-
Cisco Internet Streamer CDS 2.5 Command Reference
-
Index
-
Preface
-
Command-Line Interface Command Summary
-
Internet Streamer CDS Release 2.5 Software Commands - access-lists through line
-
Internet Streamer CDS Release 2.5 Software Commands - lls through show statisticds cdnfs
-
Internet Streamer CDS Release 2.5 Software Commands - show statistics distribution through write
-
Acronmys
-
Standard Time Zones
-
Feedback
Table Of Contents
Cisco Internet Streamer CDS Release 2.5 Software Commands
acquirer (Global configuration)
bandwidth (Global configuration)
bandwidth (interface configuration)
Cisco Internet Streamer CDS Release 2.5 Software Commands
This chapter contains an alphabetical listing of all the commands in Cisco Internet Streamer CDS Release 2.5 software. The Internet Streamer CDS software CLI is organized into the following command modes:
•
EXEC mode—For setting, viewing, and testing system operations. It is divided into two access levels, user and privileged. To use the privileged access level, enter the enable command at the user access level prompt and then enter the privileged EXEC password when you see the password prompt.
•
•
•
See Chapter 1 "Command-Line Interface Command Summary," for a complete discussion of using CLI command modes.
Table 2-1 summarizes the Internet Streamer CDS commands and indicates the command mode for each command. The same command may have different effects when entered in a different command mode, and for this reason, they are listed and documented separately. In Table 2-1, when the first occurrence is entered in EXEC mode, the second occurrence is entered in Global configuration mode. When the first occurrence is entered in Global configuration mode, the second occurrence is entered in interface configuration mode.
The Internet Streamer CDS software device mode determines whether the Internet Streamer CDS device is functioning as a Service Engine (SE), CDS Manager (CDSM), or Service Router (SR). The commands available from a specific CLI mode are determined by the Internet Streamer CDS device mode in effect. Table 2-1 also indicates the device mode for each command. All indicates that the command is available for every device mode.
Note
Note
Table 2-1 CLI Commands
Configures the access control list entries.
Global configuration
SE
Configures the content acquirer.
Privileged-level EXEC
SE
Enables authentication when the acquirer obtains content through a proxy server.
Global configuration
SE
Starts and stops the acquisition and distribution database cleanup process and the content acquisition and distribution process.
Privileged-level EXEC
SE
Configures alarms.
Global configuration
All
Configures an area as an NSSA1 .
OSPF configuration
SR
Defines an area as a stub area.
OSPF configuration
SR
Configures the CISCO-ENTITY-
ASSET-MIB.Global configuration
All
Configures the authentication parameters.
Global configuration
All
Enables the checking of received packets on the corresponding level.
IS-IS Configuration
SR
Specifies the key chain to be used for the authentication for the corresponding level.
IS-IS Configuration
SR
Specifies the cleartext or MD5 authentication for the corresponding level.
IS-IS Configuration
SR
Enables and configures the Authorization server.
Global configuration
SE
Sets the allowable bandwidth usage and its duration for the Movie Streamer and WMT2 streaming media.
Global configuration
SE
Sets the specified interface bandwidth to 10, 100, or 1000 Mbps.
Interface configuration
All
Configures the EXEC, login, and MOTD3 banners.
Global configuration
All
Configures the maximum pacing bit rate for the Movie Streamer and configures WMT bit-rate settings.
Global configuration
SE
Configures a bootstrap node IP address.
SRP configuration
SR
Specifies the cache commands.
Global configuration
SE
Modifies the capability configuration.
Global configuration
SE
Changes the directory.
User-level EXEC and privileged-level EXEC
All
Enables the CDN Selector for third-party service selection.
Global Configuration
SR
Manages the Internet Streamer CDNFS4 .
Privileged-level EXEC
SE
Configures the CDSM IP address and primary or standby role settings.
Global configuration
All
Clears the HTTP object cache.
Privileged-level EXEC
SE, SR
Clears the URL content.
Privileged-level EXEC
SE, SR
Clears the IP configuration.
Privileged-level EXEC
All
Clears the IS-IS Routing for IP.
Privileged-level EXEC
SR
Clears the syslog messages saved in the disk file.
Privileged-level EXEC
All
Clears the Service Router.
Privileged-level EXEC
SR
Clears the SRP database while it is offline.
Privileged-level EXEC
SR
Deletes a single descriptor or all descriptors from the service routing layer.
Privileged-level EXEC
SR
Removes a neighbor Proximity Engine from the neighbor list of the local Proximity Engine.
Privileged-level EXEC
SR
Deletes a resource from a descriptor in the service routing layer.
Privileged-level EXEC
SR
Deletes a single route entry from the DHT routing table of the local Proximity Engine.
Privileged-level EXEC
SR
Clears the statistics.
Privileged-level EXEC
All
Clears and archives the working transaction logs.
Privileged-level EXEC
SE, SR
Clears the connections (login) of authenticated users.
Privileged-level EXEC
All
Clears the WMT streams.
Privileged-level EXEC
SR
Manages the system clock.
Privileged-level EXEC
All
Sets the summer daylight saving time of day and time zone.
Global configuration
All
Configures the CMS5 -embedded database parameters.
Privileged-level EXEC
All
Schedules the maintenance and enables the Centralized Management System on a given node.
Global configuration
All
Enters configuration mode from privileged EXEC mode.
Privileged-level EXEC
All
Copies the configuration or image files to and from the CD-ROM, flash memory, disk, or remote hosts.
Privileged-level EXEC
All
Copies a file.
User-level EXEC and privileged-level EXEC
All
Configures the debugging options.
Privileged-level EXEC
All
Displays information related to the BGP process.
Privileged-level EXEC
SR
Displays information related to the OSPF process.
Privileged-level EXEC
SR
Turns on proximity debugging information.
Privileged-level EXEC
SR
Displays information related to the IS-IS process.
Privileged-level EXEC
CDSM, SR
Turns on SRP debugging information.
Privileged-level EXEC
CDSM, SR
Deletes a file.
User-level EXEC and privileged-level EXEC
All
Deletes a directory and its subdirectories.
User-level EXEC and privileged-level EXEC
All
Configures the mode of operation on a device.
Global configuration
All
Displays the list of files in a directory.
User-level EXEC and privileged-level EXEC
All
Enables a VIP for direct server return.
Global configuration
SE, SR
Turns off the privileged EXEC commands.
Privileged-level EXEC
All
Allocates the disks among the CDNFS and sysfs file systems.
Privileged-level EXEC
All
Configures how the disk errors should be handled.
Global configuration
All
Reschedules and refreshes the content redistribution through multicast for all delivery services or a specified delivery service ID or name.
Privileged-level EXEC
SE, SR
Resolves a host or domain name to an IP address.
User-level EXEC and privileged-level EXEC
All
Sets the domain ID for the SRP.
SRP configuration
CDSM, SR
Accesses the privileged EXEC commands.
User-level EXEC and privileged-level EXEC
All
Exits configuration and privileged EXEC modes.
Global configuration
All
Configures the length of time that an inactive Telnet or SSH7 session remains open.
Global configuration
All
Exits from interface, Global configuration, or privileged EXEC modes.
All
All
Sets the expert-mode password.
Global configuration
All
Configures up to a maximum of eight external IP addresses.
Global configuration
All
Searches for a particular pattern in a file.
Privileged-level EXEC
All
Enables and configures Flash Media Streaming.
Global configuration
SE, SR
Sets the flooding threshold for SRP multicast.
SRP configuration
SR
Redirects requests to different CDNs based on the geographic location of the client.
Global configuration
SR
Captures lossless gigabit packets and writes them to disk.
Privileged-level EXEC
SE
Obtains online help for the command-line interface.
Global configuration and user-level EXEC
All
Configures the device network name.
Global configuration
All
Configures HTTP-related parameters.
Global configuration
SE, SR
Enables the Internet Content Adaptation Protocol for supporting third-party software applications and plug-ins.
Global configuration
SE
Installs a new version of the caching application.
Privileged-level EXEC
All
Configures a Gigabit Ethernet or port channel interface. Provides access to interface configuration mode.
Global configuration
All
Configures the Internet Protocol.
Global configuration
All
Configures the interface Internet Protocol.
Interface configuration
All
Creates and modifies the access lists for controlling access to interfaces or applications. Provides access to ACL configuration mode.
Global configuration
All
Sets the router priority, which helps determine the designated router for this network.
Interface configuration mode under OSPF configuration
SR
Specifies the interfaces to be used for routing IS-IS.
Interface configuration mode under IS-IS configuration mode
SR
Specifies the default gateway's IPv6 address.
Global configuration
SE
Configures IS-IS routing for IP.
Interface configuration mode under IS-IS configuration
SR
Configures a Proximity Engine to act as a Level 1 (intra-area) router, as both a Level 1 router and a Level 2 (interarea) router, or as an inter-area router only.
IS-IS configuration
SR
Enables the kernel debugger configuration mode.
Global configuration
All
Creates a key ID and enters into key ID configuration submode.
Key chain submode
SR
Creates a key string to be used for authentication.
Key ID configuration submode
SR
Creates a key chain and enters into key chain configuration submode.
Global configuration
SR
Specifies the terminal line settings.
Global configuration
All
Displays the files in a long-list format.
User-level EXEC and privileged-level EXEC
All
Configures the community values that are associated with a Proximity Engine.
BGP configuration
SR
Configures the router to send a syslog message when an IS-IS neighbor goes up or down.
BGP, IS-IS and OSPF configuration
SR
Configures syslog8 .
Global configuration
All
Enables logging of BGP neighbor resets.
BGP configuration
SR
Lists the files and subdirectories in a directory.
User-level EXEC and privileged-level EXEC
All
Sets the maximum transmission unit MTU9 size of IS-IS LSPs.
IS-IS configuration
SR
Makes a directory.
User-level EXEC and privileged-level EXEC
All
Makes a file (for testing).
User-level EXEC and privileged-level EXEC
All
Enables and configures the Movie Streamer server.
Global configuration
SE
Sets the interface maximum transmission unit packet size.
Interface configuration
All
Configures the BGP neighbors.
BGP configuration
SR
IS-IS configuration
SR
Displays the transmit and receive activity on an interface.
Privileged-level EXEC
SE
Displays the rate of change of netstat statistics.
Privileged-level EXEC
SE
Defines the interfaces on which OSPF runs and defines the area ID for those interfaces.
OSPF configuration
SR
Negates a Global configuration command or sets its defaults.
Global configuration
All
Negates an interface command or sets its defaults.
Interface configuration
All
Configures the Network Time Protocol server.
Global configuration
All
Sets the NTP software clock.
Privileged-level EXEC
All
Sends the echo packets.
User-level EXEC and privileged-level EXEC
All
Pings the the SRP ring.
User-level EXEC and privileged-level EXEC
SR
Pings the IPv6 address.
User-level EXEC and privileged-level EXEC
SE
Configures the port channel load balancing options.
Global configuration
All
Configures a primary interface for the Internet Streamer CDS network to be a Gigabit Ethernet or port channel interface.
Global configuration
All
Enables a BGP proximity algorithm option for the Proximity Engine.
Global configuration
SR
Enables the Proximity Engine.
Global Configuration
SR
Displays the present working directory.
User-level EXEC and privileged-level EXEC
All
Globally enables QoS functionality on the device.
Global configuration
SE
Configures the RADIUS authentication.
Global configuration
All
Enables RCP.
Global configuration
All
Starts the remote execution agent.
User-level EXEC and privileged-level EXEC
SE
Halts a device and performs a cold restart.
Privileged-level EXEC
All
Renames a file.
User-level EXEC and privileged-level EXEC
All
Restores a device to its manufactured default status.
Privileged-level EXEC
All
Removes a directory.
User-level EXEC and privileged-level EXEC
All
Configures a BGP routing process.
Global configuration
SR
Enables the IS-IS routing protocol and specifies an IS-IS process.
Global configuration
SR
Enables the OSPF12 routing process.
Global configuration
SR
Enters SRP configuration mode.
Global configuration
SR
Configures the Real-Time Streaming Protocol-related parameters.
Global configuration
SE
Sets the rules by which the SE filters HTTP, HTTPS, and RTSP traffic.
Global configuration
SE
Checks the errors in a script or executes a script.
Privileged-level EXEC
All
Specifies the type of service.
Privileged-level EXEC
All
Configures service routing.
Global configuration
All
Configures the basic configuration settings and a set of commonly used caching services.
Privileged-level EXEC
All
Displays the access control list configuration.
User-level EXEC and privileged-level EXEC
SE
Displays the acquirer delivery service information and progress for a specified delivery service number or name.
User-level EXEC and privileged-level EXEC
SE
Displays information on various types of alarms, their status, and history.
User-level EXEC and privileged-level EXEC
All
Displays the Address Resolution Protocol entries.
User-level EXEC and privileged-level EXEC
All
Displays the authentication configuration.
User-level EXEC and privileged-level EXEC
All
Displays the Authorization Server status.
User-level EXEC and privileged-level EXEC
SE
Displays the bandwidth allocated to a particular device.
User-level EXEC and privileged-level EXEC
SE, SR
Displays information on various types of banners.
User-level EXEC and privileged-level EXEC
All
Displays the SE bit-rate configuration.
User-level EXEC and privileged-level EXEC
SE, SR
Displays a list of cached contents.
User-level EXEC and privileged-level EXEC
SE
Displays cache-route information for various Protocol Engines.
User-level EXEC and privileged-level EXEC
SE
Displays information for the Cap-X profile ID.
User-level EXEC and privileged-level EXEC
SE
Displays the status of the CDN Selector.
User-level EXEC and privileged-level EXEC
SR
Displays the Internet Streamer CDS network file system information.
User-level EXEC and privileged-level EXEC
CDSM, SE
Displays the system clock.
User-level EXEC and privileged-level EXEC
All
Displays the Centralized Management System protocol, embedded database content, maintenance status, and other information.
User-level EXEC and privileged-level EXEC
All
Displays all content entries in the CDS.
User-level EXEC and privileged-level EXEC
SE
Displays the state of each debugging option.
User-level EXEC and privileged-level EXEC
All
Displays the debug flags that are turned on for the SRP.
Privileged-level EXEC
SR
Displays the configured or current mode of a CDSM, SE, or SR device.
User-level EXEC and privileged-level EXEC
All
Displays the Direct Server return information.
User-level EXEC and privileged-level EXEC
SE, SR
Displays the disk configurations.
User-level EXEC and privileged-level EXEC
All
Displays the distribution information for a specified delivery service.
User-level EXEC and privileged-level EXEC
SE
Displays the flash memory information.
User-level EXEC and privileged-level EXEC
All
Displays the Flash Media Streaming information.
User-level EXEC and privileged-level EXEC
SE, SR
Displays the caching configuration of the FTP13 .
User-level EXEC and privileged-level EXEC
All
Displays the system hardware information.
Privileged-level EXEC
All
Displays the IP domain name, name servers, IP addresses, and host table.
User-level EXEC and privileged-level EXEC
All
Displays the HTTP-related caching configuration.
User-level EXEC and privileged-level EXEC
SE
Displays the ICAP configurations.
User-level EXEC and privileged-level EXEC
SE
Displays the hardware interface information.
User-level EXEC and privileged-level EXEC
All
Displays the system inventory information.
User-level EXEC and privileged-level EXEC
All
Displays the information about access lists that are defined and applied to specific interfaces or applications.
Privileged-level EXEC
All
Displays the contents of a particular host in the BGP routing table.
User-level EXEC and privileged-level EXEC
SR
Displays the contents of the BGP routing table.
User-level EXEC and privileged-level EXEC
SR
Displays BGP routes that match a specified BGP community string.
User-level EXEC and privileged-level EXEC
SR
Displays information relating to all IPV4 unicast routes in the BGP routing table.
User-level EXEC and privileged-level EXEC
SR
Displays memory usage information of the running BGP daemon.
User-level EXEC and privileged-level EXEC
SR
Displays information about the TCP and BGP connections to neighbors.
User-level EXEC and privileged-level EXEC
SR
Displays the next-hop database information in the BGP routing table.
User-level EXEC and privileged-level EXEC
SR
Displays the status of all BGP connections.
User-level EXEC and privileged-level EXEC
SR
Displays the IP interface state and its address and mask for all interfaces.
User-level EXEC and privileged-level EXEC
SR
Displays general information about OSPF routing processes.
User-level EXEC and privileged-level EXEC
SR
Displays general information about OSPF border routers.
User-level EXEC and privileged-level EXEC
SR
Displays information specific to the OSPF database for a specific router.
User-level EXEC and privileged-level EXEC
SR
Displays OSPF-related interface information.
User-level EXEC and privileged-level EXEC
SR
Displays memory usage of the OSPF process.
User-level EXEC and privileged-level EXEC
SR
Displays OSPF neighbor information.
User-level EXEC and privileged-level EXEC
SR
Displays a list of all LSAs14 requested by a router.
User-level EXEC and privileged-level EXEC
SR
Displays a list of all LSAs waiting to be re-sent.
User-level EXEC and privileged-level EXEC
SR
Displays the OSPF RSPF route for OSPF routes.
User-level EXEC and privileged-level EXEC
SR
Displays OSPF RSPF15 from specific routers.
User-level EXEC and privileged-level EXEC
SR
Displays OSPF traffic statistics.
User-level EXEC and privileged-level EXEC
SR
Displays the proximity algorithm options currently in use by this Proximity Engine.
User-level EXEC and privileged-level EXEC
SR
Displays the interface addresses and hostnames of the proximity servers currently in use by this Proximity Engine.
User-level EXEC and privileged-level EXEC
SR
Displays details of all the routing protocol instances that are clients of the RIB.
User-level EXEC and privileged-level EXEC
SR
Displays the memory usage information of the RIB.
User-level EXEC and privileged-level EXEC
SR
Displays IP recursive next-hop information from the RIB.
User-level EXEC and privileged-level EXEC
SR
Displays IP RIB route information.
User-level EXEC and privileged-level EXEC
SR
Displays unresolved next-hop information from the RIB.
User-level EXEC and privileged-level EXEC
SR
Displays the IP routing table.
Privileged-level EXEC
All
Displays IS-IS adjacencies.
User-level EXEC and privileged-level EXEC
SR
Displays one or all the destinations to which the router knows how to route CLNS packets.
User-level EXEC and privileged-level EXEC
SR
Displays the IS-IS link-state database.
User-level EXEC and privileged-level EXEC
SR
Displays the router-name-to-system-ID mapping table entries for an IS-IS router.
User-level EXEC and privileged-level EXEC
SR
Displays information about the IS-IS interfaces.
User-level EXEC and privileged-level EXEC
SR
Displays the Intermediate IS-IS RSPF route for IS-IS learned routes.
User-level EXEC and privileged-level EXEC
SR
Displays the Intermediate IS-IS RSPF route for IS-IS learned routes.
User-level EXEC and privileged-level EXEC
SR
Displays memory usage information for an IS-IS instance.
User-level EXEC and privileged-level EXEC
SR
Displays summary information about an IS-IS instance.
User-level EXEC and privileged-level EXEC
SR
Displays IS-IS RRM16 information.
User-level EXEC and privileged-level EXEC
SR
Displays how often and why the router has run a full SPF17 calculation.
User-level EXEC and privileged-level EXEC
SR
Displays SRM18 information for an IS-IS process.
Privileged-level EXEC
SR
Displays SSN19 information for an IS-IS process.
User-level EXEC and privileged-level EXEC
SR
Displays the key chains in the system.
User-level EXEC and privileged-level EXEC
SR
Displays the system logging configuration.
User-level EXEC and privileged-level EXEC
All
Displays the Movie Streamer configuration.
User-level EXEC and privileged-level EXEC
SE
Displays the Network Time Protocol configuration status.
User-level EXEC and privileged-level EXEC
All
Displays the process status.
User-level EXEC and privileged-level EXEC
All
Displays the scheduled programs.
User-level EXEC and privileged-level EXEC
SE
Displays QoS information.
User-level EXEC and privileged-level EXEC
SE
Displays the RADIUS server information.
User-level EXEC and privileged-level EXEC
All
Displays the REA information.
User-level EXEC and privileged-level EXEC
SE
Displays RCP information
User-level EXEC and privileged-level EXEC
All
Displays the RTSP configurations.
User-level EXEC and privileged-level EXEC
SE
Displays the Rules Template configuration information.
User-level EXEC and privileged-level EXEC
SE
Displays the current operating configuration.
User-level EXEC and privileged-level EXEC
All
Displays the Service Router configuration.
User-level EXEC and privileged-level EXEC
All
Displays the services-related information.
User-level EXEC and privileged-level EXEC
All
Displays the SNMP parameters.
User-level EXEC and privileged-level EXEC
All
Displays the descriptor-related information saved in the descriptor database.
Privileged-level EXEC
CDSM, SR
Displays SRP leafset information.
Privileged-level EXEC
CDSM, SR
Displays SRP memory usage information.
Privileged-level EXEC
CDSM, SR
Displays multicast database information for an SRP process.
Privileged-level EXEC
CDSM, SR
Displays SRP neighbor information.
Privileged-level EXEC
CDSM, SR
Displays the basic configurations for SRP.
Privileged-level EXEC
CDSM, SR
Displays the replica-set information for a Proximity Engine.
Privileged-level EXEC
CDSM, SR
Displays route information for a Proximity Engine to its neighbor nodes on the same DHT network.
Privileged-level EXEC
CDSM, SR
Displays SRP multicast group subscriber information.
Privileged-level EXEC
CDSM, SR
Displays the Secure Shell status and configuration.
User-level EXEC and privileged-level EXEC
All
Displays the information related to the standby interface.
User-level EXEC and privileged-level EXEC
All
Displays the startup configuration.
User-level EXEC and privileged-level EXEC
All
Displays the access control list statistics.
User-level EXEC and privileged-level EXEC
SE
Displays the SE acquirer delivery service statistics.
User-level EXEC and privileged-level EXEC
SE
Displays the authentication statistics.
User-level EXEC and privileged-level EXEC
SE
Displays the Authentication Server statistics.
User-level EXEC and privileged-level EXEC
SE
Displays the statistics for the CDN Selector.
User-level EXEC and privileged-level EXEC
SR
Displays the SE Internet Streamer CDS network file system statistics.
User-level EXEC and privileged-level EXEC
CDSM, SE
Displays the simplified statistics for content distribution components.
User-level EXEC and privileged-level EXEC
SE
Displays the statistics for Flash Media Streaming.
User-level EXEC and privileged-level EXEC
SE
Displays the Hypertext Transfer Protocol statistics.
User-level EXEC and privileged-level EXEC
SE, SR
Displays the ICAP-related statistics.
User-level EXEC and privileged-level EXEC
SE
Displays the Internet Control Message Protocol statistics.
User-level EXEC and privileged-level EXEC
All
Displays the Internet Protocol statistics.
User-level EXEC and privileged-level EXEC
All
Displays IS-IS traffic counters.
User-level EXEC and privileged-level EXEC
CDSM, SR
Displays statistics for the Movie Streamer.
User-level EXEC and privileged-level EXEC
SE
Displays the Internet socket connection statistics.
User-level EXEC and privileged-level EXEC
All
Displays statistics for the QoS policy service.
User-level EXEC and privileged-level EXEC
SE
Displays the RADIUS authentication statistics.
User-level EXEC and privileged-level EXEC
All
Displays the delivery service replication status and related statistical data.
User-level EXEC and privileged-level EXEC
CDSM, SR
Displays the Service Router statistics.
User-level EXEC and privileged-level EXEC
SR
Displays the services statistics.
User-level EXEC and privileged-level EXEC
All
Displays the SNMP statistics.
User-level EXEC and privileged-level EXEC
All
Displays SRP statistics information.
Privileged-level EXEC
SR
Displays the Service Engine TACACS+ authentication and authorization statistics.
User-level EXEC and privileged-level EXEC
All
Displays the Transmission Control Protocol statistics.
User-level EXEC and privileged-level EXEC
All
Displays the transaction log export statistics.
User-level EXEC and privileged-level EXEC
SE
Displays the User Datagram Protocol statistics.
User-level EXEC and privileged-level EXEC
All
Displays the Web Engine statistics.
User-level EXEC and privileged-level EXEC
SE
Displays the Windows Media Technologies statistics.
User-level EXEC and privileged-level EXEC
SE
Displays TACACS+ authentication protocol configuration information.
User-level EXEC and privileged-level EXEC
All
Displays the system information for Cisco technical support.
User-level EXEC and privileged-level EXEC
All
Displays the Telnet services configuration.
User-level EXEC and privileged-level EXEC
All
Displays the transaction logging information.
User-level EXEC and privileged-level EXEC
SE
Displays the URL signature information.
User-level EXEC and privileged-level EXEC
SE
Displays the user identification number and username information.
User-level EXEC and privileged-level EXEC
All
Displays the specified users.
User-level EXEC and privileged-level EXEC
All
Displays the software version.
User-level EXEC and privileged-level EXEC
All
Displays the Web Engine information.
User-level EXEC and privileged-level EXEC
SE
Displays the WMT configuration.
User-level EXEC and privileged-level EXEC
SE
Shuts down the specified interface.
Interface configuration
All
Shuts down the device (stops all applications and operating system).
Privileged-level EXEC
All
Configures the community access string to permit access to the SNMP.
Global configuration
All
Specifies the text for the MIB object sysContact.
Global configuration
All
Enables the SNMP traps.
Global configuration
All
Defines a user security model group.
Global configuration
All
Specifies the hosts to receive SNMP traps.
Global configuration
All
Specifies the path for the MIB object sysLocation.
Global configuration
All
Configures the SNMP inform request.
Global configuration
All
Defines a user who can access the SNMP engine.
Global configuration
All
Defines an SNMPv220 MIB view.
Global configuration
All
Dumps socket statistics.
Privileged-level EXEC
SE
Configures the SSH service parameters.
Global configuration
All
Configures the streaming interface.
Global configuration
SE
Saves the sysreport to a user-specified file.
Privileged-level EXEC
SE
Configures TACACS+ server parameters.
Global configuration
All
Dumps the TCP traffic on the network.
Privileged-level EXEC
All
Searches all TCP connections.
Privileged-level EXEC
SE
Enables and disables TCP timestamp.
Global configuration
All
Starts the Telnet client.
User-level EXEC and privileged-level EXEC
All
Enables the Telnet services.
Global configuration
All
Sets the terminal output commands.
User-level EXEC and privileged-level EXEC
All
Tests the accessibility of a URL using FTP, HTTP, or HTTPS.
User-level EXEC and privileged-level EXEC
SE, SR
Displays a dynamic real-time view of a running CDS.
Privileged-level EXEC
All
Traces the route to a remote host.
User-level EXEC and privileged-level EXEC
All
Traces the route of the SRP ring.
User-level EXEC and privileged-level EXEC
SR
Traces the route to a remote IPv6-enabled host.
User-level EXEC and privileged-level EXEC
SE, SR
Forces archiving of the working log file to make a transaction log file.
Privileged-level EXEC
All
Configures and enables the transaction logging parameters.
Global configuration
SE
Displays a file.
User-level EXEC and privileged-level EXEC
All
Displays the last several lines of a file.
User-level EXEC and privileged-level EXEC
All
Disables debugging functions.
Privileged-level EXEC
All
Configures the URL signature.
Global configuration
SE
Establishes the username authentication.
Global configuration
All
Configures the Web Engine.
User-level EXEC
SE
Configures the Web Engine caching parameters and disables revalidation.
Global configuration
SE
Displays the current user's name.
User-level EXEC and privileged-level EXEC
All
Configures the WMT.
Global configuration
SE
Writes or erases the startup configurations to NVRAM or to a terminal session, or writes the MIB persistence configuration to disk.
Privileged-level EXEC
All
1 NSSA = not-so-stubby area
2 WMT = Windows Media Technologies
3 MOTD = message-of-the-day
4 CDNFS = CDS network file system
5 CMS = centralized management system
6 Commands used to access configuration modes.
7 SSH = secure shell
8 syslog = system logging
9 MTU = maximum transmission unit
10 NET = network entity title
11 CLNS = Connectionless Network Service
12 OSPF = Open Shortest Path First
13 FTP = File Transfer Protocol
14 LSAs = link-state advertisements
15 RSPF = reverse shortest path first
16 RRM = received routing message
17 SPF = Shortest Path First
18 SRM = send routing message
19 SSN = send sequence number
20 SNMPv2 = SNMP Version 2
access-lists
To configure access control list entries, use the access-lists command in Global configuration mode. To remove access control list entries, use the no form of this command.
access-lists {300 {deny groupname {any [position number] | groupname [position number] } } | {permit groupname {any [position number] | groupname [position number] } } | enable}
no access-lists {300 {deny groupname {any [position number] | groupname [position number} } | {permit groupname {any [position number] | groupname [position number] } } | enable}
Syntax Description
Command Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
In the Internet Streamer CDS 2.x software, you can configure group authorization using an ACL only after a user has been authenticated against an LDAP HTTP-request Authentication Server. The use of this list configures group privileges when members of the group are accessing content provided by an SE. You can use the ACL to allow the users who belong to certain groups or to prevent them from viewing specific content. This authorization feature offers more granular access control by specifying that access is only allowed to specific groups.
Use the access-lists enable Global configuration command to enable the use of the ACL.
Use the access-lists 300 command to permit or deny a group from accessing the Internet using an SE. For instance, use the access-lists 300 deny groupname marketing command to prevent any user from the marketing group from accessing content through an SE.
At least one login authentication method, such as local, TACACS+, or RADIUS, must be enabled.
Note
In Cisco Internet Streamer CDS Release 2.5 software, the ACL contains the following feature enhancements and limitations:
•
•
•
•
Note
•
•
For Windows-based user groups, append the domain name in front of the group name in the form domain or group as follows:
For Windows NT-based user groups, use the domain NetBIOS name.
Examples
The following example shows how to display the configuration of the ACL by using the show access-lists 300 command:
ServiceEngine# show access-lists 300Access Control List Configuration---------------------------------Access Control List is enabledGroupname-based List (300)1. permit groupname techpubs2. permit groupname acme13. permit groupname engineering4. permit groupname sales5. permit groupname marketing6. deny groupname anyThe following example shows how to display statistical information for the ACL by using the show statistics access-lists 300 command:
ServiceEngine# show statistics access-lists 300Access Control Lists Statistics-----------------------------------------Groupname and username-based List (300)Number of requests: 1Number of deny responses: 0Number of permit responses: 1The following example shows how to reset the statistical information for the ACL by using the clear statistics access-lists 300 command:
ServiceEngine# clear statistics access-lists 300ServiceEngine(config)# access-lists 300 permit groupname acme1 position 2Related Commands
show access-lists 300
Displays the ACL configuration.
show statistics access-list 300
Displays the ACL statistics.
acquirer (EXEC)
To start or stop content acquisition on a specified acquirer delivery service, use the acquirer command in EXEC configuration mode. You can also use this command to verify and correct the Last-Modified-Time attribute in content acquired using the Cisco Internet Streamer CDS software.
acquirer {check-time-for-old-content [delivery-service-id delivery-service-num | delivery-service-name delivery-service-name] | [correct [delivery-service-id delivery-service-num | delivery-service-name delivery-service-name] ] | start-delivery-service {delivery-service-id delivery-service-num | delivery-service-name delivery-service-name} | stop-delivery-service {delivery-service-id delivery-service-num | delivery-service-name delivery-service-name} | test-url url [use-http-proxy url | use-smb-options smb-options] }
Syntax Description
Command Defaults
If you do not specify the delivery service, this command applies to all delivery services assigned to the Content Acquirer.
Command Modes
EXEC configuration mode.
Usage Guidelines
The acquirer is a software agent that gathers delivery service content before it is distributed to the receiver SEs in an Internet Streamer CDS network. The acquirer maintains a task list, which it updates after receiving a notification of changes in its delivery service configuration.
The acquirer stores the Last-Modified-Time attribute in the local time format. Content acquired using earlier software releases has a Last-Modified-Time attribute that is incorrect if used with later versions of the Internet Streamer CDS software, which use GMT format.
With Cisco Internet Streamer CDS Release 2.5 software, correct the Last-Modified-Time attributes for content acquired with earlier releases by entering the following command from the privileged EXEC prompt:
acquirer check-time-for-old-content correct [delivery-service-id delivery-service-num delivery-service-name delivery-service-name]
This command changes the Last-Modified-Time attributes for content in all delivery services assigned to the Content Acquirer unless you specify the delivery service ID or name.
SEs running Cisco Internet Streamer CDS Release 2.5 software identify changes in the Last-Modified-Time attribute and download content only when changes have occurred.
Use the acquirer start-delivery-service command to immediately start acquisition tasks for the selected delivery service. Use the acquirer stop-delivery-service command to immediately stop all acquisition tasks for the selected delivery service.
Use the acquirer test-url url command in EXEC configuration mode to test whether a URL is accessible or not. The actual content is dumped into the /dev/null path.
Examples
The following example shows how the acquirer starts acquiring content on delivery service 86:
ServiceEngine# acquirer start-delivery-service delivery-service-id 86ServiceEngine# acquirer start-delivery-service delivery-service-name corporateThe following example shows how the acquirer stops acquiring content on delivery service 86:
ServiceEngine# acquirer stop-delivery-service delivery-service-id 86ServiceEngine# acquirer stop-delivery-service delivery-service-name corporateThe following example shows how the acquirer test-url command is used to test a URL:
ServiceEngine# acquirer test-url http://172.16.150.26--05:16:41-- http://10.107.150.26=> `/dev/null'Connecting to 10.107.150.26:80... connected.HTTP request sent, awaiting response... 200 OKLength: 1,722 [ text/html ]100% [ ====================================> ] 1,722 1.64M/s ETA 00:0002:45:40 (1.64 MB/s) - `/dev/null' saved [ 1722/1722 ]Related Commands
acquirer (Global configuration)
To provide authentication when the acquirer obtains content through a proxy server, use the acquirer command in Global configuration mode. To disable acquirer proxy authentication, use the no form of this command.
acquirer proxy authentication {outgoing {hostname | ip-address} port-num} username | password password}
no acquirer proxy authentication {outgoing {hostname | ip-address} port-num} username | password password}
Syntax Description
Command Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
Use the acquirer proxy authentication outgoing Global configuration command to configure authentication when you enable content acquisition through a proxy server. First configure the proxy host and the port using the http proxy outgoing host Global configuration command. The maximum number of outgoing proxies allowed is eight. When you remove an outgoing proxy using the no http outgoing proxy command, the authentication information associated with that proxy is automatically removed.
