-
Cisco ACNS Software Command Reference, Release 5.5
-
Index
-
Preface
-
Command Line Interface Command Summary
-
Cisco ACNS Software Commands - aaa accounting to clear
-
Cisco ACNS Software Commands - clock to hostname
-
Cisco ACNS Software Commands - http to ldap
-
Cisco ACNS Software Commands - less to rtsp (global config)
-
Cisco ACNS Software Commands - rtsp to show hardware
-
Cisco ACNS Software Commands - show hosts to show statistics content-distribution-network
-
Cisco ACNS Software Commands - show statistics content-routing to show statistics tvout
-
Cisco ACNS Software Commands - show statistics udp to tacacs
-
Cisco ACNS Software Commands - tcp to wccp router-list
-
Cisco ACNS Software Commands - wccp rtsp to write
-
Appendix A: Acronyms
-
Appendix B: Standard Time Zones
-
Feedback
Table Of Contents
shutdown (interface configuration)
2show statistics udp
To display Content Engine User Datagram Protocol ( UDP) statistics, use the show statistics udp EXEC command.
show statistics udp
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Table 2-155 describes the fields shown in the show statistics udp display.
show statistics url-filter
To display Content Engine URL filtering statistics, use the show statistics url-filter EXEC command.
show statistics url-filter {http {local-list | N2H2 | websense}| rtsp local-list | wmt local-list}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Table 2-156 describes the fields shown in the show statistics url-filter http n2h2 display.
Table 2-157 describes the fields shown in the show statistics url-filter http websense display.
Related Commands
clear statistics url-filter
show url-filter
url-filtershow statistics wccp
To display Content Engine WCCP statistics, use the show statistics wccp EXEC command.
show statistics wccp gre
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
GRE is a Layer 3 technique that allows datagrams to be encapsulated into IP packets at the WCCP-enabled router and then redirected to a Content Engine (the transparent proxy server). At this intermediate destination, the datagrams are decapsulated and then routed to an origin server to satisfy the request if a cache miss occurs. In doing so, the trip to the origin server appears to the inner datagrams as one hop. Usually, the redirected traffic using GRE is referred to as GRE tunnel traffic. With GRE, all redirection is handled by the router software.
With WCCP redirection, a Cisco router does not forward the TCP SYN packet to the destination because the router has WCCP enabled on the destination port of the connection. Instead, the WCCP-enabled router encapsulates the packet using GRE tunneling and sends it to the Content Engine that has been configured to accept redirected packets from this WCCP-enabled router.
After receiving the redirected packet, the Content Engine does the following:
1.
Strips the GRE layer from the packet.
2.
a.
b.
For example, a Content Engine would decide not to accept the request because it is configured to bypass requests that originate from a certain set of clients or that are destined to a particular set of servers.
Examples
Table 2-158 describes the fields shown in the show statistics wccp gre display.
Related Commands
wccp
show statistics wmt
To display Content Engine WMT (Windows Media Technologies) statistics, use the show statistics wmt EXEC command.
show statistics wmt {all | bytes [incoming | outgoing] | errors | multicast | requests | rule | savings | streamstat [incoming | live | outgoing | stream-id 1-999999] | urlfilter | usage}
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
In the ACNS 5.3 software, the output of the show statistics wmt EXEC commands was modified to include information about WMT RTSP requests. For example, the output from the show statistics wmt EXEC commands was changed as follows:
•
•
•
•
In the ACNS 5.3 software, the live option was added to the show statistics wmt streamstat EXEC command to enable you to display aggregated live statistics. Also, the incoming, outgoing, and stream-id options were added to the show statistics wmt streamstat EXEC command to display statistics of all incoming WMT streams, outgoing WMT streams, and streams with the specified ID.
Examples
Table 2-159 describes the fields shown in the show statistics wmt all display.
Related Commands
clear statistics wmt
show wmt
wmtshow sysfs
To display system file system (sysfs) information, use the show sysfs EXEC command.
show sysfs volumes
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Examples
The system file system (sysfs) stores log files, including transaction logs, syslogs, and internal debugging logs. It also stores system image files and operating system files. The show sysfs volumes command displays the disk volume number and its size.
Table 2-160 describes the fields shown in the show sysfs volumes display.
Related Commands
disk config sysfs
show disks details
sysfsshow tacacs
To display TACACS+ authentication protocol configuration information, use the show tacacs EXEC command.
show tacacs
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
The show tacacs command displays the TACACS configuration for the Content Engine.
Table 2-161 describes the fields shown in the show tacacs display.
Related Commands
clear statistics tacacs
show statistics tacacs
tacacsshow tcp
To display Transmission Control Protocol (TCP) configuration information, use the show tcp EXEC command.
show tcp
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
The show tcp command displays TCP configuration details for the Content Engine.
Table 2-162 describes the fields shown in the show tcp display.
Related Commands
clear statistics tcp
show statistics tcp
tcpshow tech-support
To view information necessary for Cisco's Technical Assistance Center (TAC) to assist you, use the show tech-support EXEC command.
show tech-support [page | streaming]
Syntax Description
page
(Optional) Specifies the pages through the output.
streaming
(Optional) Displays technical support information specific to the streaming feature.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
Use this command to view system information necessary for TAC to assist you with your Content Engine. We recommend that you log the output to a disk file. Use the streaming option to view information specific to the streaming feature.
Examples
The following example shows the types of information available about the ACNS software. Because the show tech-support command output is comprehensive and can be extensive, only excerpts are shown in the following example.
ContentEngine# show tech-supportCPU Usage:cpu: 0.39% User, 0.42% System, 0.33% User(nice), 98.86% Idlecpu0: 0.39% User, 0.42% System, 0.33% User(nice), 98.86% Idle--------------------------------------------------------------------PID STATE PRI User T SYS T COMMAND----- ----- --- ------ ------ --------------------1 S 0 4386 1706 (init)2 S 0 0 0 (keventd)3 S 19 0 0 (ksoftirqd_CPU0)4 S 0 0 0 (kswapd)5 S 0 0 0 (bdflush)6 S 0 0 0 (kupdated)7 S 0 0 0 (scsi_eh_0)45 S 0 4733 4114 (nodemgr)46 S 0 0 0 (syslogd)47 R 0 83 65 (dataserver)920 S 0 0 0 (login)921 S 0 123 68 (inetd)1207 S 0 0 0 (parser_server)1208 S 0 0 0 (eval_timer_mana)1211 S 0 46 1 (parser_server)1442 S 0 0 0 (wccp)1443 S 0 0 0 (overload)1444 S 0 0 0 (standby)1445 S 0 13 29 (cache)1446 S 0 0 0 (proxy_poll)1447 S 0 0 0 (snmpced)1448 S 0 0 0 (http_authmod)1458 S 0 0 0 (http_authmod)1465 S 0 0 0 (http_authmod)1466 S 0 0 0 (http_authmod)1467 S 0 0 0 (http_authmod)1537 S 0 0 0 (cache)1538 S 0 0 0 (unified_log)1540 S 0 0 1 (webserver)1541 S 0 2 2 (mcm)1542 S 0 0 0 (cache)1543 S 0 0 0 (cache)1550 S 0 0 0 (cache)1551 S 0 0 0 (cache)1556 S 0 0 0 (cache)1567 S 0 0 0 (mcm)1568 S 0 0 0 (mcm)1629 S 0 18982 4140 (crond)1936 S 0 1669 611 (bootnet)1937 S 10 0 0 (tracknet)1938 S 10 33545 5556 (checkup)1983 S 0 0 0 (srcpd)2023 S 0 1 0 (admin-shell)2024 S 0 0 0 (parser_server)2150 S 0 0 0 (rsvpd)2152 S 0 0 0 (rtspd)2153 S 0 1635 1067 (httpsd)2164 S 0 0 0 (librarian)2167 S 0 1667 2105 (libaux)2170 S 0 0 0 (mapper)2178 S 0 32 37 (cache)2179 S 0 0 0 (router)2180 S 0 0 0 (fill)2183 S 0 0 0 (remotereq)2185 S -20 0 0 (videosvr)2188 S 0 9 4 (contentsvr)2189 S 0 0 0 (routeraux)2190 S 0 0 1 (dfcontrolsvr)2226 S 0 0 0 (smbd)2228 S 0 0 0 (nmbd)2973 Z 0 0 0 (cache)8446 S 0 0 0 (httpsd)8447 S 0 0 0 (gcache)18173 S 0 0 0 (in.telnetd)18174 S 0 0 0 (login)18175 S 0 2 2 (admin-shell)18176 S 0 0 0 (parser_server)19426 S 0 0 0 (httpsd)19427 S 0 0 0 (httpsd)19456 Z 0 0 0 (cache)19503 Z 0 30 3 (crond)19515 S 0 0 0 (more)19516 S 0 6 18 (exec_show_tech-)19553 R 0 0 0 (exec_show_proce)------------------ process memory --------------------Total Used Free Shared Buffers Cached1050943488 564785152 486158336 0 5222400 475176960PID State TTY %MEM VM Size RSS (pages) Name------ ----- ------ ----- ---------- ----------- ----1 S 0 0.0 1146880 119 (init)2 S 0 0.0 0 0 (keventd)3 S 0 0.0 0 0 (ksoftirqd_CPU0)4 S 0 0.0 0 0 (kswapd)5 S 0 0.0 0 0 (bdflush)6 S 0 0.0 0 0 (kupdated)7 S 0 0.0 0 0 (scsi_eh_0)45 S 0 0.0 1208320 143 (nodemgr)46 S 0 0.0 1630208 194 (syslogd)47 R 0 0.0 1974272 238 (dataserver)920 S 1088 0.0 1728512 236 (login)921 S 0 0.0 1191936 130 (inetd)1207 S 0 0.3 4980736 847 (parser_server)1208 S 0 0.0 1933312 151 (eval_timer_mana)1211 S 0 0.3 4980736 847 (parser_server)1442 S 0 0.0 2232320 163 (wccp)1443 S 0 0.0 1548288 154 (overload)1444 S 0 0.0 1724416 161 (standby)1445 S 0 5.9 65646592 15266 (cache)1446 S 0 0.0 1957888 173 (proxy_poll)1447 S 0 0.1 2097152 290 (snmpced)1448 S 0 0.0 1757184 205 (http_authmod)1458 S 0 0.0 1757184 205 (http_authmod)1465 S 0 0.0 1757184 205 (http_authmod)1466 S 0 0.0 1757184 205 (http_authmod)1467 S 0 0.0 1757184 205 (http_authmod)1537 S 0 5.9 65646592 15266 (cache)1538 S 0 0.0 1789952 169 (unified_log)1540 S 0 0.4 10817536 1164 (webserver)1541 S 0 0.0 2150400 251 (mcm)1542 S 0 5.9 65646592 15266 (cache)1543 S 0 5.9 65646592 15266 (cache)1550 S 0 5.9 65646592 15266 (cache)1551 S 0 5.9 65646592 15266 (cache)1556 S 0 5.9 65646592 15266 (cache)1567 S 0 0.0 2150400 251 (mcm)1568 S 0 0.0 2150400 251 (mcm)1629 S 0 0.0 1187840 137 (crond)1936 S 0 0.6 7532544 1605 (bootnet)1937 S 0 0.2 3215360 545 (tracknet)1938 S 0 0.2 3637248 654 (checkup)1983 S 0 0.3 4374528 838 (srcpd)2023 S 1088 0.0 2146304 182 (admin-shell)2024 S 0 0.3 4980736 847 (parser_server)2150 S 0 0.0 1679360 188 (rsvpd)2152 S 0 0.3 6217728 881 (rtspd)2153 S 0 0.1 2527232 329 (httpsd)2164 S 0 0.3 6533120 990 (librarian)2167 S 0 0.4 7110656 1144 (libaux)2170 S 0 0.3 5955584 863 (mapper)2178 S 0 0.3 6135808 927 (cache)2179 S 0 0.3 6287360 948 (router)2180 S 0 0.3 5955584 926 (fill)2183 S 0 0.3 5832704 852 (remotereq)2185 S 0 0.3 8269824 873 (videosvr)2188 S 0 0.4 7651328 1196 (contentsvr)2189 S 0 0.3 6103040 953 (routeraux)2190 S 0 0.4 10272768 1075 (dfcontrolsvr)2226 S 0 0.1 3559424 504 (smbd)2228 S 0 0.0 2084864 247 (nmbd)2973 Z 0 0.0 0 0 (cache)8446 S 0 0.1 2506752 327 (httpsd)8447 S 0 0.0 1421312 116 (gcache)18173 S 0 0.0 1220608 132 (in.telnetd)18174 S 34816 0.0 1736704 238 (login)18175 S 34816 0.0 2162688 184 (admin-shell)18176 S 0 0.3 4980736 847 (parser_server)19426 S 0 0.1 2551808 350 (httpsd)19427 S 0 0.1 2576384 354 (httpsd)19456 Z 0 0.0 0 0 (cache)19503 Z 0 0.0 0 0 (crond)19515 S 34816 0.0 1163264 109 (more)19516 S 34816 0.0 1941504 168 (exec_show_tech-)19554 R 34816 0.1 2277376 266 (exec_show_proce)------------------ system memory --------------------Total physical memory : 1026312 KBTotal free memory : 474692 KBTotal memory shared : 0 KBTotal buffer memory : 5100 KBTotal cached memory : 464040 KB------------------ interfaces --------------------Interface type: FastEthernet Slot: 0 Port: 0Type:EthernetEthernet address:00:05:32:02:DD:74Internet address:172.16.5.234Broadcast address:172.16.5.255Netmask:255.255.255.0Maximum Transfer Unit Size:1500Metric:1Packets Received: 513241Input Errors: 0Input Packets Dropped: 0Input Packets Overruns: 0Input Packets Frames: 0Packet Sent: 153970Output Errors: 0Output Packets Dropped: 0Output Packets Overruns: 0Output Packets Carrier: 0Output Queue Length:100Collisions: 0Interrupts:9Flags:UP BROADCAST RUNNING MULTICASTMode:autoselect, full-duplex, 100baseTXThe following types of information are available when using the streaming option with the show tech-support command.
General Information
You can access the following general information when you enter the show tech-support command:
•
•
•
•
•
•
•
•
•
•
•
Information Common to WMT and RTSP
Information that is common to both WMT and RTSP are as follows:
•
•
•
•
Information Specific to WMT
Information that is specific to WMT is as follows:
•
Information Specific to RTSP
Information that is specific to RTSP is as follows:
•
•
•
•
show telnet
To display the Telnet services configuration, use the show telnet EXEC command.
show telnet
Syntax Description
This command has no arguments or keywords.
Defaults
Enabled
Command Modes
EXEC
Examples
The following example displays the Telnet service details:
ContentEngine# show telnettelnet service is enabledRelated Commands
exec-timeout
telnet enableshow tftp-server
To display the Trivial File Transfer Protocol (TFTP) server directory, use the show tftp-server EXEC command.
show tftp-server
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Table 2-163 describes the fields shown in the show tftp-server display.
Related Commands
tftp-server
show transaction-logging
To display the transaction log configuration settings and a list of archived transaction log files, use the show transaction-logging EXEC command.
show transaction-logging
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
To display information about the current configuration of transaction logging on a Content Engine, use the show transaction-log or show transaction-logging EXEC commands. Both of these EXEC commands display the same output. Transaction log file information is displayed for HTTP and WMT caching proxy transactions and TFTP and ICAP transactions.
Note
Examples
The following example displays information about the current configuration of transaction logging on a Content Engine:
ContentEngine# show transaction-loggingTransaction log configuration:---------------------------------------Logging is enabled.End user identity is visible.File markers are disabled.Archive interval: every-day every 1 hourMaximum size of archive file: 2000000 KBLog File format is squid.Windows domain is not logged with the authenticated usernameExporting files to ftp servers is disabled.File compression is disabled.Export interval: every-day every 1 hourHTTP Caching Proxy logging to remote syslog host is disabled.Remote syslog host is not configured.Facility is the default "*" which is "user".Log HTTP request authentication failures with auth server to remote syslog host.HTTP Caching Proxy Transaction Log File InfoWorking Log file - None existingWMT MMS Caching Proxy/Server Transaction Log File InfoWorking Log file - size : 584age: 3449567Archive Log file - mms_export_10.1.1.21_20040805_160226 size: 584Archive Log file - mms_export_10.1.1.21_20040803_155410 size: 584Translog directory doesn't exist. Maybe because /local1 has no sysfs mounted.Translog directory doesn't exist. Maybe because /local1 has no sysfs mounted.A&D Transaction Log File InfoWorking Log file - size : 138age: 98065Archive Log file - acqdist_10.1.1.21_20040814_080005 size: 425249Archive Log file - acqdist_10.1.1.21_20040814_090020 size: 248744Archive Log file - acqdist_10.1.1.21_20040814_100001 size: 402181Archive Log file - acqdist_10.1.1.21_20040814_110006 size: 494790Archive Log file - acqdist_10.1.1.21_20040814_120000 size: 402Archive Log file - acqdist_10.1.1.21_20040814_120001 size: 232137Archive Log file - acqdist_10.1.1.21_20040814_130001 size: 32752Archive Log file - acqdist_10.1.1.21_20040814_140020 size: 243Archive Log file - acqdist_10.1.1.21_20040815_120022 size: 356Archive Log file - acqdist_10.1.1.21_20040820_110032 size: 248Archive Log file - acqdist_10.1.1.21_20040820_120015 size: 1946Archive Log file - acqdist_10.1.1.21_20040902_150040 size: 1306338Archive Log file - acqdist_10.1.1.21_20040903_180000 size: 388Archive Log file - acqdist_10.1.1.21_20040903_180001 size: 1352868Archive Log file - acqdist_10.1.1.21_20040903_190017 size: 466Archive Log file - acqdist_10.1.1.21_20040913_110048 size: 138Translog directory doesn't exist. Maybe because /local1 has no sysfs mounted.Real Proxy Transaction Log File InfoWorking Log file - None existingCisco Streaming Engine Transaction Log File InfoWorking Log file - size : 923age: 3622854Archive Log file - cseaccess.log size: 923Archive Log file - cseaccess.040517000.log size: 1785Archive Log file - cseaccess.040524000.log size: 1153Archive Log file - cseaccess.040531000.log size: 693Archive Log file - cseaccess.040607000.log size: 923Archive Log file - cseaccess.040614000.log size: 865Archive Log file - cseaccess.040621000.log size: 1325Archive Log file - cseaccess.040628000.log size: 1324Archive Log file - cseaccess.040705000.log size: 865Archive Log file - cseaccess.040712000.log size: 923Archive Log file - cseaccess.040719000.log size: 981Archive Log file - cseaccess.040727000.log size: 1268TV-out Transaction Log File InfoWorking Log file - size : 48age: 3449566Archive Log file - tvout_10.1.1.21_20040805_160227 size: 48Archive Log file - tvout_10.1.1.21_20040803_155411 size: 48CIFS (Windows File Sharing) Transaction Log File InfoWorking Log file - size : 58age: 3449566Archive Log file - cifs_server_10.1.1.21_20040803_155411 size: 58Archive Log file - cifs_server_10.1.1.21_20040805_160227 size: 58TFTP Transaction Log File InfoWorking Log file - size : 88age: 3449566Archive Log file - tftp_server_10.1.1.21_20040803_155411 size: 88Archive Log file - tftp_server_10.1.1.21_20040805_160227 size: 88ICAP Transaction Log File InfoWorking Log file - size : 61age: 3449566Archive Log file - icap_10.1.1.21_20040803_155411 size: 61Archive Log file - icap_10.1.1.21_20040805_160227 size: 61ContentEngine#Related Commands
clear statistics transaction-logs
clear transaction-logs
show statistics transaction-logs
transaction-log force
transaction-logsshow tvout
To display TV-out information, use the show tvout EXEC command.
show tvout
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
In the ACNS 5.2 software and later releases, the output of the show tvout EXEC command also notifies you if the Content Engine is running a version of the ACNS software that does not support the TV-out hardware contained in the Content Engine. In the following excerpt of the sample output from the show tvout command, this particular information is highlighted in bold:
Content Engine # show tvout...TV-out model: ce565-002 (sigma)[***Hardware revision level not supported in this version of software***]TV-out service is not enabledTV-out signal: ntscTV-out service is not running...Examples
The following example shows the output of the show tvout EXEC command:
ContentEngine# show tvoutTV-out model:ce560-AV-001TV-out service is enabledTV-out signal:ntscRelated Commands
show running-config
show statistics tvout
tvoutshow url-filter
To display URL filter configuration information, use the show url-filter EXEC command.
show url-filter {http | rtsp | wmt}
Syntax Description
http
Displays URL filter configurations for HTTP.
rtsp
Displays URL filter configurations for RTSP.
wmt
Displays URL filter configurations for WMT.
