10% de réduction sur vos envois d'emailing --> CLIQUEZ ICI
Retour à l'accueil, cliquez ici
Documentation CISCO
http://www.cisco.com/cisco/web/psa/default.html
Guide d'utilisation de
Cisco IP Communicator
Ver sion 7.0
Juin 200
http://www.cisco.com/en/US/docs/voice_ip_comm/cipc/7_0/localization/ipcugfra.pdf
Command Reference, Cisco ACE
Application Control Engine
For the Cisco ACE Application Control Engine Module and
Cisco ACE 4700 Series Application Control Engine Appliance
Software Version A5(1.0)
September 201
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/command/reference/ACE_cr.pdf
Cisco Aironet Antennas and Accessorie
http://www.cisco.com/en/US/prod/collateral/wireless/ps7183/ps469/product_data_sheet09186a008008883b.pdf
Cisco SAFE Reference Guide
Cisco Validated Design
Revised: July 8, 2010, OL-19523-0 17 Mo
http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/SAFE_RG/SAFE_rg.pdf
Cisco IOS Quick Reference Guide for IBN
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/whitepaper_c27-574041.pdf
Medianet Reference Guide
Last Updated: October 26, 2010
6 Mo
http://www.cisco.com/en/US/docs/solutions/Enterprise/Video/Medianet_Ref_Gd/medianet_DG.pdf
Command Line Interface Reference Guide for
Cisco Unified Communications Solutions
Release 7.1(2
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/cli_ref/7_1_2/cli_ref_712.pdf
Common Phone Task
http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7962g_7961g_7961g-ge_7942g_7941g_7941g-ge/8_5/english/quick_reference/7962qrcrd85.pdf
Cisco IOS XR System Error Message
Reference Guide, Release 3.8.2
November 2009
51 Mo
http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.8.2/error/messages/em382sems.pdf
http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.8.2/error/messages/em382sems.pdf
Siège social en Amérique
Cisco Systems
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tél : 408 526-4000
800 553-NETS (6387)
Fax : 408 527-0883
Guide d'utilisation de
Cisco IP Communicator
Ver sion 7.0
Juin 2009
Référence texte : OL-19177-01LES SPÉCIFICATIONS ET INFORMATIONS RELATIVES AUX PRODUITS PRÉSENTÉS DANS CE MANUEL SONT SUSCEPTIBLES DE
MODIFICATIONS SANS PRÉAVIS. TOUTES LES DÉCLARATIONS, INFORMATIONS ET RECOMMANDATIONS FOURNIES DANS CE
MANUEL SONT EXACTES À NOTRE CONNAISSANCE MAIS SONT PRÉSENTÉES SANS GARANTIE D'AUCUNE SORTE, EXPRESSE OU
IMPLICITE. LES UTILISATEURS ASSUMENT L'ENTIÈRE RESPONSABILITÉ DE L'APPLICATION DE TOUT PRODUIT.
LA LICENCE DE LOGICIEL ET LA GARANTIE LIMITÉE DU PRODUIT CI-JOINT SONT DÉFINIES DANS LES INFORMATIONS
FOURNIES AVEC LE PRODUIT ET SONT INTÉGRÉES AUX PRÉSENTES PAR CETTE RÉFÉRENCE. SI VOUS NE TROUVEZ PAS LA
LICENCE DE LOGICIEL OU LA GARANTIE LIMITÉE, CONTACTEZ VOTRE REPRÉSENTANT CISCO POUR EN AVOIR UNE COPIE.
L'implémentation par Cisco de la compression d'en-tête TCP est une adaptation d'un programme développé par l'Université de Californie, Berkeley
(UCB) dans le cadre de la version du système d'exploitation UNIX diffusée dans le domaine public par UCB. Tous droits réservés. Copyright © 1981,
Regents of the University of California.
PAR DÉROGATION À TOUTE AUTRE GARANTIE DÉFINIE ICI, TOUS LES FICHIERS DE DOCUMENTATION ET LOGICIELS DE CES
FOURNISSEURS SONT FOURNIS «EN L'ÉTAT» AVEC TOUS LEURS DÉFAUTS. CISCO ET LES FOURNISSEURS SUS-MENTIONNÉS
EXCLUENT TOUTES GARANTIES, EXPRESSES OU IMPLICITES Y COMPRIS DE MANIÈRE NON LIMITATIVE LES GARANTIES DE
QUALITÉ MARCHANDE, D'ADÉQUATION À UN USAGE PARTICULIER ET DE NON-INFRACTION OU DES GARANTIES ÉMANANT
D'UNE CONDUITE, D'UN USAGE OU D'UNE PRATIQUE COMMERCIALE.
EN AUCUN CAS, CISCO OU SES FOURNISSEURS NE POURRONT ÊTRE TENUS RESPONSABLES DE TOUT DOMMAGE INDIRECT,
PARTICULIER, CONSÉCUTIF OU ACCIDENTEL Y COMPRIS DE MANIÈRE NON LIMITATIVE LE MANQUE A GAGNER, LA PERTE OU
LA DÉTÉRIORATION DE DONNÉES RÉSULTANT DE L'UTILISATION OU DE L'IMPOSSIBILITÉ D'UTILISER CE MANUEL, MÊME SI
CISCO OU SES FOURNISSEURS ONT ÉTÉ AVERTIS DE L'ÉVENTUALITÉ DE TELS DOMMAGES.
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, le logo Cisco, DCE et Welcome
to the Human Network sont des marques de commerce ; Changing the Way We Work, Live, Play, and Learn et Cisco Store sont des marques de service
; et Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco,
le logo Cisco Certified Internetwork Expert, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, le logo Cisco Systems, Cisco Unity,
Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink,
Internet Quotient, IOS, iPhone, iQuick Study, IronPort, le logo IronPort, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime
Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet,
Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx et le logo WebEx sont des marques déposées
de Cisco Systems, Inc. et/ou de ses société affiliées aux États-Unis et dans certains autres pays.
Toutes les autres marques mentionnées dans ce document ou sur le site Web sont la propriété de leurs détenteurs respectifs. L'utilisation du mot
« partenaire » n'implique nullement une relation de partenariat entre Cisco et toute autre entreprise. (0809R)
Les adresse IP (Internet Protocol) utilisées dans ce document sont fictives. Tous les exemples, tous les écrans de commandes et toutes les figures que
contient ce document sont fournis uniquement à titre d'illustration. L'utilisation d'une adresse IP réelle dans un exemple serait fortuite et involontaire.