Use the acquirer proxy authentication transparent command for transparent caches in the Internet Streamer CDS network that require authentication.
The acquirer supports a proxy with basic authentication. Content acquisition through a proxy server is supported only for HTTP and not for HTTPS or FTP. Also, authentication is only supported for a single proxy server in a chain, so if multiple proxy servers in a chain require authentication, the request fails.
Acquisition through a proxy server can be configured when the Content Acquirer cannot directly access the origin server because the origin server is set up to allow access only by a specified proxy server. When a proxy server is configured for Content Acquirer content acquisition, the acquirer contacts the proxy server instead of the origin server, and all requests to that origin server go through the proxy server.
Note
There are three ways to configure the proxy server: through the CDSM GUI. If you need to configure the SE to use the proxy for both caching and prepositioned content, use the CLI to configure the proxy. The CLI command is a Global configuration command that configures the entire SE to use the proxy. If only the acquirer portion of the SE needs to use the proxy for acquiring the prepositioned content, use the manifest file or specify the outgoing proxy. When you configure the proxy server in the manifest file, you are configuring the acquirer to use the proxy to fetch the content for a particular delivery service.
Note
You can also configure a proxy for fetching the manifest file by using the CDSM GUI (the Creating New Delivery Service or Modifying Delivery Service window). When you configure a proxy server in the CDSM GUI, the proxy configuration is valid only for acquiring the manifest file and not for acquiring the delivery service content. Requests for the manifest file go through the proxy server, and requests for the content go directly to the origin server.
Tip
Examples
The following example shows the authentication configuration for a transparent proxy server with basic authentication:
ServiceEngine(config)# acquirer proxy authentication transparent 192.168.1.1 8080 mynameRelated Commands
acquisition-distribution
To start or stop the content acquisition and distribution process, use the acquisition-distribution command in EXEC configuration mode.
acquisition-distribution {database-cleanup {start | stop} | start | stop}
Syntax Description
Command Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
When you use the acquisition-distribution database-cleanup command, the acquisition and distribution database is checked to ensure that all prepositioned content is available in Cisco Network File System (CDNFS). If any prepositioned content is found to be missing from CDNFS, the content is replicated to all SEs in the Internet Streamer CDS network. Content Acquirers assigned to a delivery service acquire the content directly from the origin server and replicate the content through the delivery service either by unicast or multicast transmission to other SEs in the delivery service. Receiver SEs obtain the content from forwarder SEs either by unicast or multicast. In the case of a disk00 failure, when the database is stored on disk00 in an internal file system (/state), the recovery of the acquisition and distribution database is done automatically. You should run the acquisition and distribution database cleanup if a failure occurs or if you have to replace a disk drive other than disk00.
Examples
The following example shows how to start the acquisition and distribution database cleanup process:
ServiceEngine# acquisition-distribution database-cleanup startThe following example shows how to start the acquisition and distribution process:
ServiceEngine# acquisition-distribution startThe following example shows how to stop the acquisition and distribution process:
ServiceEngine# acquisition-distribution stopRelated Commands
alarm
To configure alarms, use the alarm command in Global configuration mode. To disable alarms, use the no form of this command.
alarm overload-detect {clear 1-999 [raise 10-1000] | enable | raise 10-1000 [clear 1-999] } | temperature enable
no alarm overload-detect {clear 1-999 [raise 10-1000] | enable | raise 10-1000 [clear 1-999] } | temperature enable
Syntax Description
Command Defaults
raise: 10 alarms per second
clear: 1 alarm per second
Command Modes
Global configuration (config) mode.
Usage Guidelines
When multiple applications running on an SE experience problems at the same time, numerous alarms are set off simultaneously, and an SE may stop responding. In the Internet Streamer CDS 2.2 software and later and later releases, you can use the alarm overload-detect command to set an overload limit for the incoming alarms from the node health manager. If the number of alarms exceeds the maximum number of alarms allowed, an SE enters an alarm overload state until the number of alarms drops down to the number defined in the clear.
When an SE is in the alarm overload state, the following events occur:
•
•
•
•
Note
In Cisco Internet Streamer CDS Release 2.5.9-b124 software, the temperature alarm support is disabled by default on the CDE100 and CDE200. The alarm temperature enable command has been added and is only applicable to the CDE100 and CDE200. When the alarm temperature enable command is entered on the CDE100 and the CDE200, the temperature alarm is visible and alarm temperature enable is displayed in the output for the show running-config command. When no alarm temperature enable command is entered on these platforms, there are no temperature alarms.
Examples
The following example shows how to enable the detection of alarm overload:
ServiceEngine(config)# alarm overload-detect enableThe following example shows how to set the threshold for triggering the alarm overload at 100 alarms per second:
ServiceEngine(config)# alarm overload-detect raise 100The following example shows how to set the level for clearing the alarm overload at 10 alarms per second:
ServiceEngine(config)# alarm overload-detect clear 10The following example shows how to enable temperature alarms for a CDE100 or CDE200:
ServiceEngine(config)# alarm temperature enableRelated Commands
show alarms
Displays information on various types of alarms, their status, and history.
show alarm status
Displays the status of various alarms and alarm overload settings.
area nssa
To configure an area as a not-so-stubby area (NSSA), use the area nssa router configuration command. To remove the NSSA distinction from the area, use the no form of this command.
area area-id nssa
no area area-id nssa
Syntax Description
area-id
Identifier of the area for which authentication is to be enabled. The identifier can be specified as either a decimal value or an IP address (ID range is from 0 to 4294967295).
Command Defaults
No NSSA area is defined.
Command Modes
OSPF configuration (config-ospf) mode.
Usage Guidelines
This command is used to configure an area as a NSSA. The area ID range is given as 0 to 4294967295, but area 0 cannot be configured as an NSSA area.
Examples
In the following example area 1 is configured as an NSSA area:
ServiceRouter(config)# router ospfServiceRouter(config-ospf)# network 192.168.20.0 0.0.0.255 area 1ServiceRouter(config-ospf)# area 1 nssaServiceRouter(config-ospf)#area stub
To define an area as a stub area, use the area stub router configuration command. To disable this function, use the no form of this command
area area-id stub
no area area-id stub
Syntax Description
area-id
Identifier for the stub area. The identifier can be specified as either a decimal value or an IP address (ID range is from 0 to 4294967295).
Command Defaults
No stub area is defined.
Command Modes
OSPF configuration (config-ospf) mode.
Usage Guidelines
This command is used to define an area as a stub area. The area ID range is given as 0 to 4294967295, but area 0 cannot be configured as a stub area.
Examples
The following example shows how to configure area 1 as a stub area:
ServiceRouter(config)# router ospfServiceRouter(config-ospf)# network 192.168.20.0 0.0.0.255 area 1ServiceRouter(config-ospf)# area 1 stubServiceRouter(config-ospf)#asset
To configure the CISCO-ENTITY-ASSET-MIB, use the asset command in Global configuration mode. To remove the asset tag name, use the no form of this command.
asset tag name
no asset tag name
Syntax Description
Command Defaults
None
Command Modes
Global configuration (config) mode.
Examples
The following example shows how to configure a tag name for the asset tag string:
ServiceEngine(config)# asset tag entitymibauthentication
To specify authentication and authorization methods, use the authentication command in Global configuration mode. To selectively disable options, use the no form of this command.
authentication {configuration {local | radius | tacacs} enable [primary | secondary] | fail-over server-unreachable | login {local | radius | tacacs} enable [primary | secondary] }
no authentication {configuration {local | radius | tacacs} enable [primary | secondary] | fail-over server-unreachable | login {local | radius | tacacs} enable [primary | secondary] }
Note
Syntax Description
Command Defaults
The local authentication method is enabled by default.
Command Modes
Global configuration (config) mode.
Usage Guidelines
Authentication, also referred to as login, is the act of verifying usernames and passwords. Authorization is the action of determining what a user is allowed to do. It permits or denies privileges for authenticated users in the network. For example, if you log in to an SE with a superuser administrator account (for example, the predefined admin account), you have the highest level of access privileges and can perform any administrative task, such as:
•
•
•
Generally, authentication precedes authorization in a network.
The authentication command configures both the authentication and authorization methods that govern login and configuration access to an SE. Login and configuration privileges can be maintained in two different databases in the Cisco Internet Streamer CDS 2.5 software: the local database, TACACS+ database, and RADIUS database. If all databases are enabled, then all three databases are queried. If the user data cannot be found in the first database queried, then the second and third databases are queried.
When an administrator can log in to an SE through the console or the GUI, an SE checks the specified authentication database to verify the user's username and password to process these administrative login requests and to determine the access rights that this particular administrator should be granted during this login session. When an SE receives an administrative login request, an SE can check its local database or a remote third-party database (the TACACS+ database or the RADIUS database) to verify the username with the password and to determine the access privileges of the administrator.
Note
When defining or modifying the authentication configuration method for an SE, follow these guidelines:•
•
–
–
–
•
–
–
•
•
•
The authentication login command determines whether the user has any level of permission to access the SE. The authentication configuration command authorizes the user with privileged access (configuration access) to the SE.
The authentication login local and the authentication configuration local commands use a local database for authentication and authorization.
The authentication login tacacs and authentication configuration tacacs commands use a remote TACACS+ server to determine the level of user access.
The TACACS+ database validates users before they gain access to the SE. TACACS+ is derived from the United States Department of Defense (RFC 1492) and is used by Cisco as an additional control of non-privileged and privileged mode access. The Cisco Internet Streamer CDS Release 2.4 software and later support TACACS+ only and not TACACS or Extended TACACS.
To configure TACACS+, use the authentication and tacacs commands. To enable TACACS+, use the tacacs enable command.
For more information on TACACS+ authentication, see the "tacacs" section.
The authentication login radius and authentication configuration radius commands use a remote RADIUS server to determine the level of user access.
The authentication login tacacs and authentication configuration tacacs commands use a remote TACACS+ server to determine the level of user access.
By default, the local method is enabled, with TACACS+ and RADIUS both disabled for login and configuration. Whenever TACACS+ and RADIUS are disabled, local is automatically enabled. TACACS+, RADIUS and local methods can be enabled at the same time. The primary option specifies the first method to attempt for both login and configuration; the secondary option specifies the method to use if the primary method fails. If all methods of an authentication login or authentication configuration commands are configured as primary or secondary, local is attempted first, then TACACS+ and then RADIUS.
Note
Use the radius-server Global configuration command to configure a RADIUS server for the RADIUS authentication and authorization method. For information about configuring a RADIUS server, see the "Specifying RADIUS Authentication and Authorization Settings" section.
Default Administrative Login Authentication and Authorization Configuration
By default, the SE uses the local database to obtain login authentication and authorization privileges for administrative users.
Note
Table 2-2 lists the default configuration for administrative login authentication and authorization.
Enforcing Authentication with the Primary Method
The authentication fail-over server-unreachable command allows you to specify that failover to the secondary authentication method should occur only if the primary Authentication Server is unreachable. This feature ensures that users gain access to the SE using the local database only when nonlocal Authentication Servers (TACACS+ or RADIUS) are unreachable. For example, when a TACACS+ server is enabled for authentication with user authentication failover configured and the user tries to log in to the SE using an account defined in the local database, login fails. Login succeeds only when the TACACS+ server is unreachable.
Server Redundancy
You can specify Authentication Servers with the corresponding Authentication Server (LDAP, or RADIUS) host command options, or in the case of TACACS+ servers, with the server hostname command option to configure additional servers. These additional servers provide authentication redundancy and improved throughput, especially when SE load balancing schemes distribute the requests evenly between the servers. If the SE cannot connect to any of the Authentication Servers, no authentication takes place and users who have not been previously authenticated are denied access.
Login Authentication and Authorization Through the Local Database
Local authentication and authorization use locally configured login and passwords to authenticate administrative login attempts. The login and passwords are local to each SE and are not mapped to individual usernames.
By default, local login authentication is enabled first. You can disable local login authentication only after enabling one or more of the other administrative login authentication methods. However, when local login authentication is disabled, if you disable all other administrative login authentication methods, local login authentication is reenabled automatically.
Specifying RADIUS Authentication and Authorization Settings
RADIUS authentication clients reside on the SE running Cisco Internet Streamer CDS Release 2.5 software. When enabled, these clients send authentication requests to a central (remote) RADIUS server, which contains login authentication and network service access information.
To configure RADIUS authentication on the SE, configure a set of RADIUS Authentication Server settings on the SE. You can use the GUI or the CLI to configure this set of RADIUS Authentication Server settings for the SE.
Table 2-3 describes the RADIUS authentication settings.
After configuring these RADIUS authentication settings on the SE, you can enable RADIUS login authentication and authorization on the SE.
Specifying TACACS+ Authentication and Authorization Settings
TACACS+ controls access to network devices by exchanging Network Access Server (NAS) information between a network device and a centralized database to determine the identity of a user or an entity. TACACS+ is an enhanced version of TACACS, a UDP-based access control protocol specified by RFC 1492. TACACS+ uses TCP to ensure reliable delivery and encrypt all traffic between the TACACS+ server and the TACACS+ daemon on a network device.
TACACS+ works with many authentication types, including fixed password, one-time password, and challenge-response authentication.
When a user requests restricted services, TACACS+ encrypts the user password information using the MD5 encryption algorithm and adds a TACACS+ packet header. This header information identifies the packet type being sent (for example, an authentication packet), the packet sequence number, the encryption type used, and the total packet length. The TACACS+ protocol then forwards the packet to the TACACS+ server.
A TACACS+ server can provide authentication, authorization, and accounting functions. These services, while all part of TACACS+, are independent of one another. A TACACS+ configuration can use any or all of the three services.
When the TACACS+ server receives a packet, it does the following:
•
•
You can configure a TACACS+ key on the client and server. If you configure a key on the SE, it must be the same as the one configured on the TACACS+ servers. The TACACS+ clients and servers use the key to encrypt all TACACS+ packets transmitted. If you do not configure a TACACS+ key, packets are not encrypted.
TACACS+ authentication is disabled by default. You can enable TACACS+ authentication and local authentication at the same time.
In order to configure TACACS+ authentication on SEs, configure a set of TACACS+ authentication settings on the SE. You can use the SE CLI or GUI to configure this set of TACACS+ authentication settings for an SE.
Table 2-4 describes the TACACS+ authentication settings.
Note
TACACS+ Enable Password Attribute
The CLI EXEC mode is used for setting, viewing, and testing system operations. It is divided into two access levels, user and privileged. To access privileged-level EXEC mode, enter the enable EXEC command at the user access level prompt and specify a privileged EXEC password (superuser or admin-equivalent password) when prompted for a password.
In TACACS+, an enable password feature allows an administrator to define a different enable password per administrative-level user. If an administrative-level user logs in to the SE with a normal-level user account (privilege level of 0) instead of an admin or admin-equivalent user account (privilege level of 15), that user must enter the admin password in order to access privileged-level EXEC mode. This requirement applies even if these users are using TACACS+ for login authentication.
ServiceEngine> enablePassword:Examples
The following example shows how to enable local and TACACS+ authentication and authorization, setting TACACS+ as the first method used and local as the secondary method to use if TACACS+ fails:
ServiceEngine(config)# authentication login tacacs enable primaryServiceEngine(config)# authentication login local enable secondaryServiceEngine(config)# authentication configuration local enable secondaryServiceEngine(config)# authentication configuration tacacs enable primaryThe following example shows the output of the show authentication user command:
ServiceEngine# show authentication userLogin Authentication: Console/Telnet Session----------------------------- -----------------------local enabled (secondary)radius disabledtacacs enabled (primary)Configuration Authentication: Console/Telnet Session----------------------------- -----------------------local enabled (secondary)radius disabledtacacs enabled (primary)Configuration Authentication: Console/Telnet Session----------------------------- -----------------------local enabled (secondary)radius enabled (tertiary)tacacs enabled (primary)The following example shows the output of the show authentication user command:
ServiceEngine# show authentication userLogin Authentication: Console/Telnet/Ftp/SSH Session----------------------------- ------------------------------local disabledRadius disabledTacacs+ disabledConfiguration Authentication: Console/Telnet/Ftp/SSH Session----------------------------- ------------------------------local disabledRadius disabledTacacs+ disabledThe following example shows the output of the show statistics authentication command:
ServiceEngine# show statistics authenticationAuthentication Statistics--------------------------------------Number of access requests: 37Number of access deny responses: 14Number of access allow responses: 23The following example shows how to enable local, TACACS+, and RADIUS authentication and authorization, setting TACACS+ as the first method used, local as the secondary method if the TACACS+ method fails, and RADIUS as the tertiary method if both local and TACACS+ fail:
ServiceEngine(config)# authentication login tacacs enable primaryServiceEngine(config)# authentication login local enable secondaryServiceEngine(config)# authentication login radius enable tertiaryServiceEngine(config)# authentication configuration tacacs enable primaryServiceEngine(config)# authentication configuration local enable secondaryServiceEngine(config)# authentication configuration radius enable tertiaryRelated Commands
authentication-check
To enable the checking of received packets on the corresponding level, use the authentication-check command in Intermediate System -to-Intermediate System (IS-IS) configuration mode. To disable the checking of received packets, use the no form of this command.
authentication-check {level-1 | level-2}
no authentication-check
Note
Syntax Description
level-1
Specifies authentication type for level-1 LSP, CSNP and PSNP.
level-2
Specifies authentication type for level-2 LSP, CSNP and PSNP.
Command Defaults
The default is On.
Command Modes
IS-IS configuration (config-isis) mode.
Usage Guidelines
This command enables and disables the checking of received packets on the corresponding level. When authentication-check is disabled, IS-IS adds authentication to the outgoing packets, but does not check authentication on incoming packets. This feature allows smooth transition of enabling authentication without disrupting the network operation.
Examples
The following example shows how to disable the checking of packets on a level-1:
ServiceRouter# configureServiceRouter(config)# router isisServiceRouter(config-isis)# no authentication-check level-1ServiceRouter(config-isis)#Related Commands
authentication key-chain
To specify the key chain to be used for the authentication for the corresponding level, use the authentication key-chain command in IS-IS configuration mode. To disable the authentication, use the no form of this command.
authentication key-chain name {level-1 | level-2}
no authentication key-chain name {level-1 | level-2}
Note
Syntax Description
name
Authentication key chain name.
level-1
Specifies authentication type for level-1 LSP, CSNP and PSNP.
level-2
Specifies authentication type for level-2 LSP, CSNP and PSNP.
Command Defaults
None
Command Modes
IS-IS configuration (config-isis) mode.
Usage Guidelines
If no key chain is configured with the authentication key-chain command, no key chain authentication is performed. Key chain authentication can apply to cleartext authentication or MD5 authentication. The mode is determined by the authentication mode command.
Only one authentication key chain is applied to IS-IS at one time. For example, if you configure a second authentication key-chain command, the first authentication key chain is overridden. You can specify authentication for an individual IS-IS interface by using the isis authentication key-chain command.
This command requires the Proximity Engine license.
A key chain string cannot exceed 63 characters.
Examples
The following example shows how to specify MD5 authentication for a level 1:
ServiceRouter# configureServiceRouter(config)# router isisServiceRouter(config-isis)# authentication key-chain my-key level-1ServiceRouter(config-isis)#Related Commands
authentication-type
To specify the cleartext or MD5 authentication for the corresponding level, use the authentication-type command in IS-IS configuration mode. To disable the authentication, use the no form of this command.
authentication-type {cleartext {level-1 | level-2} | md5 {level-1 | level-2}}
no authentication-type {cleartext {level-1 | level-2} | md5 {level-1 | level-2}}
Note
Syntax Description
Command Defaults
None
Command Modes
IS-IS configuration (config-isis) mode.
Usage Guidelines
You can specify the type of authentication and the level to which it applies for a single IS-IS interface, rather than per IS-IS instance, by using the authentication-type command.
You can specify authentication type for an individual IS-IS interface by using the isis authentication-type {cleartext | md5} [level-1 | level-2] interface configuration mode command.
This command requires the Proximity Engine license.
Examples
The following example shows how to specify MD5 authentication for a level 1:
ServiceRouter# configureServiceRouter(config)# router isisServiceRouter(config-isis)# authentication-type md5 level-1ServiceRouter(config-isis)#Related Commands
authsvr
To enable and configure the Authorization server, use the authsvr command in Global configuration mode. To disable the Authorization server, use the no form of this command.
authsvr {enable | location-server {primary ip addr port num | secondary ip addr port num} | unknown-server allow}
no authsvr {enable | location-server {primary ip addr port num | secondary ip addr port num} | unknown-server allow}
Syntax Description
Command Defaults
authsvr: enabled
unknown-server: blocked
Command Modes
Global configuration (config) mode.
Usage Guidelines
Changing the primary or secondary Geo-Location server configuration requires a restart of the authsvr for the configuration change to take effect. To restart the authsvr, disable it by entering the no authsvr enable and then re-enable it by entering the authsvr enable command.
Examples
The following example shows how to enable the Authorization server:
ServiceEngine(config)# authsvr enableAuthserver is enabledRelated Commands
bandwidth (Global configuration)
To set an allowable bandwidth usage limit and its duration for Cisco Streaming Engine Windows Media Technology (WMT) streaming media, use the bandwidth command in Global configuration mode. To remove individual options, use the no form of this command.
bandwidth {movie-streamer {incoming bandwidth | outgoing bandwidth {default | max-bandwidth start-time day hour end-time day hour} } | wmt {incoming bandwidth | outgoing bandwidth} }
no bandwidth {movie-streamer {incoming bandwidth | outgoing bandwidth {default | max-bandwidth start-time day hour end-time day hour} } | wmt {incoming bandwidth | outgoing bandwidth} }
Syntax Description
movie-streamer
Configures the maximum pacing bit rate, in kilobits per second (kbps), for the Movie Streamer.
incoming
Configures the duration of allowable incoming bandwidth settings for WMT.
bandwidth
Bandwidth size for the Movie Streamer, in kbps. The range is from 0 to 2147483647.
outgoing
Configures the duration of allowable outgoing bandwidth settings for WMT.
default
Specifies the default value for bandwidth if the scheduled bandwidth is not configured.
max-bandwidth
Specifies the maximum value of bandwidth, in kbps.
start-time
Specifies the start time for this bandwidth setting.
day
Day of the week.
hour
Time to start (hh:mm) (00 to 23:00 to 59)
end-time
Specifies the end time for this bandwidth setting.
wmt
Configures the duration of allowable bandwidth settings for WMT. For more information, see the "Configuring Incoming and Outgoing WMT Bandwidth" section.
Command Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
With the various types of traffic originating from a device, every type of traffic, such as streaming media, HTTP, and metadata, consumes network resources. Use the bandwidth command to limit the amount of network bandwidth used by the WMT streaming media.
The content services bandwidth includes the bandwidth allocation for WMT. WMT bandwidth settings apply to WMT streaming of live, cached, and prepositioned content.
For each type of bandwidth, you can specify the amount of bandwidth to be used for a particular time period. This type is called scheduled bandwidth. The default bandwidth is the amount of bandwidth associated with each content service type when there is no scheduled bandwidth. In centrally managed deployments (the SEs are registered with a CDSM), if the SE is assigned to a device group and no default bandwidth has been configured for the SE itself, the device group default bandwidth settings are applied. However, if the default bandwidth has been configured for the SE, then that setting overrides the device group settings. If the SE is a member of multiple device groups, the most recently updated default bandwidth settings are applied.
The maximum bandwidth specifies the upper limit for the allowable bandwidth. The total bandwidth configured for all content services must not exceed the bandwidth limits specified for any SE platform model in the Internet Streamer CDS network. In addition, the license keys configured for WMT further restrict the maximum bandwidth available for each SE model.
Configuring Incoming and Outgoing WMT Bandwidth
The bandwidth between the WMT proxy server (the SE) and the WMT client is called the WMT outgoing bandwidth.
The bandwidth between the WMT proxy and the origin streaming server is called the incoming bandwidth. Because the bandwidth from the edge to the outside IP WAN is limited, you must specify a per session limit (the maximum bit rate per request) for each service that is running on the SE and that consumes the incoming bandwidth (for example, the WMT streaming service), and an aggregate limit (the maximum incoming bandwidth.) You need to control the outgoing bandwidth based on the WMT license that is configured on the SE.
The bandwidth wmt outgoing and bandwidth incoming commands enable you to specify a WMT incoming and an outgoing bandwidth as follows:
•
If the specified outgoing bandwidth is above the limit specified by the WMT license, then a warning message is displayed. However, the specified outgoing bandwidth setting is applied to the SE because the outgoing bandwidth may be configured before the WMT licenses are enabled or an enabled WMT license may be changed to a higher value at a later time.
•
Related Commands
bandwidth (interface configuration)
To configure an interface bandwidth, use the bandwidth command in interface configuration mode. To restore default values, use the no form of this command.
bandwidth {10 | 100 | 1000}
no bandwidth {10 | 100 | 1000}
Syntax Description
10
Sets the bandwidth to 10 megabits per second (Mbps).
100
Sets the bandwidth to 100 Mbps.
1000
Sets the bandwidth to 1000 Mbps. This option is not available on all ports.
Command Defaults
None
Command Modes
Interface configuration (config-if) mode.
Usage Guidelines
The bandwidth is specified in Mbps. The 1000 Mbps option is not available on all ports. On an SE model that has an optical Gigabit Ethernet interface, you cannot change the bandwidth of this interface. Therefore, Gigabit Ethernet interfaces run only at 1000 Mbps. For newer models of the SE that have a Gigabit Ethernet interface over copper, this restriction does not apply; you can configure these Gigabit Ethernet interfaces to run at 10, 100, or 1000 Mbps.
You can configure the Gigabit Ethernet interface settings (bandwidth, and duplex settings) if the Gigabit-over-copper-interface is up or down. If the interface is up, it applies the specific interface settings. If the interface is down, the specified settings are stored and then applied when the interface is brought up. For example, you can specify any of the following commands for a Gigabit-over-copper-interface, which is currently down, and have these settings automatically applied when the interface is brought up:
ServiceEngine(config-if)#bandwidth 10ServiceEngine(config-if)#bandwidth 100ServiceEngine(config-if)#bandwidth 1000You cannot configure the Gigabit Ethernet interface settings on an optical Gigabit Ethernet interface.
Examples
The following example shows how to set an interface bandwidth to 10 Mbps:
ServiceEngine(config-if)# bandwidth 10The following example shows how to restore default bandwidth values on an interface:
ServiceEngine(config-if)# no bandwidthRelated Commands
interface
Configures a Gigabit Ethernet or port channel interface. Provides access to interface configuration mode.
banner
To configure the EXEC, login, and message-of-the-day (MOTD) banners, use the banner command in Global configuration mode. To disable the banner feature, use the no form of this command.
banner {enable | exec {message line | message_text} | login {message line | message_text} | motd {message line | message_text} }
no banner {enable | exec [message] | login [message] | motd [message] }
Syntax Description
Command Defaults
Banner support is disabled by default.
Command Modes
Global configuration (config) mode.
Usage Guidelines
You can configure the following three types of banners in any Internet Streamer CDS software device mode:
•
•
•
Note
After you configure the banners, enter the banner enable command to enable banner support on the SE. Enter the show banner command in EXEC configuration mode to display information about the configured banners.
Note
Examples
The following example shows how to enable banner support on the SE:
ServiceEngine(config)#banner enableThe following example shows how to use the banner motd message command to configure the MOTD banner. In this example, the MOTD message consists of a single line of text.
ServiceEngine(config)#banner motd message This is an Internet Streamer CDS 2.3 deviceThe following example shows how to use the banner motd message global command to configure a MOTD message that is longer than a single line. In this case, the SE translates the \n portion of the message to a new line when the MOTD message is displayed to the user.
ServiceEngine(config)#banner motd message "This is the motd message. \nThis is an Internet Streamer CDS 2.3 device\n"The following example shows how to use the banner login message command to configure a MOTD message that is longer than a single line. In this case, SE A translates the \n portion of the message to a new line in the login message that is displayed to the user.
ServiceEngine(config)#banner login message "This is login banner. \nUse your password to login\n"The following example shows how to use the banner exec command to configure an interactive banner. The banner exec command is similar to the banner motd message commands except that for the banner exec command, the banner content is obtained from the command-line input that the user enters after being prompted for the input.
ServiceEngine(config)# banner execPlease type your MOTD messages below and end it with '.' at beginning of line:(plain text only, no longer than 980 bytes including newline)This is the EXEC banner.\nUse your Internet Streamer CDS username and password to log in to this SE.\n.Message has 99 characters.ServiceEngine(config)#Assume that the SE has been configured with the MOTD, login, and EXEC banners as shown in the previous examples. When a user uses an SSH session to log in to the SE, the user sees a login session that includes a MOTD banner and a login banner that asks the user to enter a login password as follows:
This is the motd banner.This is an Internet Streamer CDS 2.3 deviceThis is login banner.Use your password to login.Cisco SEadmin@ce's password:After the user enters a valid login password, the EXEC banner is displayed, and the user is asked to enter the Internet Streamer CDS username and password as follows:
Last login: Fri Oct 1 14:54:03 2004 from clientSystem Initialization Finished.This is the EXEC banner.Use your Internet Streamer CDS username and password to log in to this SE.After the user enters a valid Internet Streamer CDS username and password, the SE CLI is displayed. The CLI prompt varies depending on the privilege level of the login account. In the following example, because the user entered a username and password that had administrative privileges (privilege level of 15), the EXEC configuration mode CLI prompt is displayed:
ServiceEngine#Related Commands
bitrate
To configure the maximum pacing bit rate for large files for the Movie Streamer and to separately configure WMT bit-rate settings, use the bitrate command in Global configuration mode. To remove the bit-rate settings, use the no form of this command.
bitrate {movie-streamer bitrate | wmt {incoming bitrate | outgoing bitrate} }
no bitrate {movie-streamer bitrate | wmt {incoming | outgoing} }
Syntax Description
Command Defaults
movie-streamer bitrate: 1500 kbps
wmt incoming bitrate: 0 (no limit)
wmt outgoing bitrate: 0 (no limit)
Command Modes
Global configuration (config) mode.
Usage Guidelines
The Internet Streamer CDS 2.x software includes the WMT proxy, which has the ability to cache on-demand media files when the user requests these files for the first time. All subsequent requests for the same file are served by the WMT proxy using the RTSP protocol. The WMT proxy can also live-split a broadcast, which causes only a single unicast stream to be requested from the origin server in response to multiple client requests for the stream.
The bit rate between the proxy and the origin server is called the incoming bit rate. Use the bitrate command to limit the maximum bit rate per session for large files. The bitrate wmt incoming and bitrate wmt outgoing commands enable you to specify a WMT incoming and outgoing per session bit rate as follows:
•
•
Note
Variable WMT Bit Rates
A content provider can create streaming media files at different bit rates to ensure that different clients who have different connections—for example, modem, DSL, or LAN—can choose a particular bit rate. The WMT caching proxy can cache multiple bit-rate files or variable bit-rate (VBR) files, and based on the bit rate specified by the client, it serves the appropriate stream. Another advantage of creating variable bit-rate files is that you only need to specify a single URL for the delivery of streaming media.
Note
Examples
The following example shows how to configure an incoming bit rate for the Movie Streamer:
ServiceEngine(config)# bitrate movie-streamer incoming 100The following example shows how to configure an incoming bit rate for a file sent using WMT. Use the show wmt command to verify that the incoming bit rate has been modified.
ServiceEngine(config)# bitrate wmt incoming 300000ServiceEngine(config)# exitServiceEngine# show wmt--------- WMT Server Configurations -----------------WMT is enabledWMT disallowed client protocols: noneWMT bandwidth platform limit: 1000000 Kbits/secWMT outgoing bandwidth configured is 500000 Kbits/secWMT incoming bandwidth configured is 500000 Kbits/secWMT max sessions configured: 14000WMT max sessions platform limit: 14000WMT max sessions enforced: 14000 sessionsWMT max outgoing bit rate allowed per stream has no limitWMT max incoming bit rate allowed per stream has no limitWMT cache is enabledWMT cache max-obj-size: 25600 MBWMT cache revalidate for each request is not enabledWMT cache age-multiplier: 30%WMT cache min-ttl: 60 minutesWMT cache max-ttl: 1 daysWMT debug client ip not setWMT debug server ip not setWMT accelerate live-split is enabledWMT accelerate proxy-cache is enabledWMT accelerate VOD is enabledWMT fast-start is enabledWMT fast-start max. bandwidth per player is 3500 (Kbps)WMT fast-cache is enabledWMT fast-cache acceleration factor is 5WMT maximum data packet MTU (TCP) enforced is 1472 bytesWMT maximum data packet MTU (UDP) is 1500 bytesWMT client idle timeout is 60 secondsWMT forward logs is enabledWMT server inactivity-timeout is 65535WMT Transaction Log format is Windows Media Services 4.1 loggingRTSP Gateway incoming port 554--------- WMT HTTP Configurations -------------------WMT http extensions allowed:asf none nsc wma wmv nsclog--------- WMT Proxy Configurations ------------------Outgoing Proxy-Mode:--------------------MMS-over-HTTP Proxy-Mode:is not configured.RTSP Proxy-Mode:is not configured. ServiceEngine#Related Commands
bootstrap-node
To configure a bootstrap node IP address, use the bootstrap-node Service Routing Protocol (SRP) configuration command.