Defaults
URL filtering is disabled by default.
Command Modes
EXEC
Examples
Table 2-164 describes the fields shown in the show url-filter http display.
Related Commands
clear statistics url-filter
debug url-filter
show statistics url-filter
url-filter
url-filter local-list-reloadshow user
To display user identification number and username information for a particular user, use the show user EXEC command.
show user {uid number | username name}
Syntax Description
uid
Displays the user's identification number.
number
Identification number (0-65535).
username
Displays the name of user.
name
Name of the user.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Table 2-165 describes the fields shown in the show user display.
Related Commands
clear users
show users
usershow users
To display users, use the show users EXEC command.
show users {administrative | request-authenticated}
Syntax Description
administrative
Lists users with administrative privileges.
request-authenticated
Lists users authenticated by an HTTP request.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
The following example displays the list of users with administrative privileges:
ContentEngine# show users administrativeUID USERNAME0 adminThe following example displays the list of users authenticated by HTTP requests:
ContentEngine# show users request-authenticatedUSERNAME MODEThe following example shows the output if no users are authenticated by HTTP request:
ContentEngine# show users request-authenticatedThere are no users authenticated by HTTP requestRelated Commands
clear users
show user
usershow version
To display version information about the Content Engine software, use the show version EXEC command.
show version
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Table 2-166 describes the fields shown in the show version display.
show wccp
To display WCCP information, use the show wccp EXEC command.
show wccp content-engines
show wccp flows {custom-web-cache | dns | ftp-native | https-cache | reverse-proxy | rtsp | service-number service_num | web-cache | wmt | wmt-rtspu} [summary]
show wccp gre
show wccp masks {custom-web-cache | dns | ftp-native | https-cache | reverse-proxy | rtsp | service-number service_num | web-cache | wmt | wmt-rtspu}
show wccp modules
show wccp port-list
show wccp routers
show wccp services [detail]
show wccp slowstart {custom-web-cache | dns | ftp-native | https-cache | reverse-proxy | rtsp | service-number service_num | web-cache | wmt | wmt-rtspu}
show wccp status
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
Use the show wccp services command to list all the services that are configured on the Content Engine.
Use the show wccp services detail command to display the details for a particular WCCP service.
Examples
Table 2-167 describes the fields shown in the show wccp gre command.
Table 2-168 describes the fields shown in the show wccp modules display.
Table 2-169 describes the fields in the show wccp routers display.
Related Commands
wccp
show websense-server
To display URL filtering statistics for the local Websense server, use the show websense-server EXEC command.
show websense-server
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
Table 2-169 describes the fields in the show websense-server display.
Related Commands
debug url-filter websense
show statistics url-filter http websense
show url-filter http
url-filter http websense
websense-servershow wmt
To display Windows Media Technologies (WMT) bandwidth, broadcast, multicast, and proxy mode configuration and license information, use the show wmt EXEC command. You can access the WMT diagnostic tools using the show wmt diagnostics EXEC command. If the license-agreement option is included in the command string, the full text of the WMT license agreement is displayed.
show wmt [bandwidth [incoming bypass-list] | broadcast | detail | diagnostics {header-info {stream-file word | nsc-file .nsc-filename} | network-trace word} http allow extension | license-agreement | multicast | proxy]
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
In the ACNS 5.3 software and later releases, you can access the following three WMT diagnostic tools through the Content Engine CLI:
•
•
•
The mmsdig tool does not currently support decoding for the RTSP, RTP, and RTCP protocols. In the ACNS 5.3 software, RTSP support for Windows Media 9 clients and servers was added.
Examples
The following example shows sample output of the show wmt diagnostics header-info stream-file EXEC command. In this example, this command is used to display the headers of a .wmv file named 256.wmv. Annotations about this sample command output are highlighted in boldface text and enclosed within parentheses.
ContentEngine# show wmt diagnostics header-info stream-file 256.wmvDescription object:VBR info object (2 streams) (VBR: variable bit rate file)streamid 1 bitrate 34319 (0000860f) (in this file there are 2 bit rates)streamid 2 bitrate 195798 (0002fcd6)Global properties object:GUID = f9 dd df 7e 6c 80 85 46 83 3c c1 23 4b 2f 4f 6b (object ID)File Size = 8104309 (object size)Total Packets = 2816 (total number of data packets)Time_mkin = 0x0000000001c0debcTime_mkout = 0x00000000a9e1af60Send duration = 2817510000 (Specifies the time needed to send the file in 100-nanosecond units)Broadcast Flag = 0Seekable Flag = 1Minimum Packet Size = 2877 (Specifies the minimum data packet size in bytes)Max Packet Size = 2877 (Specifies the maximum data packet size in bytes)Max Bitrate = 230117 (Specifies the maximum instantaneous bit rate in bits per second for the entire file)Unknown object:uuid: b5 3 bf 5f 2e a9 cf 11 8e e3 0 c0 c 20 53 65 len: 0x1600000000: 11 d2 d3 ab ba a9 cf 11 8e e6 00 c0 0c 20 53 6500000010: 06 00 00 00 00 00Extended Content Description Object (two entries):WMFSDKVersion (unicode) 7.00.00.1956WMFSDKNeeded (unicode) 0.0.0.0000Codec description object (2 streams) (audio and video codec information)Type = 0x2Description = Windows Media Audio V732 kbps, 32 kHz, stereoID = 61 01Type = 0x1Description = Windows Media Video V7ID = 57 4d 56 31Index:Index #0Interval = 10000000Max_pkt# = 9Entry = 286Stream ID = 0The following example shows an excerpt of sample output from the show wmt diagnostics header-info nsc-file EXEC command. In this example, this command is used to display the headers of the .nsc file named testmcast.nsc. Annotations about this sample command output are highlighted in boldface text and enclosed within parentheses.
ContentEngine# show wmt diagnostics header-info nsc-file testmcast.nscPress Ctrl-C to abort, if no information is shown within 30 secs.[Address]Time To Live=0x00000005 (ttl)IP Address=233.33.33.33 (Multicast address is configured.)IP Port=0x00000D10 (Multicast port is configured.)Delivery Mode=0x00000002NSC Format Version=3.0 (version of NSC format)[Description]Description=Auto Archive=0x00000000Format1 id 4d2Description1=http://128.107.192.4:8080 (Source of the media stream, for example, the WMT server/encoder)header information:output_head() startingDescription object:clip: WMT Live testing (title of the stream, configured on the WMT server/encoder)author: John Doe (author of the stream, configured on the WMT server/encoder)VBR info object (2 streams)streamid 1 bitrate 34995 (000088b3)streamid 2 bitrate 253711 (0003df0f)Global properties object:GUID = 33 36 59 e6 6a 7d 4e 49 99 5e cf 71 39 b9 61 54 (guid: unique identifier of this stream)File Size = 2810 (size in bytes)Total Packets = 4294967295Time_mkin = 0x0000000001c4de45Time_mkout = 0x0000000000000000Send duration = 0Broadcast Flag = 1Seekable Flag = 0Minimum Packet Size = 1444Max Packet Size = 1444Max Bitrate = 288706Unknown object:uuid: b5 3 bf 5f 2e a9 cf 11 8e e3 0 c0 c 20 53 65 len: 0x70700000000: 11 d2 d3 ab ba a9 cf 11 8e e6 00 c0 0c 20 53 6500000010: 06 00 f1 06 00 00 a9 46 43 7c e0 ef fc 4b b2 2900000020: 39 3e de 41 5c 85 27 00 00 00 00 00 00 00 01 0000000030: 0c 65 00 6e 00 2d 00 75 00 73 00 00 00 cb a5 e600000040: 14 72 c6 32 43 83 99 a9 69 52 06 5b 5a 58 00 0000000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000000060: 00 00 00 00 00 00 7d 00 00 88 13 00 00 00 00 0000000070: 00 00 7d 00 00 88 13 00 00 00 00 00 00 00 03 0000000080: 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 0000000090: 00 00 00 00 00 cb a5 e6 14 72 c6 32 43 83 99 a9000000a0: 69 52 06 5b 5a 6e 00 00 00 00 00 00 00 00 00 00000000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 68 ad 03000000c0: 00 88 13 00 00 00 00 00 00 68 ad 03 00 88 13 00000000d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00000000e0: 00 63 17 05 00 00 00 00 00 00 00 01 00 50 94 bd000000f0: c6 7f 86 07 49 83 a3 c7 79 21 b7 33 ad 02 00 0000000100: 00 00 00 5d 8b f1 26 84 45 ec 47 9f 5f 0e 65 1f00000120: c5 af 5b 77 48 84 67 aa 8c 44 fa 4c ca e0 00 0000000130: 00 00 00 00 00 04 00 00 00 01 00 0c 00 02 00 0200000140: 00 00 00 49 00 73 00 56 00 42 00 52 00 00 00 0000000150: 00 00 00 01 00 34 00 00 00 06 00 00 00 44 00 6500000160: 00 76 00 69 00 63 00 65 00 43 00 6f 00 6e 00 6600000170: 00 6f 00 72 00 6d 00 61 00 6e 00 63 00 65 00 5400000180: 00 65 00 6d 00 70 00 6c 00 61 00 74 00 65 00 0000000190: 00 4c 00 32 00 00 00 00 00 02 00 0c 00 02 00 02000001a0: 00 00 00 49 00 73 00 56 00 42 00 52 00 00 00 00000001b0: 00 00 00 02 00 34 00 00 00 0c 00 00 00 44 00 65000001c0: 00 76 00 69 00 63 00 65 00 43 00 6f 00 6e 00 66000001d0: 00 6f 00 72 00 6d 00 61 00 6e 00 63 00 65 00 54000001e0: 00 65 00 6d 00 70 00 6c 00 61 00 74 00 65 00 00000001f0: 00 4d 00 50 00 40 00 4c 00 4c 00 00 00 74 d4 0600000200: 18 df ca 09 45 a4 ba 9a ab cb 96 aa e8 0a 05 0000000210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00...000006e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000006f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000000700: 00 00 00 00 00 00 00Extended Content Description Object (3 entries):WMFSDKVersion (unicode) 9.00.00.2980WMFSDKNeeded (unicode) 0.0.0.0000IsVBR (bool) 0Codec description object (2 streams)Type = 0x2Description = Windows Media Audio 932 kbps, 32 kHz, stereo (A/V) 1-pass CBRID = 61 01Type = 0x1Description = Windows Media Video 9ID = 57 4d 56 33Multicast object (len 0x18):00000000: 50 0f 1d 54 4b 5b cf 11 a8 fd 00 80 5f 5c 44 2b00000010: 04 00 00 00 0a 00 00 00ContentEngine#Some of the fields are common between the command output from the show wmt diagnostics header-info stream-file and show wmt diagnostics header-info nsc-file EXEC commands.
