Cisco 6500 Bedienungsanleitung

Corporate He adquarters Cisc o Syst ems , Inc . 170 West Ta sman Drive San Jos e, CA 95 134-1706 USA http://www.ci sco.com Tel: 408 526-4000 800 553- NETS (638 7) Fax: 408 526-4100 Catalyst 650 0 Series S witc h SSL S erv ices Module Command Reference R ele ase 3.1 Text Pa rt Nu mber: OL-9105- 01[...]

THE SPECIFICATIONS AND INFORMATION REGARDING TH E PRODUCTS IN THIS MANUAL ARE SUBJE CT TO CHANGE WITHOUT NO TICE. ALL STATEMENT S, INFORMATI ON, AND RECOMMENDA TIONS IN T HIS MANUAL ARE BELIEVED TO BE ACCURATE BU T ARE PRESEN TED WITHOUT WARRANTY OF ANY KIND, EXPRE SS OR IMPLIED. USERS MUST TA KE FULL RESPONSIBILITY FOR THEIR AP PLICATION OF ANY PR[...]

iii Catalyst 6500 Serie s Switch SSL Serv ices Module C ommand Referen ce OL-9105-01 CONTENTS Preface vi i Audienc e vii Organi zation vi i Relat ed D ocum ent atio n vii Conv enti ons viii Obtain ing Docu mentati on ix Cisco. com ix Produc t Documentat ion DVD ix Orderi ng Documenta tion x Document ation F eedback x Cisco Pr oduct S ecurit y Overv[...]

Cont ent s iv Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 CHAPTER 2 Commands f or the Cataly st 6500 Seri es Switch SSL Servi ces Module 2-1 clea r ssl-pr oxy conn 2-2 clea r ssl-pr oxy cont ent 2-3 clea r ssl-pr oxy sess ion 2-4 clea r ssl-pr oxy stats 2-5 crypt o pk i ex por t pem 2-7 crypt o pk i im port p em[...]

Content s v Catalyst 6500 Serie s Switch SSL Serv ices Module C ommand Referen ce OL-9105-01 show ssl- prox y policy 2-72 show ssl- prox y service 2-75 show ssl- prox y stats 2-77 show ssl- prox y status 2-82 show ssl-pr oxy ver sion 2-84 show ssl- prox y vlan 2-85 snmp-ser ver en able 2-86 ssl-p roxy cont ext 2-87 ssl-p roxy cryp to sel ftest 2-89[...]

Cont ent s vi Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01[...]

vii Catalyst 6500 Serie s Switch SSL Serv ices Module C ommand Referen ce OL-9105-01 Preface This pr eface d escrib es the audie nce, o rganizatio n, an d conventions of this pu blicat ion, a nd provide s information on how to obtain relate d documentation. Audience This pu blicat ion is for experience d netwo rk admi nistrat ors who are responsib [...]

viii Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Preface Conv ent ions The Ci sco IO S docu mentati on se t incl udes t hese documen ts: • Configuration Fund amen tals Co nfiguration Guid e • Command Ref er ence For information about M IBs, refer to this URL: http://www .cisco.com /public/sw-center /netmgmt/[...]

ix Catalyst 6500 Serie s Switch SSL Serv ices Module C ommand Referen ce OL-9105-01 Pre face Obtaining Documentat ion Notes us e the follo wing con ventions: Note Means r eader t ake no te . N otes co ntai n helpf ul sugg est ions or refer ences to materi al not cov ere d in the publicatio n. Cautions use the fol lowing con ventions: Cautio n Means[...]

x Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Preface Docum entation Fe edback Ordering Docume ntation Beginning June 30 , 2005, regist ered Cisco.com use rs may order Ci sco docum entati on at the Pro duct Documen tation S tore in the Cisco M arke tplace at this URL: http://www .cisco.co m/go/marke tplace/ Nonr[...]

xi Catalyst 6500 Serie s Switch SSL Serv ices Module C ommand Referen ce OL-9105-01 Pre face Obtaining Technical Assistance Reporting Se curity Problems in Cisco P roducts Cisco is comm itted to delive ring sec ure produ cts. W e test our products i nterna lly before we relea se them, and we str iv e to correct all vul nerabilities q uickly . If yo[...]

xii Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Preface Obtain ing Techni cal Ass istance Note Us e the Cisco Product Ident ification (CPI) to ol to locate your product ser ial numb er b efore su bmitt ing a web or phon e request for service. Y ou can access th e CPI tool from t he Cisco T echni cal Support &[...]

xiii Catalyst 6500 Serie s Switch SSL Serv ices Module C ommand Referen ce OL-9105-01 Pre face Obtaining Additional Publications and Information Obtaining Ad ditional Publication s and Informatio n Informa tion ab out Cisco pro ducts, t echnologi es, and ne twork soluti ons is av ailable from various online and printe d source s. • Cisco Ma rketp[...]

xiv Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Preface Obtainin g Addi tional Pub lications and Informat ion[...]

C HAPTER 1-1 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 1 Command-Line Interface This chap ter provides info rmati on for unders tandin g and using th e Catalyst 650 0 series swit ch SSL Services Module softw are using the c ommand-line in terface ( CLI). The CLI for the Cataly st 6500 series switch SSL Services M [...]