To remove a bootstrap node address, use the no or default form of the command.
bootstrap-node ip-address
[no | default] bootstrap-node ip-address
Syntax Description
ip-address
Valid IP address for the bootstrap node. IP addresses 0.0.0.0 and 255.255.255.255 are not valid addresses for a bootstrap node.
Command Defaults
No bootstrap node address is configured.
Command Modes
SRP configuration (config-srp) mode.
Usage Guidelines
This command is used to set bootstrap nodes for an SRP. A Proximity Engine specifies one or more bootstrap nodes to join a DHT network. In a DHT network, the domain ID of the bootstrap nodes and the Proximity Engine must the same.
The first Proximity Engine in the network, which acts as the bootstrap node for others, does not have to configure the bootstrap node address itself. This is the only exception to configuring bootstrap nodes. All other nodes need to configure a bootstrap node address before they can join any network.
The no and default forms of the command remove a given bootstrap node from the list of available bootstrap nodes of a Proximity Engine. The port number for bootstrap node is 9000. The show srp process command lists configured bootstrap nodes.
A Proximity Engine cannot be its own bootstrap node. A maximum 25 bootstrap nodes are allowed.
Examples
The following example shows how to configure a bootstrap node address with the bootstrap-node command.
ServiceRouter# configure terminalEnter configuration commands, one per line. End with CNTL/Z.ServiceRouter(config)# router srpServiceRouter(config-srp)# bootstrap-node 192.168.6.91ServiceRouter(config-srp)# endServiceRouter#The following example shows how the show srp process command displays configured bootstrap nodes:
ServiceRouter# show srp processProcess:Domain: 0Node Id: 6b05858ab28345e62e9e614a48e1206445ec9ca0884fa0e827c1072f5fe8c5f5Port: 9000Interfaces running SRP:*GigabitEthernet 1/0Database Mirroring: Disabled# of storages requested for mirroring: 2# of storages used for mirroring : 1...ServiceRouter#Related Commands
domain
Sets the domain ID for the SRP.
router srp
Enters SRP configuration mode.
show srp process
Displays the basic configurations for SRP.
cache
To restrict the maximum number of contents in the CDS, use the cache command in Global configuration mode.
cache content max-cached-entries num
Syntax Description
content
Browses the CDNFS directories and files.
max-cached-entries
Cleans up the unwanted entries in the CDNFS.
num
Max cached entries. The range is from 1 to 10000000.
Command Defaults
The max-cached-entries default is 3000000 entries.
Command Modes
Global configuration (config) mode.
Usage Guidelines
The ucache process, also known as the cache content manager, manages the caching, storage, and deletion of content.
Previously, the Internet Streamer CDS software did not restrict adding new content to CDNFS as long as there was enough disk space for the asset. The cache content max-cached-entries command restricted the number of assets, but it was not a hard limit. New content was always added and the CDS would delete old content in attempt to keep within the limits configured. The CDS could actually have more content than the configured limit, because the process to delete content is slower than the process to add content. The same situation applies to disk-usage based deletion, where deletion occurs when 90 percent of the CDNFS is used.
In Cisco Internet Streamer CDS Release 2.5.9-b126 software, content addition is stopped at 105 percent of the maximum object count or 95 percent of the CDNFS capacity (disk usage). For example, if the maximum number of objects has been configured as 3,000,000 (which is the default value), the CDS starts deleting content if the object count reaches 3,000,000, but adding content is still allowed. Adding content stops when the maximum number of content objects reaches 3,150,000 (105 percent of 3,000,000), which allows time for the content deletion process to reduce the number of objects in the CDS to the configured limit. Adding content resumes only after the number of objects is 3,000,000 or less. The same logic applies to disk usage. The deletion process starts when disk usage reaches 90 percent, adding content stops when disk usage reaches 95 percent, and adding content resumes only after the disk usage percentage reaches 90 percent or less.
If adding content has been stopped because either the content count reached 105 percent of the limit or the disk usage reached 95 percent of capacity, a UCACHE BUSY error message is sent to the Web Engine, Windows Media Streaming, or Movie Streamer, and the protocol engine performs a cut-through or a bypass.
Note
Examples
The following example shows how to configure the cache content:
ServiceEngine# cache content max-cached-entries 1000The show cdnfs usage command shows the current status of whether the content is able to be cached or not. Following is an example of the output:
# show cdnfs usageTotal number of CDNFS entries : 2522634Total space : 4656.3 GBTotal bytes available : 4626.0 GBTotal cache size : 2.4 GBTotal cached entries : 2522634Cache-content mgr status : CachableUnits: 1KB = 1024B; 1MB = 1024KB; 1GB = 1024MBIf the maximum object count is reached, the following is displayed:
Cache-content mgr status : caching paused[ max count 105% of configured reached ]If the disk usage reaches more than 95 percent, the following is displayed:
Cache-content mgr status : caching paused[ disk max 95% of disk usage reached ]
Note
Related Commands
capability
To modify the capability configuration, use the capability command in Global configuration mode. To disable capability, use the no form of this command.
capability config profile number [add attrib {capability-url url | user-agent name} | description]
no capability config
Syntax Description
Command Defaults
None
Command Modes
Global configuration (config) mode.
Related Commands
cd
To change from one directory to another directory, use the cd command in EXEC configuration mode.
cd directoryname
Syntax Description
Command Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use this command to maneuver between directories and for file management. The directory name becomes the default prefix for all relative paths. Relative paths do not begin with a slash (/). Absolute paths begin with a slash (/).
Examples
The following example shows how to use a relative path:
ServiceEngine(config)# cd local1The following example shows how to use an absolute path:
ServiceEngine(config)# cd /local1Related Commands
cdn-select
To enable the CDN Selector for third-party service selection, use the cdn-select command in Global configuration mode. To disable the CDN Selector, use the no form of this command.
cdn-select enable
no cdn-select enable
Syntax Description
Command Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
The cdn-select command enables the CDN Selector, which provides a method to do third-party service selection based on parameters like content type and geographic location.
Examples
The following example shows how to enable the CDN Selector:
ServiceRouter(config)# cdn-select enableServiceRouter(config)#The following example shows how to disable the CDN Selector:
ServiceRouter(config)# no cdn-select enableServiceRouter(config)#Related Commands
cdnfs
To manage the Internet Streamer CDS network file system (CDNFS), use the cdnfs command in EXEC configuration mode.
cdnfs {browse | cleanup {info | start {force} | stop} database recover}
Syntax Description
Command Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The Internet Streamer CDS CDNFS stores the prepositioned Internet Streamer CDS network content to be delivered by all supported protocols. You can configure the CDNFS size of each SE using the disk configure command.
The cdnfs cleanup command cleans up the content of deleted channels from the acquisition and distribution database. In certain cases, the acquirer is not notified by the Centralized Management System (CMS) about deleted channels, and it fails to clear all unified name space (UNS) content. In such cases, the cdnfs cleanup command in EXEC configuration mode can be used to clean up all UNS content associated with deleted channels.
Note
The cdnfs browse command is an interactive command and has the following subcommands used to view Internet Streamer CDS network files and directories:
ServiceEngine# cdnfs browse------ CDNFS interactive browsing ------dir, ls: list directory contentscd,chdir: change current working directoryinfo: display attributes of a filemore: page through a filecat: display a fileexit,quit: quit CDNFS browse shell/>dirwww.gidtest.com//>cd www.gidtest.com/www.gidtest.com/>dir764 Bytes index.html/www.gidtest.com/>info index.htmlCDNFS File Attributes:Status 3 (Ready)File Size 764 BytesStart Time nullEnd Time nullLast-modified Time Sun Sep 9 01:46:40 2001Internal path to data file: /disk06-00/d/www.gidtest.com/05/05d201b7ca6fdd41d491eaec7cfc6f14.0.data.htmlnote: data file actual last-modified time: Tue Feb 15 00:47:35 2005/www.gidtest.com/>Because the CDNFS is empty in this example, the ls command does not show any results. Typically, if the CDNFS contains information, it lists the websites as directories, and file attributes and content could be viewed using these subcommands.
The cdnfs cleanup command synchronizes the state of the acquisition and distribution database with the content stored on the CDNFS. Use this command after replacing a failed disk drive.
The cdnfs database recover command must be run when the cdnfs_db_corrupt alarm is raised. This alarm is raised when the Total Cached entries is more than Total CDNFS entries in the output for the show cdnfs usage command:
ServiceEngine# show cdnfs usageTotal number of CDNFS entries : 202Total space : 5037.9 GBTotal bytes available : 5019.5 GBTotal cache size : 21.0 GBTotal cached entries : 218Cache-content mgr status : CachableUnits: 1KB = 1024B; 1MB = 1024KB; 1GB = 1024MBThis occurs generally when an internal bookkeeping file is corrupted. With the server in the offloading status, enter the cdnfs database recover command to remove this inconsistency, then reload the server.
Examples
The following example shows the output of the cdnfs cleanup info command:
ServiceEngine# cdnfs cleanup infoGathering cleanup information. This may take some time....(Use Ctrl+C or 'cdnfs cleanup stop' to interrupt)..............................Summary of garbage resource entries found-------------------------------------------Number of entries : 605Size of entries (KB) : 60820911The following example shows the output for the cdnfs database recover command:
ServiceEngine# cdnfs database recoverCDNFS database inconsistency issue found.CDNFS database recovery operation would impact existing and new client sessions.Recovering database would need device in offloaded state.Do you want to recover the CDNFS database now (y/n)?yRecovering CDNFS database. It may take few minutes.Please wait...CDNFS database recovery is complete. Please reload the device now.ServiceEngine# reloadProceed with reload?[confirm]yesShutting down all services, will timeout in 15 minutes.reload in progress ..Related Commands
show cdnfs
Displays the Internet Streamer CDS network file system information.
show statistics cdnfs
Displays the SE Internet Streamer CDS network file system statistics.
cdsm
To configure the Content Delivery System (CDSM) IP address to be used for the SEs or SRs, or to configure the role and GUI parameters on a CDSM device, use the cdsm command in Global configuration mode. To negate these actions, use the no form of this command.
cdsm {ip {hostname | ip-address | role {primary | standby} | ui port port-num} }
no cdsm {ip | role {primary | standby} | ui port}
Syntax Description
Command Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
You can use the cdsm ui port command to change the CDSM GUI port from the standard number 8443 as follows:
CDSM(config)# cdsm ui port 35535
Note
The cdsm ip command associates the device with the CDSM so that the device can be approved as a part of the network.
After the device is configured with the CDSM IP address, it presents a self-signed security certificate and other essential information, such as its IP address or hostname, disk space allocation, and so forth, to the CDSM.
Configuring Devices Inside a NAT
In an Internet Streamer CDS network, there are two methods for a device registered with the CDSM (SEs, SRs, or standby CDSM) to obtain configuration information from the primary CDSM. The primary method is for the device to periodically poll the primary CDSM on port 443 to request a configuration update. You cannot configure this port number. The backup method is when the CDSM pushes configuration updates to a registered device as soon as possible by issuing a notification to the registered device on port 443. This method allows changes to take effect in a timelier manner. You cannot configure this port number even when the backup method is being used. Internet Streamer CDS networks do not work reliably if devices registered with the CDSM are unable to poll the CDSM for configuration updates. Similarly, when a receiver SE requests content and content metadata from a forwarder SE, it contacts the forwarder SE on port 443.
All the above methods become complex in the presence of Network Address Translation (NAT) firewalls. When a device (SEs at the edge of the network, SRs, and primary or standby CDSMs) is inside a NAT firewall, those devices that are inside the same NAT use one IP address (the inside local IP address) to access the device and those devices that are outside the NAT use a different IP address (the inside global IP address) to access the device. A centrally managed device advertises only its inside local IP address to the CDSM. All other devices inside the NAT use the inside local IP address to contact the centrally managed device that resides inside the NAT. A device that is not inside the same NAT as the centrally managed device is not able to contact it without special configuration.
If the primary CDSM is inside a NAT, you can allow a device outside the NAT to poll it for getUpdate requests by configuring a static translation (inside global IP address) for the CDSM's inside local IP address on its NAT, and using this address, rather than the CDSM's inside local IP address, in the cdsm ip ip-address command when you register the device to the CDSM. If the SE or SR is inside a NAT and the CDSM is outside the NAT, you can allow the SE or SR to poll for getUpdate requests by configuring a static translation (inside global IP address) for the SE or SIR's inside local address on its NAT and specifying this address in the Use IP Address field under the NAT Configuration heading in the Device Activation window.
Note
Standby CDSMs
The Cisco Internet Streamer CDS software implements a standby CDSM. This process allows you to maintain a copy of the Internet Streamer CDS network configuration. If the primary CDSM fails, the standby can be used to replace the primary.
For interoperability, when a standby CDSM is used, it must be at the same software version as the primary CDSM to maintain the full CDSM configuration. Otherwise, the standby CDSM detects this status and does not process any configuration updates that it receives from the primary CDSM until the problem is corrected.
Note
Switching a CDSM from Warm Standby to Primary
If your primary CDSM becomes inoperable for some reason, you can manually reconfigure one of your warm standby CDSMs to be the primary CDSM. Configure the new role by using the Global configuration cdsm role primary command as follows:
ServiceEngine# configureServiceEngine(config)# cdsm role primaryThis command changes the role from standby to primary and restarts the management service to recognize the change.
Note
If you switch a warm standby CDSM to primary while your primary CDSM is still online and active, both CDSMs detect each other, automatically shut themselves down, and disable management services. The CDSMs are switched to halted, which is automatically saved in flash memory.
Examples
The following example shows how to configure an IP address and a primary role for a CDSM:
CDSM(config)# cdsm ip 10.1.1.1CDSM(config)# cdsm role primaryThe following example shows how to configure a new GUI port to access the CDSM GUI:
CDSM(config)# cdsm ui port 8550The following example shows how to configure the CDSM as the standby CDSM:
CDSM(config)# cdsm role standbySwitching CDSM to standby will cause all configuration settings made on this CDSMto be lost.Please confirm you want to continue [ no ] ?yesRestarting CMS servicesThe following example shows how to configure the standby CDSM with the IP address of the primary CDSM by using the cdsm ip ip-address command. This command associates the device with the primary CDSM so that it can be approved as a part of the network.
CDSM# cdsm ip 10.1.1.1clear cache
To clear the HTTP object cache use the clear command in EXEC configuration mode.
clear cache [all | content 1-1000000 | flash-media-streaming]
Syntax Description
Command Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The clear cache command removes all cached contents from the currently mounted cache volumes. Objects being read or written are removed when they stop being busy.
Caution
clear content
To clear the content of a Uniform Resource Locator (URL), use the clear content command in EXEC configuration mode.
clear content url url
Syntax Description
Command Defaults
None
Command Modes
EXEC configuration mode.
Examples
The following example shows how to clear the content URL:
1.
ServiceEngine# show cacheMax-cached-entries is set as 10000000Number of cal cached assets: 10------------------------------------------------Priority Size URL------------------------------------------------1.87390e+01 64000 http://7.1.200.200/file-19615031.87390e+01 64000 http://7.1.200.200/file-19615481.87390e+01 64000 http://7.1.200.200/file-19614501.87390e+01 64000 http://7.1.200.200/file-19614951.87390e+01 64000 http://7.1.200.200/file-19615401.87390e+01 64000 http://7.1.200.200/file-19613991.87390e+01 64000 http://7.1.200.200/file-19613491.87390e+01 64000 http://7.1.200.200/file-19613951.87390e+01 64000 http://7.1.200.200/file-19613021.87390e+01 64000 http://7.1.200.200/file-1961575ServiceRouter#2.
ServiceEngine# clear content url http://7.1.200.200/file-19615033.
ServiceEngine# show cacheMax-cached-entries is set as 10000000Number of cal cached assets: 10------------------------------------------------Priority Size URL------------------------------------------------1.87390e+01 64000 http://7.1.200.200/file-19615481.87390e+01 64000 http://7.1.200.200/file-19614501.87390e+01 64000 http://7.1.200.200/file-19614951.87390e+01 64000 http://7.1.200.200/file-19615401.87390e+01 64000 http://7.1.200.200/file-19613991.87390e+01 64000 http://7.1.200.200/file-19613491.87390e+01 64000 http://7.1.200.200/file-19613951.87390e+01 64000 http://7.1.200.200/file-19613021.87390e+01 64000 http://7.1.200.200/file-19615751.87390e+01 64000 http://7.1.200.200/file-1961529ServiceEngine#clear ip
To clear the IP configuration, use the clear ip command in EXEC configuration mode.
On the SE:
clear ip access-list counters [acl-num | acl-name]
On the SR:
clear ip access-list counters [acl-num | acl-name] | bgp {ip address | all} | ospf {neighbor {all | GigabitEthernet slot/port num | PortChannel num } | rspf route [router-id} | traffic}
Syntax Description
access-list
Clears the IP access list statistical information.
counters
Clears the IP access list counters.
acl-name
(Optional) Counters for the specified access list, identified using an alphanumeric identifier up to 30 characters, beginning with a letter.
acl-num
(Optional) Counters for the specified access list, identified using a numeric identifier (standard access list: 1 to 99; extended access list: 100 to 199).
bgp
Clears the BGP1 neighbors.
all
Specifies that all current BGP sessions are reset.
ip-address
Specifies that only the identified BGP neighbor is reset.
ospf
Clears the OSPF2 tables.
neighbor
Neighbor statistics per interface.
all
Clears all neighbors.
GigabitEthernet
Selects a GigabitEthernet interface.
slot/port num
Slot and port number for the selected interface. The slot range is 0 to 14, and the port is 0. The slot number and port number are separated with a forward slash character (/).
PortChannel
Selects the Ethernet Channel of interfaces.
num
Specifies the Ethernet Channel interface number. The range is from 1 to 4.
rspf
OSPF rspf.
route
Internal OSPF rspf routes.
router-id
(Optional) Specifies the ID of a router for clear routing information.
traffic
OSPF traffic counters.
1 BGP = Border Gateway Protocol
2 OSPF = Open Shortest Path First
Command Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use the clear ip bgp command whenever any of the following changes occur:
•
•
•
•
Examples
The clear ip bgp all command is used to clear all routes in the local routing table. In the following example, the Proximity Engine has only one neighbor, 192.168.86.3:
ServiceRouter# clear ip bgp allServiceRouter# show ip bgp summaryBGP router identifier 172.20.168.47, local AS number 23BGP table version is 815342, IPv4 Unicast config peers 2, capable peers 14021 network entries and 4021 paths using 852452 bytes of memoryBGP attribute entries [ 7/1120 ] , BGP AS path entries [ 0/0 ]BGP community entries [ 0/0 ] , BGP clusterlist entries [ 0/0 ]Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd192.168.86.3 4 23 172 8 0 0 0 00:00:04 ClosingServiceRouter# show ip bgp summaryBGP router identifier 172.20.168.47, local AS number 23BGP table version is 815342, IPv4 Unicast config peers 2, capable peers 14021 network entries and 4021 paths using 852452 bytes of memoryBGP attribute entries [ 7/1120 ] , BGP AS path entries [ 0/0 ]BGP community entries [ 0/0 ] , BGP clusterlist entries [ 0/0 ]Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd192.168.86.3 4 23 172 8 0 0 0 00:00:06 IdleServiceRouter# show ip bgp summaryBGP router identifier 172.20.168.47, local AS number 23BGP table version is 815342, IPv4 Unicast config peers 2, capable peers 14021 network entries and 4021 paths using 852452 bytes of memoryBGP attribute entries [ 7/1120 ] , BGP AS path entries [ 0/0 ]BGP community entries [ 0/0 ] , BGP clusterlist entries [ 0/0 ]Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd192.168.86.3 4 23 218 11 25680 0 19 00:00:06 8516ServiceRouter#The following example shows how to clear OSPF of all neighbors:
ServiceRouter# clear ip ospf neighbor *ServiceRouter#The following example shows how to clear OSPF of all neighbors in the GigabitEthernet 1/0 interface:
ServiceRouter# clear ip ospf neighbor GigabitEthernet 1/0ServiceRouter#The following example shows how to clear OSPF RSPF information for all routers:
ServiceRouter# clear ip ospf rspf routeServiceRouter#The following example shows how to clear OSPF RSPF information for the router with the ID 172. 20.168.41:
ServiceRouter# clear ip ospf rspf route 172.20.168.41ServiceRouter#clear isis
To clear IS-IS Routing for an IP, use the clear isis command in EXEC configuration mode.
clear isis {adjacency {all | GigabitEthernet slot/port num | PortChannel num } | ip rspf route [ LSP-ID ] }
Syntax Description
adjacency
Clears the IS-IS adjacency information.
all
Clears IS-IS adjacencies on all interfaces.
GigabitEthernet
Selects a GigabitEthernet interface.
slot/port num
Slot and port number for the selected interface. The slot range is 0 to 14; the port is 0. The slot number and port number are separated with a forward slash character (/).
PortChannel
Selects the Ethernet Channel of interfaces.
num
Specifies the Ethernet Channel interface number. The range is from 1 to 4.
ip
IS-IS IP information.
rspf
IS-IS Reverse SPF1 routing information.
route
Specifies the IS-IS route.
LSP_ID
(Optional) Clears information for LSPs2 ID in the form of xxxx.xxxx.xxxx.xxxx or name.
1 SPF = Shortest Path First
2 LSP = link-state packet
Command Defaults
If no LSP ID is specified in the clear isis ip rspf route command, IS-IS RSPF information is cleared for all LSP IDs.
Command Modes
EXEC configuration mode.
Usage Guidelines
The clear isis ip rspf route command is used to clear IS-IS RSPF routing information. IS-IS RSPF routing information is displayed only with the show isis ip rspf route command when a new proximity request has been received.
Examples
The following is sample output from the show isis adjacency command before and after running the clear isis adjacency command:
ServiceRouter# show isis adjacencyIS-IS adjacency database:System ID SNPA Level State Hold Time Interface0200.c0a8.5401 0000.a1e8.e019 1 UP 00:00:21 GigabitEthernet 3/07301-7-core 001d.a1e9.c41b 1 UP 00:00:08 GigabitEthernet 3/07301-7-core 001d.a1e9.c41b 2 UP 00:00:08 GigabitEthernet 3/0ServiceRouter#ServiceRouter# clear isis adjacency *ServiceRouter# show isis adjacencyIS-IS adjacency database:System ID SNPA Level State Hold Time Interface7301-7-core 001d.a1e9.c41b 1 UP 00:00:09 GigabitEthernet 3/07301-7-core 001d.a1e9.c41b 2 UP 00:00:09 GigabitEthernet 3/0ServiceRouter#ServiceRouter# show isis adjacencyIS-IS adjacency database:System ID SNPA Level State Hold Time Interface7301-7-core 001d.a1e9.c41b 1 UP 00:00:08 GigabitEthernet 3/07301-7-core 001d.a1e9.c41b 2 UP 00:00:07 GigabitEthernet 3/0ServiceRouter#ServiceRouter# show isis adjacencyIS-IS adjacency database:System ID SNPA Level State Hold Time Interface0200.c0a8.5401 0000.a1e8.e019 1 UP 00:00:31 GigabitEthernet 3/07301-7-core 001d.a1e9.c41b 1 UP 00:00:10 GigabitEthernet 3/07301-7-core 001d.a1e9.c41b 2 UP 00:00:08 GigabitEthernet 3/0ServiceRouter#The following is a sample from the show isis ip rspf route command before and after running the show isis ip rspf route command:
ServiceRouter# show isis ip rspf routeLSP ID SPF Time Cache Hit Level Age Max range0200.c0a8.0a01.00-00 3d22h 0 1 3d22h 10ServiceRouters# clear isis ip rspf routeServiceRouter# show isis ip rspf routeLSP ID SPF Time Cache Hit Level Age Max rangeRelated Commands
show isis adjacency
Displays IS-IS adjacencies.
show isis ip rspf route
Displays the Intermediate IS-IS RSPF route for IS-IS learned routes.
clear logging
To clear the syslog messages saved in the disk file, use the clear logging command in EXEC configuration mode.
clear logging
Syntax Description
This command has no keywords or arguments.
Command Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The clear logging command removes all current entries from the syslog.txt file, but does not make an archive of the file. It puts a "Syslog cleared" message in the syslog.txt file to indicate that the syslog has been cleared, as shown in the following example:
Feb 14 12:17:18 ServiceEngine# exec_clear_logging:Syslog clearedExamples
The following example shows how to clear the syslogs:
ServiceRouter# clear loggingU11-CDE220-2#clear service-router
To clear the proximity-based routing proximity cache , use the clear service-router command in EXEC configuration mode.
clear service-router proximity-based-routing proximity-cache
Syntax Description
Command Defaults
Clears the cache for all proximity ratings.
Command Modes
EXEC configuration mode.
Usage Guidelines
When an SR receives a redirect request from a client network 1 with proximity-based routing enabled, the SR queries the proximity server for the proximity rating of the SEs. The ratings returned from the proximity server are cached, and the default timeout for the cache is 1800 seconds . If there is any network or proximity rating change within this period, the SR does not know as it redirects based on the ratings cached for that network. The clear service-router command is used to force clear cache.
Examples
The following example shows how to clear the Service Router.
ServiceRouter# clear service-router proximity-based-routing proximity-cacheServiceRouter#Related Commands
clear srp database offline
To clear the SRP database while it is offline, use the clear srp database offline command in privileged EXEC mode.
clear srp database offline
Syntax Description
This command has no keywords or arguments.
Command Defaults
None
Command Modes
Privileged EXEC configuration mode.
Usage Guidelines
The clear srp database offline command is used to clear the SRP database while it is offline.
Note
Examples
The following example shows how to clear the SRP database offline:
ServiceRouter# clear srp database offlineClearing database offlineServiceRouter#Related Commands
show srp database
Displays the descriptor-related information saved in the descriptor database.
show srp multicast database
Displays multicast database information.
clear srp descriptor
To delete either a single descriptor or all descriptors from the service routing layer, use the clear srp descriptor command in privileged EXEC mode.
clear srp descriptor key
Syntax Description
key
The DHT key in hexadecimal format for the descriptor to be deleted. A valid DHT key has 1 to 64 hexadecimal digits.
Command Defaults
None
Command Modes
Privileged EXEC configuration mode.
Usage Guidelines
The clear srp descriptor command is used to delete a single descriptor in the descriptor database. The delete operation deletes the descriptor at the descriptor root node (which may not necessarily be the local Proximity Engine). Therefore, the descriptor is deleted from the entire network.
Note
A valid DHT key must be specified in key to identify the descriptor that is deleted. Keys with less than 64 hexadecimal characters are appended with zeroes.
Deleting a nonexistent descriptor or a descriptor that does not appear in the descriptor database of the Proximity Engine results in an error message stating that the DHT key does not exist.
Examples
The following example shows how use the clear srp descriptor command to delete a descriptor with key 123. After the deletion, the show srp database command is used to verify that the descriptor has been deleted.
ServiceRouter# clear srp descriptor 123ServiceRouter# show srp database 123Getting database entry for123Entity key:
1230000000000000000000000000000000000000000000000000000000000000
Entity was DELETED on (47b4269b599afa86) Thu Feb 14 11:31:39 2008
Related Commands
show srp database
Displays the descriptor-related information saved in the descriptor database.
show srp multicast database
Displays multicast database information.
clear srp neighbor
To remove a neighbor Proximity Engine from the neighbor list of the local Proximity Engine, use the clear srp neighbor command in privileged EXEC mode.
clear srp neighbor key
Syntax Description
key
The DHT key in hexadecimal format for the node to be removed from the neighbor list. A valid DHT key has 1 to 64 hexadecimal digits.
Command Defaults
None
Command Modes
Privileged EXEC configuration mode.
Usage Guidelines
The clear srp neighbor command is used to delete a single neighbor in the service routing layer from the local Proximity Engine neighbor list. After a small interval, the neighbor list is refreshed and the deleted neighbor may be included in the neighbor list again if it is still a neighbor of the local Proximity Engine in the service routing layer.
A valid DHT key should be specified in key to identify the neighbor. Keys with less than 64 hexadecimal characters are appended with zeroes.
If you attempt to delete a neighbor that does not appear in the neighbor list of the local Proximity Engine, clear srp neighbor displays an error message stating that the neighbor could not be found.
Examples
The following example shows how to use Proximity Engine sn-sj85 with one neighbor sn-sj81 as seen in the following show srp neighbor command output. The neighbor sn-sj81 is also in the leafset of sn-sj85 as can be seen in the show srp leafset output. All commands are issued from Proximity Engine sn-sj85.
ServiceRouter# show srp neighborCodes: T - local node, L - leafset, P - primary, S - secondary, B - backupI - Intransitive, D - delay, H - hold timeNumber of neighbors in the database: 1PL 8886822171add71887d54107c266d814b605eaa0d5cc9b54b9160a137f4355d1via sn-sj81 [ 172.20.168.81 ] :9000, D=0.389864 ms,H=00:00:09ServiceRouter# show srp leafsetCodes: T - local node, L - leafset, P - primary, S - secondary, B - backupI - Intransitive, W - wrappedLeafset count: total 3, left 1, right 1PL 8886822171add71887d54107c266d814b605eaa0d5cc9b54b9160a137f4355d1via sn-sj81 [ 172.20.168.81 ] :9000, 0.389864 ms, 00:00:08T 9f752f56f347ca8fcc40a4e09b645f9b4c9b71c73401083f4c04920b30215b0avia sn-sj85 [ 172.20.168.85, 192.168.20.85, 192.168.86.85 ] :9000WPL 8886822171add71887d54107c266d814b605eaa0d5cc9b54b9160a137f4355d1via sn-sj81 [ 172.20.168.81 ] :9000, 0.389864 ms, 00:00:08The clear srp neighbor command is used to remove sn-sj81 from the neighbor list.
ServiceRouter# clear srp neighbor sn-sj81:9000Clearing neighbor sn-sj81:9000Neighbor is found and clearedFinally, the show srp neighbor and show srp leafset commands are issued again and show the following:
•
ServiceRouter# show srp neighborCodes: T - local node, L - leafset, P - primary, S - secondary, B - backupI - Intransitive, D - delay, H - hold timeNumber of neighbors in the database: 1I 8886822171add71887d54107c266d814b605eaa0d5cc9b54b9160a137f4355d1via sn-sj81 [ 172.20.168.81 ] :9000, D=0.000 ms,H=00:00:07•
ServiceRouter# show srp leafsetCodes: T - local node, L - leafset, P - primary, S - secondary, B - backupI - Intransitive, W - wrappedLeafset count: total 1, left 0, right 0T 9f752f56f347ca8fcc40a4e09b645f9b4c9b71c73401083f4c04920b30215b0avia sn-sj85 [ 172.20.168.85, 192.168.20.85, 192.168.86.85 ] :9000ServiceRouter# #The following example shows how to use the clear srp resource command to delete a resource having resource ID 456 from a descriptor with the key 123. The show srp database command is used to verify that the resource exists before the delete operation and that it has been deleted after the delete operation.
ServiceRouter# show srp database 123Getting database entry for123Entity key:1230000000000000000000000000000000000000000000000000000000000000Entity rec type: 101 Entity total length: 175Entity type: 38b73479 Entity flags: 0--------------- Element 0 (main)-----------------Element ID: mainElement total len 49 ID len: 0Delete Time: 47b426ca5c706042Flags 0Last Update: Thu Feb 14 11:38:59 2008 (47b42853902a02b6)Expiration : Sat Mar 15 11:38:59 2008 (47dbb553902a0000)Element data len: 9Element data:mycontent--------------- Element 1 (comp)-----------------Element ID: "456"(343536)Element total len 54 ID len: 3Last Update: Thu Feb 14 11:39:27 2008 (47b4286f0ad1055a)Expiration : Sat Mar 15 11:39:27 2008 (47dbb56f0ad10000)Element data len: 11Element data:newResourceServiceRouter# clear srp resource 123 456ServiceRouter# show srp database 123Getting database entry for123Entity key:1230000000000000000000000000000000000000000000000000000000000000Entity rec type: 101 Entity total length: 113Entity type: 38b73479 Entity flags: 0--------------- Element 0 (main)-----------------Element ID: mainElement total len 49 ID len: 0Delete Time: 47b426ca5c706042Flags 0Last Update: Thu Feb 14 11:38:59 2008 (47b42853902a02b6)Expiration : Sat Mar 15 11:38:59 2008 (47dbb553902a0000)Element data len: 9Element data:mycontentServiceRouter#Related Commands
show srp leafset
Displays SRP leafset information.
show srp neighbors
Displays SRP neighbor information.
clear srp resource
To delete a resource from a descriptor in the service routing layer, use the clear srp resource command in privileged EXEC mode.
clear srp resource key
Syntax Description
key
The DHT key in hexadecimal format for the descriptor from which the resource will be deleted. A valid DHT key has 1 to 64 hexadecimal digits.
Command Defaults
None
Command Modes
Privileged EXEC configuration mode.
Usage Guidelines
The clear srp resource command is used to delete a resource from a descriptor in the service routing layer. Resources can be added to and deleted from any descriptor that exists in the descriptor database.
A valid DHT key must be specified in key to identify the descriptor from which a resource is deleted. Keys with less than 64 hexadecimal characters are appended with zeroes. If you attempt to delete a resource from a nonexistent descriptor, clear srp resource displays an error stating that the DHT key does not exist. Deleting a nonexistent resource has no impact, and no error warning is generated.
Examples
The following example shows how to use clear srp resource to delete a resource, newResource, having resource ID 456 from a descriptor with the key 123. The show srp database command is used to verify that the resource exists before the delete operation and that it has been deleted after the delete operation.