The following example shows the the WMT server configurations, the WMT HTTP configurations, and the WMT proxy configurations for the Content Engine. In the ACNS 5.3 software and later releases, the output of the show wmt and show wmt detail commands is identical.
ContentEngine# show wmt--------- WMT Server Configurations -----------------WMT golden license key installedWMT outgoing bandwidth limit enforced: 250000 Kbits/secWMT end user license agreement acceptedWMT is enabledWMT disallowed client protocols: noneWMT outgoing bandwidth configured is 250000 Kbits/secWMT incoming bandwidth configured is 250000 Kbits/secWMT max sessions configured: 3568WMT max sessions platform limit: 3568WMT max sessions enforced: 3568 sessionsWMT max outgoing bit rate allowed per stream has no limitWMT max incoming bit rate allowed per stream has no limitWMT cache is enabledWMT cache max-obj-size: 1024 MBWMT debug level: 0WMT L4 switch is not enabledWMT debug client ip not setWMT debug server ip not setWMT/REAL cache space partition: wmt 70%, real 30%WMT Stripping ? from Live URL is not enabledWMT accelerate live-split is enabledWMT accelerate proxy-cache is enabledWMT accelerate VOD is enabledWMT fast-start is enabledWMT fast-start max. bandwidth per player is 3500 (Kbps)WMT fast-cache is enabledWMT fast-cache acceleration factor is 5WMT maximum data packet MTU (TCP) enforced is 1472 bytesWMT maximum data packet MTU (UDP) is 1500 bytesWMT client idle timeout is 60 secondsWMT forward logs is enabledWMT server inactivity-timeout is 65535WMT Transaction Log format is Windows Media Services 9.0 logging and CE specificinformationRTSP Gateway incoming port 554RTSP Gateway L4-switch not enabledRTSP Gateway Transparent Interception (WCCP):Configured on port: 554--------- WMT HTTP Configurations -------------------WMT http extensions allowed:asf none nsc wma wmv nsclog--------- WMT Proxy Configurations ------------------Outgoing Proxy-Mode:--------------------MMS-over-HTTP Proxy-Mode:is not configured.RTSP Proxy-Mode:is not configured.ContentEngine#The following example displays the current WMT proxy configuration for a Content Engine. In the ACNS 5.3 software, the command output was modified to include configuration information about the new WMT RTSP proxy server that can now be enabled on a Content Engine that is acting as a Windows Media 9 server.
ContentEngine# show wmt proxyOutgoing Proxy-Mode:--------------------MMS-over-HTTP Proxy-Mode:is not configured.RTSP Proxy-Mode:is not configured.The following example displays the WMT bandwidth settings configured on a Content Engine:
CE-590# show wmt bandwidthOutgoing bandwidth limit enforced 168000 kbpsOutgoing bandwidth configured 168000 kbpsIncoming bandwidth configured 50000 kbpsThe following example shows an excerpt of sample output from the show wmt license-agreement command:
CE-590# show wmt license-agreementEND USER LICENSEPLEASE READ THE LICENSE AGREEMENT AND ACCEPT BY ENTERING THE FOLLOWINGCLI CONFIGURATION COMMAND: wmt accept-license-agreementEND USER LICENSE AND SOFTWARE WARRANTYSoftware LicensePLEASE READ THIS SOFTWARE LICENSE CAREFULLY BEFORE DOWNLOADING,INSTALLING OR USING CISCO OR CISCO-SUPPLIED SOFTWARE.BY DOWNLOADING OR INSTALLING THE SOFTWARE, OR USING THE EQUIPMENT THATCONTAINS THIS SOFTWARE, YOU ARE CONSENTING TO BE BOUND BY THIS LICENSE.IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS LICENSE, THEN (A) DO NOTDOWNLOAD, INSTALL OR USE THE SOFTWARE, AND (B) YOU MAY RETURN THESOFTWARE FOR A FULL REFUND, OR, IF THE SOFTWARE IS SUPPLIED AS PART OFANOTHER PRODUCT, YOU MAY RETURN THE ENTIRE PRODUCT FOR A FULL REFUND.YOUR RIGHT TO RETURN AND REFUND EXPIRES 30 DAYS AFTER PURCHASE FROMCISCO OR AN AUTHORIZED CISCO RESELLER, AND APPLIES ONLY IF YOU ARE THEORIGINAL PURCHASER.The following terms govern your use of the Software except to the extenta particular program (a) is the subject of a separate written agreementwith Cisco or (b) includes a separate click-on license agreement as partof the installation and/or download process. To the extent of a conflictbetween the provisions of the foregoing documents, the order ofprecedence shall be (1) the written agreement, (2) the click-onagreement, and (3) this Software License....Related Commands
clear statistics wmt
show statistics wmt
wmtshutdown (interface configuration)
To shut down a specific hardware interface, use the shutdown interface configuration command. To restore an interface to operation, use the no form of this command.
shutdown
no shutdown
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
interface configuration
Usage Guidelines
See the "interface" section for alternative syntax.
Examples
The following example shows how to shut down an interface configured on a Content Engine:
ContentEngine(config-if)# shutdownRelated Commands
interface
show interface
show running-config
show startup-configshutdown (EXEC)
To shut down the Content Engine, Content Router, Content Distribution Manager, or Cisco IP/TV Program Manager, use the shutdown EXEC command.
shutdown [poweroff]
Syntax Description
Defaults
No default behavior or values
Command Modes
EXEC
Usage Guidelines
A controlled shutdown refers to the process of properly shutting down a Content Engine without turning off the power on the device. With a controlled shutdown, all of the application activities and the operating system are properly stopped on a Content Engine but the power is still on. Controlled shutdowns of a Content Engine can help you minimize the downtime when the Content Engine is being serviced.
The shutdown EXEC command enables you to shut down and optionally power off a Content Engine:
•
•
Caution
Note
The shutdown EXEC command facilitates a proper shutdown for Content Engines, Content Routers, Content Distribution Managers, and Cisco IP/TV Program Managers. Where the shutdown command is supported on all content networking hardware models, the shutdown poweroff command is supported only on those models that support ACPI. The following content networking hardware models support the shutdown poweroff command:
•
•
•
•
•
•
•
•
•
•
•
•
•
The shutdown command closes all applications and stops all system activities but keeps the power on. The fans continue to run and the power LED is on, indicating that the device is still powered on. When you enter the shutdown command, you are prompted to save your configuration changes, if any, and the Content Engine waits for the maximum amount of time before shutdown if WCCP has been enabled on the Content Engine. The device console displays a menu after the shutdown process is completed. You need to log in to the Content Engine using console to display the following menu:
CONTENTENGINE# shutdownSystem configuration has been modified. Save?[yes]:yesDevice can not be powered on again through software after shutdown.Proceed with shutdown?[confirm]yesProceed with clean WCCP shutdown?[confirm]yesWaiting (1 seconds) for WCCP shutdown. Press ^C to skip shutdownnWCCP clean shutdown wait time exceededShutting down all services, will timeout in 15 minutes.shutdown in progress ..Halt requested by CLI@ttyS0...........Shutdown successCisco Content Engine ConsoleUsername: adminPassword:================= SHUTDOWN SHELL =================System has been shut down.You can eitherPower down system by pressing and holding power buttonor1. Reload system through software2. Power down system through softwarePlease select [1-2]:The shutdown poweroff command closes all applications and the operating system, stops all system activities, and turns off the power. The fans stop running and the power LED starts flashing, indicating that the device has been powered off.
Note
Table 2-171 describes the shutdown-only operation and the shutdown power-off operation for Content Engines.
You can enter the shutdown EXEC command from a console session or from a remote session (Telnet or SSH version 1 or SSH version 2) to perform a shutdown on a Content Engine.