1-2 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapt er 1 Command -Line Int erface How to Fi nd Command Opti ons This exam ple sh ows how to obtain a li st of comma nds tha t begin with a par ticular char acte r stri ng or complete a partial command nam e: ssl-proxy# tu? tunnel simpson1-2# tu This e x ample s h[...]

1-3 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 1 Comm and-Lin e Interface How to Find Com mand Options Ta b l e 1 - 2 shows e xampl es of how you can use t he question mark ( ? ) t o assist you in entering comma nds. T able 1 -2 How t o Find Command Optio ns Command Comment ssl-proxy> enable Password: &l[...]

1-4 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapt er 1 Command -Line Int erface How to Fi nd Command Opti ons ssl-proxy(config-if)# channel-group group ? <1-256> Channel group number ssl-proxy(config-if)#channel-group group After you enter the group keyword, enter a ? to di spla y what you mu st enter [...]

1-5 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 1 Comm and-Lin e Interface Understa nding Com mand Modes Understandin g Comma nd Modes This se ction contai ns descr iptions of th e comm and mod es fo r the Cisco I OS user interfac e. Cisco IOS User Interface The C isco IOS use r inte rface is d ivided into m[...]

1-6 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapt er 1 Command -Line Int erface Using the No and De fault Forms of Commands For more inf ormation on command m odes, refe r to the “Using th e Command L ine Interf ace” c hapter of the Configur ation F undam entals C onfiguration G uide . Note Y o u can iss[...]

1-7 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 1 Comm and-Lin e Interface Using the CLI String Search Using the CLI String Search The pat tern in th e command output is r eferred to as a string . The CLI string se arch fea ture allo ws you to sear ch or filter a ny sho w or mor e command out put and a llows[...]

1-8 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapt er 1 Command -Line Int erface Using the CLI String Sea rch T o enter th ese spe cial char acters a s single -cha racter p atterns, remo ve th e special m eaning by preceding each ch aracter with a backs lash ( ). These e xamples are single -chara cter patte [...]

1-9 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 1 Comm and-Lin e Interface Using the CLI String Search Multiple-Characte r Patterns When crea ting re gular e xpressions, you c an also spe cify a p attern conta ining multiple charac ters. Y ou creat e mul tipl e-ch arac ter r egular expr essio ns by jo ining [...]

1-10 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapt er 1 Command -Line Int erface Using the CLI String Sea rch T o use multipliers with mult iple-characte r patterns, you enclo se the pattern in parenth eses. In the follo wing example, the patte rn matches any num ber of the multiple-c haracter string ab: (ab[...]

1-11 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 1 Comm and-Lin e Interface Using the CLI String Search For exam pl e, _1300_ matc hes an y string that has 1 300 s ome whe re in the str ing. The s tring ’ s 1300 can be prec eded by or end with a spa ce, brac e, comm a, or unde rscore. For examp le, {1300 _[...]

1-12 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapt er 1 Command -Line Int erface Using the CLI String Sea rch[...]

C HAPTER 2-1 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 2 Commands for the Catalyst 6500 Series Switch SSL Services Module This c hapter contai ns an alphabe tical listin g of co mman ds for the C atalyst 6500 series switch SSL Services M odule. For additional SSL Service s Module informatio n, refer to the foll ow[...]

2-2 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module clear ss l-prox y conn clear ssl-proxy conn T o clear all TCP con nections on the entir e system, use th e clear ssl-proxy c onn command. clear ss l-pro xy conn [ context name [ module [ modu le[...]

2-3 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule clear ssl- proxy cont ent clear ssl-proxy content T o clear all TCP con nections on the entir e system, use th e clear ssl-proxy c onn command. clear s sl-pr oxy conte nt { all | re write | scanning [...]

2-4 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module clear ss l-prox y sess ion clear ssl-proxy session T o clear all entr ies from the se ssion cac he, use the clear ssl-pr oxy ses sion comm and. clear ssl-proxy session [ service [ name ] [ conte[...]

2-5 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule clear ss l-proxy stats clear ssl-proxy stats T o r eset the st atisti cs count ers t hat a re maint aine d in t he di fferent system com ponent s on t he S SL Servic es Module, use the clear ssl- pro[...]

2-6 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module clear ss l-prox y stats Comma nd H ist ory Usage Guid elines T o reset all the statistic s counters that t he SSL Service s Module maintains, use the clear ssl-proxy stats command without option[...]

2-7 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule cryp to pki exp ort pe m crypto pki export pem T o export priv acy-enhan ced ma il (PEM ) files from the SSL Servic es Module , use the crypto pki ex port pem comma nd. crypto pki export trustpoint_ [...]

2-8 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module crypto pk i ex port pem Y ou ca n chan ge the defau lt file extensions wh en prom pted. The default file exten sions are a s follows: • public key (.pub) • priv a te key (.prv ) • certif i[...]

2-9 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule crypto pki import pem crypto pki import pem T o import a PEM-f ormatted f ile to the SSL Services Mo dule, use th e crypto pki impo rt pem co mmand . crypto pki import tr ustpo int _lab el pem [ expo[...]

