh ol d | wi n do w ]
Description
Defines a class of post aggregation settings. You can define settings per link per class or for the entire link. For limit, threshold and window details see below. The Citrix Aggregation class parameter configuration is available only per-link (see (LINK) aggregation post, on page 620). This command is for ease of use. It is not saved in the configuration file, but goes over each link and changes its configuration to enable/disable Enter the bandwidth
ACC1(LINK)#a gg r eg at i on p o st cl as s [ de f au l t |
c us t om - 1 | c us to m 2 | ci t ri x] [d i sa bl e | e na b le | li m it | t hr e sh ol d | wi n do w ]
(config) aggregation post class, on page 618 (config) interface link, on page 619 (decision) set aggregation-class, on page 619 (LINK) aggregation post, on page 620 (LINK) aggregation post limit, on page 621 (LINK) aggregation post threshold, on page 622 (LINK) aggregation post window, on page 623
Related Commands
621
(LINK) aggregation post limit

Command Description
ACC1(LINK)#a gg r eg at i on p o st li mi t [ 40 - 3 00 0]
Sets the upper limit for packets to be aggregated. Number in bytes. The limit, set in bytes, is the upper ceiling of packet size for packets to be eligible for Citrix aggregation: packets that are larger than LIMIT are not aggregated (they are supposed to be big enough to be sent one at a time). Enter the bandwidth. You can configure LIMIT in range 40-3000 bytes. The default value is 256
ACC1(LINK)#a gg r eg at i on p o st li mi t 256
(config) aggregation post class, on page 618 (config) interface link, on page 619 (decision) set aggregation-class, on page 619 (LINK) aggregation post, on page 620 (LINK) aggregation post class, on page 620 (LINK) aggregation post threshold, on page 622 (LINK) aggregation post window, on page 623
622
(LINK) aggregation post threshold

Command Description
ACC1(LINK)#a gg r eg at i on po st th re s ho l d [4 0 3 0 00 | au to ]
Sets the post aggregation threshold, number in bytes 40 to 3000 or automatic. The threshold, set in bytes, is the maximum size of aggregated packets. That is, when an aggregate packet reaches this size, it can be sent. You can configure THRESHOLD in range 40-MTU. If fragmentation is configured in the link, the threshold auto value will not be larger than the fragmentation size. Enter the correct threshold. The default value is auto, which means that the threshold will be calculated dynamically according to available bandwidth as follows: 512 bytes - for bandwidth that is less than or equal to 512 Kbps 1024 bytes - for bandwidth that is greater than 512 Kbps and less then 1Mbps MTU (usually 1500 bytes but no more than 3000) - for bandwidth that is more than 1Mbps
Parameters
ACC1(LINK)#a gg r eg at i on po st th re s ho l d 512
(config) aggregation post class, on page 618 (config) interface link, on page 619 (decision) set aggregation-class, on page 619 (LINK) aggregation post, on page 620 (LINK) aggregation post class, on page 620 (LINK) aggregation post limit, on page 621 (LINK) aggregation post window, on page 623
623
(LINK) aggregation post window

Command Description
ACC1(LINK)#ag gr e ga t io n p o st wi n do w [ 1 - 1 00 |
au t o]
Sets the post-acceleration window, number in bytes 1 to 100 or automatic. The window command is set in units of 10 ms. This is the maximum amount of time a packet can be delayed in Citrix Aggregation queues. This means that when WINDOW * 10 ms elapses, an aggregate packet is sent (even if its total size has not yet reached LIMIT value). This is done to avoid long packet delays. WINDOW can be configured in a range of 1-100 units. The default value is auto, which means that the WINDOW value is calculated dynamically given the bandwidth and the threshold value. An estimated value of the auto value is bandwidth/Threshold. This enables the aggreagator to wait enough time to get an aggregated packet with the largest size close to the THRESHOLD value. Enter the correct threshold
ACC1(LINK)#ag gr e ga t io n p os t t hr es h ol d 90
(config) aggregation post class, on page 618 (config) interface link, on page 619 (decision) set aggregation-class, on page 619 (LINK) aggregation post, on page 620 (LINK) aggregation post class, on page 620 (LINK) aggregation post limit, on page 621 (LINK) aggregation post threshold, on page 622
624
DNS Acceleration Commands

This section has the following commands: (Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) cache size, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) use-accelerator-dns, on page 631
(Conf) dns-acceleration
A CC 1 (c on f )# Dn s -a c ce le r at io n
Enables/disables DNS Acceleration. By default DNS Acceleration is disabled. Enable to enable, Disable to disable
A CC 1 (c on f )# Dn s -a c ce le r at io n
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) cache size, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) use-accelerator-dns, on page 631
625
(DNS-ACC) cache clear

AC C 1( DN S -A CC ) #c a ch e c le ar
Lets you clear the cache contents. No additional parameters required.
AC C 1( DN S -A CC ) # cache clear
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache size, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) use-accelerator-dns, on page 631
(DNS-ACC) cache size

A CC 1( D NS -A C C) # ca ch e s iz e [ 1 00 -3 0 00 0 | a u to ]
Lets you select whether to accept the system-defined value of the cache size or to set your own value (between 100 and 30000). Enter the application name and the correct aggregation class.
A CC 1( D NS -A C C) # ca ch e s iz e 2400
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) use-accelerator-dns, on page 631
626
(DNS-ACC) dns-acceleration
A CC 1 (D NS - AC C) # Dn s -a cc e le ra t io n [ en a bl e | d is a bl e]
Enables/disables DNS Acceleration. By default DNS Acceleration is disabled. Enable to enable, Disable to disable
A CC 1 (D NS - AC C) # Dn s -a cc e le ra t io n enable
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) cache size, on page 625 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) use-accelerator-dns, on page 631
(DNS-ACC) Dns-masquerading
A C C1 (D N S- AC C )# D ns -m a sq ue r ad i ng [ e na bl e | d i sa bl e ]
Enables/disables DNS masquerading. By default DNS masquerading is disabled. Enable to enable, Disable to disable
A C C1 (D N S- AC C )# D ns -m a sq ue r ad i ng enable
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) cache size, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) use-accelerator-dns, on page 631
627
(DNS-ACC) ip host
A C C1 (D N S- AC C )# i p ho s t [W O RD ] [I P]
Lets you define a static host-name to address, by using the WORD parameter followed by an IP address. Enter the site name and the correct IP address.
A C C1 (D N S- AC C )# i p ho s t mysite 100.100.20.5
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) cache size, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) use-accelerator-dns, on page 631
(DNS-ACC) ip host purge

A C C1 (D N S- A CC )# i p ho s t [ pu rg e ]
Lets you remove all definitions of static hosts, by using the purge parameter. No additional parameters required.
A C C1 (D N S- A CC )# i p ho s t purge
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) cache size, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) use-accelerator-dns, on page 631
628
(DNS-ACC) min TTL

A CC 1 (D N S- AC C )# mi n T TL (m i nu te s ) [p r es e rv et tl | 1 -1 44 0 ]
Lets you select whether to keep the system-defined value of the time-to-leave period (preserve-ttl) or to set your own value (between 1 and 1440 minutes). Enter the a valid time period as described above.
A CC 1 (D N S- AC C )# mi n T TL (m in u te s ) pr e se rv e -t tl
440
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) cache size, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) use-accelerator-dns, on page 631
(DNS-ACC) query timeout

AC C1 ( DN S -A CC ) #q ue r y t im eo u t (0 - 30 )
Lets you set your own value for the query time out period (between 0 and 30) Enter a valid time out period as described above.
AC C1 ( DN S -A CC ) #q ue r y t im eo u t 25
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) cache size, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) use-accelerator-dns, on page 631
629
(DNS-ACC) show cache

AC C1 ( DN S- A CC ) #s ho w c ac h e
Displays the details of all hosts currently stored in the cache: host name, host address, flags and expiry time (time-to-leave). No additional parameters required.
AC C1 ( DN S- A CC ) #s ho w c ac h e
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) cache size, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show statistics, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) use-accelerator-dns, on page 631
(DNS-ACC) show statistics

A CC 1( D NS - AC C) # sh ow st a ti st i cs
Displays the statistics for the queries since the last time the DNS Acceleration feature was enabled: total number of queries, number of hits and number of misses. No additional parameters required.
A CC 1( D NS - AC C) # show statistics
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) cache size, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) transparency, on page 630 (DNS-ACC) use-accelerator-dns, on page 631
630
(DNS-ACC) transparency
Command Description
A C C1 (D N S- A CC )# t ra ns p ar e nc y [ au to | f ul l | s e mi ]
Lets you set your requested transparency mode: Semi - the traffic is transparent to the Client, but the server sees it as coming from the Accelerator. Full - the traffic is transparent to both the Client and the Server. Auto - the transparency is determined automatically according to the deployment level: either Semi (in On-LAN deployment) or Full (in On-Path deployment). The default value is Auto. Enter a valid transparency mode as described above.
A C C1 (D N S- A CC )# t ra ns p ar e nc y auto
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) cache size, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) use-accelerator-dns, on page 631
631
(DNS-ACC) use-accelerator-dns
Command Description
A C C1 (D N S- A CC )# u se -a c ce l er at o r- dn s [ e na bl e | d i sa bl e ]
Enables/disables the use of Accelerator DNS, thereby defining the Accelerator as a DNS client. By so doing, the Accelerator will always intercept traffic and use its setting to process the traffic, even if that traffic was sent to another DNS server. If you enable the use of Accelerator DNS, you have to configure an IP name server under the DNS node. Enable to enable, Disable to disable.
A C C1 (D N S- A CC )# u se -a c ce l er at o r- dn s enable
(Conf) dns-acceleration, on page 624 (DNS-ACC) cache clear, on page 625 (DNS-ACC) cache size, on page 625 (DNS-ACC) dns-acceleration, on page 626 (DNS-ACC) Dns-masquerading, on page 626 (DNS-ACC) ip host, on page 627 (DNS-ACC) ip host purge, on page 627 (DNS-ACC) min TTL, on page 628 (DNS-ACC) query timeout, on page 628 (DNS-ACC) show cache, on page 629 (DNS-ACC) show statistics, on page 629 (DNS-ACC) show statistics, on page 629
632
Traffic Encryption Commands i

Note: In the Accelerator, subnets that are not defined as local subnets are considered by default as remote subnets (subnets over the WAN). Thus, when IPsec is enabled, users sending traffic from such subnets will not be able to communicate with the Accelerator, as their packets will be dropped. Therefore, enabling these subnets to communicate with the Accelerator requires you to define them as local in the Accelerator, by using the following CLI command: subnet network x.x.x.x/y This section features the following options: (config) show crypto, on page 632 (config) show interface link, on page 633 (config) show running-config, on page 633 (crypto) ipsec, on page 634 (crypto) show tech-encryption, on page 634 (ike_policy) description, on page 635 (ike_policy) esp-algorithm, on page 635 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ipsec) ike-policy, on page 637
(config) show crypto

AC C1 ( co n fi g) # sh ow cr y pt o
Lets you view the entire details of Accelerators crypto, such as the crypto mode, the IKE and the IPsec policies. No additional parameters required.
AC C1 ( co n fi g) # sh ow cr y pt o
(config) show interface link, on page 633 (config) show running-config, on page 633 (crypto) ipsec, on page 634 (crypto) show tech-encryption, on page 634 (ike_policy) description, on page 635 (ike_policy) esp-algorithm, on page 635 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ipsec) ike-policy, on page 637
633
(config) show interface link

A CC 1( c on f ig )# s ho w i nt e rf ac e l in k [ n um be r ]
Lets you view whether IPsec is enabled, which IPsec policy is used and other details. Enter the link number.
A CC 1( c on f ig )# s ho w i nt e rf ac e l in k 1
(config) show crypto, on page 632 (config) show running-config, on page 633 (crypto) ipsec, on page 634 (crypto) show tech-encryption, on page 634 (ike_policy) description, on page 635 (ike_policy) esp-algorithm, on page 635 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ipsec) ike-policy, on page 637
(config) show running-config

AC C1 ( co n fi g) # sh ow ru n ni ng - co nf i g
Lets you view the entire details of the current crypto configuration, such as crypto mode, policy rules and decision number. No additional parameters required.
AC C1 ( co n fi g) # sh ow ru n ni ng - co nf i g
(config) show crypto, on page 632 (config) show interface link, on page 633 (crypto) ipsec, on page 634 (crypto) show tech-encryption, on page 634 (ike_policy) description, on page 635 (ike_policy) esp-algorithm, on page 635 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ipsec) ike-policy, on page 637
634
(crypto) ipsec
A CC 1 (c r yp to ) #i ps e c
Lets you enter the IPsec node No additional parameters required.
A CC 1 (c r yp to ) #i ps e c
(config) show crypto, on page 632 (config) show interface link, on page 633 (config) show running-config, on page 633 (crypto) show tech-encryption, on page 634 (ike_policy) description, on page 635 (ike_policy) esp-algorithm, on page 635 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ipsec) ike-policy, on page 637
(crypto) show tech-encryption

A CC 1 (c ry p to )# s ho w t ec h -e nc r yp t io n
Lets you view the IPsec tunnel status and the Pluto log. No additional parameters required.
A CC 1 (c ry p to )# s ho w t ec h -e nc r yp t io n
(config) show crypto, on page 632 (config) show interface link, on page 633 (config) show running-config, on page 633 (crypto) ipsec, on page 634 (ike_policy) description, on page 635 (ike_policy) esp-algorithm, on page 635 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ipsec) ike-policy, on page 637
635
(ike_policy) description
A CC 1( i ke _ po li c y) #d e sc r ip ti o n [W O RD ]
Lets you add a description to the IKE policy. Legal text string. Use underscores in place of spaces.
A CC 1( i ke _ po li c y) #d e sc r ip ti o n th i s_ d es cr i pt io n
(config) show crypto, on page 632 (config) show interface link, on page 633 (config) show running-config, on page 633 (crypto) ipsec, on page 634 (crypto) show tech-encryption, on page 634 (ike_policy) esp-algorithm, on page 635 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ipsec) ike-policy, on page 637
(ike_policy) esp-algorithm
A C C1 (i k e_ po l ic y )# es p -a lg o ri t hm < 1 -3 >
Lets you set the ESP algorithm for the IKE policy. Pick an order from 1-3.
A C C1 (i k e_ po l ic y )# esp-algorithm 2
(config) show crypto, on page 632 (config) show interface link, on page 633 (config) show running-config, on page 633 (crypto) ipsec, on page 634 (crypto) show tech-encryption, on page 634 (ike_policy) description, on page 635 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ipsec) ike-policy, on page 637
636
(ike_policy) pre-shared key

AC C 1( ik e _p ol i cy ) #p re - sh ar e d k ey
Lets you create a pre-shared key. No additional parameters are necessary. Enter Y to confirm. This command is recommended only for transactions over a secure channel:
AC C 1( ik e _p ol i cy ) # pre-shared key
(config) show crypto, on page 632 (config) show interface link, on page 633 (config) show running-config, on page 633 (crypto) ipsec, on page 634 (crypto) show tech-encryption, on page 634 (ike_policy) description, on page 635 (ike_policy) esp-algorithm, on page 635 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ipsec) ike-policy, on page 637
(ike_policy) sa-lifetime hours

AC C1 ( ik e _p ol i cy )# s a- l if et i me h o ur s < 1- 2 4>
Lets you set the number of hours for the SA lifetime 1 to 24 hours.
AC C1 ( ik e _p ol i cy )# sa-lifetime hours 12
637
(ike_policy) sa-lifetime seconds

A CC 1 (i k e_ po l ic y) # sa - li fe t im e s ec o nd s < 30 08 64 0 0>
Lets you set the number of hours for the SA lifetime 300 to 86400 seconds.
A CC 1 (i k e_ po l ic y) # sa-lifetime 4000
(ipsec) ike-policy
AC C1 ( ip s ec )# i ke -p o li c y
Lets you enter the IKE policy node. No additional parameters required.
AC C1 ( ip s ec )# i ke -p o li c y
(config) show crypto, on page 632 (config) show interface link, on page 633 (config) show running-config, on page 633 (crypto) ipsec, on page 634 (crypto) show tech-encryption, on page 634 (ike_policy) description, on page 635 (ike_policy) esp-algorithm, on page 635 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636 (ike_policy) pre-shared key, on page 636
638
ARP Commands
This section contains the following configurations: (config) (config) (config) (config) arp, on page 638 arp cache limits, on page 638 arp cache max-size, on page 639 arp clear-table, on page 639
(config) arp
ACC1(config)#a r p [ IP a d dr es s x .x . x. x ] [M A C ad dr e ss x x: x x: xx : xx : xx :x x ]
Sets manual ARP cache entries Enter a valid IP address and MAC address.
ACC1(config)#a r p I P ad d re ss 100.100.50.2 MA C Ad dr e ss 00:06:5B:15:04:B4

(config) arp cache limits, on page 638 (config) arp cache max-size, on page 639 (config) arp clear-table, on page 639
(config) arp cache limits

ACC1(config)#ar p c ac h e li m it s [ three numbers between 128000 and 8000000]

Sets three limits on the size of the ARP cache Enter up to three numbers within the valid range
ACC1(config)#ar p c ac h e li m it s 200000 300000 400000

(config) arp, on page 638 (config) arp cache max-size, on page 639 (config) arp clear-table, on page 639
639
(config) arp cache max-size

ACC1(config)#ar p c ac he m a x- si z e [ number between 128000 and 8000000]

Sets a limit on the size of the ARP cache Enter the maximum size within the range listed above.
AC C1 (c on fi g) # a r p ca c he m a x- s iz e 800000
(config) arp, on page 638 (config) arp cache limits, on page 638 (config) arp clear-table, on page 639
(config) arp clear-table

ACC1(config)#a rp cl ea r -t a bl e [ vo la t il e ]
Clears the ARP cache table. Using the volatile variable lets you clear entries from the active ARP without clearing the database. No additional parameters required.
ACC1(config)#a rp cl ea r -t a bl e [ vo la t il e ]
(config) arp, on page 638 (config) arp cache limits, on page 638 (config) arp cache max-size, on page 639
640
Additional Commands
This section contains the following configuration commands: (config) HSRP, on page 640 (config) HSRP autodetect, on page 641 (config) interface ethernet 0, on page 642 (config) interface vlan, on page 642 (config) VRRP, on page 643 (config) wan, on page 643 (interface) bridged-state disable, on page 644 (interface) ip address, on page 644 (interface) link-mode, on page 645
(config) HSRP
i i Note: In AcceleratorOS versions up to 6.0, adding an HSRP group automatically included the Accelerator in the group. Starting from AcceleratorOS 6.0, after HSRP group parameters are updated, the Accelerator must join the group. In the CLI this is accomplished using the join/leave commands.
ACC1(config)#H S RP [number]
Sets manual configuration of HSRP Enter the following Parameters: authentication [string] force-priority ip (update IP address- create group if it does not exist) join leave (leave HSRP group) preempt priority [number 0 - 254] timers virtual-mac (virtual MAC address) vlan (assign HSRP group to VLAN)
ACC1(config)#H S RP 20
(config) HSRP autodetect, on page 641 (config) interface ethernet 0, on page 642 (config) interface vlan, on page 642 (config) VRRP, on page 643 (config) wan, on page 643 (interface) bridged-state disable, on page 644 (interface) ip address, on page 644 (interface) link-mode, on page 645
641
ACC1(config)#H SR P 20 a ut h en ti c at i on myauthentication
f or c e- pr i or i ty i p 100.100.50.2 j oi n p re e mp t p ri o ri ty 1 t im e rs v ir t ua l- m ac F:F:F:F:F:F:F: v la n 2
(config) HSRP autodetect

Command Description Parameters Example with Syntax Example with Syntax Related Commands
ACC1(config)#HS R P au t od et e ct en ab l e/ di s ab l e
The Accelerator can auto-detect HSRP groups on its networks and add them to its Group Table Enable to enable, Disable to disable.
ACC1(config)#HS R P au t od et e ct enable ACC1(config)#in t er fa c e vl a n 1 100.100.50.5

(config) HSRP, on page 640 (config) interface ethernet 0, on page 642 (config) interface vlan, on page 642 (config) VRRP, on page 643 (config) wan, on page 643 (interface) bridged-state disable, on page 644 (interface) ip address, on page 644 (interface) link-mode, on page 645
642
(config) interface ethernet 0

ACC1(config)# i nt er f ac e e th e rn et 0
Enters the configuration node for the Ethernet 0 interface. No additional parameters needed
ACC1(config)# i nt er f ac e e th e rn et 0
(config) HSRP, on page 640 (config) HSRP autodetect, on page 641 (config) interface vlan, on page 642 (config) VRRP, on page 643 (config) wan, on page 643 (interface) bridged-state disable, on page 644 (interface) ip address, on page 644 (interface) link-mode, on page 645
(config) interface vlan

Command
ACC1(config)#i n te rf a ce v l an [number]
x . x. x .x x . x. x. x
Enables VLAN, sets group number and IP address or native or native tagged Accelerator IP address as VLAN group IP address. Enter the following information (enter ip address and subnet mask) native native tagged
ACC1(config)#i n te rf a ce v l an 1 100.100.50.5
(config) HSRP, on page 640 (config) HSRP autodetect, on page 641 (config) interface ethernet 0, on page 642 (config) VRRP, on page 643 (config) wan, on page 643 (interface) bridged-state disable, on page 644 (interface) ip address, on page 644 (interface) link-mode, on page 645
643
(config) VRRP
A C C1 (c o nf i g) #V R RP [ n um b er ]
Sets manual configuration of VRRP Enter the following parameters: ip (update IP address- create group if it does not exist) preempt priority [number 0 - 254] timer
Example with Syntax
A C C1 (c o nf i g) #V R RP [ n um b er ] i p 1 .1 . 1. 1 p r ee mp t p r io ri t y 100 t i me r
Related Commands
(config) HSRP, on page 640 (config) HSRP autodetect, on page 641 (config) interface ethernet 0, on page 642 (config) interface vlan, on page 642 (config) wan, on page 643 (interface) bridged-state disable, on page 644 (interface) ip address, on page 644 (interface) link-mode, on page 645
(config) wan
ACC1(config)#w an [name]
Creates a new WAN. Enter the name of the WAN.
ACC1(config)#w an mywan
(config) HSRP, on page 640 (config) HSRP autodetect, on page 641 (config) interface ethernet 0, on page 642 (config) interface vlan, on page 642 (config) VRRP, on page 643 (interface) bridged-state disable, on page 644 (interface) ip address, on page 644 (interface) link-mode, on page 645
644
(interface) bridged-state disable

ACC1(interface)# b ri dg e d- s ta te di sa b le
Disables bridge support for the Ethernet 0 interface. No additional parameters needed
ACC1(interface)# b ri dg e d- s ta te disable
(config) HSRP, on page 640 (config) HSRP autodetect, on page 641 (config) interface ethernet 0, on page 642 (config) interface vlan, on page 642 (config) VRRP, on page 643 (config) wan, on page 643 (interface) ip address, on page 644 (interface) link-mode, on page 645
(interface) ip address
ACC1(interface)# i p a dd re s s [x . x. x .x y . y. y. y ]
Sets an IP address and subnet mask for the Ethernet 0 interface. Enter a valid IP and subnet mask
AC C 1( in t er fa c e) # i p a dd re s s 100.100.23.2
255.255.255.255
(config) HSRP, on page 640 (config) HSRP autodetect, on page 641 (config) interface ethernet 0, on page 642 (config) interface vlan, on page 642 (config) VRRP, on page 643 (config) wan, on page 643 (interface) bridged-state disable, on page 644 (interface) link-mode, on page 645
645
(interface) link-mode
Command
ACC1(config)#i nt e rf a ce e t he rn e t [0, 0/1, 0/0] ACC1(interface)l in k -m o de

Sets the speed and duplex setting of the interface. You can use any of the following speed settings: 1000Mbit-full 100Mbit-full 100Mbit-half 10Mbit-full 10Mbit-half auto
ACC1(config)#i nt e rf a ce e t he rn e t 0 ACC1(interface)l in k -m o de auto