To perform a shutdown on a Content Engine, enter the shutdown EXEC command as follows:
ContentEngine# shutdownWhen you are asked if you want to save the system configuration, enter yes as follows:
System configuration has been modified. Save?[yes]:yesWhen you are asked if you want to proceed with the shutdown, press Enter to proceed with the shutdown operation as follows:
Device can not be powered on again through software after shutdown.Proceed with shutdown?[confirm]The following message appears, reporting that all services are being shut down on this Content Engine:
Shutting down all services, will timeout in 15 minutes.
shutdown in progress ..System halted.After the system is shut down (the system has halted), an ACNS software shutdown shell displays the current state of the system (for example, "System has been shut down") on the console. You are asked whether you want to perform a software power off (the Power down system by software option), or if you want to reload the system through the software.
================= SHUTDOWN SHELL =================System has been shut down.You can eitherPower down system by pressing and holding power buttonor1. Reload system through software2. Power down system through softwareTo power down the Content Engine, press and hold the power button on the Content Engine, or use one of the following methods to perform a shutdown poweroff:
•
================= SHUTDOWN SHELL =================System has been shut down.You can eitherPower down system by pressing and holding power buttonor1. Reload system through software2. Power down system through software•
ContentEngine# shutdown poweroffWhen you are asked if you want to save the system configuration, enter yes as follows:
System configuration has been modified. Save?[yes]:yesWhen you are asked to confirm your decision, press Enter.
Device can not be powered on again through software after poweroff.Proceed with poweroff?[confirm]Shutting down all services, will timeout in 15 minutes.poweroff in progress ..Power down.Examples
The following example shows that the shutdown command is used to close all applications and stop all system activities:
ContentEngine1# shutdownSystem configuration has been modified. Save?[yes]:yesDevice can not be powered on again through software after shutdown.Proceed with shutdown?[confirm]Shutting down all services, will timeout in 15 minutes.shutdown in progress ..System halted.The following example shows that the shutdown poweroff command is used to close all applications, stop all system activities, and then turn off power to the Content Engine:
ContentEngine2# shutdown poweroffSystem configuration has been modified. Save?[yes]:yesDevice can not be powered on again through software after poweroff.Proceed with poweroff?[confirm]Shutting down all services, will timeout in 15 minutes.poweroff in progress ..Power down.snmp-server access-list
To configure a standard access control list to allow access through an SNMP agent, use the snmp-server access-list global configuration command. To remove a standard access control list, use the no form of this command.
snmp-server access-list {std-acl-num | std-acl-name}
no snmp-server access-list {std-acl-num | std-acl-name}
Syntax Description
Defaults
No default behavior or values
Command Modes
global configuration
Usage Guidelines
The snmp-server access-list std-acl-num global configuration command configures an access control list to allow access to an SNMP agent. The std-acl-num variable is a number in the range 1 to 99, indicating a standard access control list. SNMP checks against the specified access control list before accepting or dropping incoming packets.
You can enable SNMP applications to be attached to a particular interface (such as management services to the private IP address space) so that the Content Engine can have one interface in the customer's IP address space that serves content, and another interface in a private IP address space that the administrator uses for management purposes. This setting ensures that clients can access the Content Engine only in the public IP address space for serving content and not access it for management purposes. A device attempting to access one of these applications associated with an access control list (ACL) must be on the list of trusted devices to be allowed access.
See the Cisco ACNS Software Configuration Guide for Locally Managed Deployments, for a description on how to use standard IP ACLs to control access to the SNMP agent on a Content Engine.
Examples
The following example allows the SNMP agent to check against access control list 12 before accepting or dropping packets:
ContentEngine(config)# snmp-server access-list 12
Note
Related Commands
ip access-list
show running-configurationsnmp-server community
To enable the SNMP agent and set up the community access string to permit access to the SNMP agent, use the snmp-server community global configuration command. Use the no form of this command to disable the SNMP agent and to remove the previously configured community string.
snmp-server community string [group groupname | rw]
no snmp-server community string [group groupname | rw]
Syntax Description
Defaults
The SNMP agent is disabled and a community string is not configured. When configured, an SNMP community string by default permits read-only access to all objects.
Usage Guidelines
The SNMP community string is used as a password for authentication when accessing the SNMP agent on the Content Engine. To be authenticated, the Community Name field of any SNMP message sent to the Content Engine must match the SNMP community string defined on the Content Engine.
The SNMP agent on the Content Engine is enabled when an SNMP community string is defined on the Content Engine. The maximum number of SNMP communities that can be created is 10.
The snmp-server community string global configuration command provides view-based access control for SNMPv1, SNMPv2c, and SNMPv3 but also continues to provide backward compatibility between different versions.
Tip
In the ACNS 5.x software prior to the ACNS 5.1 software release, the snmp-server community string global configuration command did not have an option to create a community string that allows SNMP messages to execute a set operation on a MIB object. A rw option has been introduced for this purpose. Also, the previous version of the SNMP agent did not provide selective access control to MIB objects. Access to any MIB object was denied or granted based on authentication of the SNMP community string.
With the introduction of view-based access control, it is now possible to configure a community string that grants access to only part of the MIB subtree. To provide backward compatibility with the previous version of this command, a default read group or default write group (if the rw option is specified on the command line) is associated with the community string if no group name is specified. Both of these default groups are hidden from users, are not displayed in the configuration file or in the show snmp group EXEC command, and are created during initialization of the SNMP agent.
Command Modes
global configuration
Examples
The following example enables the SNMP agent and assigns the community string comaccess to SNMP:
ContentEngine(config)# snmp-server community comaccessThe following example disables the SNMP agent and removes the previously defined community string:
ContentEngine(config)# no snmp-server communityRelated Commands
show snmp
snmp-server contact
snmp-server enable traps
snmp-server group
snmp-server host
snmp-server location
snmp-server mib
snmp-server notify
snmp-server user
snmp-server viewsnmp-server contact
To set the system server contact (sysContact) string, use the snmp-server contact global configuration command. To remove the system contact information, use the no form of this command.
snmp-server contact line
no snmp-server contact
Syntax Description
contact
Specifies text for MIB-II object sysContact.
line
Identification of the contact person for this managed node.
Command Modes
global configuration
Defaults
No system contact string is set.
Usage Guidelines
The system contact string is the value stored in the MIB-II system group sysContact object.
Examples
The following example shows how to configure a system contact string:
ContentEngine(config)# snmp-server contact Dial System Operator at beeper # 27345The following example resets the system contact string:
ContentEngine(config)# no snmp-server contactRelated Commands
show snmp
snmp-server community
snmp-server enable traps
snmp-server group
snmp-server host
snmp-server location
snmp-server mib
snmp-server notify
snmp-server user
snmp-server viewsnmp-server enable traps
To enable the Content Engine to send SNMP traps, use the snmp-server enable traps global configuration command. To disable all SNMP traps or only SNMP authentication traps, use the no form of this command.
snmp-server enable traps [alarm [clear-critical | clear-major | clear-minor | raise-critical | raise-major | raise-minor] | config | content-engine [disk-fail | disk-read | disk-write | overload-bypass | transaction-log] | entity | event | snmp [authentication | cold-start]]
no snmp-server enable traps [alarm [clear-critical | clear-major | clear-minor | raise-critical | raise-major | raise-minor] | config | content-engine [disk-fail | disk-read | disk-write | overload-bypass | transaction-log] | entity | event | snmp [authentication | cold-start]]
Syntax Description
Defaults
This command is disabled by default. No traps are enabled.
Command Modes
global configuration
Usage Guidelines
You can configure a Content Engine to generate an SNMP trap for a specific alarm condition. You can configure the generation of SNMP alarm traps on Content Engines based on the following:
•
•
The ACNS 5.3 software and later releases support six generic alarm traps. These six general alarm traps provide SNMP and Node Health Manager integration. Each trap can be enabled or disabled through the Content Engine CLI.
Note
SNMP notifications can be sent as traps or inform requests. The snmp-server enable traps command enables both traps and inform requests for the specified notification types.
To configure traps, you must enter the snmp-server enable traps command. If you do not enter the snmp-server enable traps command, no traps are sent.
If you do not enter an snmp-server enable traps command, no notifications controlled by this command are sent. In order to configure the Content Engine to send these SNMP notifications, you must enter at least one snmp-server enable traps command. If you enter the command with no keywords, all notification types are enabled. If you enter the command with a keyword, only the notification type related to that keyword is enabled. In order to enable multiple types of notifications, you must enter a separate snmp-server enable traps command for each notification type and notification option.
The snmp-server enable traps command is used with the snmp-server host command. Use the snmp-server host command to specify which host or hosts receive SNMP traps. To send traps, you must configure at least one host using the snmp-server host command.
For a host to receive a trap, you must enable both the snmp-server enable traps command and the snmp-server host command for that host.
In addition, you must enable SNMP with the snmp-server community command.
To disable the sending of the MIB-II SNMP authentication trap, you must enter the no snmp-server enable traps snmp authentication command.
Examples
The following example enables the Content Engine to send all traps to the host 172.31.2.160 using the community string public:
ContentEngine(config)# snmp-server enable trapsContentEngine(config)# snmp-server host 172.31.2.160 publicThe following example disables all traps:
ContentEngine(config)# no snmp-server enable trapsRelated Commands
show snmp
snmp-server access-list
snmp-server community
snmp-server contact
snmp-server group
snmp-server host
snmp-server location
snmp-server mib
snmp-server notify
snmp-server user
snmp-server viewsnmp-server group
To define a user security model group, use the snmp-server group global configuration command. To remove the specified group, use the no form of this command.
snmp-server group name {v1 [notify name] [read name] [write name] | v2c [notify name] [read name] [write name] | v3 {auth [notify name] [read name] [write name] | noauth [notify name] [read name] [write name] | priv [notify name] [read name] [write name]}}
no snmp-server group name {v1 [notify name] [read name] [write name] | v2c [notify name] [read name] [write name] | v3 {auth [notify name] [read name] [write name] | noauth [notify name] [read name] [write name] | priv [notify name] [read name] [write name]}}
Syntax Description
Defaults
The default is that no user security model group is defined.