ServiceRouter# show srp database 123Getting database entry for123Entity key:1230000000000000000000000000000000000000000000000000000000000000Entity rec type: 101 Entity total length: 175Entity type: 38b73479 Entity flags: 0--------------- Element 0 (main)-----------------Element ID: mainElement total len 49 ID len: 0Delete Time: 47b426ca5c706042Flags 0Last Update: Thu Feb 14 11:38:59 2008 (47b42853902a02b6)Expiration : Sat Mar 15 11:38:59 2008 (47dbb553902a0000)Element data len: 9Element data:mycontent--------------- Element 1 (comp)-----------------Element ID: "456"(343536)Element total len 54 ID len: 3Last Update: Thu Feb 14 11:39:27 2008 (47b4286f0ad1055a)Expiration : Sat Mar 15 11:39:27 2008 (47dbb56f0ad10000)Element data len: 11Element data:newResourceServiceRouter# clear srp resource 123 456ServiceRouter# show srp database 123Getting database entry for123Entity key:1230000000000000000000000000000000000000000000000000000000000000Entity rec type: 101 Entity total length: 113Entity type: 38b73479 Entity flags: 0--------------- Element 0 (main)-----------------Element ID: mainElement total len 49 ID len: 0Delete Time: 47b426ca5c706042Flags 0Last Update: Thu Feb 14 11:38:59 2008 (47b42853902a02b6)Expiration : Sat Mar 15 11:38:59 2008 (47dbb553902a0000)Element data len: 9Element data:mycontentServiceRouter#Related Commands
clear srp route
To delete a single route entry from the DHT routing table of the local Proximity Engine, use the clear srp route command in privileged EXEC mode.
clear srp route prefix/length
Syntax Description
prefix
The prefix of the DHT key of the route entry to delete.
length
The length of the prefix (in multiples of 4).
Command Defaults
None
Command Modes
Privileged EXEC configuration mode.
Usage Guidelines
The clear srp route command deletes a single routing table entry from the local DHT routing table. Similar to other routing protocols, the DHT routing table entries consist of a prefix and length that index the DHT ID of the next-hop Proximity Engine. A valid DHT key prefix (1 to 64 hexadecimal characters) and valid prefix length (multiples of four) must be supplied to identify the neighbor to be deleted.
The clear srp route command provides a manual way to delete routing table entries. After a small interval, the DHT routing table is refreshed and the deleted next-hop Proximity Engine may be included in the DHT routing table again if it is still a viable neighbor.
The clear srp route command can be used to test the presence and persistence of neighbors. Deleting a routing entry that does not exist results in an error message.
Examples
In the following example, Proximity Engine sn-sj85 has four routing table entries. The example shows how to use the clear srp route command to clear the routing table entry that has 8/4 as its prefix/length. The show srp route command is used to verify the deletion of the route.
ServiceRouter# show srp routeCodes: T - local node, L - leafset, P - primary, S - secondary, B - backupI - IntransitivePL 8/4 via 8886822171add71887d54107c266d814b605eaa0d5cc9b54b9160a137f4355d1sn-sj81 [ 172.20.168.81 ] :9000, 0.389525 ms, 00:00:08PL a/4 via ad3a659121442210a68b79348e9a42eaebfb229f388afb2628fa871f26bc750csn-sj67 [ 172.20.168.67, 192.168.20.41, 192.168.20.44, 192.168.22.41, 192.168.22.42 ] :9000, 1.825903 ms, 00:00:09PL b/4 via b5ca21563f5b938e46e2cb8f33a148ae00a1f6666f2a5eb735b7ed90c012c882sn-sj82 [ 172.20.168.82 ] :9000, 0.333920 ms, 00:00:08PL d/4 via d2fc632c53c9ff1de8683e265386b09502791aedd65f28025fe7f64ad8cab2d9sn-sj87 [ 172.20.168.87 ] :9000, 0.642357 ms, 00:00:09ServiceRouter# clear srp route 8/4Clearing entry 8/4The entry is found and clearedServiceRouter# show srp routeCodes: T - local node, L - leafset, P - primary, S - secondary, B - backupI - IntransitivePL a/4 via ad3a659121442210a68b79348e9a42eaebfb229f388afb2628fa871f26bc750csn-sj67 [ 172.20.168.67, 192.168.20.41, 192.168.20.44, 192.168.22.41, 192.168.22.42 ] :9000, 1.846593 ms, 00:00:09PL b/4 via b5ca21563f5b938e46e2cb8f33a148ae00a1f6666f2a5eb735b7ed90c012c882sn-sj82 [ 172.20.168.82 ] :9000, 0.333920 ms, 00:00:09PL d/4 via d2fc632c53c9ff1de8683e265386b09502791aedd65f28025fe7f64ad8cab2d9sn-sj87 [ 172.20.168.87 ] :9000, 0.572056 ms, 00:00:09ServiceRouter#Related Commands
show srp route
Displays route information for a Proximity Engine to its neighbor nodes on the same DHT network.
clear statistics
To clear the statistics, use the clear statistics command in EXEC configuration mode.
On the SE:
clear statistics {access-lists 300 | all | authentication | authsvr | distribution {all | metadata-receiver | metadata-sender | unicast-data-receiver | unicast-data-sender} | flash-media-streaming | history | icap | icmp | ip | movie-streamer | qos policy-service | radius | rule {action action-type | all | pattern {1-512 | all} | rtsp} | running | snmp | tacacs | tcp | transaction-logs | udp | web-engine [force] | web-engine [force] | wmt}
On the SR:
clear statistics {all | authentication | history | http requests | icmp | ip [ospf | proximity {rib | server}] | isis [GigabitEthernet slot/port num | PortChannel num] | radius | running | service-registry | service-router | snmp | srp | tacacs | tcp | udp}
Syntax Description
statistics
Clears the statistics as specified.
access-lists
Clears the ACL statistics.
300
Clears the group name-based ACL.
all
Clears all statistics.
authentication
Clears the authentication statistics.
authsvr
Clears the Authorization Server statistics.
distribution
Clears the distribution statistics.
all
Clears the distribution statistics for every component.
metadata-receiver
Clears the distribution statistics for the metadata receiver.
metadata-sender
Clears the distribution statistics for the metadata sender.
unicast-data-receiver
Clears the distribution statistics for the unicast data receiver.
unicast-data-sender
Clears the distribution statistics for the unicast data sender.
flash-media-streaming
Clears the Flash Media Streaming statistics.
history
Clears the statistics history.
icap
Clears the ICAP1 statistics.
icmp
Clears the ICMP statistics.
ip
Clears the IP statistics.
ospf
Clears the OSPF statistics.
proximity
Clears the proximity statistics.
rib
Clears the RIB proximity statistics.
server
Clears the Proximity Server statistics.
isis
Clears counters for an IS-IS instance.
GigabitEthernet
(Optional) Selects a GigabitEthernet interface.
slot/port num
Slot and port number for the selected interface. The slot range is 0 to 14; the port is 0. The slot number and port number are separated with a forward slash character (/).
PortChannel
(Optional) Selects the Ethernet Channel of interfaces.
num
Specifies the Ethernet Channel interface number (1 to 4).
movie-streamer
Clears the Movie Streamer statistics.
qos
Clears the QoS statistics.
policy-service
Specifies the Camiant cdn-am service.
radius
Clears the RADIUS statistics.
rule
Clears the rules statistics.
action
Clears the statistics of all the rules with the same action.
action-type
Specifies one of the following actions:
allow
block
generate-url-signature
no-cache
redirect
rewrite
use-icap-service
validate-url-signatureall
Clears the statistics of all the rules.
pattern
Clears the statistics of the pattern lists.
1-512
Pattern list number.
all
Clears the statistics for all the pattern lists.
rtsp
Clears the statistics for the configured RTSP rules (rules configured for RTSP requests from RealMedia players [the RTSP rules] and rules configured for RTSP requests from Windows Media 9 players [the WMT-RTSP rules] ).
running
Clears the running statistics.
snmp
Clears the SNMP statistics.
srp
Resets to zero all statistics counters kept by the local DHT service
tacacs
Clears the TACACS+ statistics.
tcp
Clears the TCP statistics.
transaction-logs
Clears the transaction log export statistics.
udp
Clears the UDP statistics.
web-engine
Clears the Web Engine statistics.
force
Clears the Web Engine detail statistics.
web-engine
Clears Web Engine statistics.
force
(Optional) Clears Web Engine detail statistics.
wmt
Clears all WMT statistics.
1 ICAP = Internet Content Adaptation Protocol
Command Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The clear statistics command clears all statistical counters from the parameters given. Use this command to monitor fresh statistical data for some or all features without losing cached objects or configurations.
This command is used to reset to zero proximity statistics related to the Proximity Engine components that are used for the proximity function. Use the show statistics ip proximity command to display proximity statistics.
The DHT service keeps several counters, such as the number of requests and responses for DHT lookups. These counters can be displayed using the show statistics srp command.
The clear statistics web-engine and clear statistics all commands clear only normal statistics, not the Web Engine statistics details. To clear all Web Engine statistics, use the clear statistics web-engine force command.
Note
Examples
The following example shows how to clear proximity statistics with the clear statistics ip proximity command:
ServiceRouter# clear statistics ip proximity serverServiceRouter# show statistics ip proximity serverProximity server: Requests received = 0Proximity server: Responses sent = 0Proximity server: Faults sent = 0ServiceRouter#ServiceRouter# show statistics ip proximity ribTotal number of proximity requests received from applications: 0Total number of proximity replies sent to applications: 0Proximity msg exchanges between urib and routing protocols:Sent Prox Req Received Prox Respisis-p1 0 0ospf-p1 0 0isis-p1-te 0 0ospf-p1-te 0 0bgp-123 0 0mbgp-123 0 0Local proximity requests from applications: 0Invalid proximity requests from applications: 0PSA non-rankable proximity requests from applications: 0Failed proximity requests to routing protocols: 0Failed PSA lookups: 0Failed PTA lookups: 0ServiceRouter#The following is sample output from the show statistics isis command before and after running clear statistics isis command:
ServiceRouter# show statistics isisIS-IS statistics:PDU Received Sent RcvAuthErr OtherRcvErrLAN-IIH 51 14 0 0P2P-IIH 0 0 0 0CSNP 67 0 0 0PSNP 0 0 0 0PDU Received Flooded RcvAuthErr OtherRcvErr ReTransmitLSP 69 4 0 0 0DIS elections: 10SPF calculations: 82LSPs sourced: 0LSPs refreshed: 8LSPs purged: 0ServiceRouter#ServiceRouter# clear statistics isis *ServiceRouter# show statistics isisIS-IS statistics:PDU Received Sent RcvAuthErr OtherRcvErrLAN-IIH 1 0 0 0P2P-IIH 0 0 0 0CSNP 4 0 0 0PSNP 0 0 0 0PDU Received Flooded RcvAuthErr OtherRcvErr ReTransmitLSP 1 0 0 0 0DIS elections: 0SPF calculations: 1LSPs sourced: 0LSPs refreshed: 0LSPs purged: 0ServiceRouter#The following example shows the use of the clear statistics srp command. The show statistics srp command is used to verify that the SRP counters have been reset to zero:
ServiceRouter# show statistics srpSent Received NeighborsJoin request 0 22 1Join response 22 0 0LS exchange request 309 310 0LS exchange response 310 309 0Route exchange request 65 0 0Route exchange response 0 64 0Ping request 410 412 1Ping response 412 410 0Lookup request 34 867 3Lookup response 867 34 0Ping traceroute request 0 0 0Ping traceroute response 0 0 0ServiceRouter# clear statistics srpClearing all statistics countersServiceRouter# show statistics srpSent Received NeighborsJoin request 0 0 0Join response 0 0 0LS exchange request 1 1 0LS exchange response 1 1 0Route exchange request 1 0 0Route exchange response 0 1 0Ping request 2 2 0Ping response 2 2 0Lookup request 0 2 0Lookup response 2 0 0Ping traceroute request 0 0 0Ping traceroute response 0 0 0ServiceRouter#Related Commands
clear transaction-logs
To clear and archive the working transaction log files, use the clear transaction-log command in EXEC configuration mode.
clear transaction-logs
Syntax Description
This command has no keywords or arguments.
Command Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The clear transaction-log command causes the transaction log to be archived immediately to the SE hard disk. This command has the same effect as the transaction-log force archive command.
Examples
The following example shows that the clear transaction-log command forces the working transaction log file to be archived:
ServiceEngine# clear transaction-logclear users
To clear the connections (login) of authenticated users, use the clear users command in EXEC configuration mode.
clear users administrative
Syntax Description
administrative
Clears the connections of administrative users who have been authenticated through a remote login service.
Command Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The clear users administrative command clears the connections for all administrative users who are authenticated through a remote login service, such as TACACS. This command does not affect an administrative user who is authenticated through the local database.
Examples
The following example shows how to clear the connections of the authenticated users:
ServiceRouter# clear users administrativeServiceRouter#clear wmt
To clear the WMT streams, use the clear wmt command in EXEC configuration mode.
clear wmt stream-id 1-999999
Syntax Description
Command Defaults
None
Command Modes
EXEC configuration mode.
Examples
The following example shows how to clear a WMT stream for a stream ID of 22689:
ServiceEngine# clear wmt stream-id 22689ServiceEngine#clock (EXEC)
To set or clear clock functions or update the calendar, use the clock command in EXEC configuration mode.
clock {read-calendar | set time day month year | update-calendar}
Syntax Description
Command Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
If you have an outside source on your network that provides time services (such as a Network Time Protocol [NTP] server), you do not have to set the system clock manually. Enter the local time when setting the clock. The SE calculates the Coordinated Universal Time (UTC) based on the time zone set by the clock timezone command.
Note
Note
Two clocks exist in the system: the software clock and the hardware clock. The software uses the software clock. The hardware clock is used only at bootup to initialize the software clock. The calendar clock is the same as the hardware clock that runs continuously on the system, even if the system is powered off or rebooted. This clock is separate from the software clock settings that are erased when the system is powered cycled or rebooted.
The set keyword sets the software clock. If the system is synchronized by a valid outside timing mechanism, such as a NTP clock source, you do not have to set the system clock. Use this command if no other time sources are available. The time specified in this command is relative to the configured time zone.
To perform a one-time update of the hardware clock (calendar) from the software clock or to copy the software clock settings to the hardware clock (calendar), use the clock update-calendar command.
Examples
The following example shows how to set the software clock on the SE:
ServiceEngine# clock set 13:32:00 01 February 2000Related Commands
clock timezone
Sets the clock timezone.
ntp
Configures the Network Time Protocol server.
show clock detail
Displays the UTC and local time.
clock (Global configuration)
To set the summer daylight saving time and time zone for display purposes, use the clock command in Global configuration mode. To disable this function, use the no form of this command.
clock {summertime timezone {date startday startmonth startyear starthour endday endmonth endyear offset | recurring {1-4 startweekday startmonth starthour endweekday endmonth endhour offset | first startweekday startmonth starthour endweekday endmonth endhour
offset | last startweekday startmonth starthour endweekday endmonth endhour offset } } | timezone {timezone hoursoffset minutesoffset} }no clock {summertime timezone {date startday startmonth startyear starthour endday endmonth endyear offset | recurring {1-4 startweekday startmonth starthour endweekday endmonth endhour offset | first startweekday startmonth starthour endweekday endmonth endhour
offset | last startweekday startmonth starthour endweekday endmonth endhour offset } } | timezone {timezone hoursoffset minutesoffset} }Syntax Description
summertime
Configures the summer or daylight saving time.
timezone
Name of the summer time zone.
date
Configures the absolute summer time.
startday
Date (1 to 31) to start.
startmonth
Month (January through December) to start.
startyear
Year (1993-2032) to start.
starthour
Hour (0 to 23) to start in (hh:mm) format.
endday
Date (1 to 31) to end.
endmonth
Month (January through December) to end.
endyear
Year (1993 to 2032) to end.
endhour
Hour (0 to 23) to end in (hh:mm) format.
offset
Minutes offset (see Table B-1) from Coordinated Universal Time (UTC) (0-59).
recurring
Configures the recurring summer time.
1-4
Configures the starting week number, the range is from 1 to 4.
first
Configures the summer time to recur beginning the first week of the month.
last
Configures the summer time to recur beginning the last week of the month.
startweekday
Day of the week (Monday to Friday) to start.
startmonth
Month (January to December) to start.
starthour
Hour (0 to 23) to start in hh:mm format.
endweekday
Weekday (Monday to Friday) to end.
endmonth
Month (January to December) to end.
endhour
Hour (0 to 23) to end in hour:minute (hh:mm) format.
offset
Minutes offset (see Table B-1) from UTC (0 to 59).
timezone
Configures the standard time zone.
timezone
Name of the time zone.
hoursoffset
Hours offset (see Table B-1) from UTC (-23 to +23).
minutesoffset
Minutes offset (see Table B-1) from UTC (0-59).
Command Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
To set and display the local and UTC current time of day without an NTP server, use the clock timezone command with the clock set command. The clock timezone parameter specifies the difference between UTC and local time, which is set with the clock set command in EXEC configuration mode. The UTC and local time are displayed with the show clock detail command in EXEC configuration mode.
Use the clock timezone offset command to specify a time zone, where timezone is the desired time zone entry from Table B-1 and 0 0 is the offset (ahead or behind) Coordinated Universal Time (UTC) in hours and minutes. UTC was formerly known as Greenwich Mean Time (GMT).
SE(config)# clock timezone timezone 0 0
Note
Note
The offset (ahead or behind) UTC in hours, as displayed in Table B-1, is in effect during winter time. During summer time or daylight saving time, the offset may be different from the values in the table and are calculated and displayed accordingly by the system clock.
Note
Examples
The following example shows how to specify the local time zone as Pacific Standard Time with an offset of 8 hours behind UTC:
ServiceEngine(config)# clock timezone PST -8Custom Timezone: PST will be used.The following example shows how to configure a standard time zone on the SE:
ServiceEngine(config)# clock timezone US/Pacific 0 0Resetting offset from 0 hour(s) 0 minute(s) to -8 hour(s) 0 minute(s)Standard Timezone: US/Pacific will be used.ServiceEngine(config)#The following example negates the time zone setting on the SE:
ServiceEngine(config)# no clock timezoneThe following example shows how to configure daylight saving time:
ServiceEngine(config)# clock summertime PDT date 10 October 2001 23:59 29 April 2002 23:59 60Related Commands
clock
To set the summer daylight saving time and time zone for display purposes.
show clock detail
Displays the UTC and local time.
cms (EXEC)
To configure the Centralized Management System (CMS) embedded database parameters, use the cms command in EXEC configuration mode.
cms {config-sync | database {backup | create | delete | downgrade [script filename] | maintenance {full | regular} | restore filename | validate} | deregister [force] | recover { identity word} }
Syntax Description
Command Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The CDS network is a collection of SR, SE, and CDSM nodes. One primary CDSM retains the CDS network settings and provides other CDS network nodes with updates. Communication between nodes occurs over secure channels using the Secure Shell Layer (SSL) protocol, where each node on the CDS network uses a Rivest, Shamir, Adelman (RSA) certificate-key pair to communicate with other nodes.
Use the cms config-sync command to enable registered SRs, SEs, and standby CDSM to contact the primary CDSM immediately for a getUpdate (get configuration poll) request before the default polling interval of 5 minutes. For example, when a node is registered with the primary CDSM and activated, it appears as Pending in the CDSM GUI until it sends a getUpdate request. The cms config-sync command causes the registered node to send a getUpdate request at once, and the status of the node changes as Online.
Use the cms database create command to initialize the CMS database. Before a node can join a CDS network, it must first be registered and then activated. The cms enable command automatically registers the node in the database management tables and enables the CMS. The node sends its attribute information to the CDSM over the SSL protocol and then stores the new node information. The CDSM accepts these node registration requests without admission control and replies with registration confirmation and other pertinent security information required for getting updates. Activate the node using the CDSM GUI.
Once the node is activated, it automatically receives configuration updates and the necessary security RSA certificate-key pair from the CDSM. This security key allows the node to communicate with any other node in the CDS network. The cms deregister command removes the node from the CDS network by deleting registration information and database tables.
Note
To back up the existing management database for the CDSM, use the cms database backup command. For database backups, specify the following items:
•
•
The naming convention for backup files includes the time stamp.
When you use the cms recover identity word command when recovering lost registration information, or replacing a failed node with a new node that has the same registration information, specify the device recovery key that you configured in the Modifying Config Property, System.device.recovery.key window of the CDSM GUI.
Use the lcm command to configure local or central management (LCM) on an CDS network device. The LCM feature allows settings configured using the device CLI or GUI to be stored as part of the CDS network-wide configuration data (enable or disable).
When you enter the cms lcm enable command, the CMS process running on SEs, SRs, and the standby CDSM detects the configuration changes that you made on these devices using CLIs and sends the changes to the primary CDSM.
When you enter the cms lcm disable command, the CMS process running on SEs, SRs, and the standby CDSM does not send the CLI changes to the primary CDSM. Settings configured using the device CLIs are not sent to the primary CDSM.
If LCM is disabled, the settings configured through the CDSM GUI overwrite the settings configured from the SE or SR; however, this rule applies only to those local device settings that have been overwritten by the CDSM when you have configured the local device settings. If you (as the local CLI user) change the local device settings after the particular configuration has been overwritten by the CDSM, the local device configuration is applicable until the CDSM requests a full-device statistics update from the SE or SR (clicking the Force full database update button from the Device Home window of the CDSM GUI triggers a full update). When the CDSM requests a full update from the device, the CDSM settings overwrite the local device settings.
The cms deregister force command should be used only as the last option, because the CDSM does not know about the device being removed. When executing the cms deregister force command, take note of any messages stating that the deregistration failed and make sure to resolve them before reregistering the device with the same CDSM or registering the device to another CDSM. The cms deregister force command forces the deregistration to continue.
Examples
The following example shows how to back up the database management tables:
CDSM# cms database backupcreating backup file with label `backup'backup file local1/CDS-db-9-22-2002-17-36.dump is ready. use `copy' commands to move the backup file to a remote host.The following example shows how to validate the database management tables:
CDSM# cms database validateManagement tables are validIn the following example, the CMS deregistration process has problems deregistering the SE, but it proceeds to deregister it from the CMS database when the force option is used:
ServiceEngine# cms deregister forceDeregistration requires management service to be stopped.You will have to manually start it. Stopping management service on this node...This operation needs to restart http proxy and streaming proxies/servers (if running) for memory reconfiguration. Proceed? [ no ] yesmanagement services stoppedThu Jun 26 13:17:34 UTC 2003 [ I ] main: creating 24 messagesThu Jun 26 13:17:34 UTC 2003 [ I ] main: creating 12 dispatchersThu Jun 26 13:17:34 UTC 2003 [ I ] main: sending eDeRegistration message to CDSM 10.107.192.168...ServiceEngine#The following example shows the use of the cms recover identity command when the recovery request matches the SE record, and the CDSM updates the existing record and sends a registration response to the requesting SE:
ServiceEngine# cms recover identity defaultRegistering this node as Service Engine...Sending identity recovery request with key defaultThu Jun 26 12:54:42 UTC 2003 [ I ] main: creating 24 messagesThu Jun 26 12:54:42 UTC 2003 [ I ] main: creating 12 dispatchersThu Jun 26 12:54:42 UTC 2003 [ I ] main: Sending registration message to CDSM 10.107.192.168Thu Jun 26 12:54:44 UTC 2003 [ W ] main: Unable to load device info file in TestServerThu Jun 26 12:54:44 UTC 2003 [ I ] main: Connecting storeSetup for SE.Thu Jun 26 12:54:44 UTC 2003 [ I ] main: Instantiating AStore 'com.cisco.unicorn.schema.PSqlStore'...Thu Jun 26 12:54:45 UTC 2003 [ I ] main: Successfully connected to databaseThu Jun 26 12:54:45 UTC 2003 [ I ] main: Registering object factories for persistent store...Thu Jun 26 12:54:51 UTC 2003 [ I ] main: Dropped Sequence IDSET.Thu Jun 26 12:54:51 UTC 2003 [ I ] main: Successfully removed old management tablesThu Jun 26 12:54:51 UTC 2003 [ I ] main: Registering object factories for persistent store......Thu Jun 26 12:54:54 UTC 2003 [ I ] main: Created Table FILE_CDSM.Thu Jun 26 12:54:55 UTC 2003 [ I ] main: Created SYS_MESS_TIME_IDX index.Thu Jun 26 12:54:55 UTC 2003 [ I ] main: Created SYS_MESS_NODE_IDX index.Thu Jun 26 12:54:55 UTC 2003 [ I ] main: No Consistency check for store.Thu Jun 26 12:54:55 UTC 2003 [ I ] main: Successfully created management tablesThu Jun 26 12:54:55 UTC 2003 [ I ] main: Registering object factories for persistent store...Thu Jun 26 12:54:55 UTC 2003 [ I ] main: AStore Loading store data...Thu Jun 26 12:54:56 UTC 2003 [ I ] main: ExtExpiresRecord Loaded 0 Expires records.Thu Jun 26 12:54:56 UTC 2003 [ I ] main: Skipping Construction RdToClusterMappings on non-CDSM node.Thu Jun 26 12:54:56 UTC 2003 [ I ] main: AStore Done Loading. 327Thu Jun 26 12:54:56 UTC 2003 [ I ] main: Created SYS_MESS_TIME_IDX index.Thu Jun 26 12:54:56 UTC 2003 [ I ] main: Created SYS_MESS_NODE_IDX index.Thu Jun 26 12:54:56 UTC 2003 [ I ] main: No Consistency check for store.Thu Jun 26 12:54:56 UTC 2003 [ I ] main: Successfully initialized management tablesNode successfully registered with id 103Registration complete.ServiceEngine#The following example shows the use of the cms recover identity command when the hostname of the SE does not match the hostname configured in the CDSM GUI:
ServiceEngine# cms recover identity defaultRegistering this node as Service Engine...Sending identity recovery request with key defaultThu Jun 26 13:16:09 UTC 2003 [ I ] main: creating 24 messagesThu Jun 26 13:16:09 UTC 2003 [ I ] main: creating 12 dispatchersThu Jun 26 13:16:09 UTC 2003 [ I ] main: Sending registration message to CDSM 10.107.192.168There are no SE devices in CDNregister: Registration failed.ServiceEngine#Related Commands
cms enable
Enables the CMS.
show cms
Displays the CMS protocol, embedded database content, maintenance status, and other information.
cms (Global configuration)
To schedule maintenance and enable the Centralized Management System (CMS) on a given node, use the cms command in Global configuration mode. To negate these actions, use the no form of this command.
cms {database maintenance {full {enable | schedule weekday at time} | regular {enable | schedule weekday at time} } | enable | rpc timeout {connection 5-1800 | incoming-wait 10-600 | transfer 10-7200} }
no cms {database maintenance {full {enable | schedule weekday at time} | regular {enable | schedule weekday at time} } | enable | rpc timeout {connection 5-1800 | incoming-wait 10-600 | transfer 10-7200} }
Syntax Description
Command Defaults
database maintenance regular: enabled
database maintenance full: enabled
connection: 30 seconds for CDSM; 180 seconds for the SE and the SR
incoming wait: 30 seconds
transfer: 300 seconds
Command Modes
Global configuration (config) mode.
Usage Guidelines
Use the cms database maintenance command to schedule routine, full-maintenance cleaning (vacuuming) or a regular maintenance reindexing of the embedded database. The full maintenance routine runs only when the disk is more than 90 percent full and runs only once a week. Cleaning the tables returns reusable space to the database system.
The cms enable command automatically registers the node in the database management tables and enables the CMS process. The no cms enable command stops only the management services on the device and does not disable a primary sender. You can use the cms deregister command to remove a primary or backup sender SE from the CDS network and to disable communication between two multicast senders.
Examples
The following example shows how to schedule a regular (reindexing) maintenance routine to start every Friday at 11:00 p.m.:
ServiceEngine(config)# cms database maintenance regular schedule Fri at 23:00The following example shows how to enable the CMS process on an SE:
ServiceEngine(config)# cms enableThis operation needs to restart http proxy and streaming proxies/servers (if running) for memory reconfiguration. Proceed? [ no ] yesRegistering this node as Service Engine...Thu Jun 26 13:18:24 UTC 2003 [ I ] main: creating 24 messagesThu Jun 26 13:18:25 UTC 2003 [ I ] main: creating 12 dispatchersThu Jun 26 13:18:25 UTC 2003 [ I ] main: Sending registration message to CDSM 10.107.192.168Thu Jun 26 13:18:27 UTC 2003 [ I ] main: Connecting storeSetup for SE.Thu Jun 26 13:18:27 UTC 2003 [ I ] main: Instantiating AStore 'com.cisco.unicorn.schema.PSqlStore'...Thu Jun 26 13:18:28 UTC 2003 [ I ] main: Successfully connected to databaseThu Jun 26 13:18:28 UTC 2003 [ I ] main: Registering object factories for persistent store...Thu Jun 26 13:18:35 UTC 2003 [ I ] main: Dropped Sequence IDSET.Thu Jun 26 13:18:35 UTC 2003 [ I ] main: Dropped Sequence GENSET.Thu Jun 26 13:18:35 UTC 2003 [ I ] main: Dropped Table USER_TO_DOMAIN....Thu Jun 26 13:18:39 UTC 2003 [ I ] main: Created Table FILE_CDSM.Thu Jun 26 13:18:40 UTC 2003 [ I ] main: Created SYS_MESS_TIME_IDX index.Thu Jun 26 13:18:40 UTC 2003 [ I ] main: Created SYS_MESS_NODE_IDX index.Thu Jun 26 13:18:40 UTC 2003 [ I ] main: No Consistency check for store.Thu Jun 26 13:18:40 UTC 2003 [ I ] main: Successfully created management tablesThu Jun 26 13:18:40 UTC 2003 [ I ] main: Registering object factories for persistent store...Thu Jun 26 13:18:40 UTC 2003 [ I ] main: AStore Loading store data...Thu Jun 26 13:18:41 UTC 2003 [ I ] main: ExtExpiresRecord Loaded 0 Expires records.Thu Jun 26 13:18:41 UTC 2003 [ I ] main: Skipping Construction RdToClusterMappings on non-CDSM node.Thu Jun 26 13:18:41 UTC 2003 [ I ] main: AStore Done Loading. 336Thu Jun 26 13:18:41 UTC 2003 [ I ] main: Created SYS_MESS_TIME_IDX index.Thu Jun 26 13:18:41 UTC 2003 [ I ] main: Created SYS_MESS_NODE_IDX index.Thu Jun 26 13:18:41 UTC 2003 [ I ] main: No Consistency check for store.Thu Jun 26 13:18:41 UTC 2003 [ I ] main: Successfully initialized management tablesNode successfully registered with id 28940Registration complete.Warning: The device will now be managed by the CDSM. Any configuration changesmade via CLI on this device will be overwritten if they conflict with settings on the CDSM.Please preserve running configuration using 'copy running-config startup-config'.Otherwise management service will not be started on reload and node will be shown'offline' in CDSM UI.management services enabledServiceEngine(config)#Related Commands
configure
To enter Global configuration mode, use the configure command in EXEC configuration mode.
configure
To exit Global configuration mode, use the end or exit commands. In addition, you can press Ctrl-Z to exit from Global configuration mode.
Syntax Description
This command has no arguments or keywords.
Command Defaults
None
Command Modes
EXEC configuration mode.
Examples
The following example shows how to enable Global configuration mode:
ServiceEngine# configureServiceEngine(config)#Related Commands
copy
To copy the configuration or image data from a source to a destination, use the copy command in EXEC configuration mode.
copy cdnfs disk url sysfs-filename
copy cdrom install filedir filename
copy disk {ftp {hostname | ip-address} remotefiledir remotefilename localfilename | startup-config filename}
copy ftp {disk {hostname | ip-address} remotefiledir remotefilename localfilename | install { hostname | ip-address} remotefiledir remotefilename}
copy http install { {hostname | ip-address} remotefiledir remotefilename} [port port-num [proxy { hostname | ip-address} | username username password [proxy {hostname | ip-address } proxy_portnum] ] | proxy {hostname | ip-address} proxy_portnum | username username password [proxy {hostname | ip-address} proxy_portnum] ]
copy running-config {disk filename | startup-config}
copy startup-config {disk filename | running-config}
copy system-status disk filename
copy tech-support {disk filename | remotefilename}
Syntax Description
Command Defaults
HTTP server port: 80
Default working directory for sysfs files: /local1
Command Modes
EXEC configuration mode.
Usage Guidelines
The copy cdnfs command in EXEC configuration mode copies data files from of the CDNFS to the sysfs for further processing. For example, you can use the install imagefilename command in EXEC configuration mode to provide the copied files to the command.
The copy cdrom install command is only supported on the CDE100 and the CDE200.
The copy disk ftp command copies files from a sysfs partition to an FTP server. The copy disk startup-config command copies a startup configuration file to NVRAM.
The copy ftp disk command copies a file from an FTP server to a sysfs partition.
Use the copy ftp install command to install an image file from an FTP server. Part of the image goes to the disk and part goes to the flash memory.
Use the copy http install command to install an image file from an HTTP server and install it on a local device. It transfers the image from an HTTP server to the SE using HTTP as the transport protocol and installs the software on the device. Part of the image goes to the disk and part goes to the flash memory. You can also use this command to redirect your transfer to a different location or HTTP proxy server, by specifying the proxy hostname | ip-address option. A username and a password have to be authenticated with the remote HTTP server if the server is password protected and requires authentication before the transfer of the software release file to the SE is allowed.
Use the copy cdrom install command to install the image from the rescue CD:
ServiceEngine# copy cdrom install /images CDS24.binUse the copy running-config command to copy the running system configuration to a sysfs partition or flash memory. The copy running-config startup-config command is equivalent to the write memory command.
The copy startup-config command copies the startup configuration file to a sysfs partition.
The copy system-status command creates a file on a sysfs partition containing hardware and software status information.
The copy tech-support tftp command copies technical support information to a a sysfs partition.