2-10 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module crypto pk i impor t pem The crypto pki import pem comman d im ports only t he priv ate key (.p rv), the se rver ce rtificat e (.cr t), and the i ssuer CA cer tificate (.ca). If you have more th[...]

2-11 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule crypto pki export pkcs12 crypto pki export pkcs1 2 T o expo rt a PKCS1 2 file from the SSL Servic es Modu le, us e th e crypto pki export pkcs12 command . crypto pki export tr ustpoint_ label pkcs12[...]

2-12 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module crypto pk i ex port pkc s12 Exam ples Th is example shows how to e xport a PKCS 12 file using SCP: ssl-proxy(config)# crypto pki export TP1 pkcs12 scp: sky is blue Address or name of remote hos[...]

2-13 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule crypto pki import pkcs12 crypto pki import pkcs12 T o import a PKCS12 file to the SSL Services Module, use the c rypto pki im port pkcs12 comm and. crypto pki import tr ustpo int _lab el pkcs12 file[...]

2-14 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module crypto pk i impor t pkcs12 Exam ples Th is example shows how to import a PKCS12 file using SCP: ssl-proxy(config)# crypto pki import TP2 pkcs12 scp: sky is blue Address or name of remote host [[...]

2-15 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule cryp to k ey de cry pt rs a crypto key decryp t rsa T o d elete the e ncryp ted key an d leave only t he une ncry pted key , use the crypt o key de crypt r sa comm and. crypt o key de crypt [ write [...]

2-16 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module crypto ke y encry pt rsa crypto key encryp t rsa T o encrypt the RSA ke ys, use the cr ypto key encr ypt r sa command . crypt o key en crypt [ write ] rsa [ name ke y-n ame ] passphrase pass ph[...]

2-17 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule cryp to k ey ex por t rsa pem crypto key export rsa p em T o expor t a PEM-fo rmat ted RSA key to th e SSL Servi ces Mo dule, u se the crypto key expo rt rsa pem comm and. crypto key e xport rsa key[...]

2-18 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module crypto ke y expor t rsa pem Exam ples Th is example shows ho w to export a key from the SSL Servi ces Mo dule: ssl-proxy(config)# crypto key export rsa test-keys pem url scp: 3des password % Ke[...]

2-19 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule cryp to k ey im por t rsa pem crypto key import rsa pem T o im port a PEM- format ted RSA key from an external syste m, use the crypto key import rs a pem comm and. crypto ke y import rsa ke y label[...]

2-20 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module crypto ke y impor t rsa pem Exam ples Th is exam ple sh ows how to import a PEM -form atted RSA key fro m an exter nal syst em an d export the PEM-for matted RSA key to the SSL Services M odule[...]

2-21 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule crypt o key lock rsa crypto key lock rsa T o lock the en crypte d pri v ate k ey , use the crypto ke y lock rs a command. cryp to key lo ck rsa [ name key-name ] passphrase pas sphr ase Syntax Descr[...]

2-22 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module crypto ke y unlo ck rsa crypto key unlock rsa T o unl ock the e ncryp ted private ke y , use the crypt o key unlock rsa comman d. crypto key unlock rsa [ name key-name ] passphrase pas sphr ase[...]

2-23 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule debug ssl- proxy debug s sl-proxy T o tu rn on th e debug flag s in differen t system compone nts, use the deb ug ssl-p r oxy command . Use the no form o f this co mmand to t urn of f the deb ug fla[...]

2-24 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module debug s sl-proxy Comma nd H ist ory Usage Guid elines The con tent type includes the follo wing v alues: • detail —c onte nt de tai l • error —c ontent error • ipc —content ip c •[...]

2-25 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule debug ssl- proxy Note Use the TCP de bug commands on ly to trou bleshoot ba sic connecti vity issues under l ittle or no load conditi ons (f or inst ance, when no c onnect ion is being establ ished [...]

2-26 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module do do T o execu te EXEC -level comma nds f rom g lobal configurati on m ode or other configurat ion mo des or submodes, use the do comman d. do comman d Syntax Desc ripti on Defaults Thi s comm[...]

2-27 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule inte rface ssl -pro xy interface ssl-proxy T o enter the subinterf ace conf iguratio n submode, use the interf ace ssl-pr oxy co mmand . In inter fac e configurati on submo de, you c an configure a [...]

2-28 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module interface s sl-proxy The valid values for configuri ng HSR P are as fol lows: • gr o up-numb er —(Optional) Group number on t he interf ace for which HSRP is being acti vated; v alid values[...]

2-29 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule inte rface ssl -pro xy • type time —Sp ecif ies the preemption type and delay; v alid va lues are as follo ws: – minimum time —Specifies the minimum d elay pe riod in delay sec onds; valid v[...]

2-30 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module natpool natpool T o de fine a poo l of IP a ddresses, whic h the SSL Services M odul e uses fo r impl emen ting the client NA T , use the natpool command . natpool nat -pool-n ame start_ip_ add[...]

2-31 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule policy health-probe tcp policy health-probe tc p T o enter the TCP health probe conf iguration submode, use the policy he alth-pr obe comm and. In TCP health probe configurat ion subm ode, you ca n [...]