Command Modes
global configuration
Usage Guidelines
The maximum number of SNMP groups that can be created is 10.
Select one of three SNMP security model groups: Version 1 (v1) Security Model, Version 2c (v2c) Security Model, or the User Security Model (v3 or SNMPv3). Optionally, you then specify a notify, read, or write view for the group for the particular security model chosen. The v3 option allows you to specify the group using one of three security levels: auth (AuthNoPriv Security Level), noauth (noAuthNoPriv Security Level), or priv (AuthPriv Security Level).
The ACNS 5.x software supports the following versions of SNMP:
•
•
•
SNMP Security Models and Security Levels
SNMPv1 and SNMPv2c do not have any security (authentication or privacy) mechanisms to keep SNMP packet traffic on the wire confidential. As a result, packets on the wire can be detected and SNMP community strings can be compromised.
To solve the security shortcomings of SNMPv1 and SNMPv2c, SNMPv3 provides secure access to Content Engines by authenticating and encrypting packets over the network. The SNMP agent in the ACNS 5.x software supports SNMPv3, SNMPv1, and SNMPv2c.
Note
Using SNMPv3, users can securely collect management information from their SNMP agents. Also, confidential information, such as SNMP set packets that change a Content Engine's configuration, can be encrypted to prevent their contents from being exposed on the wire. Also, the group-based administrative model allows different users to access the same SNMP agent with varying access privileges.
Examples
The following example configures the SNMP group name, security model, and notify view on the Content Engine:
ContentEngine(config)# snmp-server group acme v1 notify mymibRelated Commands
show snmp
snmp-server access-list
snmp-server community
snmp-server contact
snmp-server enable traps
snmp-server host
snmp-server location
snmp-server mib
snmp-server notify
snmp-server user
snmp-server viewsnmp-server host
To specify the recipient of a host SNMP trap operation, use the snmp-server host global configuration command. To remove the specified host, use the no form of this command.
snmp-server host {hostname | ip-address} communitystring [v2c [retry number] [timeout seconds] | [v3 {auth [retry number] [timeout seconds] | noauth [retry number] [timeout seconds] | priv [retry number] [timeout seconds]}]
no snmp-server host {hostname | ip-address} [v2c [retry number] [timeout seconds] | [v3 {auth [retry number] [timeout seconds] | noauth [retry number] [timeout seconds] | priv [retry number] [timeout seconds]}| communitystring]
Syntax Description
Defaults
This command is disabled by default. No traps are sent. The version of the SNMP protocol used to send the traps is SNMP Version 1.
retry number: 2 retries.
timeout: 15 seconds.
Command Modes
global configuration
Usage Guidelines
SNMP notifications can be sent as traps or inform requests. Traps are unreliable because the receiver does not send acknowledgments when it receives traps. The sender cannot determine if the traps were received. However, an SNMP entity that receives an inform request acknowledges the message with an SNMP response PDU. If the sender never receives the response, the inform request can be sent again. Informs are more likely to reach their intended destination.
However, informs consume more resources in the agent and in the network. Unlike a trap, which is discarded as soon as it is sent, an inform request must be held in the memory until a response is received or the request times out. Also, traps are sent only once, while an inform may be retried several times. The retries increase traffic and contribute to a higher overhead on the network.
If you do not enter an snmp-server host command, no notifications are sent. To configure the Content Engine to send SNMP notifications, you must enter at least one snmp-server host command. To enable multiple hosts, you must enter a separate snmp-server host command for each host. You can specify multiple notification types in the command for each host.
When multiple snmp-server host commands are given for the same host and kind of security model, each succeeding command overwrites the previous command. Only the last snmp-server host command will be in effect. For example, if you enter an snmp-server host v2c command for a host and then enter another snmp-server host v3 command for the same host, the second command will replace the first.
The maximum number of SNMP hosts that can be created by entering the snmp-server host commands is eight in the ACNS 5.2 software and later releases. However, you can configure only up to four hosts on a Content Engine running the ACNS 5.1.x software and earlier releases.
When multiple snmp-server host commands are given for the same host, the community string in the last command is used.
The snmp-server host command is used with the snmp-server enable command. Use the snmp-server enable command to specify which SNMP notifications are sent globally. For a host to receive most notifications, at least one snmp-server enable command and the snmp-server host command for that host must be enabled.
Note
Examples
The following example sends the SNMP traps defined in RFC 1157 to the host specified by the IP address 172.16.2.160. The community string is comaccess.
ContentEngine(config)# snmp-server enable trapsContentEngine(config)# snmp-server host 172.16.2.160 comaccessThe following example removes the host 172.16.2.160 from the SNMP trap recipient list:
ContentEngine(config)# no snmp-server host 172.16.2.160Related Commands
show snmp
snmp-server access-list
snmp-server community
snmp-server contact
snmp-server enable traps
snmp-server group
snmp-server location
snmp-server mib
snmp-server notify
snmp-server user
snmp-server viewsnmp-server location
To set the SNMP system location string, use the snmp-server location global configuration command. To remove the location string, use the no form of this command.
snmp-server location line
no snmp-server location
Syntax Description
location
Specifies the text for MIB-II object sysLocation.
line
String that describes the physical location of this node.
Defaults
No system location string is set.
Command Modes
global configuration
Usage Guidelines
The system location string is the value stored in the MIB-II system group system location object. You can see the system location string with the show snmp EXEC command.
Examples
The following example shows how to configure a system location string:
ContentEngine(config)# snmp-server location Building 3/Room 214Related Commands
show snmp
snmp-server access-list
snmp-server community
snmp-server contact
snmp-server enable traps
snmp-server group
snmp-server host
snmp-server mib
snmp-server notify
snmp-server user
snmp-server viewsnmp-server mib
To configure persistence for the SNMP Event MIB, use the snmp-server mib global configuration command. To disable the Event MIB, use the no form of this command.
snmp-server mib persist event
no snmp-server mib persist event
Syntax Description
Defaults
No default behavior or values
Command Modes
global configuration
Usage Guidelines
The Event MIB can set the threshold on any MIB variables supported by the ACNS 5.x software and store the threshold permanently on disk. The MIB persistence features allow the SNMP data of a MIB to be persistent across reloads; MIB information retains the same set object values each time that the Content Engine reboots.
You enable MIB persistence by using the snmp-server mib persist event command. Enter the write mib-data command to write the MIB data of all MIBs that have had persistence enabled using the snmp-server mib persist event command to a persistent partition on a disk storage. Any modified MIB data must be written to a persistent partition on a disk using the write mib-data command.
The ACNS 5.x software implementation of SNMP supports the following MIBs:
•
•
•
•
•
•
•
•
The EVENT-MIB can set the threshold on any MIB variables supported by the ACNS 5.x software and store the threshold permanently on disk. The HOST-RESOURCES-MIB provides statistics on system resources.
Note
In the ACNS 5.3 software release, the CISCO-CONTENT-ENGINE-MIB was modified to add support for WMT RTSP streaming for Windows Media 9 clients and servers (Windows Media 9 players and Windows Media 9 servers).
In the ACNS 5.2 software and later releases, there are six generic alarm traps in the CISCO-CONTENT-ENGINE-MIB for SNMP and Node Health Manager integration.For each 64-bit counter MIB object, a 32-bit counter MIB object is implemented so that SNMP clients using the SNMPv1 protocol can retrieve data associated with 64-bit counter MIB objects. The MIB objects of each of these groups are read-only:
•
•
•
In the ACNS 5.1.1 software and later releases, you can use IP access control lists (ACLs) to control SNMP access on a Content Engine.
You can download the MIB files for all of the MIBs that are supported by a Content Engine that is running the ACNS 5.x software from the following Cisco FTP site:
ftp://ftp.cisco.com/pub/mibs/v2
The MIB objects that are defined in each MIB are described in the MIB files at the above FTP site and are self explanatory.
Examples
The following example sets persistence for the Event MIB:
ContentEngine(config)# snmp-server mib persist eventRelated Commands
show snmp
snmp-server access-list
snmp-server community
snmp-server contact
snmp-server enable traps
snmp-server group
snmp-server host
snmp-server location
snmp-server notify
snmp-server user
snmp-server viewsnmp-server notify inform
To configure the SNMP notify inform request, use the snmp-server notify inform global configuration command. To return the setting to the default value, use the no form of this command.
snmp-server notify inform
no snmp-server notify inform
Syntax Description
This command has no arguments or keywords.
Defaults
If you do not enter the snmp-server notify inform command, the default is an SNMP trap request.
Command Modes
global configuration
Usage Guidelines
The snmp-server host command specifies which hosts will receive informs. The snmp-server enable traps command globally enables the production mechanism for the specified notifications (traps and informs).
In order for a host to receive an inform, you must enable the inform globally by entering the snmp-server notify inform command.
The SNMP inform requests feature allows Content Engines to send inform requests to SNMP managers. Content Engines can send notifications to SNMP managers when particular events occur. For example, an agent Content Engine might send a message to a manager when the agent Content Engine experiences an error condition.
SNMP notifications can be sent as traps or inform requests. Traps are unreliable because the receiver does not send any acknowledgment when it receives a trap. The sender cannot determine if the trap was received. However, an SNMP manager that receives an inform request acknowledges the message with an SNMP response protocol data unit (PDU). If the manager does not receive an inform request, it does not send a response. If the sender never receives a response, the inform request can be sent again. Informs are more likely to reach their intended destination.
Because they are more reliable, informs consume more resources in the Content Engine and in the network. Unlike a trap, which is discarded as soon as it is sent, an inform request must be held in the memory until a response is received or the request times out. Also, traps are sent only once, while an inform may be retried several times. The retries increase traffic and contribute to a higher overhead on the network. Traps and inform requests provide a trade-off between reliability and resources.