Guide d'utilisation de Cisco IP Communicator version 7.0
© 2009 Cisco Systems, Inc. Tous droits réservés.
iii
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
TABLE D E S M A T I È R E S
C H A P I T R E 1 Mise en route de Cisco IP Communicator 1-1
Généralités sur la sécurité des produits Cisco 1-2
Liste de contrôle pour la mise en route 1-2
Installation de périphériques audio avant le lancement initial 1-3
Installation de Cisco IP Communicator sur votre ordinateur 1-4
Lancement de Cisco IP Communicator 1-5
Utilisation de l'Assistant de réglage audio 1-6
Configuration et enregistrement Cisco IP Communicator 1-9
Test de Cisco IP Communicator 1-10
C H A P I T R E 2 Généralités sur les fonctionnalités et l'interface de
Cisco IP Communicator 2-1
Fonctionnalités de Cisco IP Communicator 2-1
À propos de l'interface de Cisco IP Communicator 2-4
Boutons et autres composants 2-4
Fonctions de l'écran du téléphone 2-8
Navigation dans l'interface 2-10
À l'aide des raccourcis clavier 2-10
À l'aide du menu 2-11
Utilisation des boutons de contrôle de la fenêtre 2-13
Utilisation de la notification d'appel entrant 2-14
Choix des éléments apparaissant sur l'écran du téléphone 2-14
Utilisation des menus de fonctions 2-15Sommaire
iv
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Saisie et modification d'un texte 2-16
Combiné décroché et raccroché 2-16
États et icônes d'appel et de ligne 2-17
Accès à l'aide en ligne 2-19
Fonctionnement et disponibilité des fonctions 2-20
C H A P I T R E 3 Traitement des appels avec Cisco IP Communicator 3-1
Comment traiter les appels simples 3-1
Passer un appel 3-3
Établissement d'un appel vidéo 3-8
Réponse à un appel 3-9
Fin d'un appel 3-11
Utilisation des fonctions Attente et Reprise 3-12
Utilisation de la fonction Secret 3-13
Transfert d'un appel connecté 3-14
Sélection des appels 3-15
Passage d'un appel à l'autre 3-15
Transfert d'un appel en cours vers un autre téléphone 3-17
Renvoi de vos appels vers un autre numéro 3-17
Utilisation de la fonction Ne pas déranger 3-19
Établissement de conférences téléphoniques 3-21
Utilisation de la fonction Conférence. 3-21
Utilisation de la fonction Joindre (uniquement sur les téléphones SCCP) 3-22
Utilisation de la fonction InsConf 3-23
Utilisation de la fonction Meet-Me 3-23
Affichage ou exclusion des participants à une conférence 3-24
Traitement des fonctions d'appel avancées 3-25
Utilisation de la fonction de mobilité de poste de Cisco 3-26
Traitement des appels professionnels à l'aide d'un seul numéro de
téléphone 3-27v
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Sommaire
Stockage et récupération des appels parqués 3-29
Déconnexion de groupes de recherche 3-29
Emission et réception d'appels sécurisés 3-30
Suivi des appels suspects 3-31
Donner la priorité aux appels critiques 3-32
Redirection d'un appel entrant vers Cisco IP Communicator 3-33
Rappel d'une ligne occupée dès qu'elle devient disponible 3-34
Utilisation des indicateurs de fonction de ligne occupée pour déterminer
l'état d'une ligne 3-34
Utilisation de lignes partagées 3-35
Établissement ou prise d'appels intercom 3-38
C H A P I T R E 4 Personnalisation des paramètres sur Cisco IP Communicator 4-1
Accès aux paramètres 4-1
Réglage du volume d'un appel 4-2
Personnalisation des sonneries et des indicateurs de message 4-3
Personnalisation de l'écran du téléphone 4-4
Affichage et personnalisation des préférences 4-5
Paramètres utilisateur 4-5
Paramètres réseau 4-7
Paramètres audio 4-8
Affectation de modes audio 4-9
Paramètres audio du réseau 4-13
Paramètres audio avancés 4-13
Paramètres de répertoire 4-15Sommaire
vi
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
C H A P I T R E 5 Utilisation de casques d'écoute et d'autres périphériques audio avec
Cisco IP Communicator 5-1
Obtention de périphériques audio 5-1
Utilisation d'un casque 5-2
Utilisation de votre ordinateur comme poste téléphonique à haut-parleur 5-4
Utilisation d'un combiné USB 5-5
Suppression et réinstallation de périphériques audio 5-6
C H A P I T R E 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires
sur Cisco IP Communicator 6-1
Accès aux messages vocaux 6-1
Utilisation des journaux d'appels 6-3
Composition à partir d'un répertoire 6-5
Utilisation du répertoire d’entreprise 6-6
Utilisation du répertoire personnel 6-7
Utilisation de la fonction Recherche rapide 6-10
Saisie d'informations de mot de passe pour la fonction Recherche
rapide 6-11
C H A P I T R E 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur
Cisco Unified CM 7-1
Connexion aux pages Web Options utilisateur Cisco Unified CM 7-2
Utilisation de votre Carnet d'adresses personnel 7-3
Configuration de numéros abrégés 7-4
Configuration de la numérotation abrégée 7-5
Configuration de services téléphoniques 7-7
Contrôle des paramètres utilisateur 7-9
Contrôle des paramètres de ligne 7-10
Configuration de téléphones et de listes d'accès pour la connexion mobile 7-12
Utilisation de Cisco WebDialer 7-15vii
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Sommaire
C H A P I T R E 8 Dépannage Cisco IP Communicator 8-1
Problèmes d'ordre général 8-1
Problèmes de qualité vocale 8-5
Utilisation de l'outil de génération de rapports sur la qualité pour résoudre les
problèmes de performance 8-10
Activation de journaux détaillés 8-11
Capture d'informations sur les problèmes 8-11Sommaire
viii
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01C H A P I T R E
1-1
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
1
Mise en route de
Cisco IP Communicator
Cisco IP Communicator est une application bureautique qui fournit à votre ordinateur
toutes les fonctions d'un téléphone IP Cisco Unified permettant de passer, de prendre
et de traiter des appels. Si vous installez Cisco IP Communicator sur un ordinateur
portable, vous pouvez utiliser Cisco IP Communicator (ainsi que tous vos paramètres
et services téléphoniques) où que vous soyez à condition de disposer d'une connexion
au réseau de votre entreprise. Si, par exemple, vous êtes en déplacement
professionnel, Cisco IP Communicator vous permet de recevoir des appels ou de
consulter vos messages vocaux lorsque vous êtes en ligne. Si vous travaillez à
domicile, vos collègues peuvent vous contacter en composant votre numéro de
téléphone professionnel.
Cisco IP Communicator fonctionne avec Cisco Unified Video Advantage, une autre
application bureautique, pour améliorer vos communications grâce à la vidéo. Par
exemple, si vous passez un appel par le biais de Cisco IP Communicator et, la vidéo
disponible sera automatiquement affichée par le biais de Cisco Unified
Video Advantage.