Related Commands
cpfile
To make a copy of a file, use the cpfile command in EXEC configuration mode.
cpfile oldfilename newfilename
Syntax Description
Command Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use this command to create a copy of a file. Only sysfs files can be copied.
Examples
The following example shows how to create a copy of a file:
ServiceEngine# cpfile syslog.txt syslog.txt.saveRelated Commands
debug
To monitor and record caching application functions, use the debug command in EXEC configuration mode. To disable these functions, use the no form of this command.
debug option
no debug option
Syntax Description
Command Defaults
debug all: default logging level is ERROR.
Command Modes
EXEC configuration mode.
Usage Guidelines
We recommend that you use the debug command only at the direction of Cisco TAC because the SE performance is affected when you enter the debug command.
You can use the logging disk priority debug command with the debug command. This configuration causes the debugging messages to be logged in the syslog file, which is available in the /local1 directory by default. You can then download the messages from the SE, copy them to a local disk file (for example, using the copy disk ftp command), and forward the logs to Cisco TAC for further investigation.
By default, system log messages are logged to the console and you need to copy and paste the output to a file. However, this method of obtaining logs is more prone to errors than capturing all messages in the syslog.txt file. When you use system logging to a disk file instead of system logging to a console, there is no immediate feedback that debug logging is occurring, except that the syslog.txt file gets larger (you can track the lines added to the syslog.txt file by entering the type-tail syslog.txt follow command). When you have completed downloading the system logs to a local disk, disable the debugging functions by using the undebug command (see the "undebug" section section for more details), and reset the level of logging disk priority to any other setting that you want (for example, notice priority).
Table 2-5 shows valid values for the debug command options.
Table 2-5 debug Command Options
access-lists 300
dump
query
username username
groupname groupnames
Debugs the ACL.
Dumps the ACL contents.
Queries the ACL configuration.
Queries the ACL username.
Queries the ACL group name or names of groups of which the user is a member. Each group name must be separated by a comma.
acquirer
error
trace
Debugs the acquirer.
Sets the debug level to error.
Sets the debug level to trace.
all
Enables all debugging.
authentication
user
Debugs authentication.
Debugs the user login against the system authentication.
authsvr
error
trace
Debugs the Autnentication Server.
Sets the debug level to error.
Sets the debug level to trace.
bandwidth
advanced
error
trace
Debugs the bandwidth module.
Advanced bandwidth controller debug commands.
Sets the debug level to error.
Sets the debug level to trace.
buf
all
dmbuf
dmsg
Debugs the buffer manager.
Debugs all buffer manager functions.
Debugs the buffer manager dmbuf.
Debugs the buffer manager dmsg.
cache-content
all
error
trace
Debugs the caching service.
(Optional) Sets the debug level to all.
(Optional) Sets the debug level to error.
(Optional) Sets the debug level to trace.
cache-router
error
trace
Debugs the caching router.
Sets the debug level to error.
Sets the debug level to trace.
cdnfs
Debugs the CNNFS.
cli
all
bin
parser
Debugs the CLI command.
Debugs all CLI commands.
Debugs the CLI command binary program.
Debugs the CLI command parser.
cms
Debugs the CMS.
content-mgr
error
trace
Debugs the Content Manager.
Sets the debug level to error.
Sets the debug level to trace.
dataserver
all
clientlib
server
Debugs the data server.
Debuts all data server functions.
Debugs the data server client library module.
Debugs the data server module.
dfs
all
api
diskcache
memcache
rawio
Debugs the DFS.
Sets the debug level to all.
Debugs the DFS application API.
Debugs the DFS in-memory disk-directory cache management.
Debugs the DFS in-memory cache.
Debugs the DFS raw disk I/O.
dhcp
Debugs the DHCP.
distribution
all
error
trace
metadata-receiver
error
trace
metadata-sender
error
trace
mcast-receiver
error
trace
mcast-sender
error
trace
unicast-data-receiver
error
trace
unicast-data-sender
error
trace
Debugs the distribution components.
Debugs all distribution components.
Debugs all distribution components to error level 1 (show error).
Debugs all distribution components to trace level 2 (show error and trace).
Debugs the metadata receiver distribution component.
Debugs the metadata receiver distribution component to error level 1.
Debugs the metadata receiver distribution component to trace level 2.
Debugs the metadata sender distribution component.
Debugs the metadata sender distribution component to error level 1.
Debugs the metadata sender distribution component to trace level 2.
Debugs the multicast receiver distribution component.
Debugs the multicast receiver distribution component to error level 1.
Debugs the multicast receiver distribution component to trace level 2.
Debugs the multicast sender distribution component.
Debugs the multicast sender distribution component to error level 1.
Debugs the multicast sender distribution component to trace level 2.
Debugs the unicast receiver distribution component.
Debugs the unicast receiver distribution component to error level 1.
Debugs the unicast receiver distribution component to trace level 2.
Debugs the unicast sender distribution component.
Debugs the unicast sender distribution component to error level 1.
Debugs the unicast sender distribution component to trace level 2.
emdb
level
(0-16)
Debugs the embedded database.
(Optional) Debug level.
Debug level 0 through 16.
flash-media-streaming
error
trace
Debugs Flash Media Streaming.
Debugs the Flash Media Streaming log level error.
Debugs the Flash Media Streaming log level debug.
http
service-router
Debugs HTTP.
Debugs the HTTP Service Router.
icap
all
client
daemon
Debugs ICAP.
Debugs both ICAP client and ICAP daemon processing.
Debugs the ICAP client (caching proxy) processing.
Debugs the ICAP daemon processing.
isis
adjacency
all
csnp
dis
esis
event
hello
lsp
mpls
psnp
spf
timer
Debugs IS-IS Routing for IP.
Debugs IS-IS adjacency information.
Debugs all IS-IS debugging.
Debugs IS-IS Complete Sequence Number PDU (CSNP) information.
Debugs IS-IS DIS election information.
Debugs IS-IS ESIS information.
Debugs IS-IS event information.
Debugs IS-IS hello information.
Debugs IS-IS timer LSP information.
Debugs IS-IS MPLS information.
Debugs IS-IS PSNP information.
Debugs IS-IS SPF information.
Debugs IS-IS timer information.
logging
all
Debugs logging.
Debugs all logging functions.
malloc
cache-app
all
caller-accounting
catch-double-free
check-boundaries
check-free-chunks
clear-on-alloc
statistics
dns-server
all
caller-accounting
catch-double-free
check-boundaries
icap
caller-accounting
catch-double-free
check-boundaries
log-directory
word
Debug commands for memory allocation.
Debugging commands for cache application memory allocation.
Sets the debug level to all.
Collects statistics for every distinct allocation call-stack.
Alerts if application attempts to release the same memory twice.
Checks boundary over and under run scribble.
Checks if free chunks are over-written after release.
Ensures all allocations are zero-cleared.
Allocator use statistical summary.
DNS Caching Service memory allocation debugging.
Sets the debug level to all.
Collects statistics for every distinct allocation call-stack.
Alerts if application attempts to release the same memory twice.
Checks boundary over and under run scribble.
ICAP Service memory allocation debugging.
Collects statistics for every distinct allocation call-stack.
Alerts if application attempts to release the same memory twice.
Checks boundary over and under run scribble.
Memory allocation debugging log directory.
Directory path name.
movie-streamer
error
trace
Debug commands for the Movie Streamer.
Sets the debug level to error.
Sets the debug level to trace.
ntp
Debugs NTP.
qos
policy service
error
trace
Debug commands for the QoS component.
Debug commands for the policy service.
Sets the debug level to error.
Sets the debug level to trace.
rbcp
Debugs the RBCP (Router Blade Configuration Protocol) functions.
rpc
detail
trace
Displays the remote procedure call (RPC) logs.
Displays the RPC logs of priority detail level or higher.
Displays the RPC logs of priority trace level or higher.
rtsp
gateway
error
trace
Debugs the RTSP functions.
Debugs the RTSP gateway.
Debugs the RTSP gateway to level 1 (show error).
Debugs the RTSP gateway to level 2 (show error and trace).
rule
action
all
pattern
Debugs the Rules Template.
Debugs the rule action.
Debugs all rule functions.
Debugs the rule pattern.
service-router
servicemonitor
Debug commands for the Service Router.
Debug commands for the service monitor.
session-manager
critical
error
trace
Session manager debug commands.
Sets the debug level to critical.
Sets the debug level to error.
Sets the debug level to trace.
snmp
all
cli
main
mib
traps
Debugs SNMP.
Debugs all SNMP functions.
Debugs the SNMP CLI.
Debugs the SNMP main.
Debugs the SNMP MIB.
Debugs the SNMP traps.
srp
all
api
configuration
database
error
function
host
internal
ippc
ippc-dump
key
leafset
lock
multicast
neighbor
packet
private
replica
route
session
srhp-packet
startup
sync
Debugs the Service Routing Protocols.
Debugs all SRP.
Debugs the SRP API.
Debugs the SRP configuration.
Debugs the SRP database.
Debugs the SRP error.
Debugs the SRP function.
Debugs the SRP host.
Debugs the SRP internal.
Debugs the SRP ippc (inter process command).
Debugs the SRP ippc (pkt) dump.
Debugs the SRP key.
Debugs the SRP leafset.
Debugs the SRP lock.
Debugs the SRP multicast.
Debugs the SRP neighbor.
Debugs the SRP packet.
Debugs the SRP private.
Debugs the SRP replica.
Debugs the SRP route.
Debugs the SRP session.
Debugs the SRP srhp packet.
Debugs the SRP startup.
Debugs the SRP sync.
standby
all
Debugs standby functions.
(Optional) Debugs all standby functions.
stats
all
collection
computation
history
Debugs the statistics.
Debugs all statistics functions.
Debugs the statistics collection.
Debugs the statistics computation.
Debugs the statistics history.
svc
all
desci
desc
err
ippc
xml
registry
err
if
ippc
svc
ven
Debugs the Service Registration Daemon and Descriptor Interpreter.
Debugs all SVCREG and Descriptor Interpreter Library (DESCI).
DESCI debug commands.
Debugs DESCI desc.
DESCI internal error.
Debugs DESCI ippc (inter process comm).
Debugs DESCI xml.
Service Registry Daemon (SVCREG) debug commands.
SVCREG internal error.
Debugs SVCREG interface.
Debugs SVCREG ippc (inter process comm).
Debugs SVCREG svc.
Debugs SVCREG ven.
translog
all
archive
export
Debugs the transaction logging.
Debugs all transaction logging.
Debugs the transaction log archive.
Debugs the transaction log FTP export.
uns
all
error
trace
Unified naming service debug commands.
(Optional) Sets the debug level to all.
(Optional) Sets the debug level to error.
(Optional) Sets the debug level to trace.
webengine
error
trace
WebEngine debug commands.
Sets the debug level to error.
Sets the debug level to trace.
wi
Debugs the web interface.
wmt
error
client-ip cl-ip-address
server-ip sv-ip-address
trace
client-ip cl-ip-address
server-ip sv-ip-address
Debugs the WMT component.
Debugs the WMT level 1 functionality. For more information, see the "Using WMT Error Logging" section.
(Optional) Debugs the request from a specific client IP address to level 1 (show error).
(Optional) Debugs the request to a specific server IP address to level 1 (show error).
Debugs the WMT level 2 functionality.
(Optional) Debugs the request from a specific client IP address to level 2 (show error and trace).
(Optional) Debugs the request to a specific server IP address to level 2 (show error and trace).
Debugging Keywords
All modules have debug error as the default level if they support the error keyword; however, when you execute the show debug command, the error does not display.
Some modules have two debugging keywords (error and trace), but you cannot enable both at the same time. See the table above to identify commands with only the error and trace keywords.
Some modules have the all keyword through which you can enable both the error and trace keywords at the same time. This results in debug set to everything. See Table 2-5 to identify commands with the all keyword.
Debugging the Authsvr
When reloading the Authsvr, the show debugging command displays Debug Authsvr Error is On, because the Authsvr's default debugging level = Error. This applies only to the Authsvr and not to other modules. Table 2-6 shows the authsvr debugging commands and provides the corresponding log and error display information.
Debugging Cdnfs
You can use the debug cdnfs command to monitor the lookup and serving of prepositioned files. If prepositioned files are available in CDNFS but are not served properly, you can use the debug cdnfs command.
Using WMT Error Logging
In Cisco Internet Streamer CDS Release 2.5 software, WMT error logging was enhanced. Additional information is now logged about the following events:
•
•
Error logs are in the same format and location as syslogs. The WMT log messages are logged to /local1/errorlog/wmt_errorlog.current.
You can configure the SE for WMT error logging by using the debug wmt error command in EXEC configuration mode. This command debugs WMT level 1 functionality.
Logging WMT Client Disconnects
When a WMT client is disconnected abruptly, the reasons for the client disconnect (for example, the request was blocked by the rules, the maximum incoming or outgoing bit-rate limit was reached, the maximum incoming or outgoing bandwidth limit was reached) are logged in Internet Streamer CDS software error logs.
The client information includes the client IP address, the server IP address, the requested URL, the client protocol, the version of the client media player, the number of packets that the client received, and the number of packets that the server sent.
Related Commands
logging
Configures system logging (syslog).
show debugging
Displays the state of each debugging option.
undebug
Disables the debugging functions (see also debug).
debug ip bgp
To display information relating to the BGP process, use the debug ip bgp command in privileged EXEC configuration mode. To disable the display of BGP information, use the undebug form of this command.
debug ip bgp {A.B.C.D. | all | brib | events | internal | io | keepalives | list | packets | rib | updates }
undebug ip bgp {A.B.C.D. | all | brib | events | internal | io | keepalives | list | packets | rib | updates}
Syntax Description
Command Defaults
Debugging of the keepalives is turned on upon the start of the BGP daemon.
Command Modes
Privileged EXEC configuration mode.
Usage Guidelines
This command turns on BGP debugging information. When debug ip bgp is turned on, the performance of the Proximity Engine may be impacted slightly.
Examples
The following example shows sample output displayed before and after running the debug ip bgp all command:
ServiceRouter# show debugging ip bgpDebugs Enabled: KeepalivesServiceRouter# debug ip bgp allBGP all information debug is onServiceRouter# show debugging ip bgpDebugs Enabled: Events Internal RIB BRIB Updates Keepalives Packets IO ListServiceRouter#When the undebug ip bgp all command is run, the following output is displayed:
ServiceRouter# undebug ip bgp allBGP all information debug is offRelated Commands
debug ip ospf
To display information related to OSPF process, use the debug ip ospf command in privileged EXEC configuration mode. To disable the display of OSPF information, use the undebug form of this command.
debug ip ospf {adjacency [detail | terse] | all [detail | terse] | database [detail | terse] | database-timers | events [detail | terse] | flooding [detail | terse] | hello | lsa-generation [detail | terse] | packets | retransmission | spf [detail | terse] | spf-trigger [detail] }
undebug ip ospf {adjacency [detail | terse] | all [detail | terse] | database [detail | terse] | database-timers | events [detail | terse] | flooding [detail | terse] | hello | lsa-generation [detail | terse] | packets | retransmission | spf [detail | terse] | spf-trigger [detail] }
Syntax Description
adjacency
Specifies the adjacency events.
detail
Displays detailed neighbor events.
terse
Displays only major events.
all
All OSPF debugging.
database
OSPF LSDB1 changes.
database-timers
OSPF LSDB timers.
events
OSPF related events.
flooding
LSAs2 flooding.
hello
Hello packet and DR elections.
lsa-generation
Local OSPF LSA generation.
packets
OSPF packets.
retransmission
OSPF retransmission events.
spf
SPF calculation.
spf-trigger
Show SPF triggers
1 LSDB = link-state database
2 LSAs = link-state advertisement
Command Defaults
Display of information related to the OSPF process is disabled.
Command Modes
Privileged EXEC configuration mode.
Usage Guidelines
When debug ip ospf is turned on, the performance of the Proximity Engine may be impacted slightly.
Examples
Add the detail or terse keywords to each of the following commands to enable detailed or major events respectively.
The following example shows how to enable neighbor adjacency events:
ServiceRouter# debug ip ospf adjacencyServiceRouter#The following example shows how to enable all OSPF debugging:
ServiceRouter# debug ip ospf allServiceRouter#The following example shows how to enable debugging for OSPF LSDB changes:
ServiceRouter# debug ip ospf databaseServiceRouter#The following example shows how to enable debugging for OSPF LSDB timers:
ServiceRouter# debug ip ospf database-timersServiceRouter#The following example shows how to enable debugging for OSPF-related events:
ServiceRouter# debug ip ospf eventsServiceRouter#The following example shows how to enable debugging for LSA flooding events:
ServiceRouter# debug ip ospf floodingServiceRouter#The following example shows how to enable debugging for hello packets and DR elections:
ServiceRouter# debug ip ospf helloServiceRouter#The following example shows how to enable debugging for local OSPF LSA generation events:
ServiceRouter# debug ip ospf lsa-generationServiceRouter#The following example shows how to enable debugging for of OSPF packets:
ServiceRouter# debug ip ospf packetsServiceRouter#The following example shows how to enable debugging for OSPF retransmission events:
ServiceRouter# debug ip ospf retransmissionServiceRouter#The following example shows how to enable debugging for SPF calculations:
ServiceRouter# debug ip ospf spfServiceRouter#The following example shows how to enable debugging for SPF triggers:
ServiceRouter# debug ip ospf spf-triggerServiceRouter#Related Commands
show debugging ip ospf
Displays the state of each debugging option for the OSPF process.
debug ip rib
To display RIB information, use the debug ip rib command in privileged EXEC mode. To disable the display of RIB information, use the no form of this command.
debug ip rib [add-route | all | delete-route | detail | mod-route | proximity | rnh | summary]
no debug ip rib [add-route | all | delete-route | detail | mod-route | proximity | rnh | summary]
Syntax Description
Command Defaults
None
Command Modes
Privileged EXEC configuration mode.
Usage Guidelines
This command is used to display debug information related to the routing information base (RIB).
Examples
The following example shows how to display the RIB information:
ServiceRouter# debug ip ribServiceRouter#The following example shows how to add routes:
ServiceRouter# debug ip rib add-routeServiceRouter#The following example shows how to turn on all IP routing table events:
ServiceRouter# debug ip rib allServiceRouter#The following example shows how to remove routes:
ServiceRouter# debug ip rib delete-routeServiceRouter#The following example shows how to enable detailed debugging for IP routing:
ServiceRouter# debug ip rib detailServiceRouter#The following example shows how to modify IP routing events:
ServiceRouter# debug ip rib mod-routeServiceRouter#The following example shows how to turn on proximity debugging information:
ServiceRouter# debug ip rib proximityURIB proximity routing information debug is onServiceRouter#The following example shows how to enable recursive next hop events:
ServiceRouter# debug ip rib rnhServiceRouter#The following example shows how to display a one-line summary or URIB I/O events:
ServiceRouter# debug ip rib summaryServiceRouter#Related Commands
show debugging ip rib
Displays the debug options that are enabled for the RIB process.
debug isis
To display information related to IS-IS process, use the debug isis command in privileged EXEC configuration mode. To disable the display of IS-IS information, use the undebug form of this command.
debug isis [adjacency | all | csnp | dis | esis | event | hello | lsp | mpls | psnp | route-map | spf | timer]
undebug isis [adjacency | all | csnp | dis | esis | event | hello | lsp | mpls | psnp | route-map | spf | timer]
Syntax Description
Command Defaults
Display of debugging information is disabled.
Command Modes
Privileged EXEC configuration mode.
Usage Guidelines
When debug isis is turned on, the performance of the Proximity Engine may be impacted slightly.
Examples
The following example shows how to turn on the debug information for the interaction between IS-IS and the RPM API library:
ServiceRouter# debug isis route-mapServiceRouter#Related Commands
show debugging isis
Displays the debug options that are enabled for the IS-IS process.
debug srp
To turn on SRP debugging information, use the debug srp command in Privileged EXEC configuration mode. To turn off the debugging information, use the no form of this command.
debug srp option
no debug srp option
Syntax Description
option
Specifies the category of SRP debugging information to turn on. See Table 2-7 for a list of option values.
Command Defaults
None
Command Modes
Privileged EXEC configuration mode.
Usage Guidelines
This command turns on SRP debugging information logging either in the trace file or log file.
The log file for SRP is /local/local1/errorlog/srp_log.current. The option argument to the debug srp command specifies a keyword indicating the category of SRP debugging information logging to turn on. Table 2-7 lists the values that can be specified in the option argument.
Each debugging information message includes a tag that indicates the debugging category. For example, the SRP API debug messages include the tag SRP_DEBUG_API. Table 2-7 lists the tags that are used for each category of debugging information.
To turn off SRP debugging information, use the undebug srp command in privileged EXEC configuration mode.
Examples
The following example shows how to use the debug srp command to turn on SRP host and neighbor debugging information logging:
ServiceRouter# debug srp hostServiceRouter# debug srp neighborRelated Commands
show debugging srp
Displays the debug flags that are turned on for the SRP.
undebug srp
Turns off SRP debugging information.
delfile
To delete a file, use the delfile command in EXEC configuration mode.
delfile filename
Syntax Description
Command Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use this command to remove a file from a sysfs partition.
Examples
The following example shows how to delete a file:
ServiceEngine# delfile /local1/tempfileRelated Commands
cpfile
Copies a file.
deltree
Deletes a directory and its subdirectories.
mkdir
Creates a directory.
mkfile
Creates a file (for testing).
rmdir
Removes a directory.
deltree
To remove a directory with its subdirectories and files, use the deltree command in EXEC configuration mode.
deltree directory
Syntax Description
Command Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use this command to remove a directory and all files within the directory from the SE sysfs file system. Do not remove files or directories required for proper SE functioning.
Examples
The following example shows how to delete a directory from the /local1 directory:
ServiceEngine# deltree /local1/testdirRelated Commands
delfile
Deletes a file.
mkdir
Creates a directory.
mkfile
Creates a file (for testing).
rmdir
Removes a directory.
device
To configure the mode of operation on a device as a CDSM, SE or SR, use the device command in Global configuration mode. To reset the mode of operation on a device, use the no form of this command.
device mode {content-delivery-system-manager | service-engine | service-router}
no device mode {content-delivery-system-manager | service-engine | service-router}
Syntax Description
Command Defaults
The default device operation mode is SE.
Command Modes
Global configuration (config) mode.
Usage Guidelines
A CDSM is the content management and device management station of an CDS network that allows you to specify what content is to be distributed, and where the content should be distributed. If an SR is deployed in the CDS network, the SR redirects the client based on redirecting policy. An SE is the device that serves content to the clients. There are typically many SEs deployed in an CDS network, each serving a local set of clients. IP/TV brings movie-quality video over enterprise networks to the desktop of the CDS network user.
Because different device modes require disk space to be used in different ways, disk space must also be configured when the device mode changes from being an SE or SR to CDSM (or the other way around). You must reboot the device before the configuration changes to the device mode take effect.
Disks must be configured before device configuration is changed. Use the disk configure command to configure the disk before reconfiguring the device to the SE or SR mode. Disk configuration changes using the disk configure command takes effect after the next device reboot.
To enable CDS network-related applications and services, use the cms enable command. Use the no form of this command to disable the CDS network.
All CDS devices ship from the factory as SEs. Before configuring network settings for CDSMs and SRs using the CLI, change the device from an SE to the proper device mode.
Configuring the device mode is not a supported option on all hardware models. However, you can configure some hardware models to operate as any one of the four content networking device types. Devices that can be reconfigured using the device mode command are shipped from the factory by default as SEs.
To change the device mode of your SE, you must also configure the disk space allocations, as required by the different device modes, and reboot the device for the new configuration to take effect.
When you change the device mode of an SE to an SR or CDSM, you may need to reconfigure the system file system (sysfs). However, SRs and CDSMs do not require any disk space other than sysfs. When you change the device mode to an SR or a CDSM, disk configuration changes are not required because the device already has some space allotted for sysfs. sysfs disk space is always preconfigured on a factory-fresh CDS network device. See the "Disk Space Allocation Guidelines for Service Routers" section and "Disk Space Allocation Guidelines for CDSMs" section for more information.
If you are changing the device mode of an SR or a CDSM back to an SE, configure disk space allocations for the caching, pre-positioning (CDNFS) and system use (sysfs) file systems that are used on the SE. You can configure disk space allocations either before or after you change the device mode to an SE.
Examples
The following examples show the configuration from the default mode, SE, to the CDSM, SR, and SE modes:
ServiceEngine(config)# device mode content-delivery-system-managerCDSM(config)# device mode service-routerServiceRouter(config)# device mode service-engineRelated Commands
show device-mode
Displays the configured or current mode of a CDSM, SE, or SR device.
dir
To view a long list of files in a directory, use the dir command in EXEC configuration mode.
dir [directory]
Syntax Description
Command Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use this command to view a detailed list of files contained within the working directory, including names, sizes, and time created. The equivalent command is lls.
Examples
The following example shows how to view a list of files in a directory:
ServiceEngine# dirsize time of last change name-------------- ------------------------- -----------3931934 Tue Sep 19 10:41:32 2000 errlog-cache-20000918-164015431 Mon Sep 18 16:57:40 2000 ii.cfg431 Mon Sep 18 17:27:46 2000 ii4.cfg431 Mon Sep 18 16:54:50 2000 iii.cfg1453 Tue Sep 19 10:34:03 2000 syslog.txt1024 Tue Sep 19 10:41:31 2000 <DIR> testdirRelated Commands
lls
Displays the files in a long list format.
ls
Lists the files and subdirectories in a directory.
direct-server-return
To enable a VIP for direct server return, use the direct-server-return command in Global configuration mode. To disable direct server return, use the no form of this command.
direct-server-return vip ip address
no direct-server-return vip ip address
Syntax Description
Command Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
Direct Server Return (DSR) is a method used by load balancer servers in a load balancing configuration. DSR responds directly to the client, bypassing the load balancer in the response path. Table 2-8 shows the Direct Server Return flow.
Examples
The following example shows how to enable direct server return:
ServiceEngine(config)# direct-server-return vip 1.1.1.1ServiceEngine(config)#Related Commands
disable
To turn off privileged command in EXEC configuration mode, use the disable command in EXEC configuration mode.
disable
Syntax Description
This command has no arguments or keywords.
Command Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The disable command places you in the user-level EXEC shell. To turn privileged EXEC configuration mode back on, use the enable command.
Examples
The following example shows how to enter the user-level EXEC configuration mode:
ServiceEngine# disableServiceEngine>Related Commands
disk (EXEC)
To configure disks and allocate disk space for devices that are using the CDS software, use the disk command in EXEC configuration mode.
disk {erase diskname | mark diskname {bad | good} | policy apply | recover-cdnfs-volumes | recover-system-volumes | repair diskname sector sector_address_in_decimal | unuse diskname}
Syntax Description
Command Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The disk space in the CDS software is allocated on a per-file system basis, rather than on a per-disk basis. You can configure your overall disk storage allocations according to the kinds of client protocols that you expect to use and the amount of storage that you need to provide for each of the functions.
Note
The CDNFS and sysfs partitions use the ext2 file system. With ext2 file systems, if the system crashed or if the system is not shut down cleanly, a file system check of these partitions takes a long time. If there are sector failures on the disk, the time to perform a file system check with an ext2 file system increases even more. By migrating to the ext3 file system, the amount of time required to perform a file system check of the cndfs and sysfs partitions is decreased, which increases the availability of the SE. If you are upgrading from an earlier release of the CDS software, the ext2 file system is automatically converted to the ext3 file system.
The CDNFS amounts are reported by the actual usable amounts of storage for applications. Because of the internal file system overhead of approximately 3 percent, the reported amounts may be smaller than what you configured.
To view disk details, use the show disk details command.
Note
To show the space allocation in each individual file system type, use the show statistics cdnfs command.
Note
For higher-end models that might be used as a dedicated HTTP cache or RealProxy cache, you could give cache storage more disk space.
After upgrading from an earlier release of Internet Streamer CDS software to Cisco Internet Streamer CDS Release 2.5 software and later releases, your disk space allocation remains the same as previously configured.
Disk Space Allocation Guidelines for Service Routers
In Cisco Internet Streamer CDS Release 2.5 software, SRs are used as DNS servers for the delegated DNS zone used in simplified hybrid routing. The DNS servers do not store any content and do not participate in acquisition or distribution of the prepositioned content. The only disk space that needs to be configured on the SR is the sysfs.
Disk Space Allocation Guidelines for CDSMs
CDSMs are used to manage content distribution for CDS networks. Because the CDSM does not store the content, the only file system that needs to be configured is the sysfs.
Remapping of Bad Sectors on Disk Drives
The disk erase command in EXEC configuration mode performs a low-level format of the SCSI, IDE, or SATA disks. This command erases all the content on the disk.
If a disk drive continues to report a failure after you have used the disk erase command, you must replace the disk drive.
Caution
Starting with Cisco Internet Streamer CDS Release 2.5 software, SCSI and SATA drives can be reformatted.
Erasing Disk Drives
In Cisco Internet Streamer CDS Release 2.5.7 software, the disk erase command replaced the disk reformat command. This command erases all the content on the disk. The sequence to erase a disk is to enter the disk unuse command first, then enter the disk erase and disk policy apply commands. If a disk drive continues to report a failure after you have used the disk erase command, you must replace the disk drive.
Caution
Disk Hot Swapping
In Cisco Internet Streamer CDS Release 2.5.7 software and earlier, a new disk is recognized and the RAID is rebuilt when the device is rebooted. Starting with Cisco Internet Streamer CDS Release 2.5.9 software, it is not necessary to reboot the device. After inserting the new disk, enter the disk policy apply command to force the Internet Streamer CDS software to detect the new disk and rebuild the RAID.
Disk Latent Sector Error Handling
Latent Sector Errors (LSEs) are when a particular disk sector cannot be read from or written to, or when there is an uncorrectable ECC error. Any data previously stored in the sector is lost. There is also a high probability that sectors in close proximity to the known bad sector have as yet undetected errors, and therefore are included in the repair process.
The syslog file shows the following disk I/O error message and smartd error message when there are disk sector errors:
Apr 28 21:00:26 U11-CDE220-2 kernel: %SE-SYS-4-900000: end_request: I/O error, dev sdd, sector 4660
Apr 28 21:00:26 U11-CDE220-2 kernel: %SE-SYS-3-900000: Buffer I/O error on device sdd, logical block 582
Apr 28 21:04:54 U11-CDE220-2 smartd[7396]: %SE-UNKNOWN-6-899999: Device: /dev/sdd, SMART Prefailure Attribute: 1 Raw_Read_Error_Rate changed from 75 to 73
Apr 28 21:04:54 U11-CDE220-2 smartd[7396]: %SE-UNKNOWN-6-899999: Device: /dev/sdd, SMART Usage Attribute: 187 Reported_Uncorrect changed from 99 to 97
Apr 28 21:04:54 U11-CDE220-2 smartd[7396]: %SE-UNKNOWN-2-899999: Device: /dev/sdd, ATA error count increased from 1 to 3
The disk repair command repairs the bad sector, including the proximal sectors and then reformats the drive. All data on the drive is lost, but the sectors are repaired and available for data storage again.
Caution
The disk repair command not only repairs the bad sectors, but reformats the entire drive, so all data on the drive is lost. The difference between the disk repair command and the disk reformat command is that the disk format command only reinitializes the file system and does not repair bad sectors.
A minor alarm is set when an LSE is detected. After the sector is repaired with the disk repair command, the alarm is turned off.
Minor Alarms:-------------Alarm ID Module/Submodule Instance-------------------- -------------------- -------------------------1 badsector sysmon disk11May 19 20:40:38.213 UTC, Equipment Alarm, #000003, 1000:445011"Device: /dev/sdl, 1 Currently unreadable (pending) sectors"Stopping Applications from Using a Disk Drive
The disk unuse command in EXEC configuration mode allows you to stop applications from using a specific disk drive (for example, disk01) without having to reboot the device.
The disk unuse command has the following behavior:
•
•
•
Examples
The following example shows how to repair the sector 4660 on disk 02:
ServiceEngine# disk repair disk02 sector 4660The following examples show usage of the disk unuse command and the resultant actions:
ServiceEngine# disk unuse disk00disk00 has key CDNFS data and can not be unused!ServiceEngine# disk unuse disk01This will restart applications currently using disk01and unmount all partitions on disk01.Do you want to continue? (Yes/No): yes[WARNING] CDNFS and RAID SYSTEM partitions detected on disk01To safely remove a RAID SYSTEM disk, the entire drive must be erased. Thisoperation has little effect on the RAID-ed SYSTEM volumes, as their data canbe resynced. However, because the drive also contains non-RAID CDNFSdata, it will result in loss of all CDNFS data for this drive!Unuse disk01, erasing all CDNFS data? (Yes/No): yesdisk01 is now unused.All partitions on disk01 have been erased.ServiceEngine# disk unuse disk02This will restart applications currently using disk02and unmount all partitions on disk02.Do you want to continue? (Yes/No): yesdisk02 is now unusedThe following example shows how to view disk details:
ServiceEngine# show disk detailsdisk00: Normal (h02 c00 i00 l00 - mptsas) 476940MB(465.8GB)disk00/01: SYSTEM 5120MB( 5.0GB) mounted internallydisk00/02: SYSTEM 2560MB( 2.5GB) mounted internallydisk00/04: SYSTEM 1536MB( 1.5GB) mounted internallydisk00/05: SYSFS 32767MB( 32.0GB) mounted at /local1disk00/06: CDNFS 434948MB(424.8GB) mounted internallydisk01: Normal (h02 c00 i01 l00 - mptsas) 476940MB(465.8GB)Unallocated: 476940MB(465.8GB)disk02: Normal (h02 c00 i02 l00 - mptsas) 476940MB(465.8GB)disk02/01: CDNFS 476932MB(465.8GB) mounted internallyThe following example shows how to display the current disk space configuration:
ServiceEngine# show disk currentLocal disks:SYSFS 32.0GB 0.7%CDNFS 4616.0GB 99.3%The following examples show how to view space allocation in each file system type:
ServiceEngine# show statistics cdnfsCDNFS Statistics:------------------Volume on :size of physical filesystem: 444740904 KBspace assigned for CDNFS purposes: 444740904 KBnumber of CDNFS entries: 40 entriesspace reserved for CDNFS entries: 436011947 KBavailable space for new entries: 8728957 KBphysical filesystem space in use: 435593864 KBphysical filesystem space free: 9147040 KBphysical filesystem percentage in use: 98 %Volume on :size of physical filesystem: 444740904 KBspace assigned for CDNFS purposes: 444740904 KBnumber of CDNFS entries: 43 entriesspace reserved for CDNFS entries: 436011384 KBavailable space for new entries: 8729520 KBphysical filesystem space in use: 435593720 KBphysical filesystem space free: 9147184 KBphysical filesystem percentage in use: 98 %Volume on :size of physical filesystem: 488244924 KBspace assigned for CDNFS purposes: 488244924 KBnumber of CDNFS entries: 48 entriesspace reserved for CDNFS entries: 479612533 KBavailable space for new entries: 8632391 KBphysical filesystem space in use: 479152708 KBphysical filesystem space free: 9092216 KBphysical filesystem percentage in use: 99 %Related Commands
disk (Global configuration)
To configure how disk errors should be handled and to define a disk device error-handling threshold, use the disk command in Global configuration mode. To remove the device error-handling options, use the no form of this command.
disk error-handling {reload | threshold number}
no disk error-handling {reload | threshold number}
Syntax Description
Command Defaults
error-handling threshold number: 10
Command Modes
Global configuration (config) mode.