(config) HSRP, on page 640 (config) HSRP autodetect, on page 641 (config) interface ethernet 0, on page 642 (config) interface vlan, on page 642 (config) VRRP, on page 643 (config) wan, on page 643 (interface) bridged-state disable, on page 644 (interface) ip address, on page 644
646
Link Commands
The following commands are available: (config) interface link, on page 646 (LINK) acceleration, on page 647 (LINK) aggregation, on page 647 (LINK) cache-size large, on page 648 (LINK) checksum, on page 648 (LINK) force, on page 649 (LINK) fragmentation, on page 649 (LINK) header compression, on page 650 (LINK) header preservation, on page 650 (LINK) wan-id, on page 652 (LINK) header preservation tos, on page 651 (LINK) header preservation ttl, on page 652 (LINK) wan-id, on page 652

ACC1(config)#in te r fa c e li n k
Enters the Interface Link node. No additional parameters are necessary.
ACC1(config)#in te r fa c e li n k
(LINK) acceleration, on page 647 (LINK) aggregation, on page 647 (LINK) cache-size large, on page 648 (LINK) checksum, on page 648 (LINK) force, on page 649 (LINK) fragmentation, on page 649 (LINK) header compression, on page 650 (LINK) header preservation, on page 650 (LINK) wan-id, on page 652 (LINK) header preservation tos, on page 651 (LINK) header preservation ttl, on page 652 (LINK) wan-id, on page 652
647
(LINK) acceleration
ACC1(LINK)# ac ce l er at i on en ab l e/ di s ab l e
Sets the link to accelerate all traffic Enable to enable, Disable to disable.
ACC1(LINK)# ac ce l er at i on enable
(config) interface link, on page 646 (LINK) aggregation, on page 647 (LINK) cache-size large, on page 648 (LINK) checksum, on page 648 (LINK) force, on page 649 (LINK) fragmentation, on page 649 (LINK) header compression, on page 650 (LINK) header preservation, on page 650 (LINK) wan-id, on page 652 (LINK) header preservation tos, on page 651 (LINK) header preservation ttl, on page 652 (LINK) wan-id, on page 652
(LINK) aggregation
Command Description
AC C1 ( LI NK ) #a g gr eg a ti on au t o [n u mb er ]
Enables small packets to be aggregated on this link. If packets arrive smaller than the set size (68 to 6000), the QoS mechanism aggregates them and sends them together across the link. This only applies to traffic set with a CoS value of low, medium and high priority. Aggregation is accomplished on outgoing packets before the packets are compressed, and therefore you do not have to configure the aggregation symmetrically on both ends. Aggregation is applied only on congested links, to avoid adding unnecessary latency on nonproblematic links. Enter a valid number as described above, or Auto for the Accelerator to decide.
AC C1 ( LI NK ) #a g gr eg a ti on au t o 900
(config) interface link, on page 646 (LINK) acceleration, on page 647 (LINK) cache-size large, on page 648 (LINK) checksum, on page 648 (LINK) force, on page 649 (LINK) fragmentation, on page 649 (LINK) header compression, on page 650 (LINK) header preservation, on page 650 (LINK) wan-id, on page 652 (LINK) header preservation tos, on page 651 (LINK) header preservation ttl, on page 652 (LINK) wan-id, on page 652
648
(LINK) cache-size large

ACC1(LINK)# ca c he -s i ze l a rg e e na b le
Sets the link to work in Large cache size mode. Enable to enable, Disable to disable.
ACC1(LINK)# ca c he -s i ze l a rg e enable
(config) interface link, on page 646 (LINK) acceleration, on page 647 (LINK) aggregation, on page 647 (LINK) checksum, on page 648 (LINK) force, on page 649 (LINK) fragmentation, on page 649 (LINK) header compression, on page 650 (LINK) header preservation, on page 650 (LINK) wan-id, on page 652 (LINK) header preservation tos, on page 651 (LINK) header preservation ttl, on page 652 (LINK) wan-id, on page 652
(LINK) checksum
ACC1(LINK)# c he ck s um e n ab l e/ di s ab le
Includes a checksum in all packet transmissions. This setting is useful for high error rate links and troubleshooting purposes. Enable to enable, Disable to disable
ACC1(LINK)# c he ck s um enable
(config) interface link, on page 646 (LINK) acceleration, on page 647 (LINK) aggregation, on page 647 (LINK) cache-size large, on page 648 (LINK) force, on page 649 (LINK) fragmentation, on page 649 (LINK) header compression, on page 650 (LINK) header preservation, on page 650 (LINK) wan-id, on page 652 (LINK) header preservation tos, on page 651 (LINK) header preservation ttl, on page 652 (LINK) wan-id, on page 652
649
(LINK) force
ACC1(LINK)# f or c e e na bl e /d is a bl e
Sets the link to force all traffic into the tunnel. Enable to enable, Disable to disable
ACC1(LINK)# f or c e enable
(config) interface link, on page 646 (LINK) acceleration, on page 647 (LINK) aggregation, on page 647 (LINK) cache-size large, on page 648 (LINK) checksum, on page 648 (LINK) fragmentation, on page 649 (LINK) header compression, on page 650 (LINK) header preservation, on page 650 (LINK) wan-id, on page 652 (LINK) header preservation tos, on page 651 (LINK) header preservation ttl, on page 652 (LINK) wan-id, on page 652
(LINK) fragmentation
Command Description
A CC 1( L IN K )# fr a gm en t at i on a u to [ n um b er ]
Enables packets to be fragmented on this link. If packets arrive larger than the set size (68 to 6000), the QoS mechanism breaks them up. This setting is useful for handling latency on low bandwidth links, and applies only to traffic set with a CoS value of low, medium and high priority. Fragmentation does not have to be configured symmetrically on both ends. Fragmentation is accomplished on outgoing packets before the packets are compressed. Enter a valid number as described above, or auto for the Accelerator to pick.
A CC 1( L IN K )# fr a gm en t at i on 900
(config) interface link, on page 646 (LINK) acceleration, on page 647 (LINK) aggregation, on page 647 (LINK) cache-size large, on page 648 (LINK) checksum, on page 648 (LINK) force, on page 649 (LINK) header compression, on page 650 (LINK) header preservation, on page 650 (LINK) wan-id, on page 652 (LINK) header preservation tos, on page 651 (LINK) header preservation ttl, on page 652 (LINK) wan-id, on page 652
650
(LINK) header compression

ACC1(LINK)# h ea de r c om p re s si on [ en a bl e| d is ab l e]
Enables or disables header compression Enable to enable, Disable to disable.
ACC1(LINK)# h ea de r c om p re s si on enable
(config) interface link, on page 646 (LINK) acceleration, on page 647 (LINK) aggregation, on page 647 (LINK) cache-size large, on page 648 (LINK) checksum, on page 648 (LINK) force, on page 649 (LINK) fragmentation, on page 649 (LINK) header preservation, on page 650 (LINK) wan-id, on page 652 (LINK) header preservation tos, on page 651 (LINK) header preservation ttl, on page 652 (LINK) wan-id, on page 652
(LINK) header preservation

Command Description
ACC1(LINK)# h ea d er p r es er v at i on s r c
[ e na bl e |d is a bl e ]
Preserves the source IP address of the original IP header. This setting, which is useful for Policy Routing, also enables distinguishing between sessions. The SRC setting is disabled by default. Enable to enable, Disable to disable.
ACC1(LINK)# h ea d er p r es er v at i on src enable

(config) interface link, on page 646 (LINK) acceleration, on page 647 (LINK) aggregation, on page 647 (LINK) cache-size large, on page 648 (LINK) checksum, on page 648 (LINK) force, on page 649 (LINK) fragmentation, on page 649 (LINK) header compression, on page 650 (LINK) wan-id, on page 652 (LINK) header preservation tos, on page 651 (LINK) header preservation ttl, on page 652 (LINK) wan-id, on page 652
651
(LINK) header preservation ports

ACC1(LINK)# he a de r p re se r va t io n p or ts [e n ab l e| di s ab le ]
Preserves the port settings. Enable to enable, Disable to disable.
ACC1(LINK)# he a de r p re se r va t io n ports enable
(LINK) header preservation tos

ACC1(LINK)# h ea de r p r es er v at io n t o s [ en a bl e |d is a bl e]
TOS: Preserves the original ToS point settings - this is enabled by default. Enable to enable, Disable to disable.
ACC1(LINK)# h ea de r p r es er v at io n t o s enable
652
(LINK) header preservation ttl

ACC1(LINK)# he ad e r p re se r va ti o n t tl
[e n ab le | di s ab le ]
TTL: Preserves the original TTL. This is disabled by default. Enable to enable, Disable to disable.
ACC1(LINK)# he ad e r p re se r va ti o n ttl enable

(config) interface link, on page 646 (LINK) acceleration, on page 647 (LINK) aggregation, on page 647 (LINK) cache-size large, on page 648 (LINK) checksum, on page 648 (LINK) force, on page 649 (LINK) fragmentation, on page 649 (LINK) header compression, on page 650 (LINK) header preservation, on page 650 (LINK) wan-id, on page 652 (LINK) header preservation tos, on page 651 (LINK) wan-id, on page 652
(LINK) wan-id
ACC1(LINK)#w an - id [ number/ de f au lt ]
Sets the WAN to which this Link is assigned. Enter a valid IP, VRRP group number, and priority number
ACC1(LINK)#w an - id [ number/ de f au lt ]
(config) interface link, on page 646 (LINK) acceleration, on page 647 (LINK) aggregation, on page 647 (LINK) cache-size large, on page 648 (LINK) checksum, on page 648 (LINK) force, on page 649 (LINK) fragmentation, on page 649 (LINK) header compression, on page 650 (LINK) header preservation, on page 650 (LINK) wan-id, on page 652 (LINK) header preservation tos, on page 651 (LINK) header preservation ttl, on page 652
653
Expand View Commands

This section demonstrates how to configure the Accelerator to work with ExpandView NMS. For more information on ExpandView, contact your Expand Networks supplier. This section contains the following configuration options: (config) expand-view, on page 653 (EVIEW) agent, on page 653 (EVIEW) IP address, on page 654 (EVIEW) port, on page 654 (EVIEW) show, on page 654
(config) expand-view
ACC1(config)# ex pa n d- v ie w
Enables/Disables interaction with ExpandView. Enable to enable, Disable to disable
ACC1(config)# ex pa n d- v ie w
(EVIEW) agent, on page 653 (EVIEW) IP address, on page 654 (EVIEW) port, on page 654 (EVIEW) show, on page 654
(EVIEW) agent
AC C 1( E VI EW ) # ag e nt [e na b le /d i sa b le ]
Enables/Disables interaction with ExpandView. Enable to enable, Disable to disable
AC C 1( E VI EW ) # ag e nt enable
(config) expand-view, on page 653 (EVIEW) IP address, on page 654 (EVIEW) port, on page 654 (EVIEW) show, on page 654
654
(EVIEW) IP address
A CC 1 (E VI E W) # I P ad d re s s [x . x. x. x ]
Sets the address of the ExpandView server in an Accelerator. Enter a valid IP address of the ExpandView server
A CC 1 (E VI E W) # I P ad d re s s 100.100.25.5
(config) expand-view, on page 653 (EVIEW) agent, on page 653 (EVIEW) port, on page 654 (EVIEW) show, on page 654
(EVIEW) port
A CC 1 (E VI E W) # p or t [ xx x x]
Sets the port to use for interaction with the ExpandView server. Enter a legal port number that should be used to interact with the ExpandView server.
A CC 1 (E VI E W) # p or t 81
(config) expand-view, on page 653 (EVIEW) agent, on page 653 (EVIEW) IP address, on page 654 (EVIEW) show, on page 654
(EVIEW) show
AC C 1( EV I EW )# sh ow
Verifies whether the unit is connected to ExpandView. No additional parameters
AC C 1( EV I EW )# show
(config) expand-view, on page 653 (EVIEW) agent, on page 653 (EVIEW) IP address, on page 654 (EVIEW) port, on page 654
Note: For more information on ExpandView, please refer to the ExpandView user
guide.
655
SNMP Commands
This section contains the following configuration options: (config) (config) (config) (config) (config) snmp snmp snmp snmp snmp change-v3-password, on page 655 community access, on page 656 enable, on page 656 trap community, on page 657 traps, on page 657
(config) snmp change-v3-password

ACC1(config)#s nm p c h an ge - v3 -p a ss w or d
Sets the password SNMP v.3 password. The default password is expand_initial_password and should be changed. Enter a valid password as described above.
ACC1(config)#s nm p c h an ge - v3 -p a ss w or d expand_initial_password
(config) snmp community access, on page 656 (config) snmp enable, on page 656 (config) snmp trap community, on page 657 (config) snmp traps, on page 657
Note: When monitoring for specific MIBs, add the index number of the processor even
if only one processor exists. Failing to add the index number results in an error message. For example: using the snmpget command with the syntax snmpget -v 1 -c expand 10.65.0.209 1.3.6.1.4.1.3405.1.3.1.1.2.1.3 returns the following error: There is no such variable name in this MIB. Failed object: SNMPv2-SMI:enterprises.3405.1.3.1.1.2.1.3 The correct string would be: snmpget -v 1 -c expand 10.65.0.209 1.3.6.1.4.1.3405.1.3.1.1.2.1.3.1 <processor id>
656
(config) snmp community access

Command Description
ACC1(config)#s nm p c om m un it y [ na m e] ac ce s s [ re a d- on l y/ r ea d- w ri te ]
Sets the name of the SNMP community (a group of users that are granted access to certain Accelerator devices). Each SNMP community can have either read-only or readwrite authorization. The default community is Public, and its authorization is read-write. Enter a valid name and access type as described above.
ACC1(config)#s nm p c om m un it y Public access readwrite

(config) snmp change-v3-password, on page 655 (config) snmp enable, on page 656 (config) snmp trap community, on page 657 (config) snmp traps, on page 657
(config) snmp enable

ACC1(config)#s n mp e n ab le / di s ab le
Enables/Disables SNMP support in the Accelerator. Enable to enable, Disable to disable.
ACC1(config)#s n mp enable
(config) snmp change-v3-password, on page 655 (config) snmp community access, on page 656 (config) snmp trap community, on page 657 (config) snmp traps, on page 657
657
(config) snmp trap community
Note: If, after defining snmp trap manager-ip, snmp read community or snmp trap community, you want to clear these values, use the no command to reverse this definition. For example: no snmp read community [name]
ACC1(config)#s nm p t r ap c o mm un i ty [n am e ]
Sets the name of the SNMP trap community. The default is Public. Enter a valid name as described above.
ACC1(config)#s nm p t r ap c o mm un i ty public
(config) snmp change-v3-password, on page 655 (config) snmp community access, on page 656 (config) snmp enable, on page 656 (config) snmp traps, on page 657
(config) snmp traps

ACC1(config)#sn m p t ra ps en ab l e/ di s ab l e
Enables/Disables SNMP trap support. Enable to enable, Disable to disable.
ACC1(config)#sn m p t ra ps enable
(config) snmp change-v3-password, on page 655 (config) snmp community access, on page 656 (config) snmp enable, on page 656 (config) snmp trap community, on page 657
658
Log Commands
The following commands are available: (config) logging, on page 658 (logging) mail active, on page 659 (logging) mail from, on page 660 (logging) mail recipient, on page 660 (logging) mail server ip, on page 661 (logging) mail server port, on page 661 (logging) mail severity, on page 662 (logging) syslog active, on page 662 (logging) syslog facility, on page 663 (logging) syslog server ip, on page 663 (logging) syslog severity maximum, on page 664 (logging) syslog severity minimum, on page 664
(config) logging
659
ACC1(config)#l og g in g
Enters the Logging node. No additional parameters are necessary.
ACC1(config)#l og g in g
(logging) mail active, on page 659 (logging) mail from, on page 660 (logging) mail recipient, on page 660 (logging) mail server ip, on page 661 (logging) mail server port, on page 661 (logging) mail severity, on page 662 (logging) syslog active, on page 662 (logging) syslog facility, on page 663 (logging) syslog server ip, on page 663 (logging) syslog severity maximum, on page 664 (logging) syslog severity minimum, on page 664
(logging) mail active

ACC1(logging)#m a il a c ti v e [d i sa bl e | en ab l e]
Sets the Accelerator to send email notification when events and alerts are received Enable to enable, disable to disable
ACC1(logging)#m a il a c ti v e enable
(config) logging, on page 658 (logging) mail from, on page 660 (logging) mail recipient, on page 660 (logging) mail server ip, on page 661 (logging) mail server port, on page 661 (logging) mail severity, on page 662 (logging) syslog active, on page 662 (logging) syslog facility, on page 663 (logging) syslog server ip, on page 663 (logging) syslog severity maximum, on page 664 (logging) syslog severity minimum, on page 664
660
(logging) mail from

ACC1(logging)#ma il fr om [ name]
Sets the name to appear in the From field of emails sent from the Accelerator. Enter a valid password as described above.
ACC1(logging)#ma il fr om [ name]
(config) logging, on page 658 (logging) mail active, on page 659 (logging) mail recipient, on page 660 (logging) mail server ip, on page 661 (logging) mail server port, on page 661 (logging) mail severity, on page 662 (logging) syslog active, on page 662 (logging) syslog facility, on page 663 (logging) syslog server ip, on page 663 (logging) syslog severity maximum, on page 664 (logging) syslog severity minimum, on page 664
(logging) mail recipient

ACC1(logging)#m ai l r ec i pi en t [ name]
Sets the name to appear in the To field of emails sent from the Accelerator. Enter a valid email address as described above.
ACC1(logging)#m ai l r ec i pi en t username@emailaddress.com
(config) logging, on page 658 (logging) mail active, on page 659 (logging) mail from, on page 660 (logging) mail server ip, on page 661 (logging) mail server port, on page 661 (logging) mail severity, on page 662 (logging) syslog active, on page 662 (logging) syslog facility, on page 663 (logging) syslog server ip, on page 663 (logging) syslog severity maximum, on page 664 (logging) syslog severity minimum, on page 664
661
(logging) mail server ip

ACC1(logging)#m ai l s er v er i p [ ip address (x.x.x.x)]

Sets the IP address of the mail server. Enter a valid IP address as described above.
ACC1(logging)#m ai l s er v er i p 100.100.50.8
(config) logging, on page 658 (logging) mail active, on page 659 (logging) mail from, on page 660 (logging) mail recipient, on page 660 (logging) mail server port, on page 661 (logging) mail severity, on page 662 (logging) syslog active, on page 662 (logging) syslog facility, on page 663 (logging) syslog server ip, on page 663 (logging) syslog severity maximum, on page 664 (logging) syslog severity minimum, on page 664
(logging) mail server port

ACC1(logging)#m a il s e rv er po r t[ port number]

Sets the port of the mail server. Enter a valid port number as described above.
ACC1(logging)#m a il s e rv er po r t 86
(config) logging, on page 658 (logging) mail active, on page 659 (logging) mail from, on page 660 (logging) mail recipient, on page 660 (logging) mail server ip, on page 661 (logging) mail severity, on page 662 (logging) syslog active, on page 662 (logging) syslog facility, on page 663 (logging) syslog server ip, on page 663 (logging) syslog severity maximum, on page 664 (logging) syslog severity minimum, on page 664
662
(logging) mail severity

Command
ACC1(logging)#m ai l s ev e ri ty mi ni m um [i nf o |
w ar n in g | e r ro r | f a ta l] ma xi m um [e rr o r | f at a l | i nf o | w a rn i ng ]
Description
Defines which events are sent, from the minimum to the maximum. Log events are as follows: info - informational events warning - warnings error - errors in acceleration fatal - fatal errors Enter the event as described above.
ACC1(logging)#m ai l s ev e ri ty minimum info maximum fatal

(config) logging, on page 658 (logging) mail active, on page 659 (logging) mail from, on page 660 (logging) mail recipient, on page 660 (logging) mail server ip, on page 661 (logging) mail server port, on page 661 (logging) syslog active, on page 662 (logging) syslog facility, on page 663 (logging) syslog server ip, on page 663 (logging) syslog severity maximum, on page 664 (logging) syslog severity minimum, on page 664
(logging) syslog active

ACC1(logging)#s y sl og ac t iv e [ di sa b le |
en ab l e]
Enables Syslog events to be sent. Enable to enable, Disable to disable
ACC1(logging)#s y sl og ac t iv e enable
(config) logging, on page 658 (logging) mail active, on page 659 (logging) mail from, on page 660 (logging) mail recipient, on page 660 (logging) mail server ip, on page 661 (logging) mail server port, on page 661 (logging) mail severity, on page 662 (logging) syslog facility, on page 663 (logging) syslog server ip, on page 663 (logging) syslog severity maximum, on page 664 (logging) syslog severity minimum, on page 664
663
(logging) syslog facility

ACC1(logging)#sy sl o g f ac il i ty [ number]
Sets the Syslog facility number. Enter a valid number
ACC1(logging)#sy sl o g f ac il i ty 23
(config) logging, on page 658 (logging) mail active, on page 659 (logging) mail from, on page 660 (logging) mail recipient, on page 660 (logging) mail server ip, on page 661 (logging) mail server port, on page 661 (logging) mail severity, on page 662 (logging) syslog active, on page 662 (logging) syslog server ip, on page 663 (logging) syslog severity maximum, on page 664 (logging) syslog severity minimum, on page 664
(logging) syslog server ip

ACC1(logging)#s ys l og s e rv e r ip [ IP address (x.x.x.x)]

Sets the IP address of the Syslog server. Enter a valid IP address as described above.
ACC1(logging)#s ys l og s e rv e r ip 100.100.20.3
(config) logging, on page 658 (logging) mail active, on page 659 (logging) mail from, on page 660 (logging) mail recipient, on page 660 (logging) mail server ip, on page 661 (logging) mail server port, on page 661 (logging) mail severity, on page 662 (logging) syslog active, on page 662 (logging) syslog facility, on page 663 (logging) syslog severity maximum, on page 664 (logging) syslog severity minimum, on page 664
664
(logging) syslog severity maximum

ACC1(logging)#s y sl og se v er it y m ax i mu m
Defines which events to send, from the minimum to the maximum. Use in conjunction with severity minimum. Enter a valid event: info warning error fatal
ACC1(logging)#s y sl og se v er it y maximum warning maximum error

(config) logging, on page 658 (logging) mail active, on page 659 (logging) mail from, on page 660 (logging) mail recipient, on page 660 (logging) mail server ip, on page 661 (logging) mail server port, on page 661 (logging) mail severity, on page 662 (logging) syslog active, on page 662 (logging) syslog facility, on page 663 (logging) syslog server ip, on page 663 (logging) syslog severity minimum, on page 664
(logging) syslog severity minimum

ACC1(logging)#s y sl og se v er it y m in i mu m
Defines which events to send, from the minimum to the maximum. Use in conjunction with severity maximum. Enter a valid event: info warning error fatal
ACC1(logging)#s y sl og se v er it y minimum warning maximum error

(config) logging, on page 658 (logging) mail active, on page 659 (logging) mail from, on page 660 (logging) mail recipient, on page 660 (logging) mail server ip, on page 661 (logging) mail server port, on page 661 (logging) mail severity, on page 662 (logging) syslog active, on page 662 (logging) syslog facility, on page 663 (logging) syslog server ip, on page 663 (logging) syslog severity maximum, on page 664
665
Log Archives Commands

The log archive creation does not have its own mode, and can be carried out either from the Enable or Config nodes. the examples below are done from the Enable node. The following options are available: log archive, on page 665 log archive delete, on page 665 log upload, on page 666 show log archive, on page 666
log archive
ACC1#lo g a r ch iv e [ pr e fi x ]
Enables creating a log archive. To insert your selected prefix, type this prefix in the WORD field. Enter a valid prefix if desired
ACC1#lo g a r ch iv e myprefix
log archive delete, on page 665 log upload, on page 666 show log archive, on page 666
log archive delete

Command Description
ACC1#lo g a rc hi v e [ de le t e] [ f il e na me ] | [ a ll ]
Enables deleting a log archive. You can select between the following options: WORD - to delete a specific file. all - to delete all files. Enter a specific file name or All to delete all files as described above.
ACC1#lo g a rc hi v e delete all

log archive, on page 665 log upload, on page 666 show log archive, on page 666
666
log upload
Command Description
ACC1#l og u p lo ad [m e th od ] [ fi l en a me ] | [ la te s t] [d es t in at i on ]
Lets you select the parameters for uploading log archive files: which method to use, which files to upload, and the requested destination. The optional values are as follows: Method - FTP, SFTP, TFTP and SCP Filename - to select a specific file. Latest - to upload the latest generated log archive. Destination - the destination of the file. Enter parameters as described above
ACC1#l og u p lo ad FTP myfilename latest T:\\mynetworkdrive

log archive, on page 665 log archive delete, on page 665 show log archive, on page 666
show log archive