• Généralités sur la sécurité des produits Cisco, page 1-2
• Liste de contrôle pour la mise en route, page 1-2
• Installation de périphériques audio avant le lancement initial, page 1-3
• Installation de Cisco IP Communicator sur votre ordinateur, page 1-4
• Lancement de Cisco IP Communicator, page 1-5
• Utilisation de l'Assistant de réglage audio, page 1-6
• Configuration et enregistrement Cisco IP Communicator, page 1-9
• Test de Cisco IP Communicator, page 1-10Chapitre 1 Mise en route de Cisco IP Communicator
Généralités sur la sécurité des produits Cisco
1-2
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Généralités sur la sécurité des produits Cisco
Ce produit contient des fonctions cryptographiques et est soumis aux lois des
États-Unis et d'autres pays, qui en régissent l'importation, l'exportation, le
transfert et l'utilisation. La fourniture de produits cryptographiques Cisco
n'implique pas le droit d'un tiers à importer, exporter, distribuer ou utiliser le
cryptage. Les importateurs, exportateurs, distributeurs et utilisateurs ont la
responsabilité de respecter les lois américaines et celles d'autres pays. En utilisant
ce produit, vous vous engagez à respecter les lois et réglementations applicables.
Si vous n'êtes pas en mesure de respecter les lois américaines et celles d'autres
pays, renvoyez-nous ce produit immédiatement.
Vous trouverez un récapitulatif des lois américaines régissant les produits
cryptographiques Cisco à l'adresse suivante :
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html. Si vous avez besoin
d'aide supplémentaire, envoyez-nous un e-mail à l'adresse export@cisco.com.
Liste de contrôle pour la mise en route
Référez-vous à cette liste de contrôle pour configurer Cisco IP Communicator sur
votre bureau afin de pouvoir passer des appels.
Tâche de démarrage rapide Pour plus d'informations, consultez...
1. Installer les cartes son ou les périphériques audio
USB que vous souhaitez utiliser, notamment un
combiné ou un casque USB.
Installation de périphériques audio avant le
lancement initial, page 1-3
2. Installer l'application Cisco IP Communicator. Installation de Cisco IP Communicator sur
votre ordinateur, page 1-4
3. Lancer Cisco IP Communicator. Lancement de Cisco IP Communicator,
page 1-5
4. Utiliser l'Assistant de réglage audio pour
sélectionner des modes audio et régler les
périphériques audio.
• Utilisation de l'Assistant de réglage
audio, page 1-6
• Affectation de modes audio, page 4-9
5. Réaliser les étapes de configuration réseau ou
d'enregistrement définies par votre administrateur
système.
Configuration et enregistrement
Cisco IP Communicator, page 1-9
6. Passer des appels de test. Test de Cisco IP Communicator, page 1-101-3
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 1 Mise en route de Cisco IP Communicator
Installation de périphériques audio avant le lancement initial
Installation de périphériques audio avant le
lancement initial
Avant d'installer et de lancer Cisco IP Communicator pour la première fois, vous
devez installer et configurer tous les périphériques audio (cartes son, combinés
USB ou casques USB) qui nécessitent des pilotes. Pour une expérience audio
optimale, nous vous recommandons d'utiliser un combiné ou un casque USB
certifié.
Vous pouvez utiliser plusieurs périphériques audio avec Cisco IP Communicator
comme indiqué dans le tableau suivant. Pour obtenir la liste des marques de
périphériques audio que vous pouvez utiliser avec Cisco IP Communicator,
consultez votre administrateur système.
Périphérique audio Description Remarques
Périphériques USB :
• un combiné
USB ;
• un casque USB.
Les périphériques USB
nécessitent un pilote et sont
dotés de fiches
rectangulaires.
Suivez les instructions du fabricant du
périphérique pour installer des périphériques
USB. Le cas échéant, suivez les étapes de
l'Assistant Nouveau matériel détecté de
Microsoft Windows.
Périphériques
analogiques
externes :
• casque
analogique
• haut-parleurs ou
microphones
externes
Les périphériques audio
analogiques ne nécessitent
pas de logiciels. Ils
fonctionnent comme des
extensions de la carte son de
l'ordinateur.
Branchez les périphériques analogiques aux
prises jacks audio de l'ordinateur.
Cisco IP Communicator reconnaît les
périphériques analogiques comme des
extensions de la carte son. Pour afficher ou
modifier les paramètres des périphériques
analogiques, sélectionnez la carte son.
Périphériques audio
internes :
• microphone
intégré
• haut-parleurs
intégrés
Ces périphériques audio
sont des composants
internes de l'ordinateur et
fonctionnent avec la carte
son de celui-ci.
Il est toujours possible de sélectionner ou
d'utiliser les périphériques audio internes.Chapitre 1 Mise en route de Cisco IP Communicator
Installation de Cisco IP Communicator sur votre ordinateur
1-4
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Remarque Si vous installez ou insérez un périphérique audio qui nécessite un pilote de
périphérique (un combiné USB, un casque USB ou une carte son) après le
lancement de Cisco IP Communicator, l'application ne reconnaîtra pas le
périphérique tant que vous n'aurez pas redémarré Cisco IP Communicator.
L'Assistant de réglage audio est alors automatiquement lancé afin que vous
puissiez régler le périphérique.
Rubriques connexes
• Installation de Cisco IP Communicator sur votre ordinateur, page 1-4
• Utilisation d'un casque, page 5-2
• Suppression et réinstallation de périphériques audio, page 5-6
Installation de Cisco IP Communicator sur votre
ordinateur
Avant de commencer
• Si vous utilisez un ordinateur portable, vérifiez que vous n'êtes pas connecté
à une station d'accueil lorsque vous lancez Cisco IP Communicator pour la
première fois après l'installation. La station d'accueil peut interférer avec la
capacité de Cisco IP Communicator à localiser la carte réseau de l'ordinateur.
• Si Cisco Unified Personal Communicator est en cours d'exécution, quittez-le
avant de démarrer Cisco IP Communicator.
• Si vous installez Cisco IP Communicator sur un ordinateur tournant sous
Microsoft Vista, le message de sécurité Windows ne peut pas vérifier l'éditeur
de ce pilote risque de s'afficher. Cliquez sur Installer ce pilote quand même
pour poursuivre l'installation.1-5
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 1 Mise en route de Cisco IP Communicator
Lancement de Cisco IP Communicator
Procédure
Étape 1 Effectuez un double clic sur le fichier exécutable (CiscoIPcommunicatorSetup.exe)
pour l'ouvrir, ou cliquez sur le lien d'installation que vous a fourni votre administrateur
système.
Étape 2 Cliquez sur Suivant pour lancer l'Assistant InstallShield.
Étape 3 Lisez attentivement l'accord de licence, puis cliquez sur J'accepte et sur Suivant.
Étape 4 Sélectionnez le dossier cible par défaut de l'application ou parcourez la liste pour
en sélectionner un autre.
Étape 5 Cliquez sur Installer dans la fenêtre Prêt à installer. L'installation peut durer
plusieurs minutes.