2-32 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module policy h ealth-pro be t cp Exam ples Th is example shows how to configure TCP healt h probe to c heck whet her service at port 80 is up and running on server IP address 19. 0.0.1: ssl-proxy(con[...]

2-33 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule policy health-probe tcp Context name: ssl Context Id : 1 Admin Status: up Operation Status: down Proxy status: Health Probe Failed This example shows ho w to configure TCP heal th probe to check whe[...]

2-34 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module policy h ttp-head er policy ht tp-header T o enter the HTTP he ader inser tion conf igura tion submod e, use the policy http-header comma nd. policy http-header http-heade r-policy-nam e Syntax[...]

2-35 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule policy http-header • Client Certif icate i n PEM format—When you specify cli ent-cert pem , the SSL module sends the entire client certif icate in PEM format. • Client IP an d Port Address—N[...]

2-36 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module policy h ttp-head er • SSL Ses sion—Session heade rs, inc luding th e sessio n ID, are use d to c ache cli ent cer tifi cates th at are based on the session ID. The session headers are also[...]

2-37 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule policy http-header Exam ples Th is example shows how to enter the HTT P header i nsertion c onfiguration submode : ssl-proxy(config)# ssl-proxy context s1 ssl-proxy(config-context)# policy http-head[...]

2-38 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module policy h ttp-head er In addition to the standar d HTTP headers, the fo llowin g header informat ion is inserted: Note Th e ali as nam e (My- Sessio n-Ciphe r) is used instead of th e st andar d[...]

2-39 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule policy ssl policy ssl T o ent er t he SSL-po licy configurati on subm ode, use the policy ssl com mand. In the SSL-p olic y configurati on sub mode, y ou c an define the SSL p olicy for o ne or more[...]

2-40 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module policy s sl Usage Guid elines Each SSL-polic y conf iguration submode command is entere d on its own line. Ta b l e 2 - 4 lists the commands a v ailable in SSL- policy conf iguration submode. S[...]

2-41 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule policy ssl Y ou can def ine the SSL p olic y templates using the policy ssl ssl-policy-nam e command a nd associ ate a SSL policy with a parti cular proxy server using the prox y server configurat i[...]

2-42 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module policy s sl When y ou enter the close-n otif y str ict command , t he SSL Serv ices Mod ule se nds a c lose- notify al ert message to the SSL peer , and the SSL Services Modu le exp ects a clos[...]

2-43 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule policy ssl When yo u enter th e tls-ro llback curr ent command, th e SSL prot ocol version c an be e ither t he maxi mum supporte d version or the negotiated version. When y ou enter the tls-r ollba[...]

2-44 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module policy s sl Relat ed Comma nds show ssl-pr oxy stats show ssl-pr oxy stats ssl[...]

2-45 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule policy tcp policy tcp T o ent er the proxy policy TCP configurati on submode , use the policy t cp comma nd. In proxy- policy TCP configura tion submo de, you can d efine the TCP policy templ ates. [...]

2-46 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module policy t cp Usage Guid elines After you de fine the TCP policy , you can associ ate the TC P policy with a pr oxy server using the proxy-pol icy TCP configurat ion submod e comm ands. Each p ro[...]

2-47 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule policy tcp Usage Guid elines TCP comma nds that you enter on the SSL Servi ces Modu le can ap ply eithe r globall y or to a particula r proxy server . Y ou can con fig ure a dif ferent maxi mum se g[...]

2-48 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module policy t cp This exampl e shows ho w to define the ma ximum size for the rec eiv e buffer configuration : ssl-proxy (config-ctx-tcp-policy)# buffer-share rx 16384 ssl-proxy (config-ctx-tcp-poli[...]

2-49 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule policy url-rewrite policy url-rewrite T o e nter the URL r e write configurat ion subm ode, use the policy url-r ewrite comm and. I n URL re write configurati on sub mode, you can de fine the U RL-r[...]

2-50 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module policy u rl-rew rite clearp ort por t-numb er —(Optional) Specif ies the port portion of the URL lin k that is to be rewrit ten; valid values are from 1 to 65 535. sslport port-numbe r —(Op[...]

2-51 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule pool ca pool ca T o enter the certi fica te authority pool configu ration submode, use the pool ca comman d. In the certificat e author ity pool configurati on submode, you can co nfigure a cert ifi[...]

2-52 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module servi ce service T o e nter t he proxy -serv ice configura tion su bmode, use the servi ce command. service ssl- pr oxy-n ame [ client ] Syntax Desc ripti on Defaults Server N A T i s enable d,[...]

2-53 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule service In most ca ses, all of the SSL- serv er -pro xy conf igur ations that are performed are also vali d for the SSL-client- proxy conf igurati on, excep t for the follo wing: • Y ou must confi[...]

2-54 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module servi ce Both secu red and bridge mode betwe en the Con tent Switchi ng Module (CSM ) and th e SSL Services Module i s supp orted. Use the secondary keyword (optiona l) for bridg e-mod e topo l[...]

2-55 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule service This exam ple sh ows how to configure a cl ear-text web server f or t he SSL Se rvice s Mod ule to forwar d the decry pted traf f ic: ssl-proxy (config-ctx-ssl-proxy)# server ipaddr 207.50.0[...]