Tip
Examples
The following example configures the SNMP notify inform request on the Content Engine:
ContentEngine(config)# snmp-server notify informRelated Commands
show snmp
snmp-server access-list
snmp-server community
snmp-server contact
snmp-server enable traps
snmp-server group
snmp-server host
snmp-server location
snmp-server mib
snmp-server user
snmp-server viewsnmp-server user
To define a user who can access the SNMP server, use the snmp-server user global configuration command. To remove access, use the no form of this command.
snmp-server user name group [auth {md5 password [priv password] | sha password [priv password]} | remote octetstring [auth {md5 password [priv password] | sha password [priv password]}]]
no snmp-server user name group [auth {md5 password | sha password} [priv password] | remote octetstring [auth {md5 password | sha password} [priv password]]]
Syntax Description
Defaults
No default behavior or values
Command Modes
global configuration
Usage Guidelines
The maximum number of SNMP users that can be created is 10. Follow these guidelines when defining SNMP users for Content Engines:
•
•
Tip
Examples
The following example shows that an SNMPv3 user account is created on the Content Engine. The SNMPv3 user is named acme and belongs to the group named admin. Because this SNMP user account has been set up with no authentication password, the SNMP agent on the Content Engine does not perform authentication on SNMP requests from this user.
ContentEngine(config)# snmp-server user acme adminRelated Commands
show snmp
snmp-server access-list
snmp-server community
snmp-server contact
snmp-server enable
snmp-server group
snmp-server host
snmp-server location
snmp-server mib
snmp-server notify
snmp-server viewsnmp-server view
To define a Version 2 SNMP (SNMPv2) MIB view, use the snmp-server view global configuration command. To undefine the MIB view, use the no form of this command.
snmp-server view viewname MIBfamily {excluded | included}
no snmp-server view viewname MIBfamily [excluded | included]
Syntax Description
Defaults
No default behavior or values
Command Modes
global configuration
Usage Guidelines
An SNMP view is a mapping between SNMP objects and the access rights available for those objects. An object can have different access rights in each view. Access rights indicate whether the object is accessible by either a community string or a user. The snmp-server view command is used with the snmp-server group to limit the read-write access of MIB trees based on the group. Because the group can be associated with the SNMP community string or users, using the snmp-server view command extends the limit to users and community strings. If the view is not configured, read-write access to the community string applies to the MIB tree and all users (SNMPv3).
The maximum number of views that can be created is 10. You can configure the SNMP view settings only if you have previously configured the SNMP server settings.
To remove a view record, use the no snmp-server view command.
You can enter the snmp-server view command multiple times for the same view record. Later lines take precedence when an object identifier is included in two or more lines.
Examples
The following example shows how to configure the view name, family name, and view type:
Content Engine(config)# snmp-server view contentview ciscoContentEngineMIB includedThe following example creates a view that includes all objects in the MIB-II system group and all objects in the Cisco enterprise MIB:
Content Engine(config)# snmp-server phred system includedContent Engine(config)# snmp-server view phred cisco includedThe following example creates a view that includes all objects in the MIB-II system group except for sysServices (System 7) in the MIB-II interfaces group:
ContentEngine(config)# snmp-server view agon system includedContentEngine(config)# snmp-server view agon system.7 excludedRelated Commands
show snmp
snmp-server access-list
snmp-server community
snmp-server contact
snmp-server enable
snmp-server group
snmp-server host
snmp-server location
snmp-server mib
snmp-server notify
snmp-server userspeed
To set the Fibre Channel interface speed, use the speed interface configuration command. To reset the interface speed, use the no form of this command.
speed {1 | 2 | autosense}
no speed {1 | 2 | autosense}
Syntax Description
Defaults
No default behavior or values
Command Modes
interface configuration
Examples
The following example shows how to configure the speed of the Fibre Channel interface to 1 Gbps:
ContentEngine(config)# interface FibreChannel 0/1ContentEngine(config-if)# speed 1The following example shows how to configure the speed of the Fibre Channel interface to autosense:
ContentEngine(config)# interface FibreChannel 0/1ContentEngine(config-if)# speed autosenseRelated Commands
interface
show interface
show running-config
show startup-configsshd
To enable the Secure Shell (SSH) daemon, use the sshd global configuration command. To disable SSH, use the no form of this command.
sshd {enable | password-guesses number | timeout seconds | version {1 | 2}}
no sshd {enable | password-guesses | timeout | version {1 | 2}}
Syntax Description
Defaults
password-guesses number: 3 guesses.
timeout seconds: 300 seconds.
version: Both SSH version 1 and 2 are enabled.
Command Modes
global configuration
Usage Guidelines
SSH enables login access to the Content Engine through a secure and encrypted channel. SSH consists of a server and a client program. Like Telnet, you can use the client program to remotely log on to a machine that is running the SSH server, but unlike Telnet, messages transported between the client and the server are encrypted. The functionality of SSH includes user authentication, message encryption, and message authentication.
In the ACNS software 5.3 and later releases, when you enable the SSH server, the Secure File Transfer Protocol (SFTP) server is also enabled. The SFTP is a file transfer program that provides a secure and authenticated method for transferring files between ACNS devices and other workstations or clients.
Note
Before you enable the sshd command, use the ssh-key-generate command to generate a private and a public host key, which the client programs use to verify the server's identity.
Although the sshd password-guesses command specifies the number of allowable password guesses from the SSH server side, the actual number of password guesses for an SSH login session is determined by the combined number of allowable password guesses of the SSH server and the SSH client. Some SSH clients limit the maximum number of allowable password guesses to three (or to one in some cases), even though the SSH server side allows more than this number of guesses.
When you enter the sshd password-guesses command, specifying n allowable password guesses causes certain SSH clients to interpret this number as n+1. For example, when configuring the number of guesses to two by entering the sshd password-guesses 2 command for a particular device, SSH sessions from some SSH clients will allow three password guesses.
The sshd version global configuration command allows you to enable support for either SSH version 1 or SSH version 2. When you enable SSH using the sshd enable global configuration command, the ACNS software enables support for both SSH version 1 and SSH version 2 on the Content Engine. If you want the Content Engine to support only one version of SSH (for example SSH version 2), you must disable the other version (in this example, SSH version 1) by using the no sshd version 1 command.
When support for both SSH version 1 and SSH version 2 are enabled in the Content Engine, the show running-config EXEC command output does not display any sshd configuration. If you have disabled the support for one version of SSH, the show running-config EXEC command output contains the following line:
no sshd version version_number
Note
Examples
The following example shows how to enable the SSH daemon and configure the number of allowable password guesses and timeout for the Content Engine:
ContentEngine(config)# sshd enableContentEngine(config)# sshd password-guesses 4ContentEngine(config)# sshd timeout 20The following example disables the support for SSH version 1 in the Content Engine:
ContentEngine(config)# no sshd version 1Related Commands
ssh-key-generate
show sshssh-key-generate
To generate the Secure Shell (SSH) host key, use the ssh-key-generate global configuration command. To remove the SSH key, use the no form of this command.
ssh-key-generate [key-length length]
no ssh-key-generate [key-length length]
Syntax Description
key-length
(Optional) Configures the length of the SSH key.
length
Specifies the number of bits to create an SSH key (512-2048).
Defaults
key-length length: 1024 bits
Command Modes
global configuration
Usage Guidelines
Before you enable the sshd command, use the ssh-key-generate command to generate a private and a public host key, which the client programs use to verify a server's identity.
When a user runs an SSH client and logs in to the Content Engine, the public key for the SSH daemon running on the Content Engine is recorded in the client machine known_hosts file in the user's home directory. If the Content Engine administrator subsequently regenerates the host key by entering the ssh-key-generate command, the user must delete the old public key entry associated with the Content Engine in the known_hosts file before running the SSH client program to log in to the Content Engine. When the user runs the SSH client program after deleting the old entry, the known_hosts file is updated with the new SSH public key for the Content Engine.
Examples
The following example generates an SSH public key and then enables the SSH daemon:
ContentEngine(config)# ssh-key-generateSsh host key generated successfullySaving the host key to box ...Host key saved successfullyContentEngine(config)# sshd enableStarting ssh daemon ...Ssh daemon started successfullyRelated Commands
sshd
standby
To configure an interface to be a backup for another interface, use the standby interface configuration command. To restore the default configuration of the interface, use the no form of this command.
standby group_number {description text | errors max-errors | ip ip-address netmask | priority priority_level | shutdown}
no standby group_number {description text | errors max-errors | ip ip-address netmask | priority priority_level | shutdown}
Syntax Description
Defaults
There are no standby interfaces by default. The errors option is disabled by default.
Command Modes
interface configuration
Usage Guidelines
In the ACNS 5.2 software and later releases, you can configure one or more interfaces to act as a backup interface (a standby interface) for another interface on a Content Engine. This feature is called standby interface support. Standby groups, which are logical groups of interfaces, are used to implement this feature. When an active network interface fails (because of cable trouble, Layer 2 switch failure, high error count, or other failures) and that interface is part of a standby group, a standby interface can become active and take the load off the failed interface.
A standby group must have at least two interfaces. Interfaces that are part of a standby group are called member interfaces. After you create a standby group, you define which interfaces should be assigned to this logical group. As part of defining the member interfaces, you specify the priority of each member interface in a standby group. The member interface with the highest assigned priority is the active interface for that particular standby group. If the active interface fails, the operational member interface with the next highest priority in the standby group comes up, and so forth. If all member interfaces of a particular standby group are down and then one of the member interfaces comes up, the ACNS software detects this situation and brings up the standby group on the member interface that just came up.
In the ACNS 5.3 software and later releases, the failure or failover of member interfaces within a standby group triggers alarms and traps (if alarms and traps are enabled on the Content Engine). Alarms are sent out when failover occurs between member interfaces in a standby group. Specifically, minor alarms are sent out when member interfaces fail, and these alarms are cleared automatically when the interface failover has been successfully completed. Major alarms are sent out if the standby group goes down (no member interface in a standby group can be brought up.)