Étape 6 Cliquez sur Lancer le programme puis sur Terminer pour lancer
Cisco IP Communicator. Dans certains cas, vous serez invité à redémarrer
l'ordinateur à ce stade et la case à cocher Lancer le programme ne sera pas
affichée.
Rubriques connexes
• Lancement de Cisco IP Communicator, page 1-5
Lancement de Cisco IP Communicator
Remarque Si vous utilisez un ordinateur portable, vérifiez que vous n'êtes pas connecté à une
station d'accueil lors du premier lancement de Cisco IP Communicator après
l'installation.
Si Cisco Unified Personal Communicator est en cours d'exécution, quittez-le
avant de démarrer Cisco IP Communicator.
Si vous avez activé la case à cocher Lancer le programme lors de l'étape
d'installation finale, Cisco IP Communicator est automatiquement lancé.
Pour lancer le programme manuellement, choisissez Démarrer > Programmes >
Cisco IP Communicator, ou double cliquez sur le raccourci de bureau
Cisco IP Communicator.Chapitre 1 Mise en route de Cisco IP Communicator
Utilisation de l'Assistant de réglage audio
1-6
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
La première fois que vous lancez Cisco IP Communicator :
• Le message de sécurité Windows ne peut pas vérifier l'éditeur de ce pilote
risque de s'afficher si vous installez Cisco IP Communicator sur un
ordinateur tournant sous Microsoft Vista. Cliquez sur Installer ce pilote
quand même pour poursuivre l'installation.
• L'Assistant de réglage audio s'ouvre. Votre périphérique audio doit être
disponible pour le réglage.
Lors des lancements suivants, vous pourrez être invité à l'utiliser pour rétablir
des paramètres de volume précédents.
• Des invites de LocaleDownloader peuvent s'afficher.
En règle générale, il est conseillé d'accepter ces invites dès que possible afin
de disposer en permanence de la dernière version du produit sur l'ordinateur.
Toutefois, si vous utilisez Cisco IP Communicator avec une connexion à
distance, vous pouvez choisir de retarder l'exécution de LocaleDownloader
jusqu'à ce que vous soyez connecté localement. Si vous travaillez à domicile,
par exemple, vous pouvez attendre d'être revenu au bureau. Les sessions
LocaleDownloader risquent de durer plus longtemps sur une connexion à
distance.
Rubriques connexes
• Utilisation de l'Assistant de réglage audio, page 1-6
Utilisation de l'Assistant de réglage audio
L'Assistant de réglage audio vous guide lors de la sélection et du réglage des
périphériques audio installés.
• La sélection d'un périphérique audio consiste à associer celui-ci à un ou
plusieurs modes audio et/ou à la sonnerie.
• Le réglage consiste à tester et, le cas échéant, à modifier le volume du
haut-parleur et du microphone pour chaque périphérique sélectionné.
L'Assistant de réglage audio apparaît automatiquement lors du premier lancement
de Cisco IP Communicator après l'installation. Vous pouvez y accéder
manuellement à partir du menu lors des lancements suivants. Le tableau suivant
fournit des informations complémentaires sur l'Assistant de réglage audio et
d'autres options de paramétrage audio.1-7
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 1 Mise en route de Cisco IP Communicator
Utilisation de l'Assistant de réglage audio
Remarque Avant d'utiliser l'Assistant de réglage audio pour régler un périphérique audio doté
d'un dispositif de réglage du volume, tel qu'un casque avec des commandes de
volume sur le cordon, augmentez le volume du périphérique à son maximum.
Si... Procédez comme suit... Remarques
Vous venez d'installer
Cisco IP Communicator
et vous utilisez l'Assistant
de réglage audio pour la
première fois
Réglez tous les périphériques audio
lorsque l'Assistant de réglage audio
apparaît.
L'Assistant de réglage audio vous
permet de sélectionner des
périphériques audio pour des modes
audio ou d'utiliser le périphérique
audio Windows par défaut.
Le réglage d'un périphérique et
la modification du paramètre de
volume pour un appel sont des
opérations distinctes. Il est
préférable de ne régler chaque
périphérique qu'une seule fois et
de modifier le réglage
uniquement si vous rencontrez
des problèmes de qualité vocale.
Pour plus d'informations, voir
Affectation de modes audio,
page 4-9 et Sélection d'un mode
audio, page 4-9.
La fenêtre Vérifier les
paramètres audio apparaît
lors d'un lancement
postérieur à l'installation
Cliquez sur l'un de ces boutons :
• Rétablir : rétablir les paramètres
précédemment associés à ce
périphérique audio.
• Régler : recommencer le réglage
de ce périphérique.
• Ignorer : conserver les paramètres
modifiés (pour maintenir le volume
de la carte son coupé, par
exemple).
La fenêtre Vérifier les
paramètres audio apparaît lors de
lancements ultérieurs si vous
avez modifié (ou coupé) le
volume d'un périphérique depuis
son dernier réglage (si, par
exemple, vous avez coupé le
volume de la carte son de
l'ordinateur ou modifié les
commandes de volume d'un
casque ou d'un combiné USB).Chapitre 1 Mise en route de Cisco IP Communicator
Utilisation de l'Assistant de réglage audio
1-8
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Rubriques connexes
• Configuration et enregistrement Cisco IP Communicator, page 1-9
Vous souhaitez changer le
volume lors d'un appel
Cliquez sur le bouton Volume de
Cisco IP Communicator. Cliquez sur
Enregistrer pour enregistrer vos
paramètres.
Il s'agit de la méthode la plus
adaptée pour modifier les
paramètres de volume pour un
appel donné. Voir Réglage du
volume d'un appel, page 4-2.
Vous souhaitez régler à
nouveau un périphérique
audio pour résoudre des
problèmes de qualité
vocale
Accéder à l'Assistant de réglage audio
(cliquez avec le bouton droit de la
souris sur > Assistant de réglage
audio).
Vo ir Problèmes de qualité
vocale, page 8-5.
Vous souhaitez modifier
vos sélections de mode
audio sans recommencer
le réglage des
périphériques audio
Cliquez avec le bouton droit de la
souris sur > Préférences >
onglet Audio).
Vo ir Affectation de modes audio,
page 4-9.
Si... Procédez comme suit... Remarques1-9
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 1 Mise en route de Cisco IP Communicator
Configuration et enregistrement de Cisco IP Communicator
Configuration et enregistrement de Cisco IP Communicator
Après avoir installé l'application Cisco IP Communicator, exécuté l'Assistant de
réglage audio, et visualisé l'interface Cisco IP Communicator sur votre bureau,
vous devrez peut-être effectuer d'autres tâches de configuration et
d'enregistrement avant de pouvoir passer des appels.
Remarque Les tâches suivantes peuvent varier en fonction des sociétés et des systèmes
téléphoniques. Votre administrateur système vous fournira des instructions.