Usage Guidelines
To operate properly, the SE must have critical disk drives. A critical disk drive is the first disk drive that also contains the first sysfs (system file system) partition. It is referred to as disk00.
The sysfs partition is used to store log files, including transaction logs, system logs (syslogs), and internal debugging logs. It can also be used to store image files and configuration files on an SE.
Note
When an SE is booted and a critical disk drive is not detected at system startup time, the CDS system on the SE runs at a degraded state. If one of the critical disk drives goes bad at run time, the CDS system applications can malfunction, hang, or crash, or the CDS system can hang or crash. Monitor the critical disk drives on an SE and report any disk drive errors to Cisco TAC.
With an CDS system, a disk device error is defined as any of the following events:
•
•
•
The disk status is recorded in flash (nonvolatile storage). When an error on an SE disk device occurs, a message is written to the system log (syslog) if the sysfs partition is still intact, and an SNMP trap is generated if SNMP is configured on the SE.
In addition to tracking the state of critical disk drives, you can define a disk device error-handling threshold on the SE. If the number of disk device errors reaches the specified threshold, the corresponding disk device is automatically marked as bad. The CDS system does not stop using the bad disk device immediately; it stops using the bad disk drive after the next reboot.
If the specified threshold is exceeded, the SE either records this event or reboots. If the automatic reload feature is enabled and this threshold is exceeded, then the CDS system automatically reboots the SE. For more information about specifying this threshold, see the "Specifying the Disk Error-Handling Threshold" section.
In Cisco Internet Streamer CDS Release 2.5 software, you can remap bad (but unused) sectors on a SCSI drive and SATA drives.
Specifying the Disk Error-Handling Threshold
In Cisco Internet Streamer CDS Release 2.5 software, you can configure a disk error-handling threshold. This threshold determines how many disk errors can be detected before the disk drive is automatically marked as bad. By default, this threshold is set to 10.
The disk error-handling threshold option determines how many disk errors can be detected before the disk drive is automatically marked as bad. By default, this threshold is set to 10.
To change the default threshold, use the disk error-handling threshold command. Specify 0 if you never want the disk drive to be marked as bad.
If the bad disk drive is a critical disk drive, and the automatic reload feature (disk error-handling reload command) is enabled, then the Internet Streamer CDS software marks the disk drive as bad and the SE is automatically reloaded. After the SE is reloaded, a syslog message and an SNMP trap are generated.
By default, the automatic reload feature is disabled on an SE. To enable the automatic reload feature, use the disk error-handling reload command. After enabling the automatic reload feature, use the no disk error-handling reload command to disable it.
Examples
The following example shows that five disk drive errors for a particular disk drive (for example, disk00) are allowed before the disk drive is automatically marked as bad:
ServiceEngine(config)#disk error-handling threshold 5Related Commands
distribution
To reschedule and refresh content redistribution for a specified delivery service ID or name, use the distribution command in EXEC configuration mode.
distribution {failover {delivery-service-id delivery-service-num | delivery-service-name name} [force] | fallback {delivery-service-id delivery-service-num | delivery-service-name name} }
distribution primary-ip-fallback {forwarder-id forwarder-num | forwarder-name name}
distribution refresh {meta-data delivery-service-id delivery-service-num | object object-url}
Syntax Description
failover
Triggers the root or forwarder SE to fail over and make this SE the temporary Content Acquirer.
delivery-service-id
Specifies the delivery service ID to be used.
delivery-service-num
Delivery service number. The range is from 0 to 4294967295.
delivery-service-name
Specifies the delivery service name descriptor to be used.
name
Delivery service name.
force
(Optional) Forces a failover regardless of whether the root or forwarder SE is active.
fallback
Forces the temporary Content Acquirer to become a receiver SE.
primary-ip-fallback
Triggers the downstream receiver SEs to contact a forwarder using the forwarder's primary IP address. For more information, see the "distribution primary-ip-fallback Command" section.
forwarder-id
Specifies the forwarder SE ID that is contacted by the receiver SE.
forwarder-num
Forwarder SE ID.
forwarder-name
Specifies the name of the forwarder SE that is contacted by the receiver SE.
name
Forwarder SE name.
refresh
Forces the redistribution of content to be refreshed on every SE.
meta-data
Forces the redistribution of metadata to be refreshed on every SE.
delivery-service-id
Specifies the delivery service ID to be used in the distribution.
delivery-service-num
Delivery service number. The range is from 0 to 4294967295.
object
Forces the distribution of objects to be refreshed on every SE.
object-url
Specifies the object URL that needs to be refreshed on every SE.
Command Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
When the Content Acquirer fails, use the distribution failover command in EXEC configuration mode on an SE that is going to be the temporary Content Acquirer to trigger an immediate failover to the temporary Content Acquirer if you do not want to wait for the automatic failover process to occur. When you enter this command, the current SE becomes the temporary Content Acquirer if its forwarder is an inactive Content Acquirer. If the Content Acquirer has not failed, a failover to the temporary Content Acquirer does not occur if you use the distribution failover command in EXEC configuration mode. Use the distribution failover force command to force a failover even if the Content Acquirer is active.
Use the distribution fallback command on an SE that is currently the temporary Content Acquirer to cause it to become a receiver SE.
Use the distribution refresh meta-data { delivery-service-id delivery-service-num } command to request that the metadata receiver repeat a previous request for all the content metadata for the specified delivery service from its forwarder SE. This method allows you to start over if the metadata receiver fails to replicate some metadata properly. The content metadata (machine-readable information that describes the characteristics of the content) must be distributed to a receiver first before the content can be replicated. The content metadata helps to define what content to retrieve, how content is retrieved, how recently the content has been updated, how the content is to be prepositioned (for example, expiration time), and so forth. The metadata is always distributed using unicast. The content can also be replicated using unicast.
Use the distribution refresh object object-url command to reissue a request for unicast distribution of the specified object. This command lets you obtain a new copy of an object if there is a corrupted copy on the SE. After you enter this command, if the distribution is unicast, the unicast receiver reissues the request to its forwarder SE. The old content on the SE is removed and a new copy is replicated.
NACK Interval Multiplier
To identify missing content and trigger a resend of a file, receiver SEs send a negative acknowledgement (NACK) message to the sender SE. NACK messages generated by many receiver SEs could generate more traffic than the sender can handle. The Cisco Internet Streamer CDS Release 2.5 software allows you to adjust the average interval between NACKs by configuring a NACK interval multiplier for an individual receiver SE. This value (an integer between 0.1 to 10) adjusts the default average NACK interval (the default is 20 minutes) by the value configured as the interval multiplier. For example, if you set the NACK interval multiplier to 3, the interval between NACKs becomes 20 minutes x 3, or 60 minutes. This adjustment can be made as needed by choosing Devices > Devices > Prepositioning > Distribution in the CDSM GUI.
distribution primary-ip-fallback Command
When downstream receiver SEs at the edge of the network try to access a forwarder SE that is inside a NAT firewall, those receiver SEs that are inside the same NAT use one IP address (called the inside local IP address) to access the forwarder, but other receiver SEs that are outside the NAT need to use a different forwarder's IP address (called the inside global IP address or NAT address) to access the forwarder. A forwarder SE registers the IP address configured on its primary interface with the CDSM, and the CDSM uses the primary IP address for communication with devices in the CDS network. If the registered primary IP address is the inside local IP address and the forwarder is behind a NAT firewall, a receiver that is not inside the same NAT as the forwarder cannot contact it without special configuration. All other receivers inside the NAT use the inside local IP address to contact the forwarder that resides inside the NAT.
Cisco Internet Streamer CDS Release 2.5 software supports NAT for unicast distribution (see the "NAT Firewall" section for more information). When the receiver SE polls its forwarder from an upstream location for the content metadata or content, the receiver first connects to the forwarder using the forwarder's primary IP address. If it fails and the NAT address of the forwarder has been configured, then the unicast receiver tries to poll the forwarder using the forwarder's NAT address. If the receiver polls the forwarder successfully using the NAT address, the receiver continues to use the forwarder's NAT address during the subsequent polling intervals with the same forwarder. The unicast receiver retries to connect to the forwarder using the forwarder's primary IP address only after one hour. Even if the unicast receiver is able to poll the forwarder using the forwarder's primary IP address, it would take one hour for the receiver to fall back to the forwarder's primary IP address automatically. You can use the distribution primary-ip-fallback command to enable the receiver that is using the NAT address of the forwarder to fall back to the primary IP address immediately, if you are certain that the forwarder's primary IP address is working.
NAT Firewall
NAT enables private IP internetworks that use nonregistered IP addresses to connect to the Internet. NAT is configured on the firewall at the border of a stub domain (referred to as the inside network) and a public network such as the Internet (referred to as the outside network). NAT translates the internal local addresses to globally unique IP addresses before sending packets to the outside network. You can configure NAT to advertise only one address for the entire network to the outside world. This configuration provides additional security, effectively hiding the entire internal network from the world behind that address. NAT has the dual functionality of security and address conservation and is typically implemented in remote access environments.
In the inside network's domain, hosts have addresses in the one address space. While on the outside, they appear to have addresses in another address space when NAT is configured. The first address space is referred to as the local address space while the second is referred to as the global address space.
Hosts in outside networks can be subject to translation and can have local and global addresses.
NAT uses the following definitions:
•
•
•
•
Related Commands
show statistics distribution
Displays the simplified statistics for content distribution components.
dnslookup
To resolve a host or domain name to an IP address, use the dnslookup command in EXEC configuration mode.
dnslookup {hostname | domainname}
Syntax Description
Command Defaults
None
Command Modes
EXEC configuration mode.
Examples
The following examples show that the dnslookup command is used to resolve the hostname myhost to IP address 172.31.69.11, cisco.com to IP address 192.168.219.25, and an IP address used as a hostname to 10.0.11.0:
ServiceEngine# dnslookup myhostofficial hostname: myhost.cisco.comaddress: 172.31.69.11ServiceEngine# dnslookup cisco.comofficial hostname: cisco.comaddress: 192.168.219.25ServiceEngine# dnslookup 10.0.11.0official hostname: 10.0.11.0address: 10.0.11.0domain
To set the domain ID for the SRP, use the domain SRP configuration command. To remove a domain ID, use the no or default form of the command.
domain [id]
[no | default] domain [id]
Syntax Description
Command Defaults
If the no domain command is used, the domain ID is 0.
Command Modes
SRP configuration (config-srp) mode.
Usage Guidelines
This command is used to set the domain ID for an SRP. All Proximity Engines running SRP routing with the same domain ID form a single network if the nodes are found through a bootstrap node. By changing a Proximity Engine's domain, the Proximity Engine leaves its current network.
The no and default forms of the command replace current domain ID with the default domain ID, which is 0.
Examples
The following example shows how to configure a domain ID with domain.
ServiceRouter# configure terminalEnter configuration commands, one per line. End with CNTL/Z.ServiceRouter(config)# router srpServiceRouter(config-srp)# domain 100ServiceRouter(config-srp)# endServiceRouter#The following example illustrates how show srp process command displays the configured domain ID.
ServiceRouter# show srp processProcess:Domain: 100Node Id: 2a2db308fd3dc172940a7902a4db7c16c98c3a32e1b048005bce1e832b6d056fHost name: sn-sj88Port: 9000Interfaces running SRP:*GigabitEthernet 1/0, GigabitEthernet 2/0, GigabitEthernet 3/0Related Commands
bootstrap-node
Configures a bootstrap node IP address.
router srp
Enters SRP configuration mode.
show srp process
Displays the basic configurations for SRP.
enable
To access privileged commands in EXEC configuration modes, use the enable command in EXEC configuration mode.
enable
Syntax Description
This command has no arguments or keywords.
Command Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
To access privileged EXEC configuration mode from EXEC configuration mode, use the enable command. The disable command takes you from privileged EXEC configuration mode to user EXEC configuration mode.
Examples
The following example shows how to access privileged EXEC configuration mode:
ServiceEngine> enableServiceEngine#Related Commands
disable
Turns off the privileged EXEC commands.
exit
Exits from interface, Global configuration, or privileged EXEC configuration modes.
end
To exit Global configuration mode, use the end command in Global configuration mode.
end
Syntax Description
This command has no arguments or keywords.
Command Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
Use the end command to exit Global configuration mode after completing any changes to the running configuration. To save new configurations to NVRAM, use the write command.
In addition, you can press Ctrl-Z to exit Global configuration mode.
Examples
The following example shows how to exit Global configuration mode:
ServiceEngine(config)# endServiceEngine#Related Commands
exit
Exits from interface, Global configuration, or privileged EXEC configuration modes.
exec-timeout
To configure the length of time that an inactive Telnet or Secure Shell (SSH) session remains open, use the exec-timeout command in Global configuration mode. To revert to the default value, use the no form of this command.
exec-timeout timeout
no exec-timeout
Syntax Description
Command Defaults
The default is 15 minutes.
Command Modes
Global configuration (config) mode.
Usage Guidelines
A Telnet or SSH session with the SE can remain open and inactive for the interval of time specified by the exec-timeout command. When the exec-timeout interval elapses, the SE automatically closes the Telnet or SSH session.
Configuring a timeout interval of 0 minutes by entering the exec-timeout 0 command is equivalent to disabling the session-timeout feature.
Examples
The following example shows how to configure a timeout of 100 minutes:
ServiceEngine(config)# exec-timeout 100The following example negates the configured timeout of 100 minutes and reverts to the default value of 15 minutes:
ServiceEngine(config)# no exec-timeoutRelated Commands
sshd
Configures the SSH service parameters.
telnet enable
Enables the Telnet services.
exit
To access commands in EXEC configuration mode shell from the global, interface, and debug configuration command shells, use the exit command.
exit
Syntax Description
This command has no arguments or keywords.
Command Defaults
None
Command Modes
EXEC, Global configuration (config), and interface configuration (config-if) modes.
Usage Guidelines
Use the exit command in any configuration mode to return to EXEC configuration mode. Using this command is equivalent to pressing the Ctrl-Z key or entering the end command.
The exit command issued in the user-level EXEC shell terminates the console or Telnet session. You can also use the exit command to exit other configuration modes that are available from the Global configuration mode for managing specific features (see the commands marked with a footnote in Table 2-1).
Examples
The following example shows how to exit the Global configuration mode and return to the privileged-level EXEC configuration mode:
ServiceEngine(config)# exitServiceEngine#The following example shows how to exit the privileged-level EXEC configuration mode and return to the user-level EXEC configuration mode:
ServiceEngine# exitServiceEngine>Related Commands
expert-mode password
To set the customer configurable password, use the expert-mode password command in Global configuration mode.
expert-mode password [encrypted] password
Syntax Description
Command Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
This is a customer configurable password for allowing to enter engineering mode for troubleshooting purposes. The function prompts the user for the current admin password to verify that the user attempting to set the expert-mode password is authorized to do so. If the user is authenticated, the user is prompted twice to enter the new expert-mode password. The new expert-mode password is encrypted prior to being persisted.
Examples
The following example shows how to configure four external NAT IP addresses:
ServiceEngine(config)# expert-mode password encrypted xxxxNew Expert Mode Password: xxxxConfirm New Expert Mode Password: xxxxPassword successfully changedexternal-ip
To configure up to eight external Network Address Translation (NAT) IP addresses, use the external-ip command in Global configuration mode. To remove the NAT IP addresses, use the no form of this command.
external-ip ip-addresses
no external-ip ip-addresses
Syntax Description
Command Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
Use this command to configure up to eight Network Address Translation IP addresses to allow the router to translate up to eight internal addresses to registered unique addresses and translate external registered addresses to addresses that are unique to the private network. If the IP address of the RTSP gateway has not been configured on the SE, then the external IP address is configured as the IP address of the RTSP gateway.
In an CDS network, there are two methods for a device registered with the CDSM (SEs, SRs, or the standby CDSM) to obtain configuration information from the primary CDSM. The primary method is for the device to periodically poll the primary CDSM on port 443 to request a configuration update. You cannot configure this port number. The backup method is when the CDSM pushes configuration updates to a registered device as soon as possible by issuing a notification to the registered device on port 443. This method allows changes to take effect in a timelier manner. You cannot configure this port number even when the backup method is being used. CDS networks do not work reliably if devices registered with the CDSM are unable to poll the CDSM for configuration updates. When a receiver SE requests the content and content metadata from a forwarder SE, it contacts the forwarder SE on port 443.
When a device (SEs at the edge of the network, SRs, and primary or standby CDSMs) is inside a NAT firewall, those devices that are inside the same NAT use one IP address (the inside local IP address) to access the device and those devices that are outside the NAT use a different IP address (the NAT IP address or inside global IP address) to access the device. A centrally managed device advertises only its inside local IP address to the CDSM. All other devices inside the NAT use the inside local IP address to contact the centrally managed device that resides inside the NAT. A device that is not inside the same NAT as the centrally managed device cannot contact it without a special configuration.
If the primary CDSM is inside a NAT, you can allow a device outside the NAT to poll it for getUpdate requests by configuring a static translation (NAT IP address or inside global IP address) for the CDSM's inside local IP address on its NAT, and using this address, rather than the CDSM's inside local IP address in the cdsm ip ip-address command when you register the device to the CDSM. If an SE or SR is inside a NAT and the CDSM is outside the NAT, you can allow the SE or SR to poll for getUpdate requests by configuring a static translation (NAT IP address or inside global IP address) for the SE or SR's inside local address on its NAT.
Note
Examples
The following example shows how to configure four external NAT IP addresses:
ServiceEngine(config)# external-ip 192.168.43.1 192.168.43.2 192.168.43.3 192.168.43.4find-pattern
To search for a particular pattern in a file, use the find-pattern command in EXEC configuration mode.
find-pattern {binary filename | case {binary filename | count filename | lineno filename | match filename | nomatch filename | recursive filename} | count filename | lineno filename | match filename | nomatch filename | recursive filename}
Syntax Description
Command Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
Use this command to search for a particular regular expression pattern in a file.
Examples
The following example shows how to search a file recursively for a case-sensitive pattern:
ServiceEngine# find-pattern case recursive admin removed_core-rw------- 1 admin root 95600640 Oct 12 10:27 /local/local1/core_dir/core.2.2.1.b5.eh.2796-rw------- 1 admin root 97054720 Jan 11 11:31 /local/local1/core_dir/core.cache.5.3.0.b131.cnbuild.14086-rw------- 1 admin root 96845824 Jan 11 11:32 /local/local1/core_dir/core.cache.5.3.0.b131.cnbuild.14823-rw------- 1 admin root 101580800 Jan 11 12:01 /local/local1/core_dir/core.cache.5.3.0.b131.cnbuild.15134-rw------- 1 admin root 96759808 Jan 11 12:59 /local/local1/core_dir/core.cache.5.3.0.b131.cnbuild.20016-rw------- 1 admin root 97124352 Jan 11 13:26 /local/local1/core_dir/core.cache.5.3.0.b131.cnbuild.30249-rw------- 1 admin root 98328576 Jan 11 11:27 /local/local1/core_dir/core.cache.5.3.0.b131.cnbuild.8095The following example searches a file for a pattern and prints the matching lines:
ServiceEngine# find-pattern match 10 removed_coreTue Oct 12 10:30:03 UTC 2004-rw------- 1 admin root 95600640 Oct 12 10:27 /local/local1/core_dir/core.5.2.1.b5.eh.2796-rw------- 1 admin root 101580800 Jan 11 12:01 /local/local1/core_dir/core.cache.5.3.0.b131.cnbuild.15134The following example searches a file for a pattern and prints the number of matching lines:
ServiceEngine# find-pattern count 10 removed_core3Related Commands
cd
Changes the directory.
dir
Displays the list of files in a directory.
lls
Displays the files in a long list format.
ls
Lists the files and subdirectories in a directory.
flash-media-streaming
To enable and configure Flash Media Streaming, use the flash-media-streaming command in Global configuration mode. To disable Flash Media Streaming, use the no form of this command.
On the SE:
flash-media-streaming {admin-api [ip {allow ip address}] | application-virtual-path vod map mapping string | enable | ignore-query-string enable | max-bandwidth number | max-sessions number | monitoring enable | non-wholesale-license-bandwidth number | wholesale-license {install number license-name name bandwidth number start-date date duration number | no-alerts number} }
no flash-media-streaming
On the SR:
flash-media-streaming {enable | monitoring enable}
no flash-media-streaming
Syntax Description
Command Defaults
The ignore- query-string is disabled.
Command Modes
Global configuration (config) mode.
Usage Guidelines
Flash Media Streaming needs an application name (vod, live or dvrcast) as part of a client's request. In the case of a VOD application, the origin server should have a first level directory of vod for dynamic ingestion. For example, in a Flash Media Streaming VOD cache miss case, the request from the client should be rtmp://cdnsecure.bbc.co.uk/vod/iplayerstreaming/secure_auth/scifi.flv, and the origin server should have http://cdnsecure.bbc.co.uk/vod/iplayerstreaming/secure_auth/scifi.flv. However, this restricts customer deployments when vod is the only folder name they can use. Therefore, Cisco Internet Streamer CDS Release 2.5 software contains an application-virtual-path vod command so customers can map to whichever folder they want on the origin server.
Note
For VOD streams, all RTMP calls in the SWF file must be in the following format:
rtmp://rfqdn/vod/path/foo.flvIn this format, rfqdn is the routing domain name of the Service Router, vod is the required directory, and path is the directory path to the content file that conforms to the standard URL specification.
If you are unable to store the VOD content in the required "vod" directory on your origin server, you can create a VOD virtual path for all RTMP requests. All client requests for RTMPcalls still use the rtmp://rfqdn/vod/path/foo.flv format for VOD streams, but the SE replaces the "vod" directory with the string specified in the flash-media-streaming application-virtual-path vod map command.
Use the flash-media-streaming application-virtual-path vod map <mapping string> command on each SE participating in a Flash Media Streaming delivery service. The mapping string variable accepts all alpha-numeric characters and the slash (/) character, and can be from 1 to 128 characters. For example, to map the "vod" directory to "media" for the go-tv-stream.com origin server, use the flash-media-streaming application-virtual-path vod map media command. If comedy.flv is the content being requested, the RTMP call in the SWF file would be rtmp://go-tv-stream.com/vod/ comedy.flv. The SE would replace the "vod" directory and request http://go-tv-stream.com/media/ comedy.flv from the upstream SE or origin server. If just the slash (/) character is used to replace the "vod" directory, the SE request would be http://go-tv-stream.com/comedy.flv.
Editing a Wholesale LicenseThe wholesale license feature has four operations from the CLI—adding and removing licenses and enabling and disabling alerts. Users read license details from the documentation and add them to the CLI and CDSM. If a user enters a license incorrectly, the only way to edit it is to delete the license and add the it again.
Ignore Query String
Previously, if an RTMP request had a query string in the URL for VOD, the Web Engine could decide whether or not to cache the content based on the Web Engine configuration. However, if the query string in the RTMP URL included the end user and not the stream name, every request would have a different URL because every user has a different query string. This leads to the same content getting cached multiple times.
In Release Cisco Internet Streamer CDS Release 2.5.9-b123 software, the flash-media-streaming ignore-query-string enable command has been added, which tells Flash Media Streaming to remove the query string before forwarding the request to the Web Engine in the case of VOD, or before forwarding the request to the forwarder SE in the case of live streaming.
If URL signature verification is required, the sign verification is performed before the query string check is invoked. The URL signing and validation, which adds its own query string to the URL, continues to work independently of this enhancement.
When the flash-media-streaming ignore-query-string enable command is entered, for every request in which the query string has been ignored, a message is written to the FMS error log, and the Query String Bypassed counter is incremented in the output of the show statistics flash-media-streaming command. The FMS access log on the edge SE contains the original URL before the query string was removed.
The flash-media-streaming ignore-query-string enable command affects every VOD and live streaming request and is not applicable to proxy-style requests.
Examples
The following example shows how to map a vod folder:
ServiceEngine(config)# flash-media-streaming application-virtual-path vod map mediaThis means mapping vod folder to media. When client request cache-miss case: rtmp://Tem4.se.cdsfms.com/vod/foo.flv is mapped to rtmp://Temp4.se.cdsfms.com/media/foo.flv
ServiceEngine(config)# flash-media-streaming application-virtual-path vod map /This means mapping vod folder to /.
When client request cache-miss case: rtmp://Tem4.se.cdsfms.com/vod/abc/foo.flv is mapped to rtmp://Temp4.se.cdsfms.com/abc/foo.flv
When client request cache-miss case: rtmp://Tem4.se.cdsfms.com/vod/bar/foo.flv is mapped to rtmp://Temp4.se.cdsfms.com/bar/foo.flv.
Related Commands
show flash-media-streaming
Displays the Flash Media Streaming information.
show statistics flash-media-streaming
Displays the statistics for Flash Media Streaming.
flooding
To set the flooding threshold for SRP multicast, use the flooding threshold SRP configuration command. To restore the default flooding threshold, use the no or default form of the command.
flooding threshold value
[no | default] flooding threshold value
Syntax Description
Command Defaults
If no flooding command is issued, the default threshold is 50.
Command Modes
SRP configuration (config-srp) mode.
Usage Guidelines
This command is used to set the flooding threshold for SRP multicasting.
SRP protocol uses flooding to send multicast messages for a multicast group if the number of subscribers of the group is equal or more than the value specified in flooding. An effective threshold value may improve protocol message overhead. The threshold value depends on the number of nodes in your DHT network. In general, the threshold value should be greater than half and smaller than 3/4 of the total number of DHT nodes in the network.
The no or default forms of the command replace the current flooding threshold value with the default flooding threshold value (50).
Examples
The following example shows how use the flooding command to set a flooding threshold value of 45.
ServiceRouter(config)# router srpServiceRouter(config-srp)# flooding threshold 45ServiceRouter(config-srp)# endServiceRouter#Related Commands
geo-location-server
To redirect requests to different Content Delivery Networks based on the geographic location of the client, use the geo-location-server command in Global configuration mode. To cancel the request, use the no form of this command.
geo-location-server {primary ip address port num | secondary ip address port num}
no geo-location-server {primary ip address port num | secondary ip address port num}
Syntax Description
Command Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
Use the geo-location-server command to redirect requests to different CDNs based on the geographic location of the client. You can configure requests from different countries to be redirected to different third party services.
Note
Examples
The following example shows how to configure a primary geo-location-server:
ServiceRouter# geo-location-server primary 171.71.51.140 7000Related Commands
gulp
To capture lossless gigabit packets and write them to disk, use the gulp command in EXEC configuration mode.
gulp line
Syntax Description
Command Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The gulp utility captures lossless gigabit packets and writes them to disk, as well as captures packets remotely. The gulp utility has the ability to read directly from the network.
To view the list of options, enter gulp --h.
ServiceEngine# gulp --helpUsage: /ruby/bin/gulp [--help | options]--help prints this usage summarysupported options include:-d decapsulate Cisco ERSPAN GRE packets (sets -f value)-f "..." specify a pcap filter - see manpage and -d-i eth#|- specify ethernet capture interface or '-' for stdin-s # specify packet capture "snapshot" length limit-r # specify ring buffer size in megabytes (1-1024)-c just buffer stdin to stdout (works with arbitrary data)-x request exclusive lock (to be the only instance running)-X run even when locking would forbid it-v print program version and exit-Vx...x display packet loss and buffer use - see manpage-p # specify full/empty polling interval in microseconds-q suppress buffer full warnings-z # specify write blocksize (power of 2, default 65536) for long-term capture-o dir redirect pcap output to a collection of files in dir-C # limit each pcap file in -o dir to # times the (-r #) size-W # overwrite pcap files in -o dir rather than start #+1-B check if select(2) would ever have blocked on write-Y avoid writes which would blockTable 2-9 lists the gulp options and provides a description of each.
Examples
The following example shows how to get a basic capture on eth1 with a pcap filter:
ServiceEngine# gulp -i eth1 -f "..." > pcapfileThe ellipsis (...) refers to the Berkeley Packet Filter (pcap) expressions, such as "host foo."
The following example shows how to get a capture of the 10 most recent files of a 200 MB ring buffer to 1000 MB files:
ServiceEngine# gulp -i eth1 -r 200 -C 10 -W 10 -o pcapdirRelated Commands
help
To obtain online help for the command-line interface, use the help command in EXEC and Global configuration modes.
help
Syntax Description
This command has no arguments or keywords.
Command Defaults
None
Command Modes
EXEC configuration and Global configuration (config) modes.
Usage Guidelines
You can get help at any point in a command by entering a question mark (?). If nothing matches, the help list is empty, and you must back up until entering a ? shows the available options.
Two styles of help are provided:
•
•
Examples
The following example shows the output of the help command in EXEC configuration mode:
ServiceEngine# helpHelp may be requested at any point in a command by entering a question mark '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.Two styles of help are provided:1. Full help is available when you are ready to enter a command argument (e.g. 'show ?') and describes each possible argument.2. Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (e.g. 'show stat?'.)hostname
To configure the device's network hostname, use the hostname command in Global configuration mode. To reset the hostname to the default setting, use the no form of this command.
hostname name
no hostname
Syntax Description
name
New hostname for the device; the name is case sensitive. The name may be from 1 to 30 alphanumeric characters.
Command Defaults
The default hostname is the SE model number.
Command Modes
Global configuration (config) mode.
Usage Guidelines
Use this command to configure the hostname for the SE. The hostname is used for the command prompts and default configuration filenames. This name is also used by content routing and conforms to the following rules:
•
•
•
Examples
The following example changes the hostname to Sandbox:
ServiceEngine(config)# hostname SandboxSandbox(config)#The following example removes the hostname:
ServiceEngine(config)# no hostnameNO-HOSTNAME(config)#Related Commands
dnslookup
Resolves a host or domain name to an IP address.
ip
Configures the IP.
show hosts
Displays the IP domain name, name servers, IP addresses, and host table.
http
To configure HTTP-related parameters, use the http command in Global configuration mode. To disable HTTP-related parameters, use the no form of this command.
http add-cookie string| age-multiplier num |cache-cookies | cache-fill-range | cache-on-abort {enable | percent num} | http max-ttl {days num | hours num | minutes num | seconds num} | min-ttl minutes | object max-size maxsize | proxy {incoming ports | outgoing {host {hostname | ip-address} port}} | reval-each-request all
no http add-cookie string| age-multiplier num |cache-cookies | cache-fill-range | cache-on-abort {enable | percent num} | http max-ttl {days num | hours num | minutes num | seconds num} | min-ttl minutes | object max-size maxsize | proxy {incoming ports | outgoing {host {hostname | ip-address} port}} | reval-each-request all
Note
Syntax Description
Command Defaults
age-multiplier: 30 percent for text objects and 60 percent for binary objects
ports: no incoming proxy
days: 1
hours: 24
minutes: 1440
seconds: 86400
misses number: 0
object max-size: 2
outgoing monitor: 60 seconds
The SE strips the hop-to-hop 407 response sent by the Internet proxy by default.
http cache-on-abort: disabled
The default is no incoming proxy.
Command Modes
Global configuration (config) mode.
Usage Guidelines
This command is only available on Cisco Internet Streamer CDS Release 2.5.1 and 2.5.3 software. Use these commands to configure specific parameters for caching HTTP objects.
Note
Configuring Cookies
Starting in Cisco Internet Streamer CDS Release 2.5 software, users can configure a cookie on a per-delivery service basis. Now there can be more than one cookie added to an SE because each cookie is tied to the delivery service, so the correct cookie is used for each request. To configure a cookie on an edge SE, use the http add-cookie <cookie-string> command.
Transaction Logging
Once a user has been authenticated through LDAP or a RADIUS server, all transaction logs generated by the SE for that user contain user information. If the SE is acting in proxy mode, the user ID is included in the transaction logs. If the SE is acting in transparent mode, the user IP address is included instead.
The cache-cookies option enables the SE to cache the binary content served with HTTP Set-cookie headers and no explicit expiration information.
The reval-each-request option enables the SE to revalidate all objects requested from the cache.
Use the object max-size option to specify the maximum size in kilobytes of a cacheable object. The default is no maximum size for a cacheable object. The no form of the command resets the default value.