ACC1#s ho w l og a r ch i ve
Lets you view all archived log files, including name, size and time stamp. No additional parameters required.
ACC1#s ho w l og a r ch i ve
log archive, on page 665 log archive delete, on page 665 log upload, on page 666
667
Configuration Tool Commands

The following topics are available: (config) (config) (config) (config) (config) (config) (config) (config) copy startup-config running-config, on page 667 erase startup configuration, on page 668 ping, on page 668 show tech-support, on page 669 traceroute, on page 669 traceroute host, on page 670 write startup-config, on page 670 write terminal, on page 670
(config) copy startup-config running-config

ACC1(config)#co p y s ta rt u p- co n fi g r un n in gc on f ig
Reverts the running configuration to the last saved startup configuration. No additional parameters required
ACC1(config)#co p y s ta rt u p- co n fi g r un n in gc on f ig
(config) erase startup configuration, on page 668 (config) ping, on page 668 (config) show tech-support, on page 669 (config) traceroute, on page 669 (config) traceroute host, on page 670 (config) write startup-config, on page 670 (config) write terminal, on page 670
668
(config) erase startup configuration

ACC1(config)#e ra se st ar t up co nf i gu ra t io n
Restores the Accelerators configuration to the Factory Default Settings. No additional parameters required
ACC1(config)#e ra se st ar t up co nf i gu ra t io n
(config) copy startup-config running-config, on page 667 (config) ping, on page 668 (config) show tech-support, on page 669 (config) traceroute, on page 669 (config) traceroute host, on page 670 (config) write startup-config, on page 670 (config) write terminal, on page 670
(config) ping
ACC1(config)#pi n g [ ip (x.x.x.x) | hostname]

Pings network devices Enter a valid IP and host
ACC1(config)#pi n g 100.100.10.4 myhostname

(config) copy startup-config running-config, on page 667 (config) erase startup configuration, on page 668 (config) show tech-support, on page 669 (config) traceroute, on page 669 (config) traceroute host, on page 670 (config) write startup-config, on page 670 (config) write terminal, on page 670
669
(config) show tech-support

Command Description
ACC1(config)#s h ow t e ch - su pp o rt [ c on t in uo u s]
Gathers troubleshooting statistics from the Accelerator. Press More to view additional output each time; alternatively, add the parameter continuous, to enable continuous output. Only add the continuous parameter if you want continuous output
ACC1(config)#s h ow t e ch - su pp o rt continuous
(config) copy startup-config running-config, on page 667 (config) erase startup configuration, on page 668 (config) ping, on page 668 (config) traceroute, on page 669 (config) traceroute host, on page 670 (config) write startup-config, on page 670 (config) write terminal, on page 670
(config) traceroute
ACC1(config)#t r ac er o ut e [ ip (x.x.x.x) | hostname]

Sends a traceroute to network devices Enter a valid IP and host
ACC1(config)#t r ac er o ut e 100.100.10.4 myhostname

(config) copy startup-config running-config, on page 667 (config) erase startup configuration, on page 668 (config) ping, on page 668 (config) show tech-support, on page 669 (config) traceroute host, on page 670 (config) write startup-config, on page 670 (config) write terminal, on page 670
670
(config) traceroute host

A CC 1( c on fi g )# tr ac e ro ut e [ h os t]
Displays the route to a remote machine Enter a valid host, where [host] represents the machine hosts name.
A CC 1( c on fi g )# tr ac e ro ut e
(config) copy startup-config running-config, on page 667 (config) erase startup configuration, on page 668 (config) ping, on page 668 (config) show tech-support, on page 669 (config) traceroute, on page 669 (config) write startup-config, on page 670 (config) write terminal, on page 670
(config) write startup-config

A CC 1 (c o nf ig ) #w ri t e s ta rt u p- co n fi g
Saves the running configuration as the startup configuration. No additional parameters required
A CC 1 (c o nf ig ) # write startup-config
(config) copy startup-config running-config, on page 667 (config) erase startup configuration, on page 668 (config) ping, on page 668 (config) show tech-support, on page 669 (config) traceroute, on page 669 (config) traceroute host, on page 670 (config) write terminal, on page 670
(config) write terminal

Command Description
A CC 1 (c on f ig )# w ri t e te r mi na l
Displays the running configuration on the terminal screen (similar to the show
startup-config command).
Parameters Example with Syntax Related Commands No additional parameters required
A CC 1 (c on f ig )# write terminal
(config) copy startup-config running-config, on page 667 (config) erase startup configuration, on page 668 (config) ping, on page 668 (config) show tech-support, on page 669 (config) traceroute, on page 669 (config) traceroute host, on page 670 (config) write startup-config, on page 670
671
Accdump Commands
The following configuration options are available: (config) accdump, on page 671 (ACCDUMP) ipaccdump enable, on page 672 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump file-size, on page 673 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump flags, on page 674 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump upload, on page 675
(config) accdump
A CC 1( c on fi g )# a cc du m p
Enters the Accdump node. No additional parameters needed
A CC 1( c on fi g )# accdump
(ACCDUMP) ipaccdump enable, on page 672 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump file-size, on page 673 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump flags, on page 674 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump upload, on page 675
672
(ACCDUMP) ipaccdump enable

Command Description
ACC1(ACCDUMP)#i p a cc du m p en a bl e |d is a bl e
Enables or disables accdump. Note: If you choose enable, all values you configured do not affect the database. The database is being updated only after you carry out the exit command. Enable to enable, Disable to disable
ACC1(ACCDUMP)#i p a cc du m p enable
(config) accdump, on page 671 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump file-size, on page 673 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump flags, on page 674 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump upload, on page 675
(ACCDUMP) ip tcpdump files-format

ACC1(accdump)#i p t cp d um p f il e s- fo r ma t
Configures the tcpdump file format. Enter a valid IP and host The available types are: Pcap (saves the default format) enc (re-formats the file)
ACC1(accdump)#i p t cp d um p f il e s- fo r ma t enc
(config) accdump, on page 671 (ACCDUMP) ipaccdump enable, on page 672 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump file-size, on page 673 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump flags, on page 674 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump upload, on page 675
673
(ACCDUMP) ip tcpdump files-number

ACC1(accdump)#i p t cp d um p f il e s- nu m be r a ut o /
[ number]
Configures the tcpdump file number. Possible values are 1 to 1000. If you type auto, the system sets the file number and file size to default (100 and 10MB, respectively). Enter a valid number or auto as described above
ACC1(accdump)#i p t cp d um p f il e s- nu m be r auto
(config) accdump, on page 671 (ACCDUMP) ipaccdump enable, on page 672 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump file-size, on page 673 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump flags, on page 674 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump upload, on page 675
(ACCDUMP) ip tcpdump file-size

ACC1(accdump)#ip tc p du mp fi le - si z e [ number]
Configures the tcpdump file size. Possible values are 1 to 1000 MB. Enter a valid number as described above.
ACC1(accdump)#ip tc p du mp fi le - si z e 500
(config) accdump, on page 671 (ACCDUMP) ipaccdump enable, on page 672 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump flags, on page 674 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump upload, on page 675
674
(ACCDUMP) ip tcpdump filter

Command Description
ACC1(accdump)#i p t cp d um p f il t er [ f il te r
ex pr e ss io n ]
Lets you capture only specific packets into the tcpdump files by using filter expressions in the formats acceptable by the system, such as net_10.2.3.0/ 24_and_port_20. or host_10.2.3.4_and_pronto 17. Enter a valid expression
ACC1(accdump)#i p t cp d um p f il t er net_10.2.3.0
(config) accdump, on page 671 (ACCDUMP) ipaccdump enable, on page 672 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump file-size, on page 673 (ACCDUMP) ip tcpdump flags, on page 674 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump upload, on page 675
(ACCDUMP) ip tcpdump flags

ACC1(accdump)#ip tc p du mp fl ag s ( f l a g n a m e)
Lets you select tcpdump optional flags. For a detailed description of the optional flags, see in the appendix,TCPDump Optional Flags, on page 425 Enter a flag name as described in the appendix, TCPDump Optional Flags, on page 425
ACC1(config)#tr a ce r ou te 100.100.10.4 myhostname

(config) accdump, on page 671 (ACCDUMP) ipaccdump enable, on page 672 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump file-size, on page 673 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump interface, on page 675 (ACCDUMP) ip tcpdump upload, on page 675
675
(ACCDUMP) ip tcpdump interface

ACC1(accdump)#i p t cp du m p in t er f ac e[ i nt er f ac e
n am e ]
Lets you select an option for an interface: Enter a valid interface as follows: any - capture packets from all interfaces. eth-local - capture packets from local interfaces. eth0 - captures packets from ethernet 0 eth0/0 - captures packets from ethernet 0/0 eth0/0 - captures packets from ethernet 0/1 internal - captures packets from internal interfaces
ACC1(accdump)#i p t cp du m p in t er f ac e any
(config) accdump, on page 671 (ACCDUMP) ipaccdump enable, on page 672 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump file-size, on page 673 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump flags, on page 674 (ACCDUMP) ip tcpdump upload, on page 675
(ACCDUMP) ip tcpdump upload

ACC1(accdump)#ip t c pd u mp u p lo ad [m e th od ] [f i le ] [ de s ti na t io n ]
Lets you select the parameters for uploading tcpdump files: which method to use, which files to upload, and the requested destination. Enter a valid IP and host The optional values are as follows: Method - FTP, SFTP, TFTP and SCP File - one of the accdump files Destination - like in the Copy operation: user.password@ip/ file_destination_path
ACC1(accdump)#ip t c pd u mp u p lo ad FTP myfile T:\mynetworkdrive

(config) accdump, on page 671 (ACCDUMP) ipaccdump enable, on page 672 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump files-number, on page 673 (ACCDUMP) ip tcpdump file-size, on page 673 (ACCDUMP) ip tcpdump filter, on page 674 (ACCDUMP) ip tcpdump flags, on page 674 (ACCDUMP) ip tcpdump filter, on page 674
676
RDP Proxy Commands

The following configuration options are available: (remote-desktop-proxy) (remote-desktop-proxy) (remote-desktop-proxy) (remote-desktop-proxy) (remote-desktop-proxy) (remote-desktop-proxy) (remote-desktop-proxy) copy certificate, on page 676 default certificate, on page 677 exclude, on page 677 excluded-servers, on page 678 no <removal parameter>, on page 678 proxy, on page 679 show, on page 679
(remote-desktop-proxy) copy certificate

AC C 1( re m ot e- d es k to p- p ro xy ) # c op y c er ti f ic a te
Copies a saved authentication certificate. Use one of the following methods: scp sftp tftp ftp http
In th e f ol lo w in g f or m at : co p y ce r ti fi c at e [ pr o to co l t o b e u se d] us e rn am e :p as s wo r d@ [v a li d s er v er I P a dd r es s ]/ [c e rt if i ca te fi l e pa t h an d n a me ]
Note that the user name and password may not be needed for all copying methods Example with Syntax
Ac c (r em o te -d e sk t op -p r ox y) # copy certificate http myuser:mypassword@1.2.3.4/certs/certificate-file-name03.txt

(remote-desktop-proxy) copy certificate, on page 676 (remote-desktop-proxy) default certificate, on page 677 (remote-desktop-proxy) exclude, on page 677 (remote-desktop-proxy) excluded-servers, on page 678 (remote-desktop-proxy) no <removal parameter>, on page 678 (remote-desktop-proxy) proxy, on page 679 (remote-desktop-proxy) show, on page 679
Related Commands
677
(remote-desktop-proxy) default certificate

AC C 1( re m ot e -d es k to p- p ro x y) # d ef a ul t c er t if i ca te
Enables or disables the authentication certificate. Enable to enable, Disable to disable.
AC C 1( re m ot e -d es k to p- p ro x y) # de f au lt c e rt if i ca te en a bl e
(remote-desktop-proxy) copy certificate, on page 676 (remote-desktop-proxy) exclude, on page 677 (remote-desktop-proxy) excluded-servers, on page 678 (remote-desktop-proxy) no <removal parameter>, on page 678 (remote-desktop-proxy) proxy, on page 679 (remote-desktop-proxy) show, on page 679
(remote-desktop-proxy) exclude
A CC 1( r em ot e -d e sk to p -p ro x y) ex cl u de [ cl ie n t| se r ve r |w or d |I P]
This allows you to exclude a specific server, client, or subnet from the RDP services. Note that enabling other services on an excluded machine will have to be done by hand. Enter one of the following parameters: Client - choose client to exclude the client Server - choose server to exclude the server Word - servers logical name IP - IP address of the server or subnet
ACC1(remote-desktop-proxy)# exclude client 120.44.10.2

(remote-desktop-proxy) copy certificate, on page 676 (remote-desktop-proxy) default certificate, on page 677 (remote-desktop-proxy) excluded-servers, on page 678 (remote-desktop-proxy) no <removal parameter>, on page 678 (remote-desktop-proxy) proxy, on page 679 (remote-desktop-proxy) show, on page 679
678
(remote-desktop-proxy) excluded-servers
AC C 1( re m ot e- d es k to p- p ro xy ) # e xc lu d ed -s e rv e rs
This allows you to clear the servers from the excluded servers table. This action clears all of the servers that are on the list in a single execution. Clear to clear, and when prompted enter Y or N to continue or cancel.
AC C 1( re m ot e- d es k to p- p ro xy ) # e xc lu d ed -s e rv e rs cl e ar Wa r ni ng : T hi s o p er at i on w i ll de le t e al l ex c lu de d s er v er s . Ar e y ou su re ? ( y /n ) Y
Related Commands
(remote-desktop-proxy) copy certificate, on page 676 (remote-desktop-proxy) default certificate, on page 677 (remote-desktop-proxy) exclude, on page 677 (remote-desktop-proxy) no <removal parameter>, on page 678 (remote-desktop-proxy) proxy, on page 679 (remote-desktop-proxy) show, on page 679
(remote-desktop-proxy) no <removal parameter>

A CC 1( r em ot e -d e sk to p -p ro x y) # n o < re mo v al p ar am e te r>
This allows you to clear the servers from the excluded servers table. This action clears all of the servers that are on the list in a single execution. enter one of the following commands: Default certificate - to remove the default authentication certificate Exclude - to remove the exclude servers Proxy - disables the RDP Proxy
A CC 1( r em ot e -d e sk to p -p ro x y) # n o d ef au l t c er ti f ic at e
(remote-desktop-proxy) copy certificate, on page 676 (remote-desktop-proxy) default certificate, on page 677 (remote-desktop-proxy) exclude, on page 677 (remote-desktop-proxy) excluded-servers, on page 678 (remote-desktop-proxy) proxy, on page 679 (remote-desktop-proxy) show, on page 679
679
(remote-desktop-proxy) proxy
A CC 1 (r em o te -d e sk t op -p r ox y) # p r ox y
Enables or disables the RDP service Enable to enable Disable to Disable
A CC 1 (r em o te -d e sk t op -p r ox y) # proxy enable
(remote-desktop-proxy) copy certificate, on page 676 (remote-desktop-proxy) default certificate, on page 677 (remote-desktop-proxy) exclude, on page 677 (remote-desktop-proxy) excluded-servers, on page 678 (remote-desktop-proxy) no <removal parameter>, on page 678 (remote-desktop-proxy) show, on page 679
(remote-desktop-proxy) show
A CC 1( r em o te -d e sk to p -p ro x y) # s ho w
Shows the RDP service status Proxy - for proxy status Remote-desktop-proxy for RDP status
A CC 1( r em o te -d e sk to p -p ro x y) # sh remote-desktop-proxy
(remote-desktop-proxy) copy certificate, on page 676 (remote-desktop-proxy) default certificate, on page 677 (remote-desktop-proxy) exclude, on page 677 (remote-desktop-proxy) excluded-servers, on page 678 (remote-desktop-proxy) no <removal parameter>, on page 678 (remote-desktop-proxy) proxy, on page 679
The following screen appears (in this example the RDP status is shown):
Proxy.............................enable Default certificate...............enable Proxy statistics ----------------------------------------------------Peak number of concurrent sessions: 3 Current number of sessions: 1 Average RDP PDU size: 952.43 Max RDP PDU size: 15452 ----------------------------------------------------No Remote Desktop Proxy excluded servers exist.
For an explanation on the statistics output, see Collecting RDP Proxy Statistics, on page 279.
680
Mobile Accelerator Commands

Note that only the supported CLI commands are listed here. If the CLI contains additional Mobile Accelerator Client commands, they are currently not supported. Note that these commands should only be used in cases where ExpandView is not available. ExpandView is the recommended method for managing, configuring, and registering Mobile Accelerator clients. Contact your sales representative for details on ordering ExpandView.
interface link mobile

ACC1(config)# i n te rf a ce l i nk mo bi l e
Creates a link from an Accelerator to a Mobile Accelerator Client You need to enter the unique id of the remote device. It is 27 characters long. The ID must have the following syntax where X is a number: XXXXXXXXXXXXXXXXXXXXXXXX
ACC1(config)# i n te rf a ce l i nk mo bi l e 3030-3033-62332334324792334
interface link template, on page 680 remote-unique-id, on page 681 show interface link template, on page 681 show remote-unique-id, on page 682 show unique-id, on page 682
interface link template

ACC1(config)# i nt e rf ac e l in k t e mp la t e
Opens the specified template Template number <0-33> is required. Currently only templates 0 and 1 are supported. Template number 0 is the default Accelerator Link template Template number 1 is the default Mobile Accelerator Client Link template
ACC1(config)# i nt e rf ac e l in k t e mp la t e 1
interface link mobile, on page 680 remote-unique-id, on page 681 show interface link template, on page 681 show remote-unique-id, on page 682 show unique-id, on page 682
681
remote-unique-id
ACC1(LINK)# re m ot e- u ni qu e -i d
Sets the unique id for the remote device (Mobile Accelerator Client) You need to enter the unique id of the remote device. It is 27 characters long. The ID must have the following syntax where X is a number: XXXXXXXXXXXXXXXXXXXXXXXX
ACC1(LINK)# re m ot e- u ni qu e -i d 3030-3033-62332334324347934
interface link mobile, on page 680 interface link template, on page 680 show interface link template, on page 681 show remote-unique-id, on page 682 show unique-id, on page 682
show interface link template

ACC1(config)# sh o w in t er f ac e l in k t em p la te
Opens the specified template Template number <0-33> is required. Template number 0 is the default Accelerator Link template Template number 1 is the default Mobile Accelerator Client Link template All shows all templates
ACC1(config)# sh o w in t er f ac e l in k t em p la te
all
interface link mobile, on page 680 interface link template, on page 680 remote-unique-id, on page 681 show remote-unique-id, on page 682 show unique-id, on page 682
682
show remote-unique-id
Note that Mobile Accelerator Clients that are not connected will be shown as idle.
ACC1(LINK)# s ho w r em o te -u n iq ue - id
Displays the unique id for the remote device. This can be an Accelerator or a Mobile Accelerator Client. no additional parameters necessary
ACC1(LINK)# s ho w r em o te -u n iq ue - id
interface link mobile, on page 680 interface link template, on page 680 remote-unique-id, on page 681 show interface link template, on page 681 show unique-id, on page 682
show unique-id
ACC1(config)# s ho w u ni q ue -i d
Displays the unique id for the Accelerator. no additional parameters necessary
ACC1(config)# s ho w u ni q ue -i d
interface link mobile, on page 680 interface link template, on page 680 remote-unique-id, on page 681 show interface link template, on page 681 show remote-unique-id, on page 682
Configuring WAFS
The following configurations are available: Basic Operation Commands, on page 684 Print Administration Commands, on page 688 Printer Driver Commands, on page 690 CUPS Commands, on page 692 Printer Port Commands, on page 693 Printer Management Commands, on page 696 WAFS Transparency Commands, on page 698 Excluded Server Commands, on page 699 CIFS Commands, on page 700 Compression Filter Commands, on page 701 Time and Date Commands, on page 702 Additional Commands, on page 703 Fetch Commands, on page 706 FileBank Director Commands, on page 707 WAFS Help Commands, on page 711 WAFS Licensing Commands, on page 712 WAFS Log File Commands, on page 713 Replication Service Commands, on page 718 Replication User Commands, on page 725 Event Scheduling Commands, on page 731 Service Management Commands, on page 734 Software Commands, on page 738 Statistic Commands, on page 739 Stf_filter Commands, on page 740 Transaction Monitoring Commands, on page 742 TTCP Commands, on page 743 User Commands, on page 745 Virtual Memory Statistic Commands, on page 746 Wins Commands, on page 747
Co n f ig u r in g WAF S /
683
Most of the WAFS configuration is done through the CLI, letting you display and manage printing devices and printing authorizations.
684
Basic Operation Commands

These commands require a confirmation. The following commands are available: {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# exit, on page 684 ping [host], on page 684 reboot, on page 685 restart, on page 685 shutdown, on page 685 start, on page 686 stop, on page 686
{hostname}:filecontroller0# exit
{ ho s tn am e }: fi l ec o nt ro l le r0 # [ e xi t| q ui t]
Logs out from shell. No additional parameters needed.
{ ho s tn am e }: fi l ec o nt ro l le r0 # quit
{hostname}:filecontroller0# ping [host], on page 684 {hostname}:filecontroller0# reboot, on page 685 {hostname}:filecontroller0# restart, on page 685 {hostname}:filecontroller0# shutdown, on page 685 {hostname}:filecontroller0# start, on page 686 {hostname}:filecontroller0# stop, on page 686
{hostname}:filecontroller0# ping [host]

{ ho s tn am e }: fi l ec o nt ro l le r0 # p i ng [ h os t]
Pings a remote machine. Enter a valid IP address
{ ho s tn am e }: fi l ec o nt ro l le r0 # ping 122.222.22
{hostname}:filecontroller0# exit, on page 684 {hostname}:filecontroller0# reboot, on page 685 {hostname}:filecontroller0# restart, on page 685 {hostname}:filecontroller0# shutdown, on page 685 {hostname}:filecontroller0# start, on page 686 {hostname}:filecontroller0# stop, on page 686
685
{hostname}:filecontroller0# reboot
{ ho st n am e} : fi l ec on t ro ll e r0 # r eb o ot
Reboots the WAFS module. No additional parameters are needed
{ ho st n am e} : fi l ec on t ro ll e r0 # reboot
{hostname}:filecontroller0# exit, on page 684 {hostname}:filecontroller0# ping [host], on page 684 {hostname}:filecontroller0# restart, on page 685 {hostname}:filecontroller0# shutdown, on page 685 {hostname}:filecontroller0# start, on page 686 {hostname}:filecontroller0# stop, on page 686
{hostname}:filecontroller0# restart
{h os t na me } :f i le co n tr ol l er 0 # re s ta rt
Stops and then restarts the application. No additional parameters required.
{h os t na me } :f i le co n tr ol l er 0 # restart
{hostname}:filecontroller0# exit, on page 684 {hostname}:filecontroller0# ping [host], on page 684 {hostname}:filecontroller0# reboot, on page 685 {hostname}:filecontroller0# shutdown, on page 685 {hostname}:filecontroller0# start, on page 686 {hostname}:filecontroller0# stop, on page 686
{hostname}:filecontroller0# shutdown
{ ho s tn am e }: fi l ec o nt ro l le r0 # s h ut do w n
Shuts down the system. No additional parameters are needed
{ ho s tn am e }: fi l ec o nt ro l le r0 # shutdown
{hostname}:filecontroller0# exit, on page 684 {hostname}:filecontroller0# ping [host], on page 684 {hostname}:filecontroller0# reboot, on page 685 {hostname}:filecontroller0# restart, on page 685 {hostname}:filecontroller0# start, on page 686 {hostname}:filecontroller0# stop, on page 686
686
{hostname}:filecontroller0# start
{ ho s tn am e }: f il ec o nt ro l le r 0# s t ar t
Starts the WAFS module on the logged device. No additional parameters required.
{ ho s tn am e }: f il ec o nt ro l le r 0# start
{hostname}:filecontroller0# exit, on page 684 {hostname}:filecontroller0# ping [host], on page 684 {hostname}:filecontroller0# reboot, on page 685 {hostname}:filecontroller0# restart, on page 685 {hostname}:filecontroller0# shutdown, on page 685 {hostname}:filecontroller0# stop, on page 686
{hostname}:filecontroller0# stop
{ ho s tn a me }: f il ec o nt ro l le r 0# s t op
Stops the WAFS module on the logged device. No additional parameters required.
{ ho s tn a me }: f il ec o nt ro l le r 0# stop
{hostname}:filecontroller0# exit, on page 684 {hostname}:filecontroller0# ping [host], on page 684 {hostname}:filecontroller0# reboot, on page 685 {hostname}:filecontroller0# restart, on page 685 {hostname}:filecontroller0# shutdown, on page 685 {hostname}:filecontroller0# start, on page 686
687
Cache Commands
Manages and displays cache-related information. The following commands are available: {hostname}:filecontroller0# cache invalidate, on page 687 {hostname}:filecontroller0# cache [show], on page 687 {hostname}:filecontroller0# cache ttl set, on page 687
{hostname}:filecontroller0# cache invalidate