Réalisez ces opérations uniquement si vous y avez été invité.
Tâche Remarques
Choix d'un nom de
périphérique
Cisco IP Communicator utilise la carte réseau ou le nom du
périphérique pour s'identifier auprès du réseau. Dans les deux cas,
votre administrateur système vous indiquera quelle carte choisir, ou
quel nom de périphérique saisir :
• Sélectionnez la carte réseau spécifiée par votre administrateur
système dans Cisco IP Communicator (cliquez avec le bouton
droit de la souris sur > Préférences > onglet Réseau). En
général, la carte sélectionnée est celle qui fournit une connectivité
permanente ou celle qui est toujours activée, même si elle n'est
pas branchée. Les cartes sans fil sont à éviter. La carte réseau
adéquate doit être sélectionnée afin que Cisco IP Communicator
fonctionne correctement.
Remarque Ce paramètre est utilisé pour l'identification sur le réseau,
et non pour les transmissions audio. Une fois ce
paramètre défini, vous n'aurez pas à le modifier, à moins
que vous ne supprimiez ou désactiviez définitivement la
carte réseau sélectionnée. Dans ce cas, contactez votre
administrateur système avant de sélectionner une autre
carte.
• Entrez le nom du périphérique que vous a fourni votre
administrateur système dans Cisco IP Communicator (cliquez
avec le bouton droit de la souris sur > Préférences > onglet
Réseau> Utiliser ce nom de périphérique).Chapitre 1 Mise en route de Cisco IP Communicator
Test de Cisco IP Communicator
1-10
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Rubriques connexes
• Test de Cisco IP Communicator, page 1-10
Test de Cisco IP Communicator
Avant de tester Cisco IP Communicator, vérifiez que votre numéro de poste est
affiché à l'écran et que vous entendez une tonalité lorsque vous décrochez le
combiné.
Remarque Si votre numéro de poste n'apparaît pas ou si vous n'entendez pas de tonalité,
consultez Problèmes d'ordre général, page 8-1.
Recherche d'un nom de
périphérique
Si votre administrateur système vous demande le nom de périphérique
de votre carte réseau, vous trouverez ce dernier dans
Cisco IP Communicator (cliquez avec le bouton droit de la souris
sur > Préférences > onglet Réseau> section Nom du périphérique).
Spécification des adresses de
serveurs TFTP
Sur les conseils de votre administrateur système, entrez les adresses
des serveurs TFTP dans Cisco IP Communicator (cliquez avec le
bouton droit de la souris sur > Préférences > onglet Réseau>
Utiliser les serveurs TFTP suivants).
Enregistrement à l'aide de
l'outil TAPS
Après avoir installé et démarré Cisco IP Communicator et sur les
directives de votre administrateur système, enregistrez
automatiquement Cisco IP Communicator à l'aide de l'outil TAPS
(Tool for Auto-Registered Phones Support).
Votre administrateur système vous communiquera le numéro à
composer dans Cisco IP Communicator pour effectuer
l'enregistrement à l'aide de TAPS. Il se peut que vous ayez à entrer la
totalité de votre numéro de poste, y compris l'indicatif régional.
Suivez les indications vocales. Lorsque Cisco IP Communicator
affiche un message de confirmation, vous pouvez mettre fin à l'appel.
Cisco IP Communicator sera redémarré.
Tâche Remarques1-11
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 1 Mise en route de Cisco IP Communicator
Test de Cisco IP Communicator
Passez quelques appels de test et demandez à vos interlocuteurs s'ils vous
entendent correctement. Le tableau suivant énumère les éventuelles actions à
effectuer lors des appels de test.
Rubriques connexes
• Fonctionnalités de Cisco IP Communicator, page 2-1
• Réglage du volume d'un appel, page 4-2
• Paramètres audio, page 4-8
• Problèmes de qualité vocale, page 8-5.
Pour... Procédez comme suit :
Régler le volume Réglez le volume du mode audio dans Cisco IP Communicator. Cliquez
sur le bouton Volume ou appuyez sur les touches Page préc./Page suiv.
du clavier.
Utiliser une connexion à
distance
Si vous utiliser Cisco IP Communicator sur une connexion à distance (par
exemple, sur une connexion VPN à votre domicile ou dans un hôtel),
activez l'option Optimiser pour une bande passante étroite (cliquez avec
le bouton droit de la souris sur > Préférences > onglet Audio).
Une fois cette fonction activée, appelez une personne et demandez-lui si
elle vous entend correctement. Chapitre 1 Mise en route de Cisco IP Communicator
Test de Cisco IP Communicator
1-12
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01C H A P I T R E
2-1
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
2
Généralités sur les fonctionnalités et
l'interface de Cisco IP Communicator
• Fonctionnalités de Cisco IP Communicator, page 2-1
• À propos de l'interface de Cisco IP Communicator, page 2-4
• Navigation dans l'interface, page 2-10
• Accès à l'aide en ligne, page 2-19
Fonctionnalités de Cisco IP Communicator
Cisco IP Communicator fonctionne de façon très similaire à un téléphone
classique ; il permet de passer et de prendre des appels téléphoniques, de mettre
des appels en attente, d'utiliser la numérotation abrégée, de transférer des appels,
etc. Cisco IP Communicator prend également en charge des fonctions
téléphoniques spéciales (telles que le parcage d'appels et les conférences
Meet-Me) qui offrent des capacités de traitement d'appels supplémentaires et
personnalisées.
Le fonctionnement de Cisco IP Communicator et les fonctionnalités dont vous
disposez sont variables d'un système à l'autre. Les fonctionnalités disponibles
peuvent varier selon l'agent de traitement des appels utilisé par votre société et
selon la façon dont l'assistance technique de votre société a configuré votre
système téléphonique. Pour tout renseignement sur le fonctionnement ou la
disponibilité des fonctions, contactez l'assistance technique ou votre
administrateur système.Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator
Fonctionnalités de Cisco IP Communicator
2-2
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Vous pouvez accéder à de nombreuses fonctionnalité en appuyant sur une touche
de fonction ou sur un bouton de ligne. Voir le Tableau 2-1 pour prendre
connaissance des fonctionnalités et des touches de fonction. Vous pouvez
configurer certaines fonctionnalités, mais votre administrateur système contrôle
la plupart d'entre elles.
Outre les fonctions de traitement des appels, Cisco IP Communicator prend en
charge les éléments suivants :
• L'Assistant de réglage audio
• La composition de numéros à partir de répertoires avec la fonction Recherche
rapide
• L'accès rapide à vos pages Web Options utilisateur Cisco Unified CM et à
vos services téléphoniques
• Un système d'aide en ligne complet
• La modification de l'apparence de Cisco IP Communicator
• La composition de numéros par glisser-déplacer
• La composition de numéros par copier-coller
• Des messages intempestifs de notification d'appel entrant
• La composition alphanumérique
• Des raccourcis clavier
• L'interfonctionnement vidéo avec Cisco Unified Video Advantage
version 2.0.