2-56 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module service cl ient service client T o ente r the cl ient pro xy-servi ce co nfiguration sub mode, use the servic e clien t command. service ssl-pr o xy-name client Syntax Desc ripti on Defaults Cl[...]

2-57 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule servic e client Ta b l e 2 - 9 lists the commands that ar e av ailable in proxy-client con figurat ion submode. Both secu red mode an d bridge mo de betw een the Con tent Switc hing Module (CSM) a n[...]

2-58 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module service cl ient Exam ples Th is example shows ho w to enter the client pro xy-ser vice co nfiguratio n submod e: ssl-proxy (config)# ssl-proxy context s1 ssl-proxy (config-context)# service S7 [...]

2-59 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule show i nterfaces ssl-proxy show interfaces ssl-proxy T o display inf ormation about t he conf igured subi nterfac es, use the sho w interface s ssl-proxy command . show interfaces ssl-proxy 0. subin[...]

2-60 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module show ssl -proxy buff ers show ssl-proxy buffers T o display in format ion abou t TCP bu ff er usage, use the sho w ssl-p ro xy b uffers co mmand. show ssl-pr oxy bu ff e r s Syntax Desc ripti o[...]

2-61 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule show ssl-proxy certificate-history show ssl-proxy c ertificate -history T o display in format ion abou t the e vent his tory of th e certif icat e, use the show ssl-proxy certificate-hist ory com ma[...]

2-62 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module show s sl-proxy certificate -history Exam ples This example sho ws ho w to display the e ven t history of all the certif icate processing: ssl-proxy# show ssl-proxy certificate-history Record 1[...]

2-63 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule show ssl-proxy certificate-history This e xample shows how to display the cer tifi cate recor d for a spec ific proxy ser vice: ssl-proxy# show ssl-proxy certificate-history service s6 Record 3, Tim[...]

2-64 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module show ssl -proxy conn show ssl-proxy c onn T o displ ay the TCP conn ecti ons from the SSL Serv ices Modul e, use the show ssl-proxy conn comm and. show ssl-proxy conn 4tuple [ loca l { ip local[...]

2-65 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule show ssl- proxy conn Comma nd H ist ory Exam ples These e xampl es sho w dif ferent w ays to dis play t he TCP co nnection that is esta blishe d fro m the S SL Services M odule: ssl-proxy# show ssl-[...]

2-66 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module show ssl -proxy conn ssl-proxy# show ssl-proxy conn 4tuple remote ip 1.200.200.14 Connections for TCP module 1 Local Address Remote Address VLAN Conid Send-Q Recv-Q State --------------------- [...]

2-67 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule show ssl-pr oxy context show ssl-proxy c ontext T o display contex t information, use the show ssl-proxy context comman d. show ssl-pr oxy context [ nam e ] Syntax Descript ion Defaults Thi s comman[...]

2-68 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module show ssl -proxy cras h-info show ssl-proxy c rash-info T o collect informatio n about th e softwa re-forced reset f rom the SSL Services Module, use the show ssl-proxy crash-info comman d. show[...]

2-69 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule show ssl-proxy c rash-i nfo s0 :00000000, s1 :0024783C, s2 :00000000, s3 :00000000 s4 :00000001, s5 :0000003C, s6 :00000019, s7 :0000000F t8 :00000001, t9 :00000001, k0 :00400001, k1 :00000000 gp :0[...]

2-70 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module show ssl -proxy ma c address show ssl-proxy mac ad dress T o displa y the curren t MA C addr ess, use the show ssl-proxy mac address comma nd. show ssl-pr oxy mac address Syntax Desc ripti on T[...]

2-71 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule show ssl-pr oxy natpool show ssl-proxy n atpool T o display informat ion about the N A T pool, use the show ssl-proxy natpool comm an d. show ssl-pr oxy nat poo l [ name ][ context name ] Syntax Des[...]

2-72 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module show ssl -proxy poli cy show ssl-proxy policy T o displ ay the con figured SSL proxy po licies, us e the show ssl-proxy policy co mmand. show ssl-pr oxy pol ic y { health-pr obe tcp [ name ] [ [...]

2-73 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule show ssl-pro xy policy 6 "g:" 7 "h:" 8 "i:" 9 "j:" 10 "k:" 11 "l:" 12 "m:" 13 "n:" Usage count of this policy: 0 ssl-p[...]

2-74 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module show ssl -proxy poli cy This e xample shows h ow to display information about the URL re write policy: ssl-proxy# show ssl-proxy policy url-rewrite urlrw-policy No context name provided, assumi[...]

2-75 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule show ssl-pr oxy service show ssl-proxy service T o display information ab out the conf igured SSL virtu al service, use the sho w ssl-proxy service comm and. show ssl-pr oxy servic e [ name ][ conte[...]

2-76 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module show ss l-pr oxy ser vice Nat pool: n2 rsa-general-purpose certificate trustpoint: tptest Certificate chain for new connections: Certificate: Key Label: mytp, 1024-bit, not exportable Key Times[...]

2-77 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule show ssl-prox y stats show ssl-proxy stats T o display information ab out the statistics counter , use the show ssl-proxy stats command. show ssl-pr oxy stats [ typ e ] Syntax Descript ion Defaults [...]