{ ho s tn am e }: f il ec o nt ro l le r 0# ca c he i n va li d at e
Resets the TTL for the cached information, thereby forcing the FB to validate the updated information with the EFS. Enter a valid parameter as described above.
{ ho s tn am e }: f il ec o nt ro l le r 0# ca c he invalidate
{hostname}:filecontroller0# cache [show], on page 687 {hostname}:filecontroller0# cache ttl set, on page 687
{hostname}:filecontroller0# cache [show]

{h os t na me } :f i le co n tr ol l er 0 #c ac h e sh o w
Displays cache-related information. No additional parameters are needed
{h os t na me } :f i le co n tr ol l er 0 #c ac h e show
{hostname}:filecontroller0# cache invalidate, on page 687 {hostname}:filecontroller0# cache ttl set, on page 687
{hostname}:filecontroller0# cache ttl set

{ ho s tn am e }: fi l ec o nt ro l le r0 # ca c he t t l se t
Displays or sets cache Time To Live for directories or files. The Time To Live is expressed in seconds, where the default is 1800 (30 minutes) and the Maximum is 14,400. The specific directory and file must be included.
{ ho s tn am e }: fi l ec o nt ro l le r0 # ca c he t t l se t c / m yf i le s. t xt 2 5 00
{hostname}:filecontroller0# cache invalidate, on page 687 {hostname}:filecontroller0# cache [show], on page 687
688
Print Administration Commands

The following configurations are available: {hostname}:filecontroller0# printing admins add group, on page 688 {hostname}:filecontroller0#printing admins add user, on page 688 {hostname}:filecontroller0#printing admins list, on page 689 {hostname}:filecontroller0# printing devices list, on page 689 {hostname}:filecontroller0#printing drivers show, on page 689
{hostname}:filecontroller0# printing admins add group

{ ho st n am e} : fi l ec on t ro ll e r0 # p ri nt i ng a d mi ns a dd |d e le te gr o up { [ do ma i n\ ] us er }
Lets you add or delete printer administrators groups. Enter the username/group for the printer administrator
{ ho st n am e} : fi l ec on t ro ll e r0 # printing admins add group {[www.mydomain.com\]myusername}

{hostname}:filecontroller0#printing admins add user, on page 688 {hostname}:filecontroller0#printing admins list, on page 689 {hostname}:filecontroller0# printing devices list, on page 689 {hostname}:filecontroller0#printing drivers show, on page 689
{hostname}:filecontroller0#printing admins add user

{ h os tn a me }: f il e co nt r ol le r 0# p ri nt i ng a d mi n s a d d us e r
Lets you add or delete printer administrators users. Use the following parameters: Add - adds a user Delete - deletes a user Domain - a valid domain address User - the username of the account you want to have administrative status.
{ h os tn a me }: f il e co nt r ol le r 0# printing admins add user {[www.mydomain.com\]myusername}

{hostname}:filecontroller0# printing admins add group, on page 688 {hostname}:filecontroller0#printing admins list, on page 689 {hostname}:filecontroller0# printing devices list, on page 689 {hostname}:filecontroller0#printing drivers show, on page 689
689
{hostname}:filecontroller0#printing admins list

{ h os t na me } :f il e co n tr ol l er 0# p ri n ti ng ad mi n s l i st
Displays a list of printer administrators users and groups No additional parameters required
{ h os t na me } :f il e co n tr ol l er 0# p ri n ti ng ad mi n s l i st
{hostname}:filecontroller0# printing admins add group, on page 688 {hostname}:filecontroller0#printing admins add user, on page 688 {hostname}:filecontroller0# printing devices list, on page 689 {hostname}:filecontroller0#printing drivers show, on page 689
{hostname}:filecontroller0# printing devices list

{h os t na me } :f i le co n tr ol l er 0 # pr i nt i ng d e vi ce s li st
Shows information regarding locally connected printers. No additional parameters required
{h os t na me } :f i le co n tr ol l er 0 # printing devices list

{hostname}:filecontroller0# printing admins add group, on page 688 {hostname}:filecontroller0#printing admins add user, on page 688 {hostname}:filecontroller0#printing admins list, on page 689 {hostname}:filecontroller0#printing drivers show, on page 689
{hostname}:filecontroller0#printing drivers show

{ ho s tn am e }: fi l ec o nt ro l le r0 # pr i nt in g d ri v er s s ho w
Displays the status of the printing drivers. No additional parameters required
{ ho s tn am e }: fi l ec o nt ro l le r0 # pr i nt in g d ri v er s
show
{hostname}:filecontroller0# printing admins add group, on page 688 {hostname}:filecontroller0#printing admins add user, on page 688 {hostname}:filecontroller0#printing admins list, on page 689 {hostname}:filecontroller0# printing devices list, on page 689
690
Printer Driver Commands

The following commands are available: {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# printing printing printing printing printing drivers drivers drivers drivers drivers migrate, on page 690 set local, on page 691 set local, on page 691 set remote, on page 691 set server, on page 691
{hostname}:filecontroller0# printing drivers migrate

{h o st na m e} : fi le c on tr o ll e r0 #p r in ti n g dr i ve rs mi g ra te {d o ma in | us er }
Use domain user to migrate drivers from File Server to the File Bank Enter a valid UserID and domain name
{h o st na m e} : fi le c on tr o ll e r0 # printing drivers migrate www.mydomain.com myusername

{hostname}:filecontroller0# printing drivers set local, on page 691 {hostname}:filecontroller0# printing drivers set local, on page 691 {hostname}:filecontroller0# printing drivers set remote, on page 691 {hostname}:filecontroller0# printing drivers set server, on page 691
{hostname}:filecontroller0# printing drivers set client

{h o st na m e} : fi le c on tr o ll e r0 # pr i nt in g d ri ve r s se t c li e nt
Setting manual mode for client driver installation. No additional parameters required
{h o st na m e} : fi le c on tr o ll e r0 # pr i nt in g d ri ve r s se t c li e nt
{hostname}:filecontroller0# printing drivers migrate, on page 690 {hostname}:filecontroller0# printing drivers set local, on page 691 {hostname}:filecontroller0# printing drivers set remote, on page 691 {hostname}:filecontroller0# printing drivers set server, on page 691
691
{hostname}:filecontroller0# printing drivers set local

{h os t na m e} :f i le co n tr o ll er 0 # pr in t in g dr i ve rs se t l oc a l
Store uploaded printer drivers on local print $ share (on the File Bank). No additional parameters required
{h os t na m e} :f i le co n tr o ll er 0 # pr in t in g dr i ve rs se t l oc a l
{hostname}:filecontroller0# printing drivers migrate, on page 690 {hostname}:filecontroller0# printing drivers set local, on page 691 {hostname}:filecontroller0# printing drivers set remote, on page 691 {hostname}:filecontroller0# printing drivers set server, on page 691
{hostname}:filecontroller0# printing drivers set remote

{ h os tn a me }: f il e co nt r ol le r 0# p ri nt i ng d r iv e rs s e t re m ot e
Store uploaded printer drivers on remote print $ share (on the File Server). Enter a valid UserID and domain name
{ h os tn a me }: f il e co nt r ol le r 0# p ri nt i ng d r iv e rs s e t re m ot e
{hostname}:filecontroller0# printing drivers migrate, on page 690 {hostname}:filecontroller0# printing drivers set local, on page 691 {hostname}:filecontroller0# printing drivers set local, on page 691 {hostname}:filecontroller0# printing drivers set server, on page 691
{hostname}:filecontroller0# printing drivers set server

{h o st n am e} : fi le c on t ro ll e r0 # p ri nt i ng dr iv e rs se t s e rv er
Setting point and print mode for client driver installation. No additional parameters required
{h o st n am e} : fi le c on t ro ll e r0 # p ri nt i ng dr iv e rs se t s e rv er
{hostname}:filecontroller0# printing drivers migrate, on page 690 {hostname}:filecontroller0# printing drivers set local, on page 691 {hostname}:filecontroller0# printing drivers set local, on page 691 {hostname}:filecontroller0# printing drivers set remote, on page 691
692
CUPS Commands
The following commands are available: {hostname}:filecontroller0# printing restart, on page 692 {hostname}:filecontroller0# printing status, on page 692
{hostname}:filecontroller0# printing restart

{h o st na m e} : fi le c on tr o ll e r0 # pr in t in g re st a rt
Restarts the CUPS service, which is responsible for the print spooling and processing in the system. No additional parameters required
{h o st na m e} : fi le c on tr o ll e r0 # p ri nt i ng restart
{hostname}:filecontroller0# printing status, on page 692
{hostname}:filecontroller0# printing status

{ h os tn a me } :f il e co nt r ol l er 0# pr in t in g s ta t us
Checks the status of the CUPS service. This command checks only whether this service is supposed to run, and not the services actual state No additional parameters required
{ h os tn a me } :f il e co nt r ol l er 0# pr in t in g s ta t us
{hostname}:filecontroller0# printing restart, on page 692
693
Printer Port Commands

The following commands are available: {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# printing printing printing printing printing port add, on page 693 ports, on page 693 printers add, on page 694 printers delete, on page 694 settings force, on page 695
{hostname}:filecontroller0# printing port add

{h os t na m e} :f i le co n tr o ll er 0 #p ri n ti n g po r t [d el e te | ad d] [ na me ]
Lets you add or delete a printing port. The default port - Accelerator Local Port - cannot be modified or deleted. Enter a valid printing port name
{h os t na m e} :f i le co n tr o ll er 0 #p ri n ti n g p o rt a dd
Accelerator Local Port2

{hostname}:filecontroller0# printing ports, on page 693 {hostname}:filecontroller0# printing printers add, on page 694 {hostname}:filecontroller0# printing printers delete, on page 694 {hostname}:filecontroller0# printing settings force, on page 695
{hostname}:filecontroller0# printing ports

Command Description
{ ho s tn am e }: fi l ec o nt ro l le r0 # pr i nt in g p or t s
Displays the list of the existing printer ports, with their names and URI. Accelerator Local Port is the default printer port, which appears always, and only its name is displayed. All other printers added afterwards appear with both their names and URIs No additional parameters required
{ ho s tn am e }: fi l ec o nt ro l le r0 # pr i nt in g p or t s
{hostname}:filecontroller0# printing port add, on page 693 {hostname}:filecontroller0# printing printers add, on page 694 {hostname}:filecontroller0# printing printers delete, on page 694 {hostname}:filecontroller0# printing settings force, on page 695
694
{hostname}:filecontroller0# printing printers add

{ h os t na me } :f il e co n tr ol l er 0# p ri n ti ng pr i nt e rs a d d [ na me ] [ UR I |I D ] [d e sc ri p ti o n]
Adds a specific printer, including the printers alphanumeric name, URI or ID and (optionally) a textual description. Enter a valid printer name, URI, ID and a description.
{ h os t na me } :f il e co n tr ol l er 0# p ri n ti ng pr i nt e rs a d d myprinter laserjet
{hostname}:filecontroller0# printing port add, on page 693 {hostname}:filecontroller0# printing ports, on page 693 {hostname}:filecontroller0# printing printers delete, on page 694 {hostname}:filecontroller0# printing settings force, on page 695
{hostname}:filecontroller0# printing printers delete

{ ho s tn am e }: fi l ec o nt ro l le r0 # pr i nt in g p ri n te rs d el e te [ n am e]
Deletes a specific printer by indicating the printers alphanumeric name. Enter the printer name
{ ho s tn am e }: fi l ec o nt ro l le r0 # pr i nt in g p ri n te rs d el e te myprinter
{hostname}:filecontroller0# printing port add, on page 693 {hostname}:filecontroller0# printing ports, on page 693 {hostname}:filecontroller0# printing printers add, on page 694 {hostname}:filecontroller0# printing settings force, on page 695
695
{hostname}:filecontroller0# printing settings force

Command Description
{h os t na me } :f i le co n tr ol l er 0 #p ri n ti ng se t ti ng s fo rc e [ sh o w] [e na b le |d i sa b le ]
Prevents the Windows Client from renaming the printer when uploading a new driver. Changing this setting requires restarting SAMBA. You should pay attention to the warning that appears in the CLI: Changing this setting may cause clients that are connected to exported printer queues to be unable to print until they delete and reconnect to the print queue Show to show settings, Enable to enable, or Disable to disable.
{h os t na me } :f i le co n tr ol l er 0 #p ri n ti ng se t ti ng s fo rc e show
{hostname}:filecontroller0# printing port add, on page 693 {hostname}:filecontroller0# printing ports, on page 693 {hostname}:filecontroller0# printing printers add, on page 694 {hostname}:filecontroller0# printing printers delete, on page 694
696
Printer Management Commands

The following commands are available: {hostname}:filecontroller0# printing printers list, on page 696 {hostname}:filecontroller0# printing printers set, on page 696 {hostname}:filecontroller0# printing printers testpage, on page 697
{hostname}:filecontroller0# printing printers list

{h o st n am e} : fi le c on t ro ll e r0 #p r in t in g pr i nt e rs [ l is t]
Displays a list of all printers. No additional parameters required
{h o st n am e} : fi le c on t ro ll e r0 #p r in t in g pr i nt e rs list
{hostname}:filecontroller0# printing printers set, on page 696 {hostname}:filecontroller0# printing printers testpage, on page 697
{hostname}:filecontroller0# printing printers set

{ h os tn a me }: f il e co nt r ol le r 0# p ri nt i ng p r in te r s se t [ n am e] [n ew UR I ] [n e w co m me n t]
Changes the URI of an existing printer. Enter a valid domain and user
{ h os tn a me }: f il e co nt r ol le r 0# p ri nt i ng a d mi n s
add user {mydomain\myuser}

{hostname}:filecontroller0# printing printers list, on page 696 {hostname}:filecontroller0# printing printers testpage, on page 697
697
{hostname}:filecontroller0# printing printers testpage

{ ho s tn am e }: fi l ec o nt ro l le r0 # pr in t in g pr in t er s t es t pa ge {n am e }
Prints a test page. Enter name of printer
{ ho s tn am e }: fi l ec o nt ro l le r0 # pr in t in g pr in t er s t es t pa ge myprinter
{hostname}:filecontroller0# printing printers list, on page 696 {hostname}:filecontroller0# printing printers set, on page 696
698
WAFS Transparency Commands

The following commands are available: (config) wafs, on page 698 (WAFS) transparency, on page 698 (WAFS) transparency exclude excluded-servers, on page 698
(config) wafs
AC C 1( co n fi g) # w a fs
Enters the WAFS node No additional parameters are necessary.
AC C 1( co n fi g) # wafs
(WAFS) transparency, on page 698 (WAFS) transparency exclude excluded-servers, on page 698
(WAFS) transparency
AC C 1( WA F S) #t r an s pa re n cy e n ab l e| d i sa bl e
Enables or disables WAFS transparency. Enable to enable, disable to disable. When WAFS transparency is enabled, the FileBank polls all servers by default. If you are enabling an Alias, this should be set to disable.
AC C 1( WA F S) #t r an s pa re n cy enable
(config) wafs, on page 698 (WAFS) transparency exclude excluded-servers, on page 698
(WAFS) transparency exclude excluded-servers

A CC 1 (W A FS )# t ra ns p ar e nc y e xc lu d e e xc lu d ed s er v er s
Defines which servers to exclude from WAFS transparency. No additional parameters required
A CC 1 (W A FS )# t ra ns p ar e nc y e xc lu d e e xc lu d ed s er v er s
(config) wafs, on page 698 (WAFS) transparency, on page 698
699
Excluded Server Commands

The following commands are available: (WAFS) show transparency excluded-servers, on page 699 (WAFS) transparency excluded servers clear, on page 699
(WAFS) show transparency excluded-servers

ACC1(W A FS ) #s ho w t ra n sp a re nc y e xc l ud e ds er ve r s
Displays the list of servers that are excluded from WAFS transparency. No additional parameters required
ACC1(W A FS ) #s ho w t ra n sp a re nc y e xc l ud e ds er ve r s
(WAFS) transparency excluded servers clear, on page 699
(WAFS) transparency excluded servers clear

A C C1 ( WA FS ) #t ra n sp ar e nc y e xc l ud ed se r ve rs c l ea r
Clears the excluded servers list. No additional parameters required
A C C1 ( WA FS ) #t ra n sp ar e nc y e xc l ud ed se r ve rs c l ea r
(WAFS) show transparency excluded-servers, on page 699
700
CIFS Commands
The following commands are available: {hostname}:filecontroller0# cifs status, on page 700
{hostname}:filecontroller0# cifs status

{h o st na m e} :f i le co n tr o ll er 0 # ci f s s ta tu s
Displays status of CIFS connections, shares and locks. No additional parameters required
{h o st na m e} :f i le co n tr o ll er 0 # cifs status
701
Compression Filter Commands

Displays and manages the list of compression filters. The following commands are available: {hostname}:filecontroller0# comp_filters, on page 701 {hostname}:filecontroller0# comp_filters list, on page 701
{hostname}:filecontroller0# comp_filters
{ ho st n am e }: fi l ec on t ro l le r0 # co mp _ fi l te rs ad d/ d el et e { f il te r }
Adds/deletes a given filter to/from a list. Add to add Delete to delete
{ ho st n am e }: fi l ec on t ro l le r0 # co mp _ fi l te rs d el et e { f il te r }
{hostname}:filecontroller0# comp_filters list, on page 701
{hostname}:filecontroller0# comp_filters list

{ ho st n am e} : fi l ec on t ro ll e r0 # c om p _f il t er s l is t/ c le ar
Displays/clears a list of current compression filters. No additional parameters required
{ ho st n am e} : fi l ec on t ro ll e r0 # c om p _f il t er s l is t/ clear
{hostname}:filecontroller0# comp_filters, on page 701
702
Time and Date Commands

Changes and displays current date and/or time. The following commands are available: {hostname}:filecontroller0# date, on page 702 {hostname}:filecontroller0# date show, on page 702
{hostname}:filecontroller0# date
{h o st na m e} :f i le c on tr o ll er 0 #d a te [ D AT E] [T I ME ]
Changes the current systems date and time. Make sure the date is mmddyyyy and time is hh:mm:ss
{h o st na m e} :f i le c on tr o ll er 0 #d a te 11112011 12:12:12
{hostname}:filecontroller0# date show, on page 702
{hostname}:filecontroller0# date show

{ ho s tn a me }: f il ec o nt r ol le r 0# da t e s ho w
Displays the current systems date and time. No additional parameters necessary
{ ho s tn a me }: f il ec o nt r ol le r 0# da t e show
{hostname}:filecontroller0# date, on page 702
703
Additional Commands
The following configurations are available: {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# diagnostics, on page 703 domain set, on page 704 domain show, on page 704 domain join, on page 704 enable, on page 705 exit|quit, on page 705
{hostname}:filecontroller0# diagnostics
Command Description
{ h o st n a me } : fi l e co n t ro l l er 0 # di a g no s t ic s
Runs diagnostics tests. You can use this command to diagnose either the full system, the configuration settings of the Accelerator, hardware problems or communication problems. Enter one of the following: all - runs a complete diagnostic check settings - checks the settings hardware - checks hardware functioning communication - tests communication settings.
Parameters
{ h o st n a me } : fi l e co n t ro l l er 0 # di a g no s t ic s all
{hostname}:filecontroller0# domain set, on page 704 {hostname}:filecontroller0# domain show, on page 704 {hostname}:filecontroller0# domain join, on page 704 {hostname}:filecontroller0# enable, on page 705 {hostname}:filecontroller0# exit|quit, on page 705
704
{hostname}:filecontroller0# domain set

{ ho s tn am e }: fi l ec o nt ro l le r0 # d o ma in se t
Sets or displays the Windows NT domain on a local network. This command also defines a domain name. No additional parameters needed
{ ho s tn am e }: fi l ec o nt ro l le r0 # domain set
{hostname}:filecontroller0# diagnostics, on page 703 {hostname}:filecontroller0# domain show, on page 704 {hostname}:filecontroller0# domain join, on page 704 {hostname}:filecontroller0# enable, on page 705 {hostname}:filecontroller0# exit|quit, on page 705
{hostname}:filecontroller0# domain show

{h os t na me } :f i le co n tr ol l er 0 #d om a in s h ow
Displays the current domain name. No additional parameters needed
{h os t na me } :f i le co n tr ol l er 0 #d om a in show
{hostname}:filecontroller0# diagnostics, on page 703 {hostname}:filecontroller0# domain set, on page 704 {hostname}:filecontroller0# domain join, on page 704 {hostname}:filecontroller0# enable, on page 705 {hostname}:filecontroller0# exit|quit, on page 705
{hostname}:filecontroller0# domain join

{ h os tn a me }: f il e co nt r ol le r 0# do ma i n jo i n
Joins a FileBank to the current domain. No additional parameters needed
{ h os tn a me }: f il e co nt r ol le r 0# do ma i n join
{hostname}:filecontroller0# diagnostics, on page 703 {hostname}:filecontroller0# domain set, on page 704 {hostname}:filecontroller0# domain show, on page 704 {hostname}:filecontroller0# enable, on page 705 {hostname}:filecontroller0# exit|quit, on page 705
705
{hostname}:filecontroller0# enable
{ ho s tn am e }: fi l ec o nt ro l le r0 # e na b le
Switches to privileged mode command prompt (root shell). Requires knowledge of the root password. No additional parameters needed. Enter password when prompted.
{ ho s tn am e }: fi l ec o nt ro l le r0 # e na b le
{hostname}:filecontroller0# diagnostics, on page 703 {hostname}:filecontroller0# domain set, on page 704 {hostname}:filecontroller0# domain show, on page 704 {hostname}:filecontroller0# domain join, on page 704 {hostname}:filecontroller0# exit|quit, on page 705
{hostname}:filecontroller0# exit|quit
{ ho s tn am e }: f il ec o nt ro l le r 0# e x it |q u it
Logs out from shell. No additional parameters needed.
{ ho s tn am e }: f il ec o nt ro l le r 0# quit
{hostname}:filecontroller0# diagnostics, on page 703 {hostname}:filecontroller0# domain set, on page 704 {hostname}:filecontroller0# domain show, on page 704 {hostname}:filecontroller0# domain join, on page 704 {hostname}:filecontroller0# enable, on page 705
706
Fetch Commands
Manages fetch jobs and instances. The fetch commands are used for prepopulating the FileBanks cache. Fetch jobs describe the entity that should be fetched, namely: a specific directory on a file server. Fetch instances perform the actual work. The following commands are available: {hostname}:filecontroller0# fetch, on page 706 {hostname}:filecontroller0# fetch log, on page 706
{hostname}:filecontroller0# fetch
{h os t na m e} :f i le co n tr o ll er 0 # fe t ch [j ob s | in st a nc e s]
Manages fetch jobs or instances. Jobs to fetch jobs, Instances to fetch instances.
{h os t na m e} :f i le co n tr o ll er 0 # fetch jobs
{hostname}:filecontroller0# fetch log, on page 706
{hostname}:filecontroller0# fetch log

{ ho st n am e }: fi l ec on t ro l le r0 # fe tc h l o g
Shows the log of current and completed fetch instances. No additional parameters needed.
{ ho st n am e }: fi l ec on t ro l le r0 # fetch log
{hostname}:filecontroller0# fetch, on page 706
707
FileBank Director Commands

Displays or manages the connected FileBank Director configuration. The following commands are available: {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# fport add, on page 707 fport define, on page 708 fport disconnected force, on page 708 fport disconnected handle, on page 709 fport list, on page 709 gns refresh, on page 710 iostat, on page 710
{hostname}:filecontroller0# fport add