Remarque Lorsque Cisco IP Communicator utilise le protocole de contrôle
d'appels SIP, il ne prend pas en charge la vidéo avec Cisco Unified
Video Advantage. Votre administrateur système vous indiquera si
votre déploiement prend en charge la vidéo.2-3
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator
Fonctionnalités de Cisco IP Communicator
Ta b l e a u 2-1 Fonctionnalités et touches de fonction
Rubriques connexes
• À propos de l'interface de Cisco IP Communicator, page 2-4
Fonctionnalité
Touche de
fonction
Rappel Rappel
Renvoi d'appels RenvTt
Parcage d'appel Parquer
Interception d'appel Intrcpt
Conférence Conf.
Liste de conférence ListConf
Ne pas déranger NPD
Mettre fin à un appel FinApp.
Interception d'appels de
groupe
GrpIntr
Mise en attente Attente
Identification d'appels
malveillants
IDAM
Conférences Meet-Me MeetMe
Mobilité Mobilité
Nouvel appel NvAppel
Autre groupe de prise d'appel AGrpIntr
Outil de génération de rapports
sur la qualité
QRT
Bis Bis
Suppression du dernier
participant à une conférence
SupDerA
Transférer TrnsferChapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator
À propos de l'interface de Cisco IP Communicator
2-4
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
À propos de l'interface de Cisco IP Communicator
Utilisez la souris pour cliquer sur les boutons et les éléments de menu, et le clavier de
l'ordinateur pour entrer des lettres et des nombres et utiliser des raccourcis clavier.
Cisco IP Communicator propose deux présentations de bureau appelées apparences :
• Boutons et autres composants, page 2-4
• Fonctions de l'écran du téléphone, page 2-8
Boutons et autres composants
Le Tableau 2-2 présente les boutons et autres composants communs aux deux
apparences.
Figure 2-1 Cisco IP Communicator en mode compact
1
4 8 7 5 6 14 9 12 11 10
2
3
16
1412092-5
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator
À propos de l'interface de Cisco IP Communicator
Figure 2-2 Cisco IP Communicator en mode par défaut
Ta b l e a u 2-2 Boutons et autres composants
1 Écran du téléphone Permet d'afficher l'état des appels et les menus de fonctions et d'activer des
éléments de menu. Voir Fonctions de l'écran du téléphone, page 2-8.
2 Boutons de contrôle
de la fenêtre
Permettent d'afficher le menu, de masquer Cisco IP Communicator, de passer
d'une apparence à l'autre ou de quitter l'application. Voir Fonctionnement et
disponibilité des fonctions, page 2-20.
2
14 13 12 11 10
16
17
5
7
9
8
6
4
3
15
105031
1Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator
À propos de l'interface de Cisco IP Communicator
2-6
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
3 Touches
programmables
Selon la configuration de votre téléphone, les touches programmables
permettent l'accès aux :
• Lignes téléphoniques et lignes intercom (boutons de ligne)
• Numéros abrégés (boutons de numérotation abrégée, y compris la
fonctionnalité de numérotation abrégée FLO)
• Services Web (bouton du carnet d'adresses personnel, par exemple)
• Fonctionnalités d'appel (par exemple, bouton de confidentialité, de mise
en attente ou de transfert).
Les boutons s'allument et leur couleur indique l'état de l'appel :
• Vert fixe : appel actif ou appel intercom bidirectionnel
• Vert clignotant : appel en attente
• Orange fixe : fonction de confidentialité en cours d'utilisation, appel
intercom unidirectionnel ou activation de NPD
• Orange clignotant : appel entrant ou à reprendre
• Rouge fixe : ligne distante en cours d'utilisation (ligne partagée ou état
FLO)
Vous pouvez transformer les boutons de ligne supplémentaires en boutons de
numérotation abrégée. Voir Configuration de la numérotation abrégée,
page 7-5
4 Bouton Messages Compose automatiquement le numéro de votre service de messagerie vocale
(varie selon le service). (Raccourci clavier : Ctrl + M.) Voir Accès aux
messages vocaux, page 6-1.
5 Bouton
Répertoires
Ouvre ou ferme le menu Répertoires. Permet d'afficher les journaux d'appels
et un répertoire d'entreprise, et de composer des numéros à partir de ceux-ci.
(Raccourci clavier : Ctrl + D.) Vous pouvez également utiliser la fonction
Recherche rapide (Alt + K) pour effectuer une recherche dans des répertoires.
Vo ir Utilisation des journaux d'appels, page 6-3.
6 Bouton Aide Active le menu Aide. (Raccourci clavier : Ctrl + I.) Voir Accès à l'aide en
ligne, page 2-19.
7 Bouton
Paramètres
Ouvre ou ferme le menu Paramètres. Permet de modifier les paramètres de
l'écran tactile et des sonneries. (Raccourci clavier : Ctrl + S.) Voir
Personnalisation des sonneries et des indicateurs de message, page 4-3.
Tableau 2-2 Boutons et autres composants (suite)2-7
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator
À propos de l'interface de Cisco IP Communicator
8 Bouton Services Ouvre ou ferme le menu Services. (Raccourci clavier : Ctrl + R.) Voir
Configuration de services téléphoniques, page 7-7.
9 Bouton Volume Permet de définir le volume des modes audio et d'autres paramètres.
(Raccourci clavier : Page préc./Page suiv.). Voir Réglage du volume d'un
appel, page 4-2.
1
10 Bouton
Haut-parleur
Active/Désactive le mode haut-parleur. Lorsque le mode haut-parleur est
activé, le bouton est allumé. (Raccourci clavier : Ctrl + P.) Vo ir Utilisation de
casques d'écoute et d'autres périphériques audio avec
Cisco IP Communicator, page 5-1.
11 Bouton Secret Active/Désactive la fonction Secret. Lorsque la fonctionnalité est activée, le
bouton est allumé. (Raccourci clavier : Ctrl + T.) Voir Utilisation de la
fonction Secret, page 3-13.
12 Bouton Casque Permet d'activer/de désactiver le mode Casque. (Raccourci clavier :
Ctrl + H.) Voir Utilisation de casques d'écoute et d'autres périphériques audio
avec Cisco IP Communicator, page 5-1.
13 Bouton Navigation Permet de faire défiler les menus et de mettre les éléments de menu en
surbrillance. À utiliser avec les touches de fonction pour activer les éléments
mis en surbrillance. Par ailleurs, lorsque Cisco IP Communicator est
raccroché, appuyez sur le bouton Navigation pour accéder aux numéros de
téléphone du journal des appels composés.
14 Bouton Cisco
Unified Video
Advantage
Permet de lancer Cisco Unified Video Advantage. Vous devez exécuter
Cisco Unified Video Advantage version 2.1.1 et Cisco IP Communicator 2.0
(ou version ultérieure) sur le même PC pour pouvoir utiliser cette
fonctionnalité.