The http proxy option enables the SE to operate in environments where client browsers have previously been configured to use a legacy proxy server. The SE accepts proxy-style requests when the incoming proxy ports are configured with the http proxy incoming ports option. Up to eight incoming proxy ports can be specified on a single command line or on multiple command lines.
To configure the SE to direct all HTTP miss traffic to a parent cache (without using ICP), use the http proxy outgoing host port option, where host is the system name or IP address of the outgoing proxy server, and port is the port number designated by the outgoing (upstream) server to accept proxy requests.
Caching Policy for Client-Aborted Downloads
Typically, a client aborts a download of an object by clicking the Stop icon on the browser or by closing the browser during a download. By default, the SE continues to download an object to the cache even after a client aborts the download.
The cache-on-abort option lets you specify if and when the SE completes the download of a cacheable object after the client aborts the request. However, if the SE determines that there is another client currently requesting the same object, caching is always completed.
If the cache-on-abort option is enabled and no thresholds are enabled, the SE always aborts downloading an object to the cache. You can use any combination of the following thresholds, which are specified in the HTTP header. If the option is not enabled, the client receives an error response. Response errors and read errors are returned to the client, because it is not possible to detect whether these errors are generated at the origin server or at the proxy.
Examples
The following example shows how to specify that the host 10.1.1.1 on port 8088 is designated as the primary proxy server and host 10.1.1.2 is designated as a backup proxy server:
ServiceEngine(config)# http proxy outgoing host 10.1.1.1 8088 primaryServiceEngine(config)# http proxy outgoing host 10.1.1.2 220The following example shows the output for the show http proxy command:
ServiceEngine# show http proxyIncoming Proxy-Mode:Servicing Proxy mode HTTP connections on ports: 8080Outgoing Proxy-Mode:Primary proxy server: 172.16.63.150 port 1 FailedBackup proxy servers: 172.16.236.151 port 8005172.16.236.152 port 123172.16.236.153 port 65535 Failed172.16.236.154 port 10Monitor Interval for Outgoing Proxy Servers is 60 secondsUse of Origin Server upon Proxy Failures is disabled.The following example shows the output for the show statistics http requests command:
ServiceEngine# show statistics http requestsStatistics - RequestsTotal % of Requests---------------------------------------------------Total Received Requests: 49103 -Forced Reloads: 109 0.2Client Errors: 23 0.0Server Errors: 348 0.7URL Blocked: 0 0.0Sent to Outgoing Proxy: 0 0.0Failures from Outgoing Proxy: 0 0.0Excluded from Outgoing Proxy: 0 0.0ICP Client Hits: 0 0.0ICP Server Hits: 0 0.0HTTP 0.9 Requests: 2 0.0HTTP 1.0 Requests: 49101 100.0HTTP 1.1 Requests: 0 0.0HTTP Unknown Requests: 0 0.0Non HTTP Requests: 0 0.0Non HTTP Responses: 46 0.1Chunked HTTP Responses: 0 0.0Http Miss Due To DNS: 0 0.0Http Deletes Due To DNS: 0 0.0Objects cached for min ttl: 2674 5.0The following example shows the output for the show statistics http proxy outgoing command:
ServiceEngine# show statistics http proxy outgoingHTTP Outgoing Proxy StatisticsIP PORT ATTEMPTS FAILURES---------------------------------------------------172.16.23.150 8000 0 0172.16.23.151 8080 0 0172.16.23.152 9000 0 0172.16.23.153 9001 0 0172.16.23.154 9005 0 0Requests when all proxies were failed: 0The following example shows that with the default configuration (all cache-on-abort command thresholds disabled), client abort processing is configured to always abort downloading an object to the cache:
ServiceEngine(config)# http cache-on-abort enableThe following example shows that the SE is configured to always continue downloading an object to the cache (this configuration is the default):
ServiceEngine(config)# no http cache-on-abortThe following example shows that the SE is configured to use the default minimum threshold when the cache-on-abort option has been enabled and the threshold is set to 16 kilobytes:
ServiceEngine(config)# http cache-on-abort min 16The following example shows that the SE is configured to ignore the minimum threshold:
ServiceEngine(config)# no http cache-on-abort minRelated Commands
icap
To use the Internet Content Adaptation Protocol (ICAP) to help the Service Engine (SE) interact with third-party software applications and plug-ins, use the icap command in Global configuration mode. To disable individual options, use the no form of this command.
icap {append-x-headers {x-client-ip | x-server-ip} | apply rules-template | service camiant { enable | error-handling {bypass | return-error} | server url}
no icap {append-x-headers {x-client-ip | x-server-ip} | apply rules-template | service camiant enable | error-handling {bypass | return-error} | server url}
Note
Syntax Description
Command Defaults
server url: Port 1344 is assumed if no explicit port is included in the URL.
Command Modes
Global configuration (config) mode.
Usage Guidelines
ICAP is an open standard for content adaptation, typically at the network edge. Content adaptation is the process of modifying the content to improve its usability. The content adaptation can include virus scanning, content translation, content filtering, content insertion, and other ways of improving the value of content for end users. ICAP specifies how an SE, acting as an HTTP proxy server, can communicate with an external device acting as an ICAP server, which filters and adapts the requested content.
ICAP provides two content-processing modes for HTTP services. These modes define the transactions that can occur between an SE acting as an ICAP client and an ICAP server. The two modes are as follows:
•
•
The following is a complete list of the ICAP vendors that have been certified to interoperate with the SE:
•
•
The maximum file size that is supported in the Internet Streamer CDS software is 2 GB. Files that exceed this size limit are not supported for ICAP processing.
Use the icap append-x-headers command to specify the ICAP extension headers that are passed to the ICAP server during the session negotiation between the SE and the ICAP server as follows:
•
•
Also, you can choose to apply ICAP services on all HTTP requests processed by the SE or apply ICAP processing only to requests that match the Rules Template. Use the icap apply { all | rules-template } command to specify which ICAP services should be performed on which requests that are received by the SE. For example, use the icap apply rules-template command to instruct the SE to run only the ICAP services that match the rules action use-icap-service. Alternatively, you could use the icap apply all command to instruct the SE to run all the ICAP services on all the HTTP requests that it receives.
To exclude other traffic from ICAP processing, use the rule action use-icap-service command. The Rules Template can be used to turn off ICAP processing for various requests by applying the patterns available in the Rules Template to the incoming request. These patterns can include the following attributes of the incoming request:7H90C0CH
•
•
•
An ICAP service defines attributes that define the service and one or more servers that provide ICAP services. You can configure a maximum of ten ICAP services on a single SE and a maximum of five ICAP servers for each ICAP service. To select the type of load balancing to use among a cluster of ICAP servers, use the load-balancing option.
In the syntax, replace service-id with a name of your choice for the current ICAP service. When you enter the icap service command and provide a name for the ICAP service, the system displays this ICAP service configuration prompt:
ServiceEngine(config-icap-service)#Within ICAP service configuration mode, all commands that you enter apply to the current ICAP service. To return to Global configuration mode, enter the exit command.
The point at which ICAP services are applied to content is called the vectoring point, specified using the vector-point option. The following three vectoring points are supported:
•
–
–
–
–
–
•
–
–
–
–
–
•
–
–
–
–
With the respmod vectoring point, which is used by virus-scanning ICAP vendors, the performance of the SE is 300 transactions per second.
With the reqmod-precache vectoring point, which is used by URL filtering ICAP vendors, the performance of the SE drops 20 percent from the rated performance.
Note
Note
ICAP servers process HTTP requests from clients based on the ICAP services configured at various vectoring points. ICAP servers perform content adaptation such as a request or response modification and filtering of requests or responses at the configured vectoring points while processing HTTP requests.
You can configure the maximum number of connections and the weight that can be handled by an ICAP server in a cluster of servers. The weight parameter represents the load percentage that can be redirected to the ICAP server. An ICAP server with a weight of 40 denotes that this server handles 40 percent of the load. If the total weight of all ICAP servers in a load-balanced cluster exceeds 100, the load percentage for each ICAP server is recalculated as a percentage measure represented by the weight parameters.
Note
ICAP servers configured at various vectoring points (especially the request modification precache vectoring points) may become overloaded with HTTP requests, because all requests pass through this point. Therefore, a cluster of ICAP servers (a load-balanced collection of ICAP servers) is made available for configuration. At a particular vectoring point, you can choose to load balance requests among the ICAP cluster of servers based on various parameters such as weighted load, client IP and server IP address-based hash, or round-robin format.
More than one ICAP service can be associated with a vectoring point. An ICAP service configured at a vectoring point can have only one load balancing scheme, irrespective of the number of servers. However, multiple ICAP services configured at one or all the vectoring points can have different load balancing schemes.
To identify the specific ICAP server and service, use the server url command, where the URL is in the following format:
icap://ICAPserverIPaddress/service-nameThe value used for the service-name must match the identifier used by the specific ICAP vendor. For example, one vendor uses the service name REQ-Service for reqmod-precache and interscan for respmod-precache, while another vendor supports only respmod-precache and uses the service name avscan.
When ICAP processing is enabled and an HTTP browser with a streaming Java applet is opened, several undesirable things occur:
•
•
These conditions occur because the ICAP server is set up to inspect the entire data packet before delivering a response to the client. However, because there is a streaming request, the data continues flowing to the ICAP server indefinitely, deadlocking any response to the requesting client.
Two workarounds are available. You can configure the ICAP server to bypass the scanning process, or you can configure rules on the SE to skip ICAP processing on websites that are known to contain streaming Java applets.
To configure the ICAP server to bypass scanning, use rules such as client_skip_content or server_skip_content as follows:
•
client_skip_content=User Agent: Windows Media Player 9.0.1•
server_skip_content=Content-Type: X-Dave_ContentAlternatively, you can configure the SE to bypass ICAP processing based on user agents or any of the patterns available in the Rules Template, by using the rule command.
Examples
The following example applies ICAP processing to all traffic:
ServiceEngine(config)# icap apply allThe following examples exclude intranet traffic from ICAP processing:
ServiceEngine(config)# rule pattern-list 1 domain !cisco.comServiceEngine(config)# rule action use-icap-service trend-reqmod 1 protocol allServiceEngine(config)# rule action use-icap-service trend-respmod 1 protocol allServiceEngine(config)# rule enableServiceEngine(config)# icap apply rules-templateThe following example shows how to use the icap service service-id command to configure and enable various ICAP services on this SE:
ServiceEngine(config)# icap service trend-reqmodServiceEngine(config-icap-service)# enableServiceEngine(config-icap-service)# vector-point reqmod-precacheServiceEngine(config-icap-service)# server icap//172.19.227.150/REQ-ServiceServiceEngine# exitServiceEngine(config)# icap service trend-respmodServiceEngine(config-icap-service)# enableServiceEngine(config-icap-service)# vector-point respmod-precacheServiceEngine(config-icap-service)# server icap//172.19.227.150/interscanServiceEngine# exitThe following examples show a typical configuration for a virus scanning service that requires processing on two vectoring points (reqmod-precache and respmod-precache):
ServiceEngine(config)# icap apply allServiceEngine(config)# icap service trend-reqmodServiceEngine(config-icap-service)# enableServiceEngine(config-icap-service)# vector-point reqmod-precacheServiceEngine(config-icap-service)# server icap://172.19.227.150/REQ-ServiceServiceEngine# exitServiceEngine# icap service trend-respmodServiceEngine(config-icap-service)# enableServiceEngine(config-icap-service)# vector-point respmod-precacheServiceEngine(config-icap-service)# server icap://172.19.227.150/interscanServiceEngine# exitThe following example shows that if an ICAP vendor supports the same service name for more than one vectoring point, you can configure a single service and add the supported vectoring points:
ServiceEngine(config)# icap service myicap-serviceServiceEngine(config-icap-service)# enableServiceEngine(config-icap-service)# vector-point reqmod-precacheServiceEngine(config-icap-service)# vector-point respmod-precacheServiceEngine(config-icap-service)# server icap://172.19.227.150/icap-service-nameServiceEngine(config-icap-service)# exitServiceEngine(config)#The following example shows that the SE is configured to bypass ICAP processing on the intranet site cisco.com and on the trusted Internet site datek.com:
SE(config)# rule enableSE(config)# rule action use-icap-service trend-reqmod pattern-list 1 protocol allSE(config)# rule action use-icap-service trend-respmod pattern-list 1 protocol allSE(config)# rule pattern-list 1 domain !(.*cisco\.com | .*datek\.com)!SE(config)# icap apply rules-templateSE(config)# icap service trend-reqmodSE(config-icap-service)# enableSE(config-icap-service)# vector-point reqmod-precacheSE(config-icap-service)# server icap://172.19.227.150/REQ-ServiceSE(config-icap-service)# exitSE(config)# icap service trend-respmodSE(config-icap-service)# enableSE(config-icap-service)# vector-point respmod-precacheSE(config-icap-service)# server icap://172.19.227.150/interscanSE(config-icap-service)# exitRelated Commands
install
To install the Internet Streamer CDS software image, use the install command in EXEC configuration mode.
install imagefilename
Syntax Description
Command Defaults
None
Command Modes
EXEC configuration mode.
Usage Guidelines
The install command loads the system image into flash memory and the disk.
To install a system image, copy the image file to the sysfs directory local1 or local2. Before entering the install command, change the present working directory to the directory where the system image resides. When the install command is executed, the image file is expanded. The expanded files overwrite the existing files in the SE. The newly installed version takes effect after the system image is reloaded.
Note
Examples
The following example shows how to install a .bin file on the SE:
ServiceEngine# install CDS-2.2.1.7-K9.binRelated Commands
interface
To configure a Gigabit Ethernet or port channel interface, use the interface command in Global configuration mode. To disable selected options, restore default values, or enable a shutdown interface, use the no form of this command.
interface {GigabitEthernet slot/port num | PortChannel num [autosense | bandwidth {10 | 100 | 1000} | description line | exit | full-duplex | half-duplex | ip {access-group {num {in | out} | name} | address {ip address netmask | range low-num high-num netmask} | ipv6 address addr/netmask | no | shutdown | standby num {priority num}] | Standby group number}
no interface {GigabitEthernet slot/port num | PortChannel num [autosense | bandwidth {10 | 100 | 1000} | description line | exit | full-duplex | half-duplex | ip {access-group {num {in | out} | name} | address {ip address netmask | range low-num high-num netmask} | ipv6 address addr/netmask | no | shutdown | standby num {priority num}] | Standby group number}
Syntax Description
Command Defaults
Standby priority: 100.
Command Modes
Global configuration (config) mode.
Usage Guidelines
Configuring Interfaces for DHCP
During the initial configuration of an SE, you have the option of configuring a static IP address for the SE or using interface-level DHCP to dynamically assign IP addresses to the interfaces on the SE.
If you do not enable interface-level DHCP on the SE, manually specify a static IP address and network mask for the SE. If the SE moves to another location in another part of the network, manually enter a new static IP address and network mask for this SE.
Note
An interface can be enabled for DHCP by using the ip address dhcp [client_id | hostname] command in interface configuration mode. The client identifier is an ASCII value. The SE sends its configured client identifier and hostname to the DHCP server when requesting network information. DHCP servers can be configured to identify the client identifier information and the hostname information that the SE is sending and then send back the specific network settings that are assigned to the SE.
String to Be Set as Cookie Port Channel (EtherChannel) Interface
EtherChannel for Cisco Internet Streamer CDS Release 2.x software supports the grouping of up to four same- network interfaces into one virtual interface. This grouping allows the setting or removing of a virtual interface that consists of two Gigabit Ethernet interfaces. EtherChannel also provides interoperability with Cisco routers, switches, and other networking devices or hosts supporting EtherChannel, load balancing, and automatic failure detection and recovery based on current link status of each interface.
You can use the Gigabit Ethernet ports to form an EtherChannel. A physical interface can be added to an EtherChannel subject to the device configuration.
Configuring Multiple IP Addresses
The Multiple Logical IP Addresses feature supports up to 24 unique IP addresses within the same subnet for the same interface.
When you configure multiple IP addresses on an SE using either the range option or using individual commands, the show running-config output displays all the IP addresses individually. The netmask value is unique for each interface, so under a single interface you cannot have multiple IP addresses with different netmask values.
Examples
The following example shows how to create an EtherChannel. The port channel is port channel 2 and is assigned an IP address of 10.10.10.10 and a netmask of 255.0.0.0:
ServiceEngine#configureServiceEngine(config)#interface PortChannel 2ServiceEngine(config-if)#exitThe following example how to remove an EtherChannel:
ServiceEngine(config)#interface PortChannel 2ServiceEngine(config-if)#exitServiceEngine(config)#no interface PortChannel 2The following example shows a sample output of the show running-config command in EXEC configuration mode:
ServiceEngine#show running-config...interface GigabitEthernet 0/0description This is an interface to the WANip address dhcpip address 192.168.1.200 255.255.255.0bandwidth 100exit..The following example shows the sample output of the show interface command:
ServiceEngine#show interface GigabitEthernet 1/0Description: This is the interface to the labtype: EthernetThe following example shows how to create standby groups on SEs:
ServiceEngine(config)# interface GigabitEthernet 1/0 standby 2 priority 300ServiceEngine(config)# interface GigabitEthernet 2/0 standby 2 priority 200ServiceEngine(config)# interface GigabitEthernet 3/0 standby 2 priority 100ServiceEngine(config)# interface standby 2 errors 10000The following example shows how to configure multiple IP addresses using a range command:
ServiceEngine(config)#interface PortChannel 2ServiceEngine(config-if)# ip address range 2.2.2.3 2.2.2.6 255.255.255.0The following example shows a sample output of the show running-config command in EXEC configuration mode after configuring multiple IP addresses:
ServiceEngine#show running-config.interface PortChannel 4ip address 2.2.2.3 255.255.255.0ip address 2.2.2.4 255.255.255.0ip address 2.2.2.5 255.255.255.0ip address 2.2.2.6 255.255.255.0exitRelated Commands
ip (Global configuration)
To change initial network device configuration settings, use the ip command in Global configuration mode. To delete or disable these settings, use the no form of this command. The dscp option allows you to set the global Type of Service (ToS) or differentiated services code point (DSCP) values in IP packets.
ip access list (see "ip access-list" section)
ip default-gateway ip-address [gateway ip addr 2 gateway ip addr 3]
ip domain-name name1 name2 name3
ip dscp {client {cache-hit {match-server | set-dscp dscp-packets | set-tos tos-packets} | cache-miss {match-server | set-dscp dscp-packets | set-tos tos-packets} } | server { match-client | set-dscp dscp-packets | set-tos tos-packets } }
ip name-server ip-addresses
ip path-mtu-discovery enable
ip route dest_IP_addr dest_netmask default_gateway [interface source_IP_addr]
no ip {default-gateway [gateway ip addr 2 gateway ip addr 3 ] | domain-name | dscp {client { cache-hit | cache-miss} | server} | name-server ip-addresses | path-mtu-discovery enable | route dest_IP_addr dest_netmask default_gateway [interface source_IP_addr] }
Syntax Description
default-gateway
Specifies the default gateway (if not routing IP).
ip-address
IP address of the default gateway.
gateway ip addr
Gateway IP address (maximum of 14).
Note
domain-name
Specifies domain names.
name1 through name3
Domain name (up to three can be specified).
dscp
Configures IP differentiated services code point (DSCP) and Type of Service (ToS) fields.
client
Configures DSCP for responses to the client.
cache-hit
Configures the cache hit responses to the client.
cache-miss
Configures the cache miss responses to the client.
match-server
Uses the original ToS or DSCP value of the server.
set-dscp
Configures differentiated services code point (DSCP) values.
dscp-packets
DSCP values; see Table 2-10 for valid values.
set-tos
Configures Type of Service (ToS).
tos-packets
ToS value; see Table 2-12 for valid values.
server
Configures DSCP for outgoing requests.
match-client
Uses the original ToS or DSP value of the client.
name-server
Specifies the address of the name server.
ip-addresses
IP addresses of the name servers (up to a maximum of eight).
path-mtu-discovery
Configures RFC 1191 Path Maximum Transmission Unit (MTU) discovery.
enable
Enables Path MTU discovery.
route
Specifies the net route.
dest_IP_addr
Destination route address.
dest_netmask
Netmask address.
default_gateway
Gateway address.
interface
Configures source policy routing to route outgoing traffic using the same interface where the request was received.
Note
source_IP_addr
IP address of the interface configured for source policy routing.
Command Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
To define a default gateway, use the ip default-gateway command. Only one default gateway can be configured. To remove the IP default gateway, use the no form of this command. The SE uses the default gateway to route IP packets when there is no specific route found to the destination.
To define a default domain name, use the ip domain-name command. To remove the IP default domain name, use the no form of this command. Up to three domain names can be entered. If a request arrives without a domain name appended in its hostname, the proxy tries to resolve the hostname by appending name1, name2, and name3 in that order until one of these names succeeds.
The SE appends the configured domain name to any IP hostname that does not contain a domain name. The appended name is resolved by the DNS server and then added to the host table. The SE must have at least one domain name server specified for hostname resolution to work correctly.
To specify the address of one or more name servers to use for name and address resolution, use the ip name-server ip-addresses command. To disable IP name servers, use the no form of this command. For proper resolution of the hostname to the IP address or the IP address to the hostname, the SE uses DNS servers. Use the ip name-server command to point the SE to a specific DNS server. You can configure up to eight servers.
Path MTU autodiscovery discovers the MTU and automatically sets the correct value. Use the ip path-mtu-discovery enable command to start this autodiscovery utility. By default, this feature is enabled. When this feature is disabled, the sending device uses a packet size that is smaller than 576 bytes and the next hop MTU. Existing connections are not affected when this feature is turned on or off.
The Cisco Internet Streamer CDS software supports IP Path MTU Discovery, as defined in RFC 1191. When enabled, Path MTU Discovery discovers the largest IP packet size allowable between the various links along the forwarding path and automatically sets the correct value for the packet size. By using the largest MTU that the links bear, the sending device can minimize the number of packets that it must send.
Note
IP Path MTU Discovery is started by the sending device. If a server does not support IP Path MTU Discovery, the receiving device has no mechanism available to avoid fragmenting datagrams generated by the server.
Use the ip route command to add a specific static route for a network or host. Any IP packet designated for the specified destination uses the configured route.
To configure static IP routing, use the ip route command. To remove the route, use the no form of this command. Do not use the ip route 0.0.0.0 0.0.0.0 command to configure the default gateway; use the ip default-gateway command instead.
In the CDS network, you can configure SEs, SRs, and CDSMs for the Type of Service (ToS) or differentiated services code point (DSCP) using the ip dscp command.
Source Policy Routes
To configure source policy routing, use the ip route command with the interface option. By using source policy routing, the reply packet to a client will leaves the SE on the same interface where the request came in. Source policy routing tables are automatically instantiated based on the interface subnets defined on the system. The policy routes are added automatically to the policy routing tables based on the nexthop gateway of the routes in the main routing table.
When configuring multiple ip address you must configure a default gateway in the same subnet.
Note
Cisco Internet Streamer CDS Release 2.5.7 software supports multiple IP addresses on the CDE220-2S3i, which included specifying the default gateway and IP routes. The IP routes, source policy routes, were added to ensure incoming traffic would go out the same interface it came in on. An IP route was added using the interface keyword, which was introduced in Cisco Internet Streamer CDS Release 2.5.7 software, and has the following syntax:
ip route <dest_IP_addr> <dest_netmask> <default_gateway> interface <source_IP_addr>
In the following example, all destination traffic (IP address of 0.0.0.0 and netmask of 0.0.0.0) sent from the source interface, 8.1.0.2, uses the default gateway, 8.1.0.1. This is a default policy route.
ip route 0.0.0.0 0.0.0.0 8.1.0.1 interface 8.1.0.2
A non-default policy route defines a specific destination (IP address and netmask). The following ip route command is an example of a non-default policy route:
ip route 10.1.1.0 255.255.255.0 <gateway> interface <source_IP_addr>
When upgrading to Cisco Internet Streamer CDS Release 2.5.9 software, any source policy routes configured using the Cisco Internet Streamer CDS Release 2.5.7 software interface keyword are rejected and are not displayed when the show running-config command is used. However, because you had to define the default gateway for all the interfaces as part of the multi-port support feature, the equivalent source policy route is automatically generated in the routing table. The following example shows the output for the show ip route command after upgrading to Cisco Internet Streamer CDS Release 2.5.9 software with the default source policy routes highlighted in bold and the non-default policy routes highlighted in italics:
ServiceEngine# show ip routeDestination Gateway Netmask---------------- ---------------- ----------------172.22.28.0 8.1.0.1 255.255.255.1286.21.1.0 0.0.0.0 255.255.255.08.2.1.0 0.0.0.0 255.255.255.08.2.2.0 0.0.0.0 255.255.255.0171.70.77.0 8.1.0.1 255.255.255.08.1.0.0 0.0.0.0 255.255.0.00.0.0.0 8.1.0.1 0.0.0.00.0.0.0 8.2.1.1 0.0.0.00.0.0.0 8.2.2.1 0.0.0.0Source policy routing table for interface 8.1.0.0/16172.22.28.0 8.1.0.1 255.255.255.128171.70.77.0 8.1.0.1 255.255.255.08.1.0.0 0.0.0.0 255.255.0.00.0.0.0 8.1.0.1 0.0.0.0Source policy routing table for interface 8.2.1.0/248.2.1.0 0.0.0.0 255.255.255.00.0.0.0 8.2.1.1 0.0.0.0Source policy routing table for interface 8.2.2.0/248.2.2.0 0.0.0.0 255.255.255.00.0.0.0 8.2.2.1 0.0.0.0If you have a default source policy route where the gateway is not defined as a default gateway, then you must add it after upgrading to Cisco Internet Streamer CDS Release 2.5.9 software. For example, if you had a source policy route with a gateway of 6.23.1.1 for a source interface of 6.23.1.12, and you did not specify the gateway as one of the default gateways, you would need to add it.
If you have a non-default source policy route, then you must add it as a regular static route (without the obsoleted interface keyword) after upgrading to Cisco Internet Streamer CDS Release 2.5.9 software. This route is then added to the main routing table as well as the policy routing table.
Differentiated Services
The differentiated services (DiffServ) architecture is based on a simple model where traffic entering a network is classified and possibly conditioned at the boundaries of the network. The class of traffic is then identified with a differentiated services (DS) code point or bit marking in the IP header. Within the core of the network, packets are forwarded according to the per-hop behavior associated with the DS code point.
To set the global ToS or DSCP values for the IP header from the CLI, use the ip dscp command.
DiffServ describes a set of end-to-end QoS (Quality of Service) capabilities. End-to-end QoS is the ability of the network to deliver service required by specific network traffic from one end of the network to another. QoS in the Internet Streamer CDS software supports differentiated services.
With differentiated services, the network tries to deliver a particular kind of service based on the QoS specified by each packet. This specification can occur in different ways, for example, using the 6-bit DSCP setting in IP packets or source and destination addresses. The network uses the QoS specification to classify, mark, shape, and police traffic, and to perform intelligent queueing.
Differentiated services is used for several mission-critical applications and for providing end-to-end QoS. Typically, differentiated services is appropriate for aggregate flows because it performs a relatively coarse level of traffic classification.
Use the ip dscp { client | server } { cache-hit | cache-miss } set-dscp dscp-packets command to set the DSCP values for the IP header. Valid values for dscp-packets are listed in Table 2-10.
Table 2-10 dscp-packets Values
0-63
Sets DSCP values.
af11
Sets packets with AF11 DSCP (001010).
af12
Sets packets with AF12 DSCP (001100).
af13
Sets packets with AF13 DSCP (001110).
af21
Sets packets with AF21 DSCP (010010).
af22
Sets packets with AF22 DSCP (010100).
af23
Sets packets with AF23 DSCP (010110).
af31
Sets packets with AF31 DSCP (011010).
af32
Sets packets with AF32 DSCP (011100).
af33
Sets packets with AF33 DSCP (011110).
af41
Sets packets with AF41 DSCP (100010).
af42
Sets packets with AF42 DSCP (100100).
af43
Sets packets with AF43 DSCP (100110).
cs1
Sets packets with CS1 (precedence 1) DSCP (001000).
cs2
Sets packets with CS2 (precedence 2) DSCP (010000).
cs3
Sets packets with CS3 (precedence 3) DSCP (011000).
cs4
Sets packets with CS4 (precedence 4) DSCP (100000).
cs5
Sets packets with CS5 (precedence 5) DSCP (101000).
cs6
Sets packets with CS6 (precedence 6) DSCP (110000).
cs7
Sets packets with CS7 (precedence 7) DSCP (111000).
default
Sets packets with the default DSCP (000000).
ef
Sets packets with EF DSCP (101110).
1 The number in parentheses denotes the DSCP value for each per-hop behavior keyword.
DS Field Definition
A replacement header field, called the DS field, is defined by differentiated services. The DS field supersedes the existing definitions of the IPv4 ToS octet (RFC 791) and the IPv6 traffic class octet. Six bits of the DS field are used as the DSCP to select the Per Hop Behavior (PHB) at each interface. A currently unused (CU) 2-bit field is reserved for explicit congestion notification (ECN). The value of the CU bits is ignored by DS-compliant interfaces when determining the PHB to apply to a received packet.
Per-Hop Behaviors
RFC 2475 defines PHB as the externally observable forwarding behavior applied at a DiffServ-compliant node to a DiffServ Behavior Aggregate (BA).
With the ability of the system to mark packets according to the DSCP setting, collections of packets that have the same DSCP setting and that are sent in a particular direction can be grouped into a BA. Packets from multiple sources or applications can belong to the same BA.
A PHB refers to the packet scheduling, queueing, policing, or shaping behavior of a node on any given packet belonging to a BA, as configured by a service level agreement (SLA) or a policy map.
There are four available standard PHBs:
•
•
•
•
The following sections describe the PHBs.
Default PHB
The default PHB specifies that a packet marked with a DSCP value of 000000 (recommended) receives the traditional best-effort service from a DS-compliant node (a network node that complies with all the core DiffServ requirements). Also, if a packet arrives at a DS-compliant node, and the DSCP value is not mapped to any other PHB, the packet gets mapped to the default PHB.
Class-Selector PHB
To preserve backward compatibility with any IP precedence scheme currently in use on the network, DiffServ has defined a DSCP value in the form xxx000, where x is either 0 or 1. These DSCP values are called Class-Selector Code Points. (The DSCP value for a packet with default PHB 000000 is also called the Class-Selector Code Point.)
The PHB associated with a Class-Selector Code Point is a Class-Selector PHB. These Class-Selector PHBs retain most of the forwarding behavior as nodes that implement IP precedence-based classification and forwarding.
For example, packets with a DSCP value of 110000 (the equivalent of the IP precedence-based value of 110) have preferential forwarding treatment (for scheduling, queueing, and so on), as compared to packets with a DSCP value of 100000 (the equivalent of the IP precedence-based value of 100). These Class-Selector PHBs ensure that DS-compliant nodes can coexist with IP precedence-based nodes.
Assured Forwarding PHB
Assured Forwarding PHB is nearly equivalent to Controlled Load Service, which is available in the integrated services model. AFny PHB defines a method by which BAs can be given different forwarding assurances.
For example, network traffic can be divided into the following classes:
•
•
•
The AFny PHB defines four AF classes: AF1, AF2, AF3, and AF4. Each class is assigned a specific amount of buffer space and interface bandwidth according to the SLA with the service provider or policy map.
Within each AF class, you can specify three drop precedence (dP) values: 1, 2, and 3. Assured Forwarding PHB can be expressed as shown in the following example: AFny. In this example, n represents the AF class number (1, 2, or 3) and y represents the dP value (1, 2, or 3) within the AFn class.
In instances of network traffic congestion, if packets in a particular AF class (for example, AF1) need to be dropped, packets in the AF1 class are dropped according to the following guideline:
dP(AFny) >= dP(AFnz) >= dP(AFnx)
where dP (AFny) is the probability that packets of the AFny class are dropped and y denotes the dP within an AFn class.
In the following example, packets in the AF13 class are dropped before packets in the AF12 class, which in turn are dropped before packets in the AF11 class:
dP(AF13) >= dP (AF12) >= dP(AF11)
The dP method penalizes traffic flows within a particular BA that exceed the assigned bandwidth. Packets on these offending flows could be re-marked by a policer to a higher drop precedence.
An AFx class can be denoted by the DSCP value, xyzab0, where xyz can be 001, 010, 011, or 100, and ab represents the dP value.
Table 2-11 lists the DSCP value and corresponding dP value for each AF PHB class.
.
Expedited Forwarding PHB
Resource Reservation Protocol (RSVP), a component of the integrated services model, provides a guaranteed bandwidth service. Applications, such as Voice over IP (VoIP), video, and online trading programs, require this type of service. The EF PHB, a key ingredient of DiffServ, supplies this kind of service by providing low loss, low latency, low jitter, and assured bandwidth service.
You can implement EF by using priority queueing (PQ) and rate limiting on the class (or BA). When implemented in a DiffServ network, EF PHB provides a virtual leased line or premium service. For optimal efficiency, however, you should reserve EF PHB for only the most critical applications because, in instances of traffic congestion, it is not feasible to treat all or most traffic as high priority.
EF PHB is suited for applications such as VoIP that require low bandwidth, guaranteed bandwidth, low delay, and low jitter.
IP Precedence for ToS
IP precedence allows you to specify the class of service (CoS) for a packet. You use the three precedence bits in the IPv4 header's type of service (ToS) field for this purpose.
Using the ToS bits, you can define up to six classes of service. Other features configured throughout the network can then use these bits to determine how to treat the packet. These other QoS features can assign appropriate traffic-handling policies including congestion management strategy and bandwidth allocation. For example, although IP precedence is not a queueing method, queueing methods such as weighted fair queueing (WFQ) and Weighted Random Early Detection (WRED) can use the IP precedence setting of the packet to prioritize traffic.