2-78 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module show ss l-pr oxy st ats • module module —Displays statisti cs for the sp ecifie d module; module type includes the follo wing: – all —all CPUs – fdu —FDU CPU – ssl1 —SSL1 CPU ?[...]

2-79 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule show ssl-prox y stats This example sho ws how to display the TCP statistics: ssl-proxy# show ssl-proxy stats tcp TCP Statistics: Connection related : Initiated : 4 Accepted : 4 Established : 8 Dropp[...]

2-80 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module show ss l-pr oxy st ats Response timeout: 0 Response with error status: 0 Response with no request: 0 Response duplicated: 0 Message type error: 0 PKI Accumulative Certificate Counters: Proxy s[...]

2-81 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule show ssl-prox y stats This exa mple shows ho w to display conten t statistics: ssl-proxy# show ssl-proxy stats content Scan object statistics in CPU: SSL1 Objects in use : 0 Obj alloc failures : 0 M[...]

2-82 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module show ss l-pr oxy st atus show ssl-proxy status T o d isplay i nforma tion abo ut the SSL Ser vices Module proxy st atus, use th e show ssl-proxy status comm and. show ssl-pr oxy status [ fdu | [...]

2-83 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule show ssl-pr oxy status TCP cpu is alive! TCP cpu utilization: % process util : 0 % interrupt util : 0 proc cycles : 0x2E42C686 int cycles : 0x47F7C36A91 total cycles: 0x4E799DB3F5F8 % process util ([...]

2-84 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module show ss l-pr oxy ver sion show ssl-proxy version T o display th e curren t image v ersion, use the show ssl-proxy vers ion command. show ssl-pr oxy ver si on Syntax Desc ripti on This c ommand [...]

2-85 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule show ssl-prox y vlan show ssl-proxy vlan T o display VLAN informatio n, use the show ssl-proxy vlan comm and. show ssl-pr oxy vlan [ vlan -id ][ debug ][ modul e module ] Syntax Descript ion Default[...]

2-86 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module snmp- server ena ble snmp-server enable T o conf igure the SNMP traps an d infor ms, use the snmp- serv er enable command. U se the no form of this comman d to disable SNMP traps and infor ms. [...]

2-87 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule ssl-pr oxy cont ext ssl-proxy context T o e nter the SSL c ontext su bmode a nd define t he vir tual SSL context, u se t he ssl-proxy c ontext comm and. U se the no form of this command to remo ve a[...]

2-88 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module ssl-proxy cont ext Exam ples Th is example shows ho w to configure th e context “hubb le”: ssl-proxy# configure terminal Enter configuration commands, one per line. End with CNTL/Z. ssl-pro[...]

2-89 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule ssl-proxy cryp to selftest ssl-proxy crypto selftest T o initiate a c ryptograp hic self-te st, use th e ssl-proxy crypto se lftest command . Use th e no fo rm o f thi s comman d to disable the t es[...]

2-90 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module ssl-proxy mac addres s ssl-proxy mac address T o conf igure a MA C addr ess, use the ssl-proxy mac addr ess comman d. ssl-proxy mac addre ss m ac-addr Syntax Desc ripti on Defaults Thi s comman[...]

2-91 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule ssl-pr oxy pki ssl-proxy pki T o configur e and define t he PKI implem entatio n on the SSL Serv ices M odule, u se the ssl-proxy pki co mman d. Use the no fo rm of this comm and to disabl e the log[...]

2-92 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module ssl-p roxy pk i Usage Guid elines The ssl-proxy pki history command enables logging of ce rtifica te history records per -proxy service into memory a nd ge nerates a syslog me ssage per reco rd[...]

2-93 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule ssl-proxy crypto key unl ock rsa ssl-proxy crypto key unlock rsa T o unlock th e k ey aut omaticall y after a reload, use the ssl-proxy crypto key unlock rsa comm and . ssl-proxy crypt o key unlock [...]

2-94 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module ssl-p roxy ip-fr ag-tt l ssl-proxy ip-frag-ttl T o adjust the IP fragment rea ssembly timer , use the ssl-proxy ip-f rag-ttl command . ssl-proxy ip-frag -ttl time Syntax Desc ripti on Defaults [...]

2-95 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule ssl-prox y ssl rateli mit ssl-proxy ssl ratelimit T o p rohi bit new con nections duri ng overload condit ions, u se th e ssl-proxy ssl ratelimit command. Use the no form o f this c ommand to al lo [...]

2-96 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module standby aut hentica tion standby authentica tion T o conf igure an authenticatio n string for HSRP , use the standby authentication comm and. U se the no form of this comm and to dele te an a u[...]

2-97 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule standby del ay minimum reload standby delay minimum reloa d T o conf igure a delay before th e HSRP groups are initia lized, use the standby delay minimum r eload comm and. U se the no form of this [...]

2-98 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module standby del ay min imum reload Exam ples This example sho ws ho w to set the minimum delay to 30 seconds and the delay after the f irst reload to 120 sec onds: ssl-proxy(config)# interface ssl-[...]