{h os t na me } :f i le co n tr ol l er 0 # fp o rt [ a dd | de le t e] [ F P]
Adds or deletes a named FileBank Director to or from the FileBank Directors list. Use a legal port number. Default ports: UDP 4049, TCP 4049 are then assigned to this {FP}.
{h os t na me } :f i le co n tr ol l er 0 # fport 4049 add FP

{hostname}:filecontroller0# fport add, on page 707 {hostname}:filecontroller0# fport define, on page 708 {hostname}:filecontroller0# fport disconnected force, on page 708 {hostname}:filecontroller0# fport disconnected handle, on page 709 {hostname}:filecontroller0# fport list, on page 709 {hostname}:filecontroller0# gns refresh, on page 710 {hostname}:filecontroller0# iostat, on page 710
708
{hostname}:filecontroller0# fport define

{h os t na m e} :f i le co n tr o ll er 0 #f po r t [ TC P | U D P] [F P] [ PO R T]
Defines the IP port {PORT} for networking with the specified FileBank Director {FP}. Use a legal port number and a specific FBD
{h os t na m e} :f i le co n tr o ll er 0 # fport UDP FP 4049

{hostname}:filecontroller0# fport add, on page 707 {hostname}:filecontroller0# fport define, on page 708 {hostname}:filecontroller0# fport disconnected force, on page 708 {hostname}:filecontroller0# fport disconnected handle, on page 709 {hostname}:filecontroller0# fport list, on page 709 {hostname}:filecontroller0# gns refresh, on page 710 {hostname}:filecontroller0# iostat, on page 710
{hostname}:filecontroller0# fport disconnected force

{h o st na m e} :f i le c on tr o ll er 0 #f p or t di s co nn e ct ed fo r ce { F P} [o n |o f f]
Force / unforce {FP} to be in disconnected mode. Changes take effect only after FileBank reset. Use On to force and Off to unforce
{h o st na m e} :f i le c on tr o ll er 0 # fport
disconnected force on
{hostname}:filecontroller0# fport add, on page 707 {hostname}:filecontroller0# fport define, on page 708 {hostname}:filecontroller0# fport disconnected handle, on page 709 {hostname}:filecontroller0# fport list, on page 709 {hostname}:filecontroller0# gns refresh, on page 710 {hostname}:filecontroller0# iostat, on page 710
709
{hostname}:filecontroller0# fport disconnected handle

{ h os tn a me }: f il e co nt r ol le r 0# f po rt d i sc on n ec te d h a nd le {F P} [ on | of f]
Enable/disable disconnected operation handling for {FP}. Changes take effect only after FileBank reset. Use on to enable and Off to disable
{ h os tn a me }: f il e co nt r ol le r 0# fport
disconnected handle on
{hostname}:filecontroller0# fport add, on page 707 {hostname}:filecontroller0# fport define, on page 708 {hostname}:filecontroller0# fport disconnected force, on page 708 {hostname}:filecontroller0# fport list, on page 709 {hostname}:filecontroller0# gns refresh, on page 710 {hostname}:filecontroller0# iostat, on page 710
{hostname}:filecontroller0# fport list

{ h os t na me } :f il e co n tr ol l er 0# fp o rt l i st
Shows a list of FileBank Directors. No additional parameters needed.
{ h os t na me } :f il e co n tr ol l er 0# fport list
{hostname}:filecontroller0# fport add, on page 707 {hostname}:filecontroller0# fport define, on page 708 {hostname}:filecontroller0# fport disconnected force, on page 708 {hostname}:filecontroller0# fport disconnected handle, on page 709 {hostname}:filecontroller0# gns refresh, on page 710 {hostname}:filecontroller0# iostat, on page 710
710
{hostname}:filecontroller0# gns refresh

{h os t na me } :f i le co n tr ol l er 0 #g ns re fr e sh
Refreshes the list of file servers. No additional parameters required.
{h os t na me } :f i le co n tr ol l er 0 # gns refresh
{hostname}:filecontroller0# fport add, on page 707 {hostname}:filecontroller0# fport define, on page 708 {hostname}:filecontroller0# fport disconnected force, on page 708 {hostname}:filecontroller0# fport disconnected handle, on page 709 {hostname}:filecontroller0# fport list, on page 709 {hostname}:filecontroller0# iostat, on page 710
{hostname}:filecontroller0# iostat
{h o st na m e} : fi le c on tr o ll er 0 # i os ta t
Shows the disk utilization report. No additional parameters required.
{h o st na m e} : fi le c on tr o ll er 0 # iostat
{hostname}:filecontroller0# fport add, on page 707 {hostname}:filecontroller0# fport define, on page 708 {hostname}:filecontroller0# fport disconnected force, on page 708 {hostname}:filecontroller0# fport disconnected handle, on page 709 {hostname}:filecontroller0# fport list, on page 709 {hostname}:filecontroller0# gns refresh, on page 710
711
WAFS Help Commands

Displays general or command-specific usage information. The following commands are available: {hostname}:filecontroller0# help, on page 711 {hostname}:filecontroller0# help command, on page 711
{hostname}:filecontroller0# help
{ ho st n am e }: fi l ec on t ro l le r0 # h el p
Lists the commands and parameters. No additional parameters required.
{ ho st n am e }: fi l ec on t ro l le r0 # help
{hostname}:filecontroller0# help command, on page 711
{hostname}:filecontroller0# help command

{ ho st n am e} : fi l ec on t ro ll e r0 # he lp <c om m an d >/ h el p < co mm a nd > < su b co mm a nd >

Provides command-specific help information. If a command is typed without a required parameter (or a wrong parameter), usage information is provided. No additional parameters required.
{ ho st n am e} : fi l ec on t ro ll e r0 # help license
install
{hostname}:filecontroller0# help, on page 711
712
WAFS Licensing Commands

From version 6.3.0 WAFS licensing is managed via the AcceleratorOS License bundle. For information about licensing via the CLI, see Licensing Commands, on page 444.
713
WAFS Log File Commands

Creates a log file and uploads it to a destination URL. This command also lists the event log, shows the current level of the log file and sets the minimal level. The following commands are available: {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# log log log log log log log log archive generate, on page 713 archive list, on page 714 archive upload, on page 714 level set, on page 715 level show, on page 715 show, on page 716 syslog status, on page 716 upload, on page 717
{hostname}:filecontroller0# log archive generate

{ ho st n am e} : fi l ec on t ro ll e r0 # l o g ar c hi v e g en er a te
Generates a new log archive file. No additional parameters are needed
{hostname}:filecontroller0# lo g a rc hi v e g en er a te
{hostname}:filecontroller0# log archive list, on page 714 {hostname}:filecontroller0# log archive upload, on page 714 {hostname}:filecontroller0# log level set, on page 715 {hostname}:filecontroller0# log level show, on page 715 {hostname}:filecontroller0# log show, on page 716 {hostname}:filecontroller0# log syslog status, on page 716 {hostname}:filecontroller0# log upload, on page 717
714
{hostname}:filecontroller0# log archive list

{h os t na m e} :f i le co n tr o ll er 0 # lo g a r ch iv e l is t
Lists all log archive files. No additional parameters are needed
{h os t na m e} :f i le co n tr o ll er 0 # log archive list

{hostname}:filecontroller0# log archive generate, on page 713 {hostname}:filecontroller0# log archive list, on page 714 {hostname}:filecontroller0# log archive upload, on page 714 {hostname}:filecontroller0# log level set, on page 715 {hostname}:filecontroller0# log level show, on page 715 {hostname}:filecontroller0# log show, on page 716 {hostname}:filecontroller0# log syslog status, on page 716 {hostname}:filecontroller0# log upload, on page 717
{hostname}:filecontroller0# log archive upload

{ ho s tn am e }: f il ec o nt ro l le r 0# lo g a rc h iv e u pl o ad
Uploads a log archive file to an FTP server. No additional parameters are needed
{ ho s tn am e }: f il ec o nt ro l le r 0# log archive upload

{hostname}:filecontroller0# log archive generate, on page 713 {hostname}:filecontroller0# log archive list, on page 714 {hostname}:filecontroller0# log level set, on page 715 {hostname}:filecontroller0# log level show, on page 715 {hostname}:filecontroller0# log show, on page 716 {hostname}:filecontroller0# log syslog status, on page 716 {hostname}:filecontroller0# log upload, on page 717
715
{hostname}:filecontroller0# log level set

{h o st na m e} : fi le c on tr o ll e r0 #l o g le v el se t {i n fo |w a rn i ng |e r ro r| c ri t ic al }
Sets minimal level for events to log. The lowest level being info and the highest being critical. Any log events below the level you set are not logged. Enter the log level (info, warning, error, critical)
{h o st na m e} : fi le c on tr o ll e r0 # log level set info

{hostname}:filecontroller0# log archive generate, on page 713 {hostname}:filecontroller0# log archive list, on page 714 {hostname}:filecontroller0# log archive upload, on page 714 {hostname}:filecontroller0# log level show, on page 715 {hostname}:filecontroller0# log show, on page 716 {hostname}:filecontroller0# log syslog status, on page 716 {hostname}:filecontroller0# log upload, on page 717
{hostname}:filecontroller0# log level show

{h os t na me } :f i le co n tr ol l er 0 # l og l e ve l s ho w
Displays the current log level. No additional parameters are needed
{h os t na me } :f i le co n tr ol l er 0 # log level show

{hostname}:filecontroller0# log archive generate, on page 713 {hostname}:filecontroller0# log archive list, on page 714 {hostname}:filecontroller0# log archive upload, on page 714 {hostname}:filecontroller0# log level set, on page 715 {hostname}:filecontroller0# log show, on page 716 {hostname}:filecontroller0# log syslog status, on page 716 {hostname}:filecontroller0# log upload, on page 717
716
{hostname}:filecontroller0# log show

{ ho s tn a me }: f il ec o nt r ol le r 0# lo g s h ow [ al l |c o mm un i ca ti o n| s ec ur i ty |s y st e m]
Lists the event log. No additional parameters are required.
{ ho s tn a me }: f il ec o nt r ol le r 0# log show all

{hostname}:filecontroller0# log archive generate, on page 713 {hostname}:filecontroller0# log archive list, on page 714 {hostname}:filecontroller0# log archive upload, on page 714 {hostname}:filecontroller0# log level set, on page 715 {hostname}:filecontroller0# log level show, on page 715 {hostname}:filecontroller0# log syslog status, on page 716 {hostname}:filecontroller0# log upload, on page 717
{hostname}:filecontroller0# log syslog status

{ h os tn a me }: f il e co nt r ol le r 0# l o g s ys lo g s t at us
DIsplays the current syslog status. No additional parameters are needed
{ h os tn a me }: f il e co nt r ol le r 0# log syslog status

{hostname}:filecontroller0# log archive generate, on page 713 {hostname}:filecontroller0# log archive list, on page 714 {hostname}:filecontroller0# log archive upload, on page 714 {hostname}:filecontroller0# log level set, on page 715 {hostname}:filecontroller0# log level show, on page 715 {hostname}:filecontroller0# log show, on page 716 {hostname}:filecontroller0# log upload, on page 717
717
{hostname}:filecontroller0# log upload

{ ho s tn am e }: fi l ec o nt ro l le r0 # l o g u pl o ad {U RL }
Uploads the current logs to the indicated URL. Enter a valid URL.
{ ho s tn am e }: fi l ec o nt ro l le r0 # log upload www.myurl.com

{hostname}:filecontroller0# log archive generate, on page 713 {hostname}:filecontroller0# log archive list, on page 714 {hostname}:filecontroller0# log archive upload, on page 714 {hostname}:filecontroller0# log level set, on page 715 {hostname}:filecontroller0# log level show, on page 715 {hostname}:filecontroller0# log show, on page 716 {hostname}:filecontroller0# log syslog status, on page 716
718
Replication Service Commands

The following commands are available: {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# replication replication replication replication replication replication replication replication replication replication replication replication enable, on page 718 filters, on page 719 instances, on page 719 log, on page 720 log list, on page 720 paths, on page 721 setup, on page 721 start, on page 722 start initial, on page 722 status, on page 723 stop, on page 723 user, on page 724
{hostname}:filecontroller0# replication enable

{ ho s tn am e }: fi l ec o nt ro l le r0 # r e pl ic a ti on [ en a bl e| d is ab l e]
Enables or disables the replication service. Enable to enable, Disable to disable.
{ ho s tn am e }: fi l ec o nt ro l le r0 # replication enable
{hostname}:filecontroller0# replication filters, on page 719 {hostname}:filecontroller0# replication instances, on page 719 {hostname}:filecontroller0# replication log, on page 720 {hostname}:filecontroller0# replication log list, on page 720 {hostname}:filecontroller0# replication paths, on page 721 {hostname}:filecontroller0# replication setup, on page 721 {hostname}:filecontroller0# replication start, on page 722 {hostname}:filecontroller0# replication start initial, on page 722 {hostname}:filecontroller0# replication status, on page 723 {hostname}:filecontroller0# replication stop, on page 723 {hostname}:filecontroller0# replication user, on page 724
719
{hostname}:filecontroller0# replication filters

{ ho st n am e} : fi l ec on t ro ll e r0 # r ep l ic at i on f il te r s
Manages the replication filters. For details see Replication Service, on page 159 No additional parameters are needed
{ ho st n am e} : fi l ec on t ro ll e r0 # replication filters
{hostname}:filecontroller0# replication enable, on page 718 {hostname}:filecontroller0# replication instances, on page 719 {hostname}:filecontroller0# replication log, on page 720 {hostname}:filecontroller0# replication log list, on page 720 {hostname}:filecontroller0# replication paths, on page 721 {hostname}:filecontroller0# replication setup, on page 721 {hostname}:filecontroller0# replication start, on page 722 {hostname}:filecontroller0# replication start initial, on page 722 {hostname}:filecontroller0# replication status, on page 723 {hostname}:filecontroller0# replication stop, on page 723 {hostname}:filecontroller0# replication user, on page 724
{hostname}:filecontroller0# replication instances

{h o st n am e} : fi le c on t ro ll e r0 # r ep l ic at i on in s ta n ce s
Manages the replication instances. For details see Replication Service, on page 159 No additional parameters are needed
{h o st n am e} : fi le c on t ro ll e r0 # replication instances
{hostname}:filecontroller0# replication enable, on page 718 {hostname}:filecontroller0# replication filters, on page 719 {hostname}:filecontroller0# replication log, on page 720 {hostname}:filecontroller0# replication log list, on page 720 {hostname}:filecontroller0# replication paths, on page 721 {hostname}:filecontroller0# replication setup, on page 721 {hostname}:filecontroller0# replication start, on page 722 {hostname}:filecontroller0# replication start initial, on page 722 {hostname}:filecontroller0# replication status, on page 723 {hostname}:filecontroller0# replication stop, on page 723 {hostname}:filecontroller0# replication user, on page 724
720
{hostname}:filecontroller0# replication log

{h os t na m e} :f i le co n tr o ll er 0 # re p li c at io n l og [s ho w ]
Displays a specific replication log. No additional parameters are needed
{h os t na m e} :f i le co n tr o ll er 0 # replication log [show]

{hostname}:filecontroller0# replication enable, on page 718 {hostname}:filecontroller0# replication filters, on page 719 {hostname}:filecontroller0# replication instances, on page 719 {hostname}:filecontroller0# replication log list, on page 720 {hostname}:filecontroller0# replication paths, on page 721 {hostname}:filecontroller0# replication setup, on page 721 {hostname}:filecontroller0# replication start, on page 722 {hostname}:filecontroller0# replication start initial, on page 722 {hostname}:filecontroller0# replication status, on page 723 {hostname}:filecontroller0# replication stop, on page 723 {hostname}:filecontroller0# replication user, on page 724
{hostname}:filecontroller0# replication log list

{ ho s tn a me }: f il ec o nt r ol le r 0# r e pl ic a ti o n lo g l is t
Lists all replication log files. No additional parameters are needed
{ ho s tn a me }: f il ec o nt r ol le r 0# replication log list

{hostname}:filecontroller0# replication enable, on page 718 {hostname}:filecontroller0# replication filters, on page 719 {hostname}:filecontroller0# replication instances, on page 719 {hostname}:filecontroller0# replication log, on page 720 {hostname}:filecontroller0# replication paths, on page 721 {hostname}:filecontroller0# replication setup, on page 721 {hostname}:filecontroller0# replication start, on page 722 {hostname}:filecontroller0# replication start initial, on page 722 {hostname}:filecontroller0# replication status, on page 723 {hostname}:filecontroller0# replication stop, on page 723 {hostname}:filecontroller0# replication user, on page 724
721
{hostname}:filecontroller0# replication paths

{ ho st n am e }: fi l ec on t ro l le r0 # r ep l ic a ti on p at hs
Manages the replication paths. For details see section Replication Service, on page 159 No additional parameters are needed
{ ho st n am e }: fi l ec on t ro l le r0 # r ep l ic a ti on p at hs
{hostname}:filecontroller0# replication enable, on page 718 {hostname}:filecontroller0# replication filters, on page 719 {hostname}:filecontroller0# replication instances, on page 719 {hostname}:filecontroller0# replication log, on page 720 {hostname}:filecontroller0# replication log list, on page 720 {hostname}:filecontroller0# replication setup, on page 721 {hostname}:filecontroller0# replication start, on page 722 {hostname}:filecontroller0# replication start initial, on page 722 {hostname}:filecontroller0# replication status, on page 723 {hostname}:filecontroller0# replication stop, on page 723 {hostname}:filecontroller0# replication user, on page 724
{hostname}:filecontroller0# replication setup

{ h os tn a me } :f il e co nt r ol l er 0# re pl i ca t io n s e tu p
Sets up replication service. No additional parameters are needed
{ h os tn a me } :f il e co nt r ol l er 0# replication setup
{hostname}:filecontroller0# replication enable, on page 718 {hostname}:filecontroller0# replication filters, on page 719 {hostname}:filecontroller0# replication instances, on page 719 {hostname}:filecontroller0# replication log, on page 720 {hostname}:filecontroller0# replication log list, on page 720 {hostname}:filecontroller0# replication paths, on page 721 {hostname}:filecontroller0# replication start, on page 722 {hostname}:filecontroller0# replication start initial, on page 722 {hostname}:filecontroller0# replication status, on page 723 {hostname}:filecontroller0# replication stop, on page 723 {hostname}:filecontroller0# replication user, on page 724
722
{hostname}:filecontroller0# replication start

{ h os tn a me }: f il e co nt r ol le r 0# re pl i ca ti o n s t ar t
Starts an unscheduled replication process now. No additional parameters are needed
{ h os tn a me }: f il e co nt r ol le r 0# replication start
{hostname}:filecontroller0# replication enable, on page 718 {hostname}:filecontroller0# replication filters, on page 719 {hostname}:filecontroller0# replication instances, on page 719 {hostname}:filecontroller0# replication log, on page 720 {hostname}:filecontroller0# replication log list, on page 720 {hostname}:filecontroller0# replication paths, on page 721 {hostname}:filecontroller0# replication setup, on page 721 {hostname}:filecontroller0# replication start initial, on page 722 {hostname}:filecontroller0# replication status, on page 723 {hostname}:filecontroller0# replication stop, on page 723 {hostname}:filecontroller0# replication user, on page 724
{hostname}:filecontroller0# replication start initial

{ h os tn a me }: f il e co nt r ol le r 0# r e pl i ca ti o n s t ar t i ni ti a l
Starts initial pre-population of replication files from the file server to the FileBank Director. No additional parameters are needed
{ h os tn a me }: f il e co nt r ol le r 0# replication start initial

{hostname}:filecontroller0# replication enable, on page 718 {hostname}:filecontroller0# replication filters, on page 719 {hostname}:filecontroller0# replication instances, on page 719 {hostname}:filecontroller0# replication log, on page 720 {hostname}:filecontroller0# replication log list, on page 720 {hostname}:filecontroller0# replication paths, on page 721 {hostname}:filecontroller0# replication setup, on page 721 {hostname}:filecontroller0# replication start, on page 722 {hostname}:filecontroller0# replication status, on page 723 {hostname}:filecontroller0# replication stop, on page 723 {hostname}:filecontroller0# replication user, on page 724
723
{hostname}:filecontroller0# replication status

{ h os tn a me } :f il e co nt r ol l er 0# re pl i ca t io n s t at us
Displays the replication process status. No additional parameters are needed
{ h os tn a me } :f il e co nt r ol l er 0# replication status
{hostname}:filecontroller0# replication enable, on page 718 {hostname}:filecontroller0# replication filters, on page 719 {hostname}:filecontroller0# replication instances, on page 719 {hostname}:filecontroller0# replication log, on page 720 {hostname}:filecontroller0# replication log list, on page 720 {hostname}:filecontroller0# replication paths, on page 721 {hostname}:filecontroller0# replication setup, on page 721 {hostname}:filecontroller0# replication start, on page 722 {hostname}:filecontroller0# replication start initial, on page 722 {hostname}:filecontroller0# replication stop, on page 723 {hostname}:filecontroller0# replication user, on page 724
{hostname}:filecontroller0# replication stop

{ ho st n am e} : fi le c on t ro ll e r0 # r ep l ic at i on s t op
Stops the replication process. No additional parameters are needed
{ ho st n am e} : fi le c on t ro ll e r0 # replication stop
{hostname}:filecontroller0# replication enable, on page 718 {hostname}:filecontroller0# replication filters, on page 719 {hostname}:filecontroller0# replication instances, on page 719 {hostname}:filecontroller0# replication log, on page 720 {hostname}:filecontroller0# replication log list, on page 720 {hostname}:filecontroller0# replication paths, on page 721 {hostname}:filecontroller0# replication setup, on page 721 {hostname}:filecontroller0# replication start, on page 722 {hostname}:filecontroller0# replication start initial, on page 722 {hostname}:filecontroller0# replication status, on page 723 {hostname}:filecontroller0# replication user, on page 724
724
{hostname}:filecontroller0# replication user

{h os t na m e} :f i le co n tr o ll er 0 # re p li c at io n u se r
Manages the replication user. For details see Replication User Commands, on page 725 No additional parameters are needed
{h os t na m e} :f i le co n tr o ll er 0 # replication user
{hostname}:filecontroller0# replication enable, on page 718 {hostname}:filecontroller0# replication filters, on page 719 {hostname}:filecontroller0# replication instances, on page 719 {hostname}:filecontroller0# replication log, on page 720 {hostname}:filecontroller0# replication log list, on page 720 {hostname}:filecontroller0# replication paths, on page 721 {hostname}:filecontroller0# replication setup, on page 721 {hostname}:filecontroller0# replication start, on page 722 {hostname}:filecontroller0# replication start initial, on page 722 {hostname}:filecontroller0# replication status, on page 723 {hostname}:filecontroller0# replication stop, on page 723
725
Replication User Commands

You must first define the internal replication user on the system with the user command (see User Commands, on page 745), and then assign this user as replication user with the Replication User command. The following are available: {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# replication replication replication replication replication replication replication replication replication replication replication filters add, on page 725 filters clear, on page 726 filters list, on page 726 instances, on page 727 paths add, on page 727 paths clear, on page 728 paths delete, on page 728 paths list, on page 729 user delete, on page 729 user set, on page 730 user show, on page 730
{hostname}:filecontroller0# replication filters add

{ ho st n am e} : fi l ec on t ro ll e r0 # r ep l ic at i on f il te r s ad d /d e le te {f il t er }
Adds or deletes the current replication filter. No additional parameters are needed
{ ho st n am e} : fi l ec on t ro ll e r0 # replication filters add myfilter

{hostname}:filecontroller0# replication filters clear, on page 726 {hostname}:filecontroller0# replication filters list, on page 726 {hostname}:filecontroller0# replication instances, on page 727 {hostname}:filecontroller0# replication paths add, on page 727 {hostname}:filecontroller0# replication paths clear, on page 728 {hostname}:filecontroller0# replication paths delete, on page 728 {hostname}:filecontroller0# replication paths list, on page 729 {hostname}:filecontroller0# replication user delete, on page 729 {hostname}:filecontroller0# replication user set, on page 730 {hostname}:filecontroller0# replication user show, on page 730
726
{hostname}:filecontroller0# replication filters clear

{ ho s tn am e }: f il ec o nt ro l le r 0# r e pl ic a ti o n f il t er s c le a r
Clears the current replication filters (file types). No additional parameters are needed
{ ho s tn am e }: f il ec o nt ro l le r 0# replication filters clear