By setting precedence levels on incoming traffic and using them with the Internet Streamer CDS software QoS queueing features, you can create differentiated service. You can use features, such as policy-based routing (PBR) and Committed Access Rate (CAR), to set the precedence based on an extended access list classification. For example, you can assign the precedence based on the application or user or by destination and source subnetwork.
So that each subsequent network element can provide service based on the determined policy, IP precedence is usually deployed as close to the edge of the network or the administrative domain as possible. IP precedence is an edge function that allows core or backbone QoS features, such as WRED, to forward traffic based on CoS. You can also set IP precedence in the host or network client, but this setting can be overridden by the service provisioning policy of the domain within the network.
The following QoS features can use the IP precedence field to determine how traffic is treated:
•
•
•
How the IP Precedence Bits Are Used to Classify Packets
You use the three IP precedence bits in the ToS field of the IP header to specify a CoS assignment for each packet. You can partition traffic into up to six classes—the remaining two classes are reserved for internal network use—and then use policy maps and extended ACLs to define network policies in terms of congestion handling and bandwidth allocation for each class.
Each precedence corresponds to a name. These names, which continue to evolve, are defined in RFC 791. The numbers and their corresponding names, are listed from least to most important.
IP precedence allows you to define your own classification mechanism. For example, you might want to assign the precedence based on an application or an access router. IP precedence bit settings 96 and 112 are reserved for network control information, such as routing updates.
The IP precedence field occupies the three most significant bits of the ToS byte. Only the three IP precedence bits reflect the priority or importance of the packet, not the full value of the ToS byte.
Use the ip dscp { client | server } { cache-hit | cache-miss } set-tos tos-packets command to specify either of the two arguments—IP precedence or ToS byte value—to set the same ToS. You may specify either the ToS byte value or IP precedence; one is required. IP precedence uses the three precedence bits in the ToS field of the IPv4 header to specify the class of service for each packet. The ToS byte in the IP header defines the three high-order bits as IP precedence bits and the five low-order bits as ToS bits. The ToS byte value is written to the five low-order bits (bits 0 to 4) of the ToS byte in the IP header of a packet. The IP precedence value is written to the three high-order bits (bits 5 to 7) of the ToS byte in the IP header of a packet.
The following is a list of precedence names:
•
•
•
•
•
•
•
•
The following is a list of ToS names:
•
•
•
•
•
Table 2-12 lists the valid values for tos-packets.
Table 2-12 tos-packets Values
0-127
Sets the ToS value.
critical
Sets packets with critical precedence (80).
flash
Sets packets with flash precedence (48).
flash-override
Sets packets with flash override precedence (64).
immediate
Sets packets with immediate precedence (32).
internet
Sets packets with internetwork control precedence (96).
max-reliability
Sets packets with maximum reliable ToS (2).
max-throughput
Sets packets with maximum throughput ToS (4).
min-delay
Sets packets with minimum delay ToS (8).
min-monetary-cost
Sets packets with minimum monetary cost ToS (1).
network
Sets packets with network control precedence (112).
normal
Sets packets with normal ToS (0).
priority
Sets packets with priority precedence (16).
1 The number in parentheses denotes the ToS value for each IP precedence or ToS name setting.
Examples
The following example shows how to configure a default gateway for the SE:
ServiceEngine(config)# ip default-gateway 192.168.7.18The following example disables the default gateway:
ServiceEngine(config)# no ip default-gatewayThe following example shows how to configure a static IP route for the SE:
ServiceEngine(config)# ip route 172.16.227.128 255.255.255.0 172.16.227.250The following example negates the static IP route:
ServiceEngine(config)# no ip route 172.16.227.128 255.255.255.0 172.16.227.250The following example shows how to configure a default domain name for the SE:
ServiceEngine(config)# ip domain-name cisco.comThe following example negates the default domain name:
ServiceEngine(config)# no ip domain-nameThe following example shows how to configure a name server for the SE:
ServiceEngine(config)# ip name-server 10.11.12.13The following example disables the name server:
ServiceEngine(config)# no ip name-server 10.11.12.13The following example shows how to configure source policy routing for the SE interface assigned with the IP address 192.168.1.5:
ServiceEngine(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.1 interface 192.168.1.5Related Commands
ip (interface configuration)
To configure the interface Internet Protocol, use the interface command in interface configuration mode. To delete or disable these settings, use the no form of this command.
ip { access-group { num { in | out } { name { in | out } | address { ip_addr netmask | range { ip_addr_low ip_addr_high netmask } }
no ip { access-group { num { in | out } { name { in | out } | address { ip_addr netmask | range { ip_addr_low ip_addr_high netmask } }
Syntax Description
Command Defaults
None
Command Modes
Interface configuration (config-if) mode.
Usage Guidelines
With Cisco Internet Streamer CDS Release 2.5.9 software, you can now configure multiple IP addresses for Gigabit Ethernet, port channel and Standby interface in the SEs. With multiple IP support, the SEs can stream the content under a specific IP while having another stream with different source IP address under the same interface.
The ip command configures up to 24 unique IP addresses within the same subnet for the same Gigabit Ethernet, port channel and Standby interface. You can add and delete IP addresses for each interface without affecting other configured IP addresses.
Note
The ip range command adds and deletes an IP address range per interface without affecting other configured IP addresses, and it notifies the SR and CDSM on the added and deleted IP address. The IP address can only be deleted when it is already disassociated from the delivery service. If the delivery service's IP address has been updated, for example from 10.1.1.1 to 10.1.1.5, the service is not interrupted. The new stream will use the new IP address.
Examples
Configuring an IP Address Range
The following example shows how to configure an IP address in a range:
ServiceEngine(config)# interface PortChannel 1ServiceEngine(config-if)# ip address 2.2.2.2 255.255.255.0ServiceEngine(config-if)# ip address range 2.2.2.3 2.2.2.10 255.255.255.0ServiceEngine(config-if)# ip address range 2.2.2.12 2.2.2.20 255.255.255.0If the user configures an IP address range but one or more of the IP addresses in the range matched with an already configured IP address, the configuration is still accepted. For example, if interface PortChannel 1 has the following configuration:
interface PortChannel 1ip address 2.2.2.2 255.255.255.0ip address 2.2.2.3 255.255.255.0ip address 2.2.2.5 255.255.255.0ip address 2.2.2.12 255.255.255.0The following configuration is accepted and the IP address in the range (not the same subnet) is rejected:
ServiceEngine# configure terminalServiceEngine(config)# interface PortChannel 1ServiceEngine(config-if)# ip address range 2.2.2.3 2.2.2.4 255.255.255.0ServiceEngine(config-if)# endIf the interface PortChannel 1 has the following configuration:
interface PortChannel 1ip address 2.2.2.2 255.255.255.0ip address 2.2.2.5 255.255.255.0ip address 2.2.2.12 255.255.255.0And you enter the following commands:
ServiceEngine# configure terminalServiceEngine(config)# interface PortChannel 1ServiceEngine(config-if)# ip address range 2.2.3.9 2.2.3.15 255.255.255.0ServiceEngine(config-if)# endIt is an invalid IP address range and an incompatible netmask.
Configuring an IP Address
The following example shows how to configure an individual IP address:
ServiceEngine(config)# interface PortChannel 1ServiceEngine(config-if)# ip address 2.2.2.2 255.255.255.0ServiceEngine(config-if)# ip address 2.2.2.3 255.255.255.0ServiceEngine(config-if)# ip address 2.2.2.10 255.255.255.0Removing an IP Address
The following example shows how to remove an IP address range configuration:
ServiceEngine(config)# interface PortChannel 1ServiceEngine(config-if)# no ip address range 2.2.2.3 2.2.2.10 255.255.255.0The following example shows how to remove an IP address configuration:
ServiceEngine(config)# interface PortChannel 1ServiceEngine(config-if)# no ip address 2.2.2.3 255.255.255.Related Commands
ip access-list
To create and modify access lists for controlling access to interfaces or applications, use the ip access-list standard or ip access-list extended command in Global configuration modes. To remove access control lists, use the no form of this command.
ip access-list {extended {acl-name | acl-num {delete num | deny {num {ip address | any | host} | gre {ip address | any | host} | icmp {ip address | any | host} | ip {ip address | any | host} | tcp {ip address | any | host} | udp {ip address | any | host} } | insert {num {deny | permit} | list {start-line-num | end-line-num} | move {old-line-num | new-line-num} | permit {num { ip address | any | host} | gre {ip address | any | host} | icmp {ip address | any | host} | ip {ip address | any | host} | tcp {ip address | any | host} | udp {ip address | any | host} } } | { standard {acl-num | acl-name {delete num | deny {num {ip address | any | host} | gre {ip address | any | host} | icmp {ip address | any | host} | ip {ip address | any | host} | tcp {ip address | any | host} | udp {ip address | any | host} } | insert {num {deny | permit} | list { start-line-num | end-line-num} | move {old-line-num | new-line-num} | permit {ip address | any | host} } } }
no ip access-list {extended {acl-name | acl-num {delete num | deny {num { ip address | any | host } | gre {ip address | any | host} | icmp {ip address | any | host} | ip {ip address | any | host} | tcp {ip address | any | host} | udp {ip address | any | host} } | insert {num { deny | permit} | list {start-line-num | end-line-num} | move {old-line-num | new-line-num} | permit {num { ip address | any | host} | gre {ip address | any | host} | icmp {ip address | any | host} | ip {ip address | any | host} | tcp { ip address | any | host} | udp {ip address | any | host} } } | { standard {acl-num | acl-name {delete num | deny {num {ip address | any | host} | gre {ip address | any | host} | icmp {ip address | any | host} | ip {ip address | any | host} | tcp {ip address | any | host} | udp {ip address | any | host} } | insert {num {deny | permit } | list { start-line-num | end-line-num} | move {old-line-num | new-line-num} | permit {ip address | any | host} } } }
Syntax Description
Command Defaults
An access list drops all packets unless you configure at least one permit entry.
Command Modes
Global configuration (config) mode.
Usage Guidelines
Standard ACL Configuration Mode Commands
To work with a standard access list, enter the ip access-list standard command from the Global configuration mode prompt. The CLI enters a configuration mode in which all subsequent commands apply to the current access list.
To add a line to the standard IP ACL, enter the following command. For example, choose a purpose (permit or deny) that specifies whether a packet is to be passed or dropped, enter the source IP address, and enter the source IP wildcard address as follows:
[insert line-num] {deny | permit} {source-ip [wildcard] | host source-ip | any}
To delete a line from the standard IP ACL, enter the following command:
delete line-num
To display a list of specified entries within the standard IP ACL, enter the following command:
list [start-line-num [end-line-num] ]
To move a line to a new position within the standard IP ACL, enter the following command:
move old-line-num new-line-num
To return to the CLI Global configuration mode prompt, enter the following command:
exit
To negate a standard IP ACL, enter the following command:
no {deny | permit} {source-ip [wildcard] | host source-ip | any}
Extended ACL Configuration Mode Commands
To work with an extended access list, enter the ip access-list extended command from the Global configuration mode prompt. The CLI enters a configuration mode in which all subsequent commands apply to the current access list.
To delete a line from the extended IP ACL, enter the following command:
delete line-num
To move a line to a new position within the extended IP ACL, enter the following command:
move old-line-num new-line-num
To display a list of specified entries within the standard IP ACL, enter the following command:
list [start-line-num [end-line-num] ]
To return to the CLI Global configuration mode prompt, enter the following command:
exit
To add a condition to the extended IP ACL, note that the options depend on the chosen protocol.
For IP, enter the following command to add a condition:
[insert line-num] {deny | permit} { gre | ip | proto-num } {source-ip [wildcard] | host source-ip | any } {dest-ip [wildcard] | host dest-ip | any}
no {deny | permit} {gre | ip | proto-num} {source-ip [wildcard] | host source-ip | any} {dest-ip [wildcard] | host dest-ip | any}
where if you enter proto-num is 47 or 0, they represent the equivalent value for GRE or IP.
For TCP, enter the following command to add a condition:
[insert line-num] {deny | permit } {tcp | proto-num } {source-ip [wildcard] | host source-ip | any} [operator port [port] ] { dest-ip [wildcard] | host dest-ip | any} [operator port [port] ] [established]
no { deny | permit} {tcp | proto-num } { source-ip [wildcard] | host source-ip | any } [operator port [port] ] { dest-ip [wildcard] | host dest-ip | any} [operator port [port] ] [established]
where proto-num can be 6, which is the equivalent value for TCP.
For UDP, enter the following command to add a condition:
[insert line-num] {deny | permit } {udp | proto-num } {source-ip [wildcard] | host source-ip | any} [operator port [port] ] {dest-ip [wildcard] | host dest-ip | any } [operator port [port] ]
no { deny | permit } {udp | proto-num } {source-ip [wildcard] | host source-ip | any } [operator port [port] ] { dest-ip [wildcard] | host dest-ip | any } [operator port [port] ]
where proto-num can be 17, which is the equivalent value for UDP.
For ICMP, enter the following command to add a condition:
[insert line-num] { deny | permit } { icmp | proto-num } { source-ip [wildcard] | host source-ip | any } { dest-ip [wildcard] | host dest-ip | any } [icmp-type [code] | icmp-msg]
no { deny | permit } {icmp | proto-num} {source-ip [wildcard] | host source-ip | any} {dest-ip [wildcard] | host dest-ip | any} [icmp-type [code] | icmp-msg]
where proto-num can be 2, which is the equivalent value for ICMP.
For extended IP ACLs, the wildcard keyword is required if the host keyword is not specified. For a list of the keywords that you can use to match specific ICMP message types and codes, see Table 2-15. For a list of supported UDP and TCP keywords, see Table 2-13 and Table 2-14.
Use access lists to control access to specific applications or interfaces on an SE. An ACL consists of one or more condition entries that specify the kind of packets that the SE drops or accepts for further processing. The SE applies each entry in the order in which it occurs in the access list, which by default, is the order in which you configured the entry.
The following are some examples of how IP ACLs can be used in environments that have SEs:
•
•
•
•
Within ACL configuration mode, you can use the editing commands (list, delete, and move) to display the current condition entries, to delete a specific entry, or to change the order in which the entries are evaluated. To return to Global configuration mode, enter exit at the ACL configuration mode prompt.
To create an entry, use a deny or permit keyword and specify the type of packets that you want the SE to drop or to accept for further processing. By default, an access list denies everything because the list is terminated by an implicit deny any entry. You must include at least one permit entry to create a valid access list.
After creating an access list, you can include the access list in an access group using the access-group command, which determines how the access list is applied. You can also apply the access list to a specific application using the appropriate command. A reference to an access list that does not exist is the equivalent of a permit any condition statement.
To work with access lists, enter either the ip access-list standard or ip access-list extended Global configuration command. Identify the new or existing access list with a name up to 30 characters long beginning with a letter or with a number. If you use a number to identify a standard access list, it must be between 1 and 99; for an extended access list, use a number from 100 to 199. Use a standard access list for providing access to the SNMP server or to the TFTP gateway or server.
After you identify the access list, the CLI enters the appropriate configuration mode and all subsequent commands apply to the specified access list.
ip access-list standard Command
You typically use a standard access list to allow connections from a host with a specific IP address or from hosts on a specific network. To allow connections from a specific host, use the permit host source-ip option and replace source-ip with the IP address of the specific host.
To allow connections from a specific network, use the permit source-ip wildcard option. Replace source-ip with a network ID or the IP address of any host on the network that you want to specify. Replace wildcard with the dotted decimal notation for a mask that is the reverse of a subnet mask, where a 0 indicates a position that must be matched and a 1 indicates a position that does not matter. For instance, the wildcard 0.0.0.255 causes the last eight bits in the source IP address to be ignored. Therefore, the permit 192.168.1.0 0.0.0.255 entry allows access from any host on the 192.168.1.0 network.
ip access-list extended Command
Use an extended access list to control connections based on the destination IP address or based on the protocol type. You can combine these conditions with information about the source IP address to create more restrictive conditions. Table 2-13 lists the UDP keywords that you can use with extended access lists.
Table 2-13 UDP Keywords and Port Numbers
bootpc
BOOTP1 client service
68
bootps
BOOTP server service
67
domain
DNS2 service
53
netbios-dgm
NetBIOS datagram service
138
netbios-ns
NetBIOS name resolution service
137
netbios-ss
NetBIOS session service
139
nfs
Network File System service
2049
ntp
Network Time Protocol settings
123
snmp
Simple Network Management Protocol service
161
snmptrap
SNMP traps
162
tftp
Trivial File Transfer Protocol service
69
1 BOOTP = bootstrap protocol
2 DNS = Domain Name System
Table 2-14 lists the TCP keywords that you can use with extended access lists.
Table 2-15 lists the keywords that you can use to match specific ICMP message types and codes.
Table 2-15 Keywords for ICMP Message Type and Code
administratively-prohibited
Messages that are administratively prohibited from being allowed access.
alternate-address
Messages that specify alternate IP addresses.
conversion-error
Messages that denote a datagram conversion error.
dod-host-prohibited
Messages that signify a DoD1 protocol Internet host denial.
dod-net-prohibited
Messages that specify a DoD protocol network denial.
echo
Messages that are used to send echo packets to test basic network connectivity.
echo-reply
Messages that are used to send echo reply packets.
general-parameter-problem
Messages that report general parameter problems.
host-isolated
Messages that indicate that the host is isolated.
host-precedence-unreachable
Messages that have been received with the protocol field of the IP header set to one (ICMP) and the type field in the ICMP header set to three (Host Unreachable). This is the most common response. Large numbers of this datagram type on the network are indicative of network difficulties or hostile actions.
host-redirect
Messages that specify redirection to a host.
host-tos-redirect
Messages that specify redirection to a host for type of service-based (ToS) routing.
host-tos-unreachable
Messages that denote that the host is unreachable for ToS-based routing.
host-unknown
Messages that specify that the host or source is unknown.
host-unreachable
Messages that specify that the host is unreachable.
information-reply
Messages that contain domain name replies.
information-request
Messages that contain domain name requests.
mask-reply
Messages that contain subnet mask replies.
mask-request
Messages that contain subnet mask requests.
mobile-redirect
Messages that specify redirection to a mobile host.
net-redirect
Messages that are used for redirection to a different network.
net-tos-redirect
Messages that are used for redirection to a different network for ToS-based routing.
net-tos-unreachable
Messages that specify that the network is unreachable for the ToS-based routing.
net-unreachable
Messages that specify that the network is unreachable.
network-unknown
Messages that denote that the network is unknown.
no-room-for-option
Messages that specify the requirement of a parameter, but that no room is unavailable for it.
option-missing
Messages that specify the requirement of a parameter, but that parameter is not available.
packet-too-big
Messages that specify that the ICMP packet requires fragmentation but the DF2 bit is set.
parameter-problem
Messages that signify parameter-related problems.
port-unreachable
Messages that specify that the port is unreachable.
precedence-unreachable
Messages that specify that host precedence is not available.
protocol-unreachable
Messages that specify that the protocol is unreachable.
reassembly-timeout
Messages that specify a timeout during reassembling of packets.
redirect
Messages that have been received with the protocol field of the IP header set to one (ICMP) and the type field in the ICMP header set to five (Redirect). ICMP redirect messages are used by routers to notify the hosts on the data link that a better route is available for a particular destination.
router-advertisement
Messages that contain ICMP router discovery messages called router advertisements.
router-solicitation
Messages that are multicast to ask for immediate updates on neighboring router interface states.
source-quench
Messages that have been received with the protocol field of the IP header set to one (ICMP) and the type field in the ICMP header set to four (Source Quench). This datagram may be used in network management to provide congestion control. A source quench packet is issued when a router is beginning to lose packets because of the transmission rate of a source. The source quench is a request to the source to reduce the rate of a datagram transmission.
source-route-failed
Messages that specify the failure of a source route.
time-exceeded
Messages that specify information about all instances when specified times were exceeded.
timestamp-reply
Messages that contain time stamp replies.
timestamp-request
Messages that contain time stamp requests.
traceroute
Messages that specify the entire route to a network host from the source.
ttl-exceeded
Messages that specify that ICMP packets have exceeded the Time-To-Live configuration.
unreachable
Messages that are sent when packets are denied by an access list; these packets are not dropped in the hardware but generate the ICMP-unreachable message.
1 DoD = department of defense
2 DF = do not fragment
Examples
The following example shows how to create an access list to allow all web traffic and to allow only a specific host administrative access using Secure Shell (SSH):
ServiceEngine(config)# ip access-list extended exampleServiceEngine(config-ext-nacl)# permit tcp any any eq wwwServiceEngine(config-ext-nacl)# permit tcp host 10.1.1.5 any eq sshServiceEngine(config-ext-nacl)# exitThe following example shows how to activate the access list for an interface:
ServiceEngine(config)# interface gigabitethernet 1/0ServiceEngine(config-if)# exitThe following example shows how this configuration appears when you enter the show running-configuration command:
...!ip access-list extended examplepermit tcp any any eq wwwpermit tcp host 10.1.1.5 any eq sshexit. . .Related Commands
ip ospf priority
To set the router priority, which helps determine the designated router for this network; use the ip ospf priority command in interface configuration mode. To return to the default value, use the no form of this command.
ip ospf priority number-value
no ip ospf priority number-value
Syntax Description
Command Defaults
Priority of 1
Command Modes
Interface configuration (config-if) mode.
Usage Guidelines
When two routers attached to a network both attempt to become the designated router, the one with the higher router priority takes precedence. If there is a tie, the router with the higher router ID takes precedence. A router with a router priority set to zero is ineligible to become the designated router or backup designated router. Router priority is configured only for interfaces to multi-access networks (that is, not to point-to-point networks).
Examples
The following example shows how to set the router priority value to 4:
ServiceRouter(config)# router ospfServiceRouter(config-ospf)# interface GigabitEthernet 2/0ServiceRouter(config-ospf-if)# ip ospf priority 4ServiceRouter(config-ospf-if)Related Commands
ip router isis
To specify the interfaces to be used for routing IS-IS, use the ip router isis command in interface sub-configuration mode under IS-IS configuration mode. To detach the IS-IS process from an interface, use the no form of the command.
ip router isis
no ip router isis
Syntax Description
This command has no arguments or keywords.
Command Defaults
None
Command Modes
Interface configuration mode under IS-IS (config-isis-if) configuration mode.
Usage Guidelines
This command is used to specify the interfaces to actively route IS-IS. Before an IS-IS routing process can be attached to an interface, you must assign a network entity title (NET) using the net command and enter the interface sub-configuration mode.
Examples
The following example shows how to configure an IS-IS process to be attached and form adjacency on Ethernet interface 1:
ServiceRouter(config)# router isisServiceRouter(config-isis)# net 49.0001.aaaa.aaaa.aaaa.00ServiceRouter(config-isis)# interface GigabitEthernet 1/0ServiceRouter(config-isis-if)# ip router isisServiceRouter(config-isis-if)#Related Commands
ipv6
To specify the default gateway's IPv6 address, use the ipv6 command in Global configuration mode. To disable the IPv6 address, use the no form of this command.
ipv6 default-gateway ip-address
no ipv6 default-gateway ip-address
Syntax Description
default-gateway
Specifies the default gateway's IPv6 address.
ip-address
IPv6 address of the default gateway.
Command Defaults
None
Command Modes
Global configuration (config) mode.
Examples
The following example shows how to configure an IPv6-related address:
ServiceRouter(config)# ipv6 default-gateway fec0::100/64Related Commands
isis
To configure IS-IS routing for IP, use the isis command in interface configuration mode under route IS-IS configuration mode. To turn off this function, use the no form of this command.
isis {authentication key-chain name {level-1 | level-2} | authentication-check {level-1 | level-2 } | authentication-type {cleartext | md5} | circuit-type [level-1 | level-1-2 | level-2] | priority priority_value {level-1 | level-2} }
no isis {authentication key-chain name {level-1 | level-2} | authentication-check {level-1 | level-2} | authentication-type {cleartext | md5} | circuit-type [level-1 | level-1-2 | level-2] | priority priority_value {level-1 | level-2} }
Syntax Description
Command Defaults
A Level 1 and Level 2 adjacency is established.
Priority is set to 64 for interfaces.
Authentication-check is on.
Command Modes
Interface configuration mode under IS-IS (config-isis-if) configuration.
Usage Guidelines
Use the isis authentication key-chain command to specify the key chain to be used for the interface and the corresponding level. The key chain range cannot exceed 63 characters.
Use the isis authentication-check command to enables or disables the checking of received packets for the interface on the corresponding level. When authentication-check is disabled, IS-IS adds authentication to the outgoing packets, but it does not check authentication on incoming packets. This feature allows smooth transition of enabling authentication without disrupting the network operation.
Use the isis authentication-type command to specify the md5 or cleartext authentication type for the interface and the corresponding level.
Use the isis circuit-type command to specify adjacency levels on a specified interface.
Use the isis priority configuration command to configure the priority of a specific interface.
Note
%Cannot configure both IS-IS and OSPF together. Please remove 'router ospf' first. (Error number: 1137)
If you want to configure IS-IS and you already have OSPF running, you must enter the no router ospf command first before entering the router isis command.
Examples
The following example shows how to specify the key chain to be used for `GigabitEthernet 3/0', level-1 for the IS-IS process running on that interface:
ServiceRouter(config)# router isisServiceRouter(config-isis)# interface GigabitEthernet 3/0ServiceRouter(config-isis-if)# isis authentication key-chain my-key level-1ServiceRouter(config-isis-if)#The following example shows how to configure the authentication check of interface `GigabitEthernet 3/0', level-1 for the IS-IS process running on that interface:
ServiceRouter(config)# router isisServiceRouter(config-isis)# interface GigabitEthernet 3/0ServiceRouter(config-isis-if)# isis authentication-check level-1ServiceRouter(config-isis-ifSVCREG internal errorif SVCREG interface debugsippc SVCREG ippc (inter process comm) debugssvc SVCREG svc debugsven SVCREG ven debugs)#The following example shows how to configure the authentication type of interface `GigabitEthernet 3/0' to be md5 level-1 for the IS-IS process running on that interface:
ServiceRouter(config)# router isisServiceRouter(config-isis)# interface GigabitEthernet 3/0ServiceRouter(config-isis-if)# isis authentication-type md5 level-1ServiceRouter(config-isis-if)#The following example shows how to configure the circuit type of interface `GigabitEthernet 3/0' to be level-1-2 for the IS-IS process running on that interface:
ServiceRouter(config)# router isisServiceRouter(config-isis)# interface GigabitEthernet 3/0ServiceRouter(config-isis-if)# isis circuit-type level-1-2ServiceRouter(config-isis-if)# endServiceRouter#
The following example shows how to set the priority of interface `GigabitEthernet 3/0' to 100 for the IS-IS process running on that interface:
ServiceRouter(config)# router isisServiceRouter(config-isis)# interface GigabitEthernet 3/0ServiceRouter(config-isis-if)# isis priority 100ServiceRouter(config-isis-if)# endServiceRouter#
Related Commands
is-type
To configure a Proximity Engine to act as a Level 1 (intra-area) router, as both a Level 1 router and a Level 2 (interarea) router, or as an inter-area router only, use the is-type IS-IS configuration command. To reset the default value, use the no form of this command.
is-type [level-1 | level-1-2 | level-2]
no is-type [level-1 | level-1-2 | level-2]
Syntax Description
Command Defaults
The IS-IS routing process configured is a Level 1-2 (intra-area and inter-area) router.
Command Modes
IS-IS configuration (config-isis) mode.
Usage Guidelines
By default, the first instance of the IS-IS routing process that you configure using the router isis command is a Level 1-2 router.
If the network has only one area, there is no need to run both Level 1 and Level 2 routing algorithms. If IS-IS is used for Connectionless Network Service (CLNS) routing (and there is only one area), Level 1 only must be used everywhere. If IS-IS is used for IP routing only (and there is only one area), you can run Level 2 only everywhere. Areas you add after the Level 1-2 area exists are, by default, Level 1 areas.
If the router instance has been configured for Level 1-2 (the default for the first instance of the IS-IS routing process in a Cisco device), you can remove Level 2 (inter-area) routing for the area by using the is-type command. You can also use the is-type command to configure Level 2 routing for an area, but it must be the only instance of the IS-IS routing process configured for Level 2 on the Cisco device.
Examples
The following example shows how to specify an area router:
ServiceRouter(config)# router isisServiceRouter(config-isis)# is-type level-2ServiceRouter(config-isis)#Related Commands
kernel kdb
To enable access to the kernel debugger (KDB), use the kernel kdb command in Global configuration mode. To disable the kernel debugger, use the no form of this command.
kernel kdb
no kernel kdb
Syntax Description
This command has no arguments or keywords.
Command Defaults
Kdb is disabled by default.
Command Modes
Global configuration (config) mode.
Usage Guidelines
Once enabled, KDB is automatically activated when kernel problems occur. Once activated, all normal functioning of the CDS device is suspended until KDB is manually deactivated. The KDB prompt looks like this prompt:
[ 0 ] kdb>To deactivate KDB, enter go at the KDB prompt. If KDB was automatically activated because of kernel problems, you must reboot to recover from the issue. If you activated KDB manually for diagnostic purposes, the system resumes normal functioning in whatever state it was when you activated KDB. In either case, if you enter reboot, the system restarts and normal operation resumes.
With the Internet Streamer CDS software earlier than Release 2.4, KDB is enabled by default and cannot be disabled. In the Release 2.0.3 and later releases, KDB is disabled by default and you must enter the kernel kdb command in Global configuration mode to enable it. If KDB has been previously enabled, you can enter the no kernel kdb Global configuration command to disable it.
When KDB is enabled, you can activate it manually from the local console. With Cisco Internet Streamer CDS Release 2.4 and later, you can activate it by pressing Esc-KDB (press Escape and then press KDB in capitalization).
Examples
The following example shows how to enable KDB:
ServiceEngine(config)# kernel kdbThe following example shows how to disable KDB:
ServiceEngine(config)# no kernel kdbkey
To create a key ID and enter into key configuration submode, use the key command in Global configuration mode. To exit key chain configuration submode, use the no form of this command.
key keyid
no key keyid
Syntax Description
Command Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
Multiple key ID's may be configured under the same key chain. The key chain string cannot exceed 63 characters.
When IS-IS is configured to use a particular key chain for the authentication and the corresponding key chain is not configured in the system, it causes IS-IS to always reject incoming packets that require the key chain.
When a key chain has multiple keys, IS-IS should advertise the first key in the chain. For validation of received packets, it should iterate through all the keys until there is a match.
They key command is within the key chain command context, not simply the key chain itself.
Examples
The following example shows how to create a key ID and enter the key configuration submode:
ServiceRouter(config)# key chain my-keyServiceRouter(config-keychain)#Related Commands
key-string
To create a key string to be used for authentication, use the key chain command in Key ID configuration submode. To remove the key-string, use the no form of this command.
key-string keyid
no key-string keyid
Syntax Description
Command Defaults
None
Command Modes
Key ID configuration submode.
Usage Guidelines
The key-string command creates a key string to be used for authentication.
A key string is always valid upon creation.
The Proximity Engine does not support key-string expiration.
You can only create one key-string per key ID.
Key-chain string cannot exceed 63 characters.
Examples
The following example shows how to specify terminal line settings:
ServiceRouter(config-keychain-key)# key-string topos123ServiceRouter(config-keychain-key)#Related Commands
key chain
To create a key chain and enter into key chain configuration submode, use the key chain command in Global configuration mode. To exit key chain configuration submode, use the no form of this command.
key chain name
no key chain name
Syntax Description
Command Defaults
None
Command Modes
Global configuration (config) mode.
Usage Guidelines
Multiple key ID's may be configured under the same key chain. Key chain string cannot exceed 63 characters.
When IS-IS is configured to use a particular key chain for the authentication and the corresponding key chain is not configured in the system, it results IS-IS to always reject incoming packets that requires the key chain.
When a key chain has multiple keys, IS-IS should advertise the first key in the chain. For validation of received packets, it should iterate through all the keys until there is a match.
Examples
The following example shows how to create a key and enter into key ID configuration submode:
ServiceRouter(config)# key chain my-keyServiceRouter(config-keychain)#The following example shows a complete sample configuration for IS-IS MD5 authentication:
ServiceRouter(config)# key chain lsp-keyServiceRouter(config-keychain)# key 1ServiceRouter(config-keychain-key)# key-string lspServiceRouter(config-keychain-key)# exitServiceRouter(config-keychain)# exitServiceRouter(config)# key chain int-keyServiceRouter(config-keychain)# key 1ServiceRouter(config-keychain-key)# key-string topos123ServiceRouter(config-keychain-key)# exitServiceRouter(config-keychain)# exitServiceRouter(config)# router isisServiceRouter(config-isis)# net 10.1111.1111.1111.00ServiceRouter(config-isis)# is-type level-1ServiceRouter(config-isis)# authentication-type md5 level-1ServiceRouter(config-isis)# authentication key-chain lsp-key level-1ServiceRouter(config-isis)# interface giagabitethernet 1/0ServiceRouter(config-isis-if)# isis authentication-type md5 level-1ServiceRouter(config-isis-if)# isis authentication key-chain int-key level-1Related Commands
line
To specify terminal line settings, use the line command in Global configuration mode. To disable terminal line settings, use the no form of this command.
line console carrier-detect
no line console carrier-detect
Syntax Description
console
Configures the console terminal line settings.
carrier-detect
Sets the device to check the carrier detect signal before writing to the console.
Command Defaults
This feature is disabled by default.
Command Modes
Global configuration (config) mode.
Usage Guidelines
You should enable carrier detection if you connect the SE, SR, or CDSM to a modem for receiving calls. If you are using a null modem cable with no carrier detect pin, the device might appear unresponsive on the console until the carrier detect signal is asserted. To recover from a misconfiguration, you should reboot the device and set the 0x2000 bootflag to ignore the carrier detect setting.
Examples
The following example shows how to specify terminal line settings:
ServiceEngine(config)# line console carrier-detect