2-99 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule stand by ip standby ip T o acti va te HSRP , use the standby ip command. Us e the no fo rm of this command to disable HSRP . standby [ gr o up-numbe r ] ip [ ip-address [ secon da ry ]] no standby [[...]

2-100 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module standby ip Exam ples This example sho ws ho w to acti va te HSRP for group 1 on Ethernet interf ace 0. The IP address that is used by the hot stan dby group is lear ned using H SRP . ssl-proxy[...]

2-101 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule standby ma c-address standby mac-add ress T o specify a vir tual MA C address f or HSRP , use the s tand by mac- addr ess comm and. Use th e no for m of this com mand to revert to the standard virt[...]

2-102 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module standby m ac-add ress In an APPN network, an end no de is typica lly co nfigured with the MA C addre ss of the adja cent network node. Use th e standby ma c-address c ommand in the routers to [...]

2-103 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule standby mac-refr esh standby mac-re fresh T o change th e interv al at which pac ket s are sent to refresh the MA C cache when HSRP is runn ing ov er FDDI, use the standby mac-r efr esh command . U[...]

2-104 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module standby nam e standby name T o con figure the na me of the st andby group, u se the standby name command. Use th e no form of t his comm and to disabl e the name . standby name gr oup-nam e no[...]

2-105 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule standby pr eempt standby preempt T o c onfigure HSR P pree mption and pr eempt ion dela y , use the standby preempt command. Us e the no form of this command to restore t he def ault v alues. stand[...]

2-106 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module standby pre empt When you us e group nu mber 0, no grou p number is written to NVRAM , providing bac kward compatibilit y . IP-redun dancy clients ca n prevent preemption fr om taki ng place. [...]

2-107 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule standby pri ority standby priority T o conf igure the priority for HSRP , use the standby priority command. Use t h e no form of this comm and to res tore the defau lt values . standby [ gr o up-nu[...]

2-108 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module standby pri ority Exam ples Th is exam ple sh ows ho w to change the r outer priori ty: ssl-proxy (config-subif)# standby priority 120 ssl-proxy (config-subif)# Relat ed Comma nds stan db y tr[...]

2-109 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule standby re directs standby redirects T o ena ble H SRP filtering of Int ernet Co ntrol Message Protocol (ICMP) redir ect messa ges, use the standby redir ects comma nd. U se th e no for m of t his [...]

2-110 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module standby red irect s The no standby redir ects command is the s ame as the st andby redir ects disable comm and. W e d o not recomm en d that you save the no f orm o f th is comm and to NV RAM [...]

2-111 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule standby timers standby t imers T o conf igure the time betwe en hello p ackets and the time be fore oth er rout ers declare the acti v e hot standby or standby ro uter to be d own, use th e standby[...]

2-112 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module standby ti mers The standby timers comma nd c onfigures t he time be tween st andby hel lo pa ckets an d th e time befo re other router s declar e t he active or standby r outer to be down. Ro[...]

2-113 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule stan dby t rac k standby track T o co nfigure HSRP t o track an ob ject and c hange t he hot stand by priorit y based on t he state of the obj ect, use the standby track command . Us e the no form [...]

2-114 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module standby tr ack When you us e group nu mber 0, no grou p number is written to NVRAM , providing bac kward compatibilit y . The standby track command syntax prior to Release 12.2(15)T is still s[...]

2-115 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 Chapter 2 Commands for the Catalyst 6500 Series SSL Serv ices Mod ule standby use- bia standby use-b ia T o conf igure HSRP to use the b urned- in addre ss of the int erfac e as its vir tual MA C address in stead of the prea ssigned MAC address (o n Ethe rnet and FDD[...]

2-116 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Chapter 2 Comman ds for the Cat alyst 6500 Series SSL Servic es Module standby versi on standby version T o ch ange the version of t he Hot Sta ndby Router Protocol (H SRP), use t he standby version command : standby version { 1 | 2 } Syntax Desc ripti on Default[...]

A- 1 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 APPEND IX A Acronyms Ta b l e A - 1 defines t he acron yms th at are u sed in th is publica tion. Ta b l e A - 1 L i s t o f A c r o n y m s Acro nym E xpan sion AAL A TM adaptation layer A CE acc ess contr ol entry A CL acc ess contr ol list A CNS A pplica tion and C[...]

A- 2 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Appe ndi x A Acr ony ms CB A C conte xt base d access co ntrol CCA circuit card assembly CDP Cis co Di scovery Protoc ol CEF Cisc o Exp ress For war ding CHAP Challeng e Hand shake Au thentic ation Pr otocol CIR committed informat ion rate C IS T Common and Intern[...]

A-3 Catalyst 6500 Serie s Switch SSL Serv ices Module C ommand Referen ce OL-9105-01 Append ix A Acronym s dot1q 8 02.1Q dot1x 8 02.1x DRAM dynami c RAM DRiP D ual Ri ng Protocol DSAP de stination ser vice ac cess point DSCP dif ferentiat ed services code point DSPU do wnstream SNA Physical Uni ts DTP Dynamic T runk ing Prot ocol DTR da ta terminal[...]