2
15 Clavier Permet d'entrer des chiffres et des lettres et de sélectionner des éléments de
menu. (Non disponible avec l'apparence facultative.) Vous pouvez également
utiliser le clavier de l'ordinateur.
16 Touches de
fonction
Chaque bouton permet d'activer une touche de fonction. Vous pouvez
également cliquer sur les libellés de touche de fonction (au lieu des boutons).
(Raccourcis clavier : F2 à F6.) Voir Traitement des appels avec
Cisco IP Communicator, page 3-1.
17 Indicateur de
message vocal et de
sonnerie
Indique un appel entrant et un nouveau message vocal. Voir Personnalisation
des sonneries et des indicateurs de message, page 4-3.
1. Raccourci clavier dans toutes les versions antérieures à la version 2.0 : Ctrl + V
2. Lorsque Cisco IP Communicator utilise le protocole de contrôle d'appels SIP, il ne prend pas en charge la vidéo avec Cisco
Unified Video Advantage. Votre administrateur système vous indiquera si votre déploiement prend en charge la vidéo.
Tableau 2-2 Boutons et autres composants (suite)Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator
À propos de l'interface de Cisco IP Communicator
2-8
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Conseils
• Vous pouvez cliquer sur l'icône de menu en haut de l'une ou l'autre des
apparences, cliquer avec le bouton droit sur Cisco IP Communicator ou
appuyer sur Maj + F10 pour afficher et configurer les paramètres,
sélectionner des apparences et activer le mode Écran uniquement. Voir À
l'aide du menu, page 2-11.
• Le mode par défaut (Figure 2-2) et le mode compact (Figure 2-1) présentent
les mêmes icônes de bouton. La forme et l'emplacement des boutons peuvent
toutefois varier selon l'apparence utilisée.
• Pour obtenir la liste complète des raccourcis, voir À l'aide des raccourcis
clavier, page 2-10.
• Vo ir Fonctions de l'écran du téléphone, page 2-8 pour plus d'informations sur
l'affichage des appels et des lignes à l'écran de Cisco IP Communicator.
Fonctions de l'écran du téléphone
Lorsque des appels sont actifs et que plusieurs menus de fonctions sont ouverts,
l'écran du téléphone Cisco IP Communicator peut présenter l'aspect suivant.2-9
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator
À propos de l'interface de Cisco IP Communicator
Rubriques connexes
• À propos de l'interface de Cisco IP Communicator, page 2-4
• Navigation dans l'interface, page 2-10
1 Ligne
téléphonique
principale
Affiche le numéro de téléphone (numéro de répertoire) de votre ligne
téléphonique principale.
2 Indicateurs des
boutons
programmables
Les boutons programmables peuvent servir de boutons de ligne téléphonique, de
boutons de ligne intercom, de boutons de la numérotation abrégée, de boutons de
service téléphonique ou des boutons de fonction téléphonique. Les icônes et les
étiquettes indiquent comment ces boutons sont configurés.
Icône de ligne téléphonique : correspond à une ligne téléphonique. Les
icônes de ligne peuvent varier.
Icône de numéro abrégé : correspond à un bouton de numérotation
abrégée, le cas échéant.
Icône de service téléphonique : le cas échéant, correspond à un service
téléphonique disponible via le Web, tel que le carnet d'adresses personnel.
Icône de fonction : le cas échéant, correspond à une fonction, telle que
la fonction Confidentialité.
Pour plus d'information sur les autres icônes, voir États et icônes d'appel et de
ligne, page 2-17.
3 Libellés des
touches de
fonction
Chaque étiquette décrit la fonction d'une touche de fonction.
4 Ligne d'état Affiche les icônes de mode audio, les informations d'état et les invites.
5 Zone d'activité
des appels
Affiche les appels en cours par ligne, y compris l'ID de l'appelant, la durée et l'état
de l'appel de la ligne mise en surbrillance (en mode d'affichage standard).
6 Onglet
Téléphone
Indique l'activité des appels. Cliquez sur cet onglet pour revenir à la zone
d'activité des appels, si nécessaire.
7 Onglets de
fonctions
Chaque onglet correspond à un menu de fonctions activé.Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator
Navigation dans l'interface
2-10
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Navigation dans l'interface
• À l'aide des raccourcis clavier, page 2-10
• À l'aide du menu, page 2-11
• Utilisation des boutons de contrôle de la fenêtre, page 2-13
• Utilisation de la notification d'appel entrant, page 2-14
• Choix des éléments apparaissant sur l'écran du téléphone, page 2-14
• Utilisation des menus de fonctions, page 2-15
• Saisie et modification d'un texte, page 2-16
• Combiné décroché et raccroché, page 2-16
• États et icônes d'appel et de ligne, page 2-17
À l'aide des raccourcis clavier
Cisco IP Communicator vous permet d'accéder aux boutons de la fenêtre sans
utiliser la souris. Ces raccourcis de navigation sont particulièrement utiles si vous
êtes mal-voyant et dans l'impossibilité de parcourir l'interface.
Consultez le Tableau 2-3 pour obtenir une liste des raccourcis clavier permettant
de naviguer dans l'interface.
Ta b l e a u 2-3 Raccourcis clavier pour Cisco IP Communicator
Frappe de touche Action
Ctrl + D Ouvrir ou fermer le menu Répertoires
Ctrl + S Ouvrir ou fermer le menu Paramètres
Ctrl + R Ouvre ou ferme le menu Services
Ctrl + M Ouvrir le système de messagerie vocale
Ctrl + I Ouvrir ou fermer le système d'aide en ligne
Ctrl + H Permet d'activer/de désactiver le mode Casque
Ctrl + P Permet d'activer/de désactiver le mode Haut-parleur
Ctrl + T Active/Désactive la fonction Secret2-11
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator
Navigation dans l'interface
À l'aide du menu
Vous pouvez accéder aux éléments de menu suivants en cliquant sur l'icône de
menu affichée dans le coin supérieur droit de l'interface, en cliquant avec le
bouton droit dans l'interface, ou en appuyant sur Maj + F10.