{hostname}:filecontroller0# replication filters add, on page 725 {hostname}:filecontroller0# replication filters list, on page 726 {hostname}:filecontroller0# replication instances, on page 727 {hostname}:filecontroller0# replication paths add, on page 727 {hostname}:filecontroller0# replication paths clear, on page 728 {hostname}:filecontroller0# replication paths delete, on page 728 {hostname}:filecontroller0# replication paths list, on page 729 {hostname}:filecontroller0# replication user delete, on page 729 {hostname}:filecontroller0# replication user set, on page 730 {hostname}:filecontroller0# replication user show, on page 730
{hostname}:filecontroller0# replication filters list

{h o st na m e} : fi le c on tr o ll e r0 # r ep li c at i on fi l te rs [l i st ]
Lists the current replication filters (file types). No additional parameters are needed
{h o st na m e} : fi le c on tr o ll e r0 # replication filters list

{hostname}:filecontroller0# replication filters add, on page 725 {hostname}:filecontroller0# replication filters clear, on page 726 {hostname}:filecontroller0# replication instances, on page 727 {hostname}:filecontroller0# replication paths add, on page 727 {hostname}:filecontroller0# replication paths clear, on page 728 {hostname}:filecontroller0# replication paths delete, on page 728 {hostname}:filecontroller0# replication paths list, on page 729 {hostname}:filecontroller0# replication user delete, on page 729 {hostname}:filecontroller0# replication user set, on page 730 {hostname}:filecontroller0# replication user show, on page 730
727
{hostname}:filecontroller0# replication instances

{ ho s tn a me }: f il ec o nt r ol le r 0# r e pl i ca ti o n i ns t an c es [ l is t]
Displays all replication instances. The possible values are as follows: Running - The instance is running Finished - The instance has finished successfully Failed - The instance has failed due to an error (see log) Aborted - The instance has been aborted by the user
{ ho s tn a me }: f il ec o nt r ol le r 0# replication instances running

{hostname}:filecontroller0# replication filters add, on page 725 {hostname}:filecontroller0# replication filters clear, on page 726 {hostname}:filecontroller0# replication filters list, on page 726 {hostname}:filecontroller0# replication paths add, on page 727 {hostname}:filecontroller0# replication paths clear, on page 728 {hostname}:filecontroller0# replication paths delete, on page 728 {hostname}:filecontroller0# replication paths list, on page 729 {hostname}:filecontroller0# replication user delete, on page 729 {hostname}:filecontroller0# replication user set, on page 730 {hostname}:filecontroller0# replication user show, on page 730
{hostname}:filecontroller0# replication paths add

{ ho s tn am e }: fi l ec o nt ro l le r0 # r ep l ic a ti on p at h s ad d { UN C PA T H} [ P RI OR I TY ]
Adds a new replication path. Path and priority
{ ho s tn am e }: fi l ec o nt ro l le r0 # r ep l ic a ti on p at h s ad d { UN C PA T H} [ P RI OR I TY ]
{hostname}:filecontroller0# replication filters add, on page 725 {hostname}:filecontroller0# replication filters clear, on page 726 {hostname}:filecontroller0# replication filters list, on page 726 {hostname}:filecontroller0# replication instances, on page 727 {hostname}:filecontroller0# replication paths clear, on page 728 {hostname}:filecontroller0# replication paths delete, on page 728 {hostname}:filecontroller0# replication paths list, on page 729 {hostname}:filecontroller0# replication user delete, on page 729 {hostname}:filecontroller0# replication user set, on page 730 {hostname}:filecontroller0# replication user show, on page 730
728
{hostname}:filecontroller0# replication paths clear

{h o st na m e} :f i le c on tr o ll er 0 # r ep li c at io n pa t hs c l ea r
Deletes all replication paths. Enter one of the parameters above
{h o st na m e} :f i le c on tr o ll er 0 # replication paths clear

{hostname}:filecontroller0# replication filters add, on page 725 {hostname}:filecontroller0# replication filters clear, on page 726 {hostname}:filecontroller0# replication filters list, on page 726 {hostname}:filecontroller0# replication instances, on page 727 {hostname}:filecontroller0# replication paths add, on page 727 {hostname}:filecontroller0# replication paths delete, on page 728 {hostname}:filecontroller0# replication paths list, on page 729 {hostname}:filecontroller0# replication user delete, on page 729 {hostname}:filecontroller0# replication user set, on page 730 {hostname}:filecontroller0# replication user show, on page 730
{hostname}:filecontroller0# replication paths delete

{h o st na m e} :f i le c on tr o ll er 0 # r ep li c at io n pa t hs d e le te [P A TH -I D ]
Deletes a replication path. Enter the name of the path
{h o st na m e} :f i le c on tr o ll er 0 # replication paths delete mypathID

{hostname}:filecontroller0# replication filters add, on page 725 {hostname}:filecontroller0# replication filters clear, on page 726 {hostname}:filecontroller0# replication filters list, on page 726 {hostname}:filecontroller0# replication instances, on page 727 {hostname}:filecontroller0# replication paths add, on page 727 {hostname}:filecontroller0# replication paths clear, on page 728 {hostname}:filecontroller0# replication paths list, on page 729 {hostname}:filecontroller0# replication user delete, on page 729 {hostname}:filecontroller0# replication user set, on page 730 {hostname}:filecontroller0# replication user show, on page 730
729
{hostname}:filecontroller0# replication paths list

{ ho st n am e }: fi l ec on t ro l le r0 # r ep l ic a ti on p at hs li s t
List all current replication paths. Enter one of the parameters above
{ ho st n am e }: fi l ec on t ro l le r0 # replication paths list

{hostname}:filecontroller0# replication filters add, on page 725 {hostname}:filecontroller0# replication filters clear, on page 726 {hostname}:filecontroller0# replication filters list, on page 726 {hostname}:filecontroller0# replication instances, on page 727 {hostname}:filecontroller0# replication paths add, on page 727 {hostname}:filecontroller0# replication paths clear, on page 728 {hostname}:filecontroller0# replication paths delete, on page 728 {hostname}:filecontroller0# replication user delete, on page 729 {hostname}:filecontroller0# replication user set, on page 730 {hostname}:filecontroller0# replication user show, on page 730
{hostname}:filecontroller0# replication user delete

{ ho s tn am e }: fi l ec o nt ro l le r0 # r ep l ic at i on u s er d el e te
Deletes the current replication user. No additional parameters are needed
{ ho s tn am e }: fi l ec o nt ro l le r0 # replication user delete

{hostname}:filecontroller0# replication filters add, on page 725 {hostname}:filecontroller0# replication filters clear, on page 726 {hostname}:filecontroller0# replication filters list, on page 726 {hostname}:filecontroller0# replication instances, on page 727 {hostname}:filecontroller0# replication paths add, on page 727 {hostname}:filecontroller0# replication paths clear, on page 728 {hostname}:filecontroller0# replication paths delete, on page 728 {hostname}:filecontroller0# replication paths list, on page 729 {hostname}:filecontroller0# replication user set, on page 730 {hostname}:filecontroller0# replication user show, on page 730
730
{hostname}:filecontroller0# replication user set

{ ho s tn am e }: f il ec o nt ro l le r0 # r e pl ic a ti on us er s et {d om a in \ us er n am e}
Sets the replication user. Valid domain name and valid username
{ ho s tn am e }: f il ec o nt ro l le r0 # replication user set mydomain\myusername

{hostname}:filecontroller0# replication filters add, on page 725 {hostname}:filecontroller0# replication filters clear, on page 726 {hostname}:filecontroller0# replication filters list, on page 726 {hostname}:filecontroller0# replication instances, on page 727 {hostname}:filecontroller0# replication paths add, on page 727 {hostname}:filecontroller0# replication paths clear, on page 728 {hostname}:filecontroller0# replication paths delete, on page 728 {hostname}:filecontroller0# replication paths list, on page 729 {hostname}:filecontroller0# replication user delete, on page 729 {hostname}:filecontroller0# replication user show, on page 730
{hostname}:filecontroller0# replication user show

{ ho s tn am e }: fi l ec o nt ro l le r0 # r ep l ic a ti on us er [ sh o w]
Displays the current replication user. No additional parameters are needed
{ ho s tn am e }: fi l ec o nt ro l le r0 # replication user show

{hostname}:filecontroller0# replication filters add, on page 725 {hostname}:filecontroller0# replication filters clear, on page 726 {hostname}:filecontroller0# replication filters list, on page 726 {hostname}:filecontroller0# replication instances, on page 727 {hostname}:filecontroller0# replication paths add, on page 727 {hostname}:filecontroller0# replication paths clear, on page 728 {hostname}:filecontroller0# replication paths delete, on page 728 {hostname}:filecontroller0# replication paths list, on page 729 {hostname}:filecontroller0# replication user delete, on page 729 {hostname}:filecontroller0# replication user set, on page 730
731
Event Scheduling Commands

Displays and manages scheduled events. The following commands are included: {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# schedule schedule schedule schedule schedule actions, on page 731 events add, on page 731 events clear, on page 732 events delete, on page 732 events list, on page 733
{hostname}:filecontroller0# schedule actions

{ ho s tn am e }: fi l ec o nt ro l le r0 # sc he d ul e a c ti on s
Lists all actions that can be scheduled. Replication schedule actions: replication.start and replication.stop No additional parameters required
{ ho s tn am e }: fi l ec o nt ro l le r0 # schedule actions
{hostname}:filecontroller0# schedule events add, on page 731 {hostname}:filecontroller0# schedule events clear, on page 732 {hostname}:filecontroller0# schedule events delete, on page 732 {hostname}:filecontroller0# schedule events list, on page 733
{hostname}:filecontroller0# schedule events add

{ ho s tn am e }: fi l ec o nt ro l le r0 # s c he du l e ev e nt s a dd [A CT I ON N A ME ] [ TI M E]
Adds a new daily recurring event. Enter the following: A name for the action that appears on the list of actions A time for it to occur. HH:MM
{ ho s tn am e }: fi l ec o nt ro l le r0 # schedule events add clear 23:00

{hostname}:filecontroller0# schedule actions, on page 731 {hostname}:filecontroller0# schedule events clear, on page 732 {hostname}:filecontroller0# schedule events delete, on page 732 {hostname}:filecontroller0# schedule events list, on page 733
732
{hostname}:filecontroller0# schedule events clear

{ ho s tn am e }: f il ec o nt ro l le r 0# s c he du l e ev e nt s c le a r
Clears all scheduled events. Enter one of the parameters above
{ ho s tn am e }: f il ec o nt ro l le r 0# schedule events clear

{hostname}:filecontroller0# schedule actions, on page 731 {hostname}:filecontroller0# schedule events add, on page 731 {hostname}:filecontroller0# schedule events delete, on page 732 {hostname}:filecontroller0# schedule events list, on page 733
{hostname}:filecontroller0# schedule events delete

{ ho s tn am e }: f il ec o nt ro l le r0 # s c he du l e ev e nt s d el e te [ E VE N T ID ]
Deletes a scheduled event. Enter a valid event id
{ ho s tn am e }: f il ec o nt ro l le r0 # s c he du l e ev e nt s delete myevent
{hostname}:filecontroller0# schedule actions, on page 731 {hostname}:filecontroller0# schedule events add, on page 731 {hostname}:filecontroller0# schedule events clear, on page 732 {hostname}:filecontroller0# schedule events list, on page 733
733
{hostname}:filecontroller0# schedule events list

{ ho s tn am e }: fi l ec o nt ro l le r0 # s ch e du l e ev e nt s [ li s t]
Lists all events. No additional parameters required
{ ho s tn am e }: fi l ec o nt ro l le r0 # schedule events list

{hostname}:filecontroller0# schedule actions, on page 731 {hostname}:filecontroller0# schedule events add, on page 731 {hostname}:filecontroller0# schedule events clear, on page 732 {hostname}:filecontroller0# schedule events delete, on page 732
734
Service Management Commands

Lets you enable or disable the current service, and also check whether the service is enabled. The following commands are explained: {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# 735 {hostname}:filecontroller0# page 736 {hostname}:filecontroller0# {hostname}:filecontroller0# {hostname}:filecontroller0# service enable, on page 734 service status, on page 735 services create FileBank Director, on page services create FileBank Director ha, on services create filecontroller, on page 736 services list, on page 737 services set, on page 737
{hostname}:filecontroller0# service enable

{ h os tn a me }: f il ec o nt r ol le r 0# s e rv ic e [ en a bl e| d i sa bl e ]
Enables or disables the current service. Enable to enable, Disable to disable
{ h os tn a me }: f il ec o nt r ol le r 0# service enable
{hostname}:filecontroller0# service status, on page 735 {hostname}:filecontroller0# services create FileBank Director, on page 735 {hostname}:filecontroller0# services create FileBank Director ha, on page 736 {hostname}:filecontroller0# services create filecontroller, on page 736 {hostname}:filecontroller0# services list, on page 737 {hostname}:filecontroller0# services set, on page 737
735
{hostname}:filecontroller0# service status

{ h os t na me } :f il e co n tr ol l er 0# se r vi ce st at u s
Checks whether the current service is enabled. No additional parameters needed
{ h os t na me } :f il e co n tr ol l er 0# service status
{hostname}:filecontroller0# service enable, on page 734 {hostname}:filecontroller0# services create FileBank Director, on page 735 {hostname}:filecontroller0# services create FileBank Director ha, on page 736 {hostname}:filecontroller0# services create filecontroller, on page 736 {hostname}:filecontroller0# services list, on page 737 {hostname}:filecontroller0# services set, on page 737
{hostname}:filecontroller0# services create FileBank Director

{ ho st n am e} : fi l ec on t ro ll e r0 # s er v ic es cr e at e F il eB a nk D i re c to r
Creates a FileBank Director service. No additional parameters required.
{ ho st n am e} : fi l ec on t ro ll e r0 # services create FileBank Director

{hostname}:filecontroller0# service enable, on page 734 {hostname}:filecontroller0# service status, on page 735 {hostname}:filecontroller0# services create FileBank Director ha, on page 736 {hostname}:filecontroller0# services create filecontroller, on page 736 {hostname}:filecontroller0# services list, on page 737 {hostname}:filecontroller0# services set, on page 737
736
{hostname}:filecontroller0# services create FileBank Director ha

{h o st na m e} :f i le c on tr o ll er 0 # s er vi c es c r ea t e Fi l eB an k D ir e ct o r ha
Creates a FileBank Director HA. No additional parameters required.
{h o st na m e} :f i le c on tr o ll er 0 # services create FileBank Director ha

{hostname}:filecontroller0# service enable, on page 734 {hostname}:filecontroller0# service status, on page 735 {hostname}:filecontroller0# services create FileBank Director, on page 735 {hostname}:filecontroller0# services create filecontroller, on page 736 {hostname}:filecontroller0# services list, on page 737 {hostname}:filecontroller0# services set, on page 737
{hostname}:filecontroller0# services create filecontroller

{h os t na m e} :f i le co n tr o ll er 0 # se r vi c es c r ea te fi le c on t ro ll e r
Creates a FileBank service. No additional parameters required.
{h os t na m e} :f i le co n tr o ll er 0 # services create filecontroller

{hostname}:filecontroller0# service enable, on page 734 {hostname}:filecontroller0# service status, on page 735 {hostname}:filecontroller0# services create FileBank Director, on page 735 {hostname}:filecontroller0# services create FileBank Director ha, on page 736 {hostname}:filecontroller0# services list, on page 737 {hostname}:filecontroller0# services set, on page 737
737
{hostname}:filecontroller0# services list

{ ho s tn am e }: fi l ec o nt ro l le r0 # s e rv ic e s li s t
Displays the list of services No additional parameters needed
{ ho s tn am e }: fi l ec o nt ro l le r0 # services list
{hostname}:filecontroller0# service enable, on page 734 {hostname}:filecontroller0# service status, on page 735 {hostname}:filecontroller0# services create FileBank Director, on page 735 {hostname}:filecontroller0# services create FileBank Director ha, on page 736 {hostname}:filecontroller0# services create filecontroller, on page 736 {hostname}:filecontroller0# services set, on page 737
{hostname}:filecontroller0# services set

Command Description
{ h os tn a me } :f il e co nt r ol l er 0# se rv i ce s s et
Sets the SERVICE as active. All operations will act on SERVICE from now on. Service-name should be a valid service name (for example: FileBank Director0/ FileBank Director1), monitored by cluster. Enter the services name
{ h os tn a me } :f il e co nt r ol l er 0# services set myservice

{hostname}:filecontroller0# service enable, on page 734 {hostname}:filecontroller0# service status, on page 735 {hostname}:filecontroller0# services create FileBank Director, on page 735 {hostname}:filecontroller0# services create FileBank Director ha, on page 736 {hostname}:filecontroller0# services create filecontroller, on page 736 {hostname}:filecontroller0# services list, on page 737
738
Software Commands
Displays version numbers for all currently installed software packages. The following commands are available: {hostname}:filecontroller0# software version, on page 738
{hostname}:filecontroller0# software version

{ ho s tn am e }: f il ec o nt ro l le r 0# s o ft wa r e ve r si o n
Displays the version numbers of all currently installed software packages. No additional parameters required.
{ ho s tn am e }: f il ec o nt ro l le r 0# s o ft wa r e ve r si o n
739
Statistic Commands
Shows product statistics. The following configuration options are available: {hostname}:filecontroller0# statistics, on page 739 {hostname}:filecontroller0# statistics upload, on page 739 {hostname}:filecontroller0# status, on page 739
{hostname}:filecontroller0# statistics
{ ho st n am e} : fi l ec on t ro ll e r0 # s ta t is ti c s
Displays a table of indicated file statistics for today/past week/past month. No additional parameters required.
{ ho st n am e} : fi l ec on t ro ll e r0 # statistics
{hostname}:filecontroller0# statistics upload, on page 739 {hostname}:filecontroller0# status, on page 739
{hostname}:filecontroller0# statistics upload

{h os t na me } :f i le co n tr ol l er 0 # st a ti st i cs up lo a d
Uploads the yearly statistics file to the destination URL. The URL protocol must be FTP and the URL must end in a filename.
{h os t na me } :f i le co n tr ol l er 0 # statistics upload myftp/myURL//filename.htm

{hostname}:filecontroller0# statistics, on page 739 {hostname}:filecontroller0# status, on page 739
{hostname}:filecontroller0# status
{h os t na me } :f i le co n tr ol l er 0 # st a tu s
Shows the current status of the system. No additional parameters required.
{h os t na me } :f i le co n tr ol l er 0 # status
{hostname}:filecontroller0# statistics, on page 739 {hostname}:filecontroller0# statistics upload, on page 739
740
Stf_filter Commands
Displays, adds and deletes STF (Short Term Files) filters. STF filters define the files which are not sent by the FileBank to the FileBank Director. For example, the default STF filter in the FileBank includes *.TMP files which are not sent by the FileBank to the FileBank Director. The following commands are available: {hostname}:filecontroller0# stf filters add, on page 740 {hostname}:filecontroller0# stf filters clear, on page 740 {hostname}:filecontroller0# stf filters list, on page 741
{hostname}:filecontroller0# stf filters add

{h os t na me } :f i le co n tr ol l er 0 # st f f il t er s a dd
Add or deletes a given filter to/from the list. No additional parameters required.
{h os t na me } :f i le co n tr ol l er 0 # stf filters delete filtername

{hostname}:filecontroller0# stf filters clear, on page 740 {hostname}:filecontroller0# stf filters list, on page 741
{hostname}:filecontroller0# stf filters clear

{ ho s tn am e }: fi l ec o nt ro l le r0 # s t f fi l te rs c le a r
Clears the list of filters. No additional parameters required.
{ ho s tn am e }: fi l ec o nt ro l le r0 # stf filters clear

{hostname}:filecontroller0# stf filters add, on page 740 {hostname}:filecontroller0# stf filters list, on page 741
741
{hostname}:filecontroller0# stf filters list

{ h os tn a me } :f il e co nt r ol l er 0# st f f il t er s l is t
Lists current STF filters. No additional parameters required.
{ h os tn a me } :f il e co nt r ol l er 0# stf filters list

{hostname}:filecontroller0# stf filters add, on page 740 {hostname}:filecontroller0# stf filters clear, on page 740
742
Transaction Monitoring Commands

Enables the monitoring of Read and Write transactions. The following commands are available: {hostname}:filecontroller0# transaction list, on page 742 {hostname}:filecontroller0# transaction stop, on page 742
{hostname}:filecontroller0# transaction list

{h o st na m e} :f i le c on tr o ll er 0 # t ra ns a ct io n l i st
Lists transactions that match the filter. No additional parameters required.
{h o st na m e} :f i le c on tr o ll er 0 # transaction list
{hostname}:filecontroller0# transaction stop, on page 742
{hostname}:filecontroller0# transaction stop

{ ho s tn a me }: f il ec o nt r ol le r 0# tr a ns ac t io n s t op [ id ]
Stops the transaction of the given ID. No additional parameters required.
{ ho s tn a me }: f il ec o nt r ol le r 0# transaction stop myid

{hostname}:filecontroller0# transaction list, on page 742
743
TTCP Commands
Times the transmission and reception of the data between two systems using TCP protocol. Client should receive a server's hostname parameter, which indicates the remote TCP server destination. The following commands are available: {hostname}:filecontroller0# uptime, on page 744 {hostname}:filecontroller0# ttcp server, on page 743 {hostname}:filecontroller0# uptime, on page 744
{hostname}:filecontroller0# ttcp client

{ ho s tn am e }: fi l ec o nt ro l le r0 # t t cp c l ie nt
Run this on the host from which you want measure traffic. Specify the host on which you run the 'ttcp server' as SERVER. No additional parameters required.
{ ho s tn am e }: fi l ec o nt ro l le r0 # ttcp client myserver

{hostname}:filecontroller0# ttcp server, on page 743 {hostname}:filecontroller0# uptime, on page 744
{hostname}:filecontroller0# ttcp server

{ ho s tn am e }: f il ec o nt ro l le r 0# t t cp s e rv er
Run this on the host to which you want measure traffic. No additional parameters required.
{ ho s tn am e }: f il ec o nt ro l le r 0# t t cp s e rv er
{hostname}:filecontroller0# uptime, on page 744 {hostname}:filecontroller0# uptime, on page 744
744
{hostname}:filecontroller0# uptime
{h os t na m e} :f i le co n tr o ll er 0 # up t im e
Displays the period of time for which the system has been running since it was last booted. No additional parameters required.
{h os t na m e} :f i le co n tr o ll er 0 # uptime
{hostname}:filecontroller0# uptime, on page 744 {hostname}:filecontroller0# ttcp server, on page 743
745
User Commands
Manages the users database. The following commands are available: {hostname}:filecontroller0# user add, on page 745 {hostname}:filecontroller0# user list, on page 745 {hostname}:filecontroller0# user password, on page 745
{hostname}:filecontroller0# user add

{ ho st n am e} : fi l ec on t ro ll e r0 # u se r a dd
Adds or deletes a given user to/from the list. Add to add, Delete to delete. You also need the domain and UserName.
{ ho st n am e} : fi l ec on t ro ll e r0 # user delete mydomain\myuser

{hostname}:filecontroller0# user list, on page 745 {hostname}:filecontroller0# user password, on page 745
{hostname}:filecontroller0# user list

{ ho st n am e} : fi l ec on t ro ll e r0 # u se r l is t
Lists all users. No additional parameters required.
{ ho st n am e} : fi l ec on t ro ll e r0 # user list
{hostname}:filecontroller0# user add, on page 745 {hostname}:filecontroller0# user password, on page 745
{hostname}:filecontroller0# user password

{ h os tn a me } :f il e co nt r ol l er 0# us er pa s sw or d
Changes the given user's password (prompts for new password). old password, new password
{ h os tn a me } :f il e co nt r ol l er 0# user password
{hostname}:filecontroller0# user add, on page 745 {hostname}:filecontroller0# user list, on page 745
746
Virtual Memory Statistic Commands

Reports virtual memory statistics. The report is repeated 10 times at 5 seconds intervals. The following commands are available: {hostname}:filecontroller0# vmstat, on page 746
{hostname}:filecontroller0# vmstat
Command Description
{ h os tn a me }: f il e co nt r ol le r 0# vm st a t
Reports virtual memory statistics. The report is repeated 10 times at 5 second intervals. Note:Press Ctrl-C to interrupt No additional parameters required.
{ h os tn a me }: f il e co nt r ol le r 0# uptime
747
Wins Commands
Manages WINS server settings for automatic registration. The following commands are available: {hostname}:fp0# wins server delete, on page 747 {hostname}:fp0# wins server set, on page 747 {hostname}:fp0# wins server show, on page 747
{hostname}:fp0# wins server delete