Note
This standby interface feature can also be used to support a redundant network that uses Layer 4 Cisco Content Services Switch [CSS] switches) to load balance requests to multiple Content Engines. The CSS switch supports active-standby configuration. If the active CSS switch fails, the standby CSS switch takes over all of the load. In such a case, the Content Engine detects this failure and starts serving the same IP address (shared IP address) on the standby network interface card (NIC), which preserves the existing TCP sessions (session-level redundancy). Session-level redundancy is only possible if the CSS switch can preserve sessions in a failure scenario. If the CSS switch loses the sessions, the session will be lost.
To configure standby interfaces, interfaces are logically assigned to standby groups. The following rules define the standby group relationships:
•
•
•
•
•
•
•
Note
•
•
•
•
Tip
Use the interface standby global configuration command to create standby groups on Content Engines. In the ACNS 5.3 software, the CLI syntax for configuring standby groups was changed to make it more similar to the port channel CLI syntax.
Note
Examples
The following example configures three Fast Ethernet interfaces to be part of the same standby group, with interface 3/0 as the active interface:
Console(config-if)# interface fastEthernet 3/0 standby 1 ip 172.16.10.10 255.255.254.0Console(config-if)# interface fastEthernet 3/1 standby 1 ip 172.16.10.10 255.255.254.0Console(config-if)# interface fastEthernet 3/2 standby 1 ip 172.16.10.10 255.255.254.0Console(config-if)# interface fastEthernet 3/0 standby 1 priority 300Console(config-if)# interface fastEthernet 3/1 standby 1 priority 200Console(config-if)# interface fastEthernet 3/2 standby 1 priority 100Console(config-if)# interface fastEthernet 3/0 standby 1 errors 10000Console(config-if)# interface fastEthernet 3/1 standby 1 errors 10000Console(config-if)# interface fastEthernet 3/2 standby 1 errors 10000The following example displays information about the standby group configuration by entering the show standby EXEC command. In the following sample command output, one standby group (Standby Group 1) is configured on this Content Engine. The command output also shows which member interface is the active interface. In this case, the active interface is the Fast Ethernet slot 3/port 0 interface.
ContentEngine# show standbyStandby Group:1IP address: 172.16.10.10, netmask: 255.255.254.0Maximum errors allowed on the active interface: 10000Member interfaces:FastEthernet 3/0 priority: 300FastEthernet 3/1 priority: 200FastEthernet 3/2 priority: 100Active interface: FastEthernet 3/0
Note
The following example creates a standby group, Standby Group 1:
ContentEngine# configureContentEngine(config)# interface standby 1ContentEngine(config-if)#The following example assigns a group IP address of 10.10.10.10 and a netmask of 255.0.0.0 to Standby Group 1. In the ACNS 5.3 software and later releases, you can configure a group IP address regardless of whether the standby group is shut down or not.
ContentEngine(config-if)# ip address 10.10.10.10 255.0.0.0ContentEngine(config-if)# errors 500The following example shows how to add two Fast Ethernet interfaces to Standby Group 1 and then assign each of these member interfaces a priority within the group:
a.
ContentEngine(config)# interface FastEthernet 0/0ContentEngine(config-if)# standby 1 priority 150b.
ContentEngine(config)# interface FastEthernet 0/1ContentEngine(config-if)# standby 1ContentEngine(config-if)# exitContentEngine(config)#Because Fast Ethernet 0/0 is assigned the highest priority (a priority number of 150) of all the member interfaces in the group, it will be chosen as the active interface for the group if it can be brought up.
The following example removes the Fast Ethernet slot 0/port 1 interface) from Standby Group 1 using the no form of the standby command:
ContentEngine(config)# interface FastEthernet 0/1ContentEngine(config-if)# no standby 1ContentEngine(config-if)# exitContentEngine(config)#The following example shows how to shut down Standby Group 1. When a standby group is shut down, all of the alarms previously raised by this standby group are cleared.
ContentEngine(config)# interface standby 1ContentEngine(config-if)# exitContentEngine(config)# exitThe following example shows how to tear down Standby Group 1:
ContentEngine(config)# interface standby 1ContentEngine(config-if)# no ip address 10.10.10.10 255.0.0.0Please remove member interface(s) from this standby group first.ContentEngine(config)# interface GigabitEthernet 2/0ContentEngine(config-if)# no standby 1ContentEngine(config-if)# exitContentEngine(config)# interface standby 1ContentEngine(config-if)# no ip address 10.10.10.10 255.0.0.0ContentEngine(config-if)# exitContentEngine(config)# no interface standby 1ContentEngine(config)# exitRelated Commands
interface
show interface
show running-config
show standby
show startup-configtacacs
To configure TACACS+ server parameters, use the tacacs command in global configuration mode. To disable individual options, use the no form of this command.
tacacs {enable | host {hostname | ip-address} [primary] | key keyword | password ascii | retransmit retries | timeout seconds}
no tacacs {enable | host {hostname | ip-address} [primary] | key | password ascii | retransmit | timeout}
Syntax Description
Defaults
keyword: none (empty string).
timeout seconds: 5.
retries: 2.
password: The default password type is PAP.
Command Modes
global configuration
Usage Guidelines
Using the tacacs command, configure the TACACS+ key, the number of retransmits, the server hostname or IP address, and the timeout.
You must execute the following two commands to enable user authentication with a TACACS+ server:
ContentEngine(config)# authentication login tacacs enableContentEngine(config)# authentication configuration tacacs enableYou must enable TACACS+ for HTTP request authentication as follows:
ContentEngine(config)# tacacs enableTACACS+ can be disabled but remain configured for user authentication with a TACACS+ server if you use the no option of the command as follows:
ContentEngine(config)# no tacacs enableHTTP request authentication is independent of user authentication options and must be disabled with the following separate commands:
ContentEngine(config)# no authentication login tacacs enableContentEngine(config)# no authentication configuration tacacs enableThe Users GUI page or the user global configuration commands provide a way to add, delete, or modify usernames, passwords, and access privileges in the local database. The TACACS+ remote database can also be used to maintain login and configuration privileges for administrative users. The tacacs host command or the TACACS+ Content Engine GUI page allows you to configure the network parameters required to access the remote database.
One primary and two backup TACACS+ servers can be configured; authentication is attempted on the primary server first and then on the others in the order in which they were configured. The primary server is the first server configured unless another server is explicitly specified as primary with the tacacs host hostname primary command.
Use the tacacs key command to specify the TACACS+ key that is used to encrypt the packets transmitted to the server. This key must be the same as the one specified on the server daemon. The maximum number of characters in the key should not exceed 99 printable ASCII characters (except tabs). An empty key string is the default. All leading spaces are ignored; spaces within and at the end of the key string are not ignored. Double quotes are not required even if there are spaces in the key, unless the quotes themselves are part of the key.
The tacacs timeout is the number of seconds that the Content Engine waits before declaring a timeout on a request to a particular TACACS+ server. The range is from 1 to 20 seconds with 5 seconds as the default. The number of times that the Content Engine repeats a retry-timeout cycle before trying the next TACACS+ server is specified by the tacacs retransmit command. The default is two retry attempts.
Three unsuccessful login attempts are permitted. TACACS+ logins may appear to take more time than local logins depending on the number of TACACS+ servers and the configured timeout and retry values.
Use the tacacs password ascii command to specify the TACACS+ password type as ASCII. The default password type is Password Authentication Protocol (PAP). In releases prior to the ACNS software 5.x, the password type was not configurable. When users needed to log in to a Content Engine, a TACACS+ client sent the password information in PAP format to a TACACS+ server. However, TACACS+ servers that were configured for router management required the passwords to be in ASCII clear text format instead of PAP format to authenticate users logging in to the Content Engine. The password type to authenticate user information to ASCII was configurable from the CLI.
Note
The TACACS+ client can send different requests to the server for user authentication. The client can send a TACACS+ request with the PAP password type. In this scenario, the authentication packet includes both the username and the user's password. The server must have an appropriately configured user's account.
Alternatively, the client can send a TACACS+ request with the ASCII password type as another option. In this scenario, the authentication packet includes the username only and waits for the server response. Once the server confirms that the user's account exists, the client sends another Continue request with the user's password. The authentication server must have an appropriately configured user's account to support either type of password.
Examples
The following example configures the key used in encrypting packets:
ContentEngine(config)# tacacs key human789The following example configures the host named spearhead as the primary TACACS+ server:
ContentEngine(config)# tacacs host spearhead primaryThe following example sets the timeout interval for the TACACS+ server:
ContentEngine(config)# tacacs timeout 10The following example sets the number of times that authentication requests are retried (retransmitted) after a timeout:
ContentEngine(config)# tacacs retransmit 5The following example shows the password type to be PAP by default:
ContentEngine# show tacacsLogin Authentication for Console/Telnet Session: enabled (secondary)Configuration Authentication for Console/Telnet Session: enabled (secondary)TACACS+ Configuration:---------------------TACACS+ Authentication is offKey = *****Timeout = 5Retransmit = 2Password type: papServer Status---------------------------- ------10.107.192.148 primary10.107.192.16810.77.140.77ContentEngine#However, you can configure the password type to be ASCII using the tacacs password ascii command. You can then verify the changes using the show tacacs command as follows:
ContentEngine(config)# tacacs password asciiContentEngine(config)# exitContentEngine# show tacacsLogin Authentication for Console/Telnet Session: enabled (secondary)Configuration Authentication for Console/Telnet Session: enabled (secondary)TACACS+ Configuration:---------------------TACACS+ Authentication is offKey = *****Timeout = 5Retransmit = 2Password type: asciiServer Status---------------------------- ------10.107.192.148 primary10.107.192.16810.77.140.77Related Commands
authentication
show authentication
show statistics authentication
show statistics tacacs
show tacacs