A- 4 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Appe ndi x A Acr ony ms ICD I nternat ional Co de De signator ICMP Inte rnet C ontrol M essage Protocol IDB int erf ace de scri ptor bloc k IDP in itia l doma in par t or I nternet Datagr am Pr otocol IDSM Intru sion Detecti on System Module IFS IOS File System IG[...]

A-5 Catalyst 6500 Serie s Switch SSL Serv ices Module C ommand Referen ce OL-9105-01 Append ix A Acronym s MD 5 message diges t 5 MD I X media-dependent interf ace cross ov er M D SS Multicast Dis tributed Shortcut Switching MFD multicast fast drop MIB Manag ement I nforma tion B ase MII m edia- independe nt inter face MLS Multilayer Switching MLSE[...]

A- 6 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Appe ndi x A Acr ony ms OSI Ope n Sys tem Int erconn ect ion OSM O ptica l Services M odule OSPF open short est path f irs t P AE port access entity P AgP Port A ggregati on Pro tocol PBD p acket buffer daughter board PBR policy-base d routing PC Pe rsonal Comput [...]

A-7 Catalyst 6500 Serie s Switch SSL Serv ices Module C ommand Referen ce OL-9105-01 Append ix A Acronym s R M O N remot e netw or k moni tor R OM r ead-on ly m emory R OMMON R OM monitor RP rout e proces sor o r rendez v ous p oint RPC remo te proced ure call RPF r everse path forward ing R PR R oute Pr ocesso r Redundancy R PR + Route Processo r [...]

A- 8 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Appe ndi x A Acr ony ms STP Spa nnin g T ree Pr otoc ol SVC s witche d virtua l circ uit SVI switched virtual in terface T A CA CS+ T erminal Access Contr oller Ac cess C ontrol Sy stem Plus T ARP T arget Iden tif ier Address Resolu tion Protocol TCAM T ern ary C [...]

A-9 Catalyst 6500 Serie s Switch SSL Serv ices Module C ommand Referen ce OL-9105-01 Append ix A Acronym s WRR we ighted rou nd-rob in XNS Xerox Network System T able A -1 List of A cr on yms (continued) Acro nym E xpan sion[...]

A-10 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Appe ndi x A Acr ony ms[...]

B-1 Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01 APPEND IX B Acknowledgments for Open-Source Software The Cisc o IOS software on the Cataly st 6500 seri es switches soft ware pipe comm and use s Henry Spence r’ s re gul ar exp ressi on libr ary (re gex). Henry Spenc er’ s regular expression library (regex). Copyr[...]

B-2 Catalyst 6500 S eries Swit ch SSL Service s Module Command R eference OL-9105-01 Appe ndi x B Acr ony ms[...]

IN-1 Catalyst 6500 Serie s Switch SSL Serv ices Module C ommand Referen ce OL-9105-01 INDEX Symbols # ch aract er (pri vile ged EX EC m ode p rompt) 1-5 $ char acter 1-8, 1-10 * (aster isk) 1-7 + (plus sign) 1-7 . (perio d) 1-7 ? comm and 1-1 ^ (car et) 1-8, 1-10 _ (underscore ) 1-8, 1-10 | (pip e or vertic al bar) specifying alterna tive pattern s[...]

Index IN-2 Catalyst 6500 Series S witch SSL Services Module Command Referenc e OL-9105-01 comm and-l ine i nte rfac e See CLI comm and m odes acce ssing 1-5 exiting 1- 5 underst anding 1-5 comm ands mode t ypes 1-5 committed i nformation rate See CIR Content Switc hing Module See CSM D defaul t form of a co mmand , using 1-6 designat ed forwa rder [...]

Inde x IN-3 Catalyst 6500 Serie s Switch SSL Serv ices Module C ommand Referen ce OL-9105-01 configuring secondary interface 2-99 initiali zation de lay period 2-97 enab lin g 2-99 filtering of ICMP r edirect m essages 2-109 ICMP redi rect messa ges disabling 2-109 enab lin g 2-109 MAC a ddress config uring 2-101 preemp tion d elay config uring 2-1[...]

Index IN-4 Catalyst 6500 Series S witch SSL Services Module Command Referenc e OL-9105-01 Multilayer Switch Feature Card See MSFC Multilayer Switching See MLS multiple- character patter ns 1-9 Multipl e Spannin g Tree See MST Multiproto col Label Switc hing See MPLS N NetFlow Data Export See NDE network en tity titl e See NET no form of a com mand,[...]

Inde x IN-5 Catalyst 6500 Serie s Switch SSL Serv ices Module C ommand Referen ce OL-9105-01 ROM mo nitor mode, summary 1-6 Route Proce ssor Redunda ncy See RPR Route Proce ssor Redunda ncy+ See RPR+ S Secure Sockets Laye r See SSL server lo ad balancin g See SLB show comm ands filter 1-7 search 1-7 singl e-charac ter patt erns special ch aracter s[...]

Index IN-6 Catalyst 6500 Series S witch SSL Services Module Command Referenc e OL-9105-01 config uration subm ode 2-49 user EX EC mode , sum mary 1-5 V value mask result See VMR virtual MAC addre ss 2-101 VLAN acces s control l ists See VACL VMR acronym for value mask r esult W Web Cache Copr ocesso r Protocol See WCCP weight ed random early d etec[...]