{hos tname }:fp0 # w i ns s e rv e r de l et e

Deletes the current WINS server settings. No additional parameters required.
{hos tname }:fp0 # wins server delete

{hostname}:fp0# wins server set, on page 747 {hostname}:fp0# wins server show, on page 747
{hostname}:fp0# wins server set

{hos tname }:fp0 # w i ns se rv e r se t { A DD RE S S}

Sets the WINS server address. No additional parameters required.
{hos tname }:fp0 # wins server set myADDRESS

{hostname}:fp0# wins server delete, on page 747 {hostname}:fp0# wins server show, on page 747
{hostname}:fp0# wins server show

{hos tname }:fp0 # w i ns se rv e r sh o w

Shows the current WINS server settings. No additional parameters required.
{hos tname }:fp0 # wins server show

{hostname}:fp0# wins server delete, on page 747 {hostname}:fp0# wins server set, on page 747
748
Configuring Security
You can set the following basic AAA parameters: Transport Type Commands, on page 748 Server Configuration Commands, on page 750 User Account Configuration Commands, on page 754 Software OS Upgrade Commands, on page 761
Transport Type Commands

!
WARNING! Disabling Console access immediately disconnects you from the Accelerators CLI
The following commands are available: (config) aaa, on page 748 (config) transport input, on page 749
(config) aaa
ACC1(conf)# aa a
Opens the AAA node. No additional parameters are necessary.
ACC1(conf)# aaa
(config) transport input, on page 749
Co n f ig ur in g Se cu rity /
749
(config) transport input

Command
AC C1 ( aa a )# tr a ns po r t i np ut (t el n et | ss h| c on so l e| w eb |s e cu re we b| f tp | sn mp | tf tp ) ( e na bl e |d is a bl e )
Enables or disables access to the transport type. For example, typing: transport input web disable disables access to the Accelerator via the WebUI. By default, all transport types are set to enabled, except FTP and TFTP which are set to disabled Enter one of the following transport input types: telnet ssh console web secure-web ftp snmp tftp Followed by Enable to enable, Disable to disable.
Description
Parameters
AC C1 ( aa a )# transport input ftp enable

(config) aaa, on page 748
750
Server Configuration Commands

The following commands are available: (aaa) authentication login, on page 750 (aaa) radius name, on page 751 (aaa) radius name timeout, on page 752 (aaa) tacacs+, on page 752 (aaa) tacacs name timeout, on page 753 {hostname}:filecontroller0# authsrv add, on page 753 {hostname}:filecontroller0# authsrv list, on page 753
(aaa) authentication login

A CC 1 (a aa ) #a ut h en t ic at i on l o gi n [ lo c al | r ad i us | ta ca c s]
Sets server to be checked. If more than one authentication type is used, lists the server types in the order in which they are to be authenticated. Enter parameter string as described above
A CC 1 (a aa ) #authentication login local

(aaa) radius name, on page 751 (aaa) radius name timeout, on page 752 (aaa) tacacs+, on page 752 (aaa) tacacs name timeout, on page 753 {hostname}:filecontroller0# authsrv add, on page 753 {hostname}:filecontroller0# authsrv list, on page 753
751
(aaa) radius name

Command
A CC 1( a aa )# r ad i us n a me [ server name] i p [ x. x. x .x ]| ke y [ encryption key] | p or t [ tcp port for the server] )

Sets the RADIUS server and server information including IP address, encryption key and TCP port. The default port is 49. Enter server name, IP address and port number
A CC 1( a aa )# r ad i us n a me [ server name] i p [ x. x. x .x ]| ke y [ encryption key] | p or t [ tcp port for the server] )

(aaa) authentication login, on page 750 (aaa) radius name timeout, on page 752 (aaa) tacacs+, on page 752 (aaa) tacacs name timeout, on page 753 {hostname}:filecontroller0# authsrv add, on page 753 {hostname}:filecontroller0# authsrv list, on page 753
Related Commands
752
(aaa) radius name timeout

A CC 1 (a aa ) #r a di us na me [ server name] t im e ou t
Sets the time out in seconds between 0 and 5000 to wait for a server to reply. The default time out is 180 seconds. Enter parameter string as described above
A CC 1 (a aa ) #r a di us na me myserver t im e ou t 180
(aaa) authentication login, on page 750 (aaa) radius name, on page 751 (aaa) radius name timeout, on page 752 (aaa) tacacs+, on page 752 (aaa) tacacs name timeout, on page 753 {hostname}:filecontroller0# authsrv add, on page 753 {hostname}:filecontroller0# authsrv list, on page 753
(aaa) tacacs+
Command
AC C1 ( aa a) # ta c ac s+ na me [ server name] i p [x .x . x. x] | k e y [ encryption key] | or d er [server authentication order]| po rt [tcp port for the server]
Sets the TACACS server and server information including IP address, encryption key and TCP port. Enter parameters as follows: Server name - enter the correct server name IP address - enter a valid IP address Encryption Key - enter the encryption key Server authentication order -enter the server authentication order Port - enter the TCP port for the server The default port is 1645.
AC C1 ( aa a) # tacacs+ name myserver ip 122.22.222 mykey order 2 port 1645

(aaa) authentication login, on page 750 (aaa) radius name, on page 751 (aaa) radius name timeout, on page 752 (aaa) tacacs name timeout, on page 753 {hostname}:filecontroller0# authsrv add, on page 753 {hostname}:filecontroller0# authsrv list, on page 753
753
(aaa) tacacs name timeout

A CC 1( a aa )# t ac a cs n a me [ server name] t im e ou t
Sets the time out in seconds between 0 and 5000 to wait for a server to reply. The default time out is 180 seconds. Enter parameter string as described above
A CC 1( a aa )# tacacs name myserver timeout 2000

(aaa) authentication login, on page 750 (aaa) radius name, on page 751 (aaa) radius name timeout, on page 752 (aaa) tacacs+, on page 752 {hostname}:filecontroller0# authsrv add, on page 753 {hostname}:filecontroller0# authsrv list, on page 753
{hostname}:filecontroller0# authsrv add

{ ho s tn am e }: f il ec o nt ro l le r0 # au t hs rv [ ad d |d el e te ] { ho s t}
Defines or deletes current authentication server. Add to add, Delete to delete and a valid host.
{ ho s tn am e }: f il ec o nt ro l le r0 # authsrv add
myhost
(aaa) authentication login, on page 750 (aaa) radius name, on page 751 (aaa) radius name timeout, on page 752 (aaa) tacacs+, on page 752 (aaa) tacacs name timeout, on page 753 {hostname}:filecontroller0# authsrv list, on page 753
{hostname}:filecontroller0# authsrv list

{h o st n am e} : fi le c on t ro ll e r0 # a ut h sr v l is t
Displays current authentication server. No additional parameters required
{h o st n am e} : fi le c on t ro ll e r0 # authsrv [list]
(aaa) authentication login, on page 750 (aaa) radius name, on page 751 (aaa) radius name timeout, on page 752 (aaa) tacacs+, on page 752 (aaa) tacacs name timeout, on page 753 {hostname}:filecontroller0# authsrv add, on page 753
754
User Account Configuration Commands

This section contains the following commands: (aaa) user lock, on page 754 (aaa) user role, on page 755 (config) lcd lock, on page 755 password local, on page 756 show aaa, on page 757
(aaa) user lock

AC C 1( aa a )# us e r [ user name] [ lo c k| un l oc k]
Disables or enables the specified users account. Enter the user name and Lock to lock, Unlock to unlock.
AC C 1( aa a )# us e r myusername lock
(aaa) user role, on page 755 (config) lcd lock, on page 755 password local, on page 756 show aaa, on page 757
755
(aaa) user role

Command
A CC 1( a aa )# u se r [ user name] r o le [ ad mi n is t ra to r | n et ad m in |m o ni t or ] p as sw o rd lo ca l [ password | n on e]

Creates users and sets the users access level: Administrators have complete access to the Accelerator and its commands. netadmins have complete access to the Accelerator and its commands with the exception of the Security commands. monitors can access the Accelerators CLI but cannot modify configuration. Only administrator users can write a configuration. To set a local password, type in the user name and local password and press Enter. You will be prompted to enter a password. If local is set to none, passwords are necessary only for the remote authentication servers. Enter parameter string as described above
Description
A CC 1( a aa )# u se r myuser r ol e administrator p as sw o rd l o ca l mypassword

(aaa) user lock, on page 754 (config) lcd lock, on page 755 password local, on page 756 show aaa, on page 757
(config) lcd lock
Note: If you lock the keypad via the WebUI or via the CLI, you cannot use the
keypads unlock sequence to unlock the keypad. In such a case, the unlock operation can be carried out only via the CLI or the WebUI
ACC1(config)#lc d l oc k | u n lo c k
Locks/unlocks the keypad. Lock to lock, Unlock to unlock
ACC1(config)#lc d lock
(aaa) user lock, on page 754 (aaa) user role, on page 755 password local, on page 756 show aaa, on page 757
756
password local
A cc 1 # pa s sw o rd l o ca l
To set a local password, type in the user name and local password and press Enter. You will be prompted to enter a password. Enter parameter string as described above
A cc 1 # pa s sw o rd l o ca l myusername
mypssword
(aaa) user lock, on page 754 (aaa) user role, on page 755 (config) lcd lock, on page 755 show aaa, on page 757
Note: Use the command no user [name] to remove a user. You cannot remove a root user, but you can modify the password. (Changing an Expand users password will automatically change the root user as well.)
757
show aaa
A cc 1# sh ow aa a
Displays the security settings No additional parameters are required.
A cc 1# show aaa
(aaa) user lock, on page 754 (aaa) user role, on page 755 (config) lcd lock, on page 755 password local, on page 756
758
show aaa You can enter the show aaa command from the configuration mode. This command lists all the AAA options and their settings.
User Name r o ot ex pa n d us er 1 us er 2 us er 3 Acc1(config)# show aaa te l ne t t ra n sp or t -i np u t s ta tu s .. .. . en a bl e ss h t ra n sp o rt -i n pu t s ta t us .. . .. .. . en a bl e co n so le tr a ns po r t- in p ut st at u s. .. . en a bl e we b t ra n sp o rt -i n pu t s ta t us .. . .. .. . en a bl e se c ur e- w eb tr an s po rt - in p ut s t at us . en a bl e ft p t ra n sp o rt -i n pu t s ta t us .. . .. .. . di s ab le tf t p tr a ns p or t- i np ut st a tu s. . .. .. . di s ab le sn m p tr a ns p or t- i np ut st a tu s. . .. .. . en a bl e Fi r st A u th e nt ic a ti on Me t ho d. . .. .. . Lo c al Se c on d A ut h en ti c at io n M e th od . .. .. . Ra d iu s Th i rd A u th e nt ic a ti on Me t ho d. . .. .. . TA C AC S+ Ma x im um Fa i le d L og in At t em pt s .. .. . 5 Co n fi gu r at i on C h an ge Au d it E v en t. . .. . di sa b le Cr e at e L in k A ud i t Ev e nt . .. .. . .. .. . di s ab le Status p er m it t ed p er m it t ed p er m it t ed p er m it t ed p er m it t ed Role a dm in i st ra t or a dm in i st ra t or a dm in i st ra t or n et ad m in m on it o r
759
Server
radius radius radius tacacs
Order
first second third first
Server Name
rad2 rad3 rad4 tac2
IP
10.0.130.139 10.0.130.132 24.0.214.160 21.0.214.160
Port
1645 1645 1645 49
Time-out
180 180 180 180
The show authentication order command lists which of the authentication servers is set as the first, second and third level authentication server.
Ac c1 ( aa a )# show authentication login order Fi rs t A u th en t ic at i on Me th o d. .. . .. . Lo ca l Se co n d A ut he n ti ca t io n M et h od .. . .. . Ra di u s Th ir d A u th en t ic at i on Me th o d. .. . .. . TA CA C S+
show servers The show servers command lists the authentication servers defined in the Accelerator.
A cc 1 (a aa ) # show servers
Server
radius radius radius tacacs
Order
first second third first
Server Name
rad2 rad3 rad4 tac2
IP
10.0.130.139 10.0.130.132 24.0.214.160 21.0.214.160
Port
1645 1645 1645 49
Time-out
180 180 180 180
760
show transport input The show transport input command lists all possible management protocols and services available and their status.
Ac c 1( aa a )# sh ow tr an s po r t in p ut te l ne t t ra n sp or t -i np u t s ta tu s .. .. . en a bl e ss h t ra n sp o rt -i n pu t s ta t us .. . .. .. . en a bl e co n so le tr a ns po r t- in p ut st at u s. .. . en a bl e we b t ra n sp o rt -i n pu t s ta t us .. . .. .. . en a bl e se c ur e- w eb tr an s po rt - in p ut s t at us . en a bl e ft p t ra n sp o rt -i n pu t s ta t us .. . .. .. . di s ab le tf t p tr a ns p or t- i np ut st a tu s. . .. .. . di s ab le sn m p tr a ns p or t- i np ut st a tu s. . .. .. . en a bl e
show user The show user command lists the users and their authorization levels.
A c c1 (a a a) # show user User Name
root
Status
permitted permitted permitted permitted permitted
Role
administrator administrator administrator netadmin monitor
expand
user1 user2 user3
761
Software OS Upgrade Commands

The following commands are available: copy bundle name, on page 761 reboot bundle name, on page 761
copy bundle name

AC C 1 #c o py [ s cp | sf tp | t ft p | f tp | h tt p]
[b un d le na me ] [ bu n dl e l oc a ti on ]
This command, used for copying any file, lets you upgrade the AcceleratorOS in any of the methods mentioned above, by copying the upgrade bundle file from its location. You should use the following format for specifying the location: user:password@ip/filepath.
AC C1 # copy ftp user:pswd3@1.1.1.2/myfilelocation

copy bundle name, on page 761
reboot bundle name

ACC 1# r eb oo t [ bu n dl e n am e ]
This command should be used when upgrading, for the Accelerator to use the new bundle file after rebooting. Enter the same bundle name you entered in the previous section
ACC 1# reboot mybundlename

reboot bundle name, on page 761
762
Technical Information and Trouble Shooting Tools

The following options are available: By-pass Mode Commands, on page 762 show tech-support continuous, on page 765 show events, on page 765 Configuring Core Allocation, on page 766
By-pass Mode Commands

In addition to the regular by-pass commands (by-pass enable/disable, show bypass) the following commands are supported: bypass activate, on page 762 bypass activate interface, on page 763 bypass enable, on page 763 bypass enable interface, on page 763 show bypass, on page 764 show bypass interface, on page 764
bypass activate
A CC 1# b y p as s ac t i va t e |d e ac t i va t e
Activates or Deactivates the by-pass functionality on all the interfaces. Activate to activate, Deactivate to deactivate.
A CC 1# b y p as s ac t i va t e
bypass activate interface, on page 763 bypass enable, on page 763 bypass enable interface, on page 763 show bypass, on page 764 show bypass interface, on page 764
Note: After entering the by-pass Deactivate command it is necessary to Write this
change. Failure to do so in the case where an Accelerator shuts down will cause the Accelerator to be in by-pass activate state following reboot.
Tec h ni ca l I nf o r m at io n a nd Tro u bl e S h oo t in g To o ls /
763
bypass activate interface

AC C1 # b yp a s s a c ti v at e / de a c ti v a te x /x
Activate or Deactivate the by-pass functionality on a specific interface. Activate to activate, Deactivate to deactivate, followed by the complete port number
AC C1 # bypass activate 1/0

bypass activate, on page 762 bypass enable, on page 763 bypass enable interface, on page 763 show bypass, on page 764 show bypass interface, on page 764
Note: After entering the by-pass Deactivate command it is necessary to Write this
change. Failure to do so in the case where an Accelerator shuts down will cause the Accelerator to be in by-pass activate state following reboot.
bypass enable
A C C 1# by p a ss e na b l e/ d i sa b l e
Enable or disable the by-pass on all the interfaces. Enable to enable, Disable to disable
A CC 1# b y p as s en a b le
bypass activate, on page 762 bypass activate interface, on page 763 bypass enable interface, on page 763 show bypass, on page 764 show bypass interface, on page 764
bypass enable interface

A CC 1# b y p as s [e n a bl e | di s a bl e ] [ x / x]
Enable or disable the by-pass on all the interfaces. Enable to enable, Disable to disable. Enter the complete port number
A CC 1# b y p as s en a b le 1 /0
bypass activate, on page 762 bypass activate interface, on page 763 bypass enable, on page 763 show bypass, on page 764 show bypass interface, on page 764
764
show bypass
A CC 1# s h o w b y pa s s
Shows the by-pass status on all the interfaces. (enabled, disabled, activated, deactivated) No additional parameters required
A CC 1# s h o w b y pa s s
bypass activate, on page 762 bypass activate interface, on page 763 bypass enable, on page 763 bypass enable interface, on page 763 show bypass interface, on page 764
show bypass interface

A CC 1# sh o w b y p as s x/ x
Shows the by-pass status on a specific interface (enabled, disabled, activated, deactivated). Enter the command with the specific valid port number
A CC 1# sh o w b y p as s 0/ 1
bypass activate, on page 762 bypass activate interface, on page 763 bypass enable, on page 763 bypass enable interface, on page 763 show bypass, on page 764
Tec h ni ca l I nf o r m at io n a nd Tro u bl e S h oo t in g To o ls /
765
show tech-support continuous

Command Description
ACC1#s ho w t e ch -s u pp or t c o nt in u ou s
Lists all information necessary to troubleshoot Accelerator problems. Information gathered here includes: version information, license state, CPU and memory utilization, events, link statistics, interface statistics, QoS configuration, route-rules, discovered traffic, running configuration and startup configuration. Press More to view additional output each time; alternatively, add the parameter Continuous to enable continuous output. Enter the same bundle name you entered in the previous section
ACC1#s ho w t e ch -s u pp or t continuous
show events
Command
AC C 1# sh o w e ve nt s [ lo n g | s ho r t] f i lt e r se v er it y f r om [ f at al | w ar ni n g | e rr o r | in f o] t o [ f at al | wa r ni n g | e rr or |i n fo ] ta i l [n u mb e r of la st x e ve nt s t o b e di s pl ay e d]
Lists Accelerator events. Long gives all available information on the event, while short gives a brief summary of each event. Enter the same bundle name you entered in the previous section
AC C 1# sh o w A CC 1# s ho w e ve n ts long filter severity from fatal to info tail 100
766
Configuring Core Allocation

In some scenarios, the Topology-Size is not sufficient and optimizing the Accelerator for the environment requires a more granular tuning. In such cases, adjust the Core Allocation. The Accelerators memory is divided into cores, or logical memory components used for acceleration. The larger the core allocated to a link, the higher the acceleration. The system allocates cores according to bandwidth settings. For more information on CLI configuration, see Performing Basic Setup on page 445. While you can set topology-size via the WebUI (see section Defining Advanced Settings, on page 31, on page 30), setting greedy-threshold size is possible only via the CLI, as follows:
To assign cores:
1. In the Accelerators CLI, in configuration mode, type core-allocation. 2. In core alloc mode, type greedy-threshold followed by the minimum number of Accelerators to equally share memory, as follows: ACC1(CORE ALLOC)# greedy-threshold [minimum number of Accelerators] The default greedy-threshold size is 1.
To set the number of Accelerators in the network:

1. In the Accelerators CLI, in configuration mode, type core-allocation. 2. In core alloc mode, type resource-policy topology size followed by the number of Accelerators in the network, as follows: ACC1(CORE ALLOC)# resource-policy topology size [number of Accelerators on the network] The default resource-policy topology size value is 5
.
Note: After the core allocation is modified, it is recommended to reboot the Accelerator.
Appendix G: Specifications and Warranty

Updated Specifications are found on Expand Networks website. The following model numbers and topics are available: Standards, on page 768 Terms and Conditions of Sale, on page 770
768
A p pe n di x G : Specifications and Warranty
Standards
RFC / Standard List
Modules
Router Protocols RIP RIPv2 OSPFv2 WCCP Router Polling Networking Spanning Tree Protocol VLAN 802.1Q HSRP VRRP SCPS IEEE 802.1D IEEE 802.1Q 2281 3768 ISO 15893:2000 CCSDS-714.0-B-1 MIL-STD-2045-44000 3954 1034, 1035, 2181 1213 2217 818 1350 959 2045, 2616, 2818 1361 IETF drafts 1157, 1155, 1212,1215 1901-1908, 25782580 3411-3418 2104 (HMAC), 2403(96), 2404 (96), 1321 (MD5) 2404 1321 1058 1723, 2082 2328, 2370 3040 2096
RFC /Standard #
NetFlow DNS Acceleration Management MIB-2 Telnet COM port Telnet service TFTP FTP HTTP, HTTPS NTP SSH, SCTF, SFTP SNMPv1 SNMPv2 SNMPv3 Security HMAC
HMAC MD5 Signing Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
Sta n da rd s Radius TACACS+ HW Safety approvals UL 1950, CAN/CSA C22.2, EN60950/A4, No. 950-95 FCC Part 15 Class B EN55022:1998 Class B EN55024:1998 IEC EN61000-4-2:1995 IEC EN61000-4-3:1995 IEC EN61000-4-4:1995 IEC EN61000-4-5:1995 IEC EN61000-4-6:1996 IEC EN61000-411:1994 IEC EN61000-3-2:2000 IEC EN61000-3-3:1995 CISPR16-1:1999 CISPR16-2:1999 IEC 60950-1:2001, EN 60950-1:2001. ISO 9001:2000, EN 46001, ISO 13485 ISO 9000 ETSI EN 3000192(1999-09), ESTI EN 300019-2(1994), Bellcore standard: GR63-ORE. Telcordia (Bellcore) 2138, 2865 1492
769
EMC approvals
ITU QMS Manufacturing Environmental and Vibration tests
MTBF
770
Terms and Conditions of Sale

Please read these terms and conditions carefully before using the product. By using the product you agree to be bound by the terms and conditions of this agreement. If you do not agree with the provisions of these terms and conditions, promptly return the unused products, manual, and related equipment (with proof of payment) to the place of purchase for a full refund.
Acceptance
These terms and conditions of sale (Terms and Conditions) are the terms and conditions upon which Expand Networks, Ltd. and its affiliates and subsidiaries (together Expand) make all sales. Expand will not accept any other terms and conditions of sale, unless Purchaser and Expand have executed an agreement that expressly supersedes and replaces these Terms and Conditions. Acceptance of all purchase orders is expressly made conditional upon Purchaser's assent, expressed or implied, to the Terms and Conditions set forth herein without modification or addition. Purchaser's acceptance of these Terms and Conditions shall be indicated by Purchaser's acceptance of any shipment of any part of the items specified for delivery (the Products) or any other act or expression of acceptance by Purchaser. Expand's acceptance is expressly limited to the Terms and Conditions hereof in their entirety without addition, modification or exception, and any term, condition or proposals hereafter submitted by Purchaser (whether oral or in writing) which is inconsistent with or in addition to the Terms and Conditions set forth hereon is objected to and is hereby rejected by Expand.
Price and Payment

The Purchaser agrees to pay the purchase price for the Products as set forth in Expand's invoice on the date of installation. Purchaser shall bear all applicable federal, state, municipal and other government taxes (such as sales, use and similar taxes), as well as import or customs duties, license fees and similar charges, however designated or levied on the sale of the Products (or the delivery thereof) or measured by the purchase price paid for the Products. (Expand's prices set forth on the front side of the invoice does not include such taxes, fees and charges.) Unless otherwise specified, payment terms are COD in United States Dollars. Expand, at its discretion, may require reasonable advance assurances of payment through irrevocable bank letters of credit or otherwise. All unpaid invoices shall bear interest at an amount equal to 1-1/2% of the outstanding balance per month (or the maximum rate of interest allowed to be contracted for by law, whichever is less), commencing upon the date payment is due. Expand shall have no continuing obligation to deliver Products on credit, and any credit approval may be withdrawn by Expand at any time and without prior notice.
Title and Security Interest

Title to the Products shall vest in the Purchaser upon date of shipment of the Products to Purchaser. Expand shall retain a security interest in the Products until the Products price and all other monies payable hereunder are paid in full. The Purchaser shall execute, upon request by Expand, financing statements deemed necessary or desirable by Expand to perfect its security interest in the Products. Purchaser authorizes Expand to file a copy of the invoice, these Terms and Conditions or a financing statement with the appropriate state authorities at any time thereafter as a financing statement in order to perfect Expand's security interest. A financing statement may be filed without Purchaser's signature on the basis of Expand's invoice or these Terms and Conditions where permitted by law. Purchaser shall keep the Products in good order and condition until the purchase price has been paid in full and shall promptly pay all taxes and assessments upon the Products or use of the Products.
Ter m s an d C o nd it i on s o f S al e
771
Risk of Loss
Risk of loss or damage to the Products shall pass to the Purchaser upon delivery of the Products to the common carrier, regardless of whether the purchase price has been paid in full. Unless advised otherwise, Expand may insure the Products shipped to full value and all such insurance costs shall be for the Purchaser's account. The Purchaser shall inspect the Products immediately upon receipt and shall promptly file any applicable claims with the carrier when there is evidence of damage during shipping.
Warranty
Expand warrants to the purchaser for a period of ninety (90) days from shipment that the products shall be free from defects in material and workmanship and shall perform in substantial conformance with specifications published by Expand. Expand's obligations under these terms and conditions shall be limited solely to Expand making, at Expand's cost and expense, such repairs and replacements as are necessary to place the products in good working order and to conform the products to Expand's published specifications. This warranty is in lieu of all other warranties, express or implied, including without limitation, implied warranties of merchantability and fitness for a particular purpose.
Product Returns
Return of Products purchased hereunder shall be governed by Expand's RMA policies in effect on the date of the invoice. Expand reserves the right to modify or eliminate such policies at any time. The right to return defective Products, as previously described, shall constitute Expand's sole liability and Purchaser's exclusive remedy in connection with any claim of any kind relating to the quality, condition or performance of any Product, whether such claim is based upon principles of contract, warranty, negligence or other tort, breach of any statutory duty, principles of indemnity or contribution, the failure of any limited or exclusive remedy to achieve its essential purpose, or otherwise. In the event Expand issues a return authorization to Purchaser allowing Purchaser to return Product to Expand, Purchaser will deliver the Product to Expand's address in the United States, if so required by Expand, and Purchaser shall bear all applicable federal, state, municipal and other government taxes (such as sales, use and similar taxes) as well as import or customs duties, license fees and similar charges, however designated or levied, on any replacement Product to be shipped by Expand to Purchaser.
License Grant
The Products, though primarily composed of hardware components, contain software that is proprietary to Expand or its licensors. Expand hereby grants to Purchaser, and Purchaser accepts, a personal non-exclusive, nontransferable license to use the Program, in object code form only, and the accompanying documentation (collectively referred to as the Software) only as authorized in these Terms and Conditions. The Software is licensed for Purchaser's internal use and the Software or any derivative or by-product of the Software may not be used by, sub-licensed, re-sold, rented or distributed to any other party. Purchaser agrees that Purchaser will not assign, sublicense, transfer, pledge, lease, rent, or share Purchaser's rights under these Terms and Conditions. Purchaser shall not copy, modify, reverse assemble, reverse engineer, reverse compile, or otherwise translate all or any portions of the Software. The Software and the Documentation are proprietary to Expand and are protected under U.S. and international copyright, trademark, trade secret and patent laws. All right, title, and interest in and to the Software, including associated intellectual property rights, are and shall remain with Expand.
772
Limitation of Liability
In no event shall Expand be liable for loss of profits, indirect, special, incidental, or consequential damages (including, without limitation, loss of use, income or profits, losses sustained as a result of personal injury or death, or loss of or damage to property including, but not limited to, property handled or processed by the use or application of the products) arising out of any breach of these Terms and Conditions or obligations under these Terms and Conditions. Expand shall not be liable for any damages caused by delay in delivery, installation, or furnishing of the Products hereunder. No action arising out of any claimed breach of these Terms and Conditions or transactions under these Terms and Conditions may be brought by either party more than two years after the cause of action has accrued. Expand's liability under these Terms and Conditions shall in no event exceed the purchase price of the Products.
Default
The failure of the Purchaser to perform its obligations under these Terms and Conditions including but not limited to payment in full of the purchase price for the Products, or the filing of any voluntary or involuntary petition under the Bankruptcy Code, insolvency, assignment for the benefit of creditors, or liquidation of the Purchaser's business shall constitute a default under these Terms and Conditions and shall afford Expand all the remedies of a secured party under the Uniform Commercial Code. In the event of default, Expand may, with or without demand or notice to Purchaser, declare the entire unpaid amount immediately due and payable, enter the premises where the Products is located and remove it, and sell any or all the Products as permitted under applicable law. Expand may, in addition to any other remedies which Expand may have, refuse to provide service on the Products under any applicable maintenance agreement relating to the Products then in effect between the parties at the time of the default.
Indemnity
Expand shall defend or settle any suit or proceeding brought against Purchaser based on a claim that Products sold hereunder constitutes an infringement of any existing United States patent, copyright or trade secret providing that Expand is notified promptly in writing and is given complete authority and information required for the defense. Expand shall pay all damages and costs awarded against Purchaser, but shall not be responsible for any cost, expense or compromise incurred or made by Purchaser without Expand's prior written consent. If any Products is in the opinion of Expand likely to or does become the subject of a claim for patent infringement, Expand may, at its sole option, procure for the Purchaser the right to continue using the Products or modify it to become noninfringing. If Expand is not reasonably able to modify or otherwise secure the Purchaser the right to continue using the Products, Expand shall remove the Products and refund the Purchaser the amounts paid in excess of a reasonable rental for past use. Expand shall not be liable for any infringement or claim based upon use of the Products in combination with other Products or with software not supplied by Expand or with modifications made by the Purchaser.
General
Expand shall not be liable for Expand's failure to perform or for delay in performance of Expand's obligations under these Terms and Conditions if such performance is prevented, hindered or delayed by reason of any cause beyond the reasonable control of Expand. These Terms and Conditions and the rights and duties hereunder shall not be assignable by either party hereto except upon written consent of the other. Purchaser agrees to pay to Expand any reasonable attorney's fees and other costs and expenses incurred by Expand in connection with the enforcement of these Terms and Conditions. These Terms and Conditions and performance hereunder shall be Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e
Ter m s an d C o nd it i on s o f S al e
773
governed by and construed in accordance with the laws of the State of New York. Each party acknowledges that it has read, fully understands and agrees to be bound by these Terms and Conditions, and further agrees that it is the complete and exclusive statement of the agreement between the parties, which supersedes and merges all prior proposals, understandings and all other agreements, oral and written, between the parties relating to the subject matter of these Terms and Conditions. These Terms and Conditions may not be modified or altered except by a written instrument duly executed by both parties. If any provision of these Terms and Conditions shall be held to be invalid, illegal or unenforceable, the validity, legality and enforceability of the remaining provisions shall in no way be affected or impaired thereby. The failure of either party to exercise in any respect any right provided for herein shall not be deemed a waiver of any right hereunder.
Open Source Provisions

The Software is accompanied by the following third party products: JfreeChart (Copyright 2000-2004, by Object Refinery Limited. All rights reserved), Cewolf, and JBoss, which are subject to the GNU Lesser General Public License (the LGPL), as published by the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA (or found at http://jasperreports.sourceforge.net/license.html#lgpl), and the following terms: Expand agrees, upon request to provide, at the cost of distribution only, a complete machine-readable copy of the source code for JfreeChart, Cewolf, or JBoss software. This offer is valid for three (3) years from installation of the Software. The Software is accompanied by the following third party product: Apache Copyright 1999-2004, The Apache Software Foundation, which is subject to the Apache License Version 2.0 (found at www.apache.org/licenses/ LICENSE-2.0). The Software is accompanied by the following third party product: TouchGraph Software: (Copyright 2001-2002 Alexander Shapiro. All rights reserved) developed by TouchGraph LLC (http://www.touchgraph.com/), which is subject to the TouchGraph LLC. Apache-Style Software License. The Software is accompanied by the following third party product: JavaMail, which is subject to the following terms: Copyright 1994-2004 Sun Microsystems, Inc. All Rights Reserved Neither the name of Sun Microsystems, Inc. or the names of contributors may be used to endorse or promote products derived from this software without specific prior written permission. This software is provided AS IS, without a warranty of any kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. (SUN) AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. You acknowledge that this software is not designed, licensed or intended for use in the design, construction, operation or maintenance of any nuclear facility. The Software is accompanied by the following third party product: AdventNet SNMP API 4 (Release 4.0.0), which is subject to the following terms: Copyright (c) 1996-2002 AdventNet, Inc. All Rights Reserved. This software may not be distributed in any modified form without the prior consent from AdventNet, Inc.
774
I n de x
775
Index
A
AAA configuring via the CLI 748 configuring the Radius server 750 configuring users 754 viewing AAA configuration 757 configuring via the WebUI 338 configuring users 338 defining the security settings 342 setting authentication preferences 340 description 336 AccDump 377 download files 380 enable 378 Accelerator templates 92 Access authentication 336 Activating WCCP 526 Adding entries to the ARP cache 638 Advanced QoS configuring 230 setting parameters 229 Aggregation aided by Syslog server 287 applying aggregation classes to an application 619 configuring classes 617 enabling classes per link 620 prioritizing applications 205 selecting a class 271 setting by using the Decision screen 235 setting limit 621 setting window 623 AID 308 ARP creating static ARP entries 301 Assigning a link to a wan 652 Authentication 117 Authentication servers, compatibility with 116
B
Bandwidth setting a minimum bandwidth desired 203 Bandwidth management Layer-7 and bandwidth management 4 setting the bandwidth 78 Bypass mode carrying out the troubleshooting procedure 348 checking the link status 356 description 16 in an On-Path deployment 295
C
Cache Management 152 Checking Ethernet settings 357 Checking for corrupted terminals 362 Checking HSRP malfunction 363 Checking lack of acceleration 360 Checking link malfunction 361 Checking QoS malfunction 364 CIFS defining active cache method 32 Compact Flash replacing the Accelerator in the field 35 upgrading the AcceleratorOS software 366 Compression by using IPComp 25, 84
776
I n de x
Citrixs internal compression mechanism 392 disabling compression disabling Citrix encryption and compression 393 disabling Citrix NFuse compression 392 in the PNAgent client 398 on SAP 404 next-generation WAN compression 3 QoS integration with 205 viewing compression statistics per application 64 per link 53 Compression filter 147 Configuring 113 Configuring Accelerator NetFlow 402 Configuring Accelerator networking 75 Configuring DHCP servers 110 Configuring OSPF via the WebUI 99 Configuring RIP via the CLI 517 via the WebUI 102 Configuring router polling via the CLI 514 via the WebUI 101 Configuring secondary IP addresses 79 Configuring subnets manually 95 Configuring the File Server/Domain Controller 119 Configuring the WAN 78 Configuring the wizard 23 Configuring WCCP via CLI 522 Copying last saved startup configuration to running configuration 667 running configuration as startup configuration 368
Creating static ARP entries 301 Crypto 273 Crypto mode 274
D
Defining Shared Directories 119 Deployment Citrix deployment benefits in terminal and thin client deployments 393 Citrix metaframe deployments 226 controlling latency and jitter 392 configuring via the CLI 449 defining deployment size 32 defining deployment type 32 transparency configuring transparency support 259, 567, 585 in On-LAN deployments 254 in On-Path deployments 254 DFS 145 DHCP servers configuring via the CLI 528 via the WebUI 110 Disconnected Operation 180 DISKSITES Services Issues DHCP services 199 Displaying information for troubleshooting 355 DNS 184 DNS acceleration 268 benefits 4, 44 DNS Acceleration Configuring via the WebUI 268 Domains 117 Dynamic bandwidth using 89 Dynamic routing a feature in WAN compression 3
I n de x
777
integrating into networks that use 42 setting routing strategy 31
E
Editing 89 Enabling Packet Interception 102 Encryption 214 Ethernet checking Ethernet settings 357 Ethernet port configuring NetFlow 402 connecting out-of-band management 284 Ethernet statistics viewing via the CLI 588 via the WebUI 69 Event log checking for unusual errors checking error events 352 checking fatal events 353 checking info events 352 checking warning events 352 Expand solution 114 ExpandView working with Accelerators via 291 External monitoring devices 43 External QoS devices integrating into 43
FileBank adding FileBank Directors 149 cache management 152 deleting FileBank Directors 149 fetch settings 157 filters 154 print services 168 short term files filter 154 Time to Live settings 152 users 153 Windows domain 151 FileBank Director compression filter 147 file servers 145 file services 142 settings 142 Setup Wizard 127, 131 system functions 127, 131 FileBank Director Settings 142 Filters 154 FTP acceleration configuring via the WebUI 264 definition 4
H
High latency environment installing in 44 HSRP 315 configuring autodetecting HSRP groups 641 enabling HSRP automatic detection 317 setting HSRP group number 640 setting manual HSRP configuration 318 understanding router redundancy protocols 302 HTTP acceleration configuring via the CLI 536
F
Fetch 261 Fetch Settings 157 Fetch Users 153 File Server/Domain configuring 119 File servers 145 File servers, compatibility with 116 File Services Functions 149
778
I n de x
definition 4 setting rules 259 HTTP transparency in On-Path deployment 254
I
IKE policy 273 Installing the Accelerator On-Path using bypass mode 16 OnPath 8 IP address configuration configuring router polling 101 configuring secondary 79 configuring subnets manually 95 configuring the Accelerator 455 creating QoS rules 231 creating static ARP entries 301 defining OSPF and RIP neighbors defining a RIP neighbor 518 defining an OSPF neighbor 511 editing a subnet 96 enabling NetFlow 593 settings 28, 32 setting a network for broadcasting the Accelerators rules 512 setting ExpandView agent parameters 111 setting links via the wizard 25 setting the Accelerators clock 109 setting the WCCP router IP 524 IPSec policies 275
L
Latency causing slower session start 242 computing 245
increased by waiting for ACK packets 242 installing in a high latency environment 44 SpeedScreen Latency Reduction Manager 397 TCP poor handling of high latency 240 using Citrix acceleration plug-in to reduce 226 using packet fragmentation to prevent violation of VoIP/video latency budgets 205 ways to reduce DNS acceleration 268 DNS caching 268 packet aggregation 647 packet fragmentation 649 scaling the transmission window 243 TCP Vegas 249 using QoS 202 using SCPS 243 Layer-7 applications classifying 222 discovering 60 identifying Citrix Layer-7 applications 399 Layer-7 QoS 4 monitoring and reporting 5 Link statistics 50 Link Templates 92 Links adding via the my links screen 81 assigning a link to a WAN 652 creating and editing 80 defining advanced settings 32 defining maximum number of 32 editing via the my links screen 89 enabling citrix acceleration 272, 276 generating trend reports via ExpandView 283 managing 305
I n de x
779
noisy links 237 setting the Accelerator to enable external QoS 237 setting the bandwidth of 210 checking QoS malfunction 364 setting to work in large cache mode 648 using graphs to view link statistics 49 acceleration 51 compression 53 summary graphs 68 using the statistics table to view link statistics 54 checking lack of acceleration 360
M
MACC configuration 323 MACC templates 92 Maximum Transmission Unit 85 Maxiumum Segment Size 85 Mobile Accelerator Configuration 323 Monitoring window description 48 MSS 85 MTU 85 Multi 311 Multiport 311 My Links screen uses adding links 82 editing links 89 using for setting links 24
identifying the traffic 72 NetFlow compliance as an Expand benefit 5 requiring router transparency encapsulation 84 Network topology optimizing 76 Networks asymmetric networks optimization 244 computing latency 246 congestion avoidance 244 defining printers for 140 IP-based network On-LAN 9 On-Path 8 overviewing your network performance 68 preparing network integration 13, 95 Non-Link 80
O
On-LAN deployment configuring transparency support 259 defining encapsulation settings 475 enabling packet interception 102 RTM support for 84 setting routing strategy 31 setting the deployment type in the CLI 454, 457 using WCCP to forward traffic to an On-LAN accelerator 104 On-LAN installation at a data center 43 configuring Accelerator NetFlow in 403 defining encapsulation settings 25 use in IP-based network 9 On-Path deployment applying HTTP transparency to the server side 254 configuring NetFlow support 71 configuring transparency support 259
N
NetFlow configuring NetFlow support 71 enabling via the CLI 593
780
I n de x
defining encapsulation settings 25 operating in bypass mode 295 setting the deployment type in the CLI 454, 457 using bridge route 31 working with bypass mode 16 working with VLAN 299 On-Path installation configuring NetFlow 403 Operating requirements 22 OSPF adding remote subnets manually 90 configuring 42, 99 configuring subnets manually 95 setting dynamic routing 94, 98 using out-of-band management 284 working with 98
P
Packet interception enabling 102 Pre-fetch 261 Print Services 168 Prioritizing applications methods of 203 when creating a new Citrix application 224 when creating a new Web application 222 when creating a QoS rule 230 when filtering traffic 209 Prioritizing traffic by using traffic shaping 210, 212
Q
QoS applications creating 215 creating Citrix applications 223
creating Web applications 222 modifying 222 benefits of the Expand QoS solution end-to-end application performance monitoring 205 guaranteed bandwidth for specific applications 205 restricting rouge and greedy applications 205 seamless integration with compression 205 transparent to existing QoS infrastructure 205 checking lack of acceleration 360 malfunction 364 configuring the WAN 78 configuring via the CLI 594 defining scalable 283 dropped out packets 55, 67, 333 external QoS devices 43 Layer-7 QoS bandwidth management 4 part of On-Path configuration 8 providing QoS services to virtual links 80 router transparency 25 rules creating 229 editing 234 understanding 208 setting inbound 229 understanding how QoS works QoS rules 208 studying QoS bandwidth allocation 209 traffic filtering 209 traffic shaping 209
R
RAID 308, 311
I n de x
781
RAID support 308 RAID-1 309 RAID-5 309 RDP description 393 disabling compression and encryption 394 Recovering the password 349 Redundancy 307, 311 Resiliancy 307 RIP configuring 102, 104, 105 via the CLI 517 via the WebUI 102 setting routing 94 dynamic routing 98 subnet routing 94 setup checklist 17 working with 102 Router polling configuring via the CLI 514 setting dynamic routing 98 setting routing strategy 31 using out-of-band management 284 working with 101 Router redundancy 315 HSRP 315 On-LAN deployment 9 understanding router redundancy protocols 315 VRRP 315 Router transparency monitoring device in a cloud 77 preserving network integrity 6 setting links via the wizard 25 setting the link to work with 475 WAN compression 3 with a QoS device 77 RS232 console 11 Rules route rules
working with router polling 101
S
SCPS standard compliance of TCP acceleration with 4 congestion avoidance 244 description 240 preserving network integrity 6 standard number 768 studying SCPS 243 TCP spoofing 244 Secondary IP address configuring in the WebUI 79 Security 335 Security Accelerators AAA 336 authentication setting authentication method 342 setting authentication servers 340, 342 entering user-defined password 27, 302 locking and unlocking the keypad 344 managing users defining authorization for a new user 338 deleting users 339 modifying authorization for an existing user 339 using Verisign security certificate 48 Setup via the WebUI 21 Setup wizard accessing 22 configuring 23 defining advanced settings 32 reviewing configuration 28 setting links via 24 setting time 26 Shared Directories
782
I n de x
defining 119 Short Term Files filter 154 SNTP setting the Accelerators time 109 SSH enabling secure management 6, 20 logging into the Accelerator via 442 Static ARP entries 301 Subnet routing setting 94 Summary graphs viewing 68
Transparency support configuring 259, 567, 585 Troubleshooting 347 DISKSITES services issues 199 general 191 networking issues 191, 194 security issues 193, 197 Troubleshooting displaying information for 355
U
Upgrading the AcceleratorOS software via the CLI 761 via the WebUI 366 Utilization statistics 50
T
TCP acceleration computing latency 245 configuring 248 via the WebUI 248 editing links 89 enabling 249 optimizing WANs in a high latency environment 44 understanding the shortcomings of TCP 241 Technical support displaying information for troubleshooting 355 Time setting the Accelerator time 109 Time to Live settings 152 Traffic discovery discovering Layer-7 applications 60 enabling L-7 traffic discovery via the CLI 591 gathering statistics for detected applications 59, 68, 72 viewing detailed 57 Traffic shaping how it is applied 209 prioritizing applications 203, 205 role in the QoS mechanism 207
V
Verisign security certificate using 48 Virtual links 80 VLAN including the Accelerator in a VLAN group 299 setting in the CLI 642 working with in an On-LAN configuration 297 in an On-Path configuration 299 VRRP 315 Setting VRRP Group Number 643 understanding router redundancy protocols 302
W
WAFS FileBank categories 142 additional services 140 file services 139
I n de x
783
system 138 utilities 140 FileBank Director categories 137 file services 137 system 137 utilities 138 WAFS transparency enabling 698 excluding servers from 698 WAN adding via the CLI 643 via the WebUI 292 addressing WAN-Outs 4 assigning a link to 652 configuring configuring NetFlow support 71 configuring the WAN 78 defining link speed 48 enabling bursts 613 enabling packet interception 102 identifying ongoing traffic 72 setting the bandwidth of QoS bandwidth allocation 209 setting inbound QoS 229 via the CLI 457 via the WebUI 32 setting to work in strict-priority mode 612 viewing detected applications 57 WAN bandwidth configuring the Accelerator 457 setting 23, 32 studying QoS bandwidth allocation 210 WAN bursts 211 WCCP configuring via the CLI 522 activating 526 setting authentication 523 setting priority 523 setting router IP 524
setting TCP service ID 525 setting UDP service ID 526 installing On-LAN at a data center 43 using out-of-band management 284 Web-intensive environment installing in 44 Windows Domain 151 Working with Accelerators Via ExpandView 155

Expand User Guide 7.0.1

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Expand User Guide 7.0.1

Uploaded by

Copyright:

Available Formats

AcceleratorOS

User Manual Software Version 7.0.1 Revision 4.0

Chapter 2: Getting Started........................................................ 13

Chapter 3: Monitoring the Network ......................................... 45

Chapter 4: Configuring Networking......................................... 75

Chapter 5: Configuring and Managing WAFS......................... 113

Chapter 6: Applying QoS.......................................................... 201

Chapter 7: Optimizing Acceleration Services......................... 239

Chapter 8: Configuring Management Options........................ 281

Sending Updates via Email ........................................................................ 289

Chapter 9: Setting Advanced Parameters............................... 291

Chapter 10: Resiliency and Redundancy ................................ 307

Chapter 11: Working with Mobile Accelerators ..................... 323

Chapter 12: Security ................................................................. 335

Chapter 13: Troubleshooting ................................................... 347

Chapter 14: Using the Accelerator Tools ................................ 365

Appendix A: Pre-Defined Applications.................................... 381 Appendix B: Accelerator Integration ....................................... 391

Appendix C: MIME Types ......................................................... 409

show events................................................................................................ 765 Configuring Core Allocation...................................................................... 766

Appendix G: Specifications and Warranty.............................. 767

Index ........................................................................................... 775

Chapter 1: Introducing the Accelerator

C h ap t er 1: Introducing the Accelerator

Features and Benefits

Virtual Bandwidth Management

Easy Management and Configuration

Redefining Application Traffic Management

Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e

Next-generation WAN Compression

C h ap t er 1: Introducing the Accelerator

Layer-7 QoS and Bandwidth Management

Layer-7 Monitoring and Reporting

Branch Office Features

Rapid Deployment/Dependable Results

C h ap t er 1: Introducing the Accelerator

Maximum Uptime and Reliability

Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e

The Accelerator Product Line

C h ap t er 1: Introducing the Accelerator

How the Accelerator Works

Figure 1: On-Path Application

Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e

Figure 2: On-LAN Application

Figure 3: An Optional Configuration

C h ap t er 1: Introducing the Accelerator

Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e

Configuration and Management

C h ap t er 1: Introducing the Accelerator

Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e

Chapter 2: Getting Started

Connecting and Configuring Multi-Port Accelerators

Figure 1: Connecting the Cables

4. Power on the Accelerator.

Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e

Understanding the LEDs

Figure 2: LED Display

See this table for 6x50 LED information:

See this table for 7930 and 7940 LED information:

Working with By-pass Mode

Ac ce ler at o rOS Ve rsi on 7.0 .1 Us er Gu id e

Reviewing the Setup Checklist

For more information see:

Performing Setup via the Wizard, on page 22