Ctrl + (touches numériques de 1
à 8)
Ouvrir ou fermer les boutons de ligne ou les boutons de
numérotation abrégée 1 à 8
Ctrl + V Coller un nom ou un numéro de téléphone
Ctrl + Maj + A ou F2 Répondre à un appel
Alt + S Ouvrir la boîte de dialogue Préférences
Alt + K Accéder à la fonction de recherche rapide dans le répertoire
Alt + X Quitter Cisco IP Communicator
Alt + F4 Fermer Cisco IP Communicator
Entrée Composer un appel
Échap Raccrocher
Page préc. Augmenter le volume du mode audio actuellement sélectionné
Page suiv. Diminuer le volume du mode audio actuellement sélectionné
F2 à F6 Activer les touches de fonction 1 à 5
/ (avec fonction Verr. num activée) Activer la touche #
Maj + F10 Ouvrir le menu
Tableau 2-3 Raccourcis clavier pour Cisco IP Communicator (suite)
Frappe de touche Action
Élément Description
Apparences Permet de modifier l'apparence de l'interface. Cisco IP Communicator est
proposé avec deux apparences : l'apparence par défaut (clic droit >
Apparences > Mode par défaut) et l'apparence compacte (clic droit >
Apparences > Mode compact). La Figure 2-2 et la Figure 2-1 illustrent
ces deux apparences.Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator
Navigation dans l'interface
2-12
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Écran uniquement Permet d'activer/de désactiver l'affichage Écran uniquement. Les
raccourcis clavier s'avèrent particulièrement utiles lorsque vous utilisez
Cisco IP Communicator en affichage Écran uniquement. Voir À l'aide des
raccourcis clavier, page 2-10.
Toujours au-dessus Permet d'activer/de désactiver cette fonction. Lorsqu'elle est activée, cette
fonctionnalité permet de toujours afficher Cisco IP Communicator sur
votre bureau même si d'autres applications sont actives. Vous pouvez
cependant réduire l'interface. Voir Fonctionnement et disponibilité des
fonctions, page 2-20.
Assistant de réglage audio Permet de lancer l'Assistant de réglage audio, qui permet de sélectionner
et de régler les périphériques audio. Voir Utilisation de l'Assistant de
réglage audio, page 1-6 et Dépannage Cisco IP Communicator, page 8-1.
Coller Permet de copier un numéro à partir d'un programme Windows, de le
coller dans la boîte de composition et de cliquer sur Compos. ou d'appuyer
sur Entrée pour passer l'appel. Le raccourci clavier de cette fonction est
Ctrl + V. Cis c o IP Communicator applique ensuite les règles de
numérotation appropriées au numéro, avant de le composer
automatiquement.
Recherche rapide Permet d'ouvrir la boîte de dialogue Recherche rapide. Le raccourci
clavier correspondant à cette boîte de dialogue est Alt + K. La fonction
Recherche rapide permet de lancer une recherche dans un ou plusieurs
répertoires à l'aide d'une même commande. Voir Utilisation du répertoire
personnel, page 6-7.
Options utilisateur Cisco
Unified CM
Permet d'ouvrir la page Web Options utilisateur Cisco Unified CM, où
vous pouvez configurer des fonctions, des paramètres et des services
téléphoniques IP (notamment les boutons de numérotation abrégée). Voir
Personnalisation de Cisco IP Communicator à l'aide des options utilisateur
Cisco Unified CM, page 7-1.
Préférences Permet d'ouvrir la boîte de dialogue Préférences, qui regroupe les onglets
Utilisateur, Réseau, Audio et Répertoires. Le raccourci clavier
correspondant à la boîte de dialogue Préférences est Alt + S.
Aide Lance l'aide en ligne de Cisco IP Communicator.
À propos de
Cisco IP Communicator
Affiche les informations sur la version du logiciel Cisco IP Communicator
et d'importantes notices sur Cisco IP Communicator.
Quitter Permet de quitter Cisco IP Communicator.
Élément Description2-13
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator
Navigation dans l'interface
Utilisation des boutons de contrôle de la fenêtre
Pour... Procédez comme suit :
Accéder au menu Effectuez l'une des opérations suivantes :
• Cliquez sur le bouton de menu dans l'angle supérieur droit de l'interface.
• Cliquez avec le bouton droit dans l'interface.
• Appuyez sur Maj + F10
Réduire
l'interface
Effectuez l'une des opérations suivantes :
• Cliquez sur le bouton de réduction dans le coin supérieur droit de l'interface.
• Cliquez une ou plusieurs fois sur le bouton Cisco IP Communicator dans la
barre des tâches
Basculer entre
des modes
Effectuez l'une des opérations suivantes :
• Cliquez sur le bouton de mode dans le coin supérieur droit de l'interface.
• Choisissez Apparences dans le menu.
Masquer
l'interface
Cliquez avec le bouton droit sur l'icône de la barre d'état système et choisissez
MasquerCisco IP Communicator. L'icône Cisco IP Communicator disparaît de
la barre des tâches mais l'application n'est pas fermée.
Récupérer
l'interface
Effectuez l'une des opérations suivantes :
• Double-cliquez sur l'icône de la barre d'état système.
• Cliquez sur l'icône de bouton dans la barre des tâches.
Quitter Effectuez l'une des opérations suivantes :
• Choisissez Quitter dans le menu.
• Cliquez avec le bouton droit sur l'icône de la barre d'état système et choisissez
Quitter.Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator
Navigation dans l'interface
2-14
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Conseils
• Si vous recevez un appel alors que Cisco IP Communicator est masqué ou réduit,
la fenêtre de notification d'appel entrant apparaît si cette option est activée. Si
vous avez activé l'option Ramener au premier plan lors d'un appel actif (clic
droit > Préférences > onglet Utilisateur), Cisco IP Communicator est
automatiquement affiché au premier plan de votre bureau.
• Pour que Cisco IP Communicator reste visible sur le bureau même lorsque
d'autres applications sont actives, choisissez Toujours au-dessus dans le
menu. (Vous pouvez réduire l'interface même lorsque l'option Toujours
au-dessus est sélectionnée.)
Utilisation de la notification d'appel entrant
Choix des éléments apparaissant sur l'écran du téléphone
Pour... Procédez comme suit :
Répondre à un
appel
Cliquez n'importe où dans la fenêtre contextuelle (sauf sur l'icône Secret).
Couper la
sonnerie
Cliquez sur l'icône Secret de la fenêtre contextuelle. La fonction Secret s'applique
à l'appel qui sonne actuellement.
Masquer la
notification
d'appel entrant
Choisissez Préférences > onglet Utilisateur > Masquer la notification d'appel
entrant.
Pour sélectionner un
élément de l'écran du
téléphone... Procédez comme suit :
En cliquant Cliquez sur un élément de l'écran du téléphone. Sur certains écrans de
téléphone (comme l'écran de pré-numérotation) lorsque vous cliquez sur un
numéro de téléphone, Cisco IP Communicator risque de composer ce
numéro.
Un clic sur un élément ou la saisie d'un numéro peuvent déclencher une
action. Si l'élément mène à un menu, ce dernier est ouvert.2-15
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator
Navigation dans l'interface
Utilisation des menus de fonctions
Par le numéro de
l'élément
Cliquez sur le numéro correspondant sur votre clavier. Par exemple, cliquez
sur 4 pour sélectionner le quatrième élément d'un menu.
Par défilement Cliquez sur le bouton Navigation ou utilisez les touches fléchées du clavier
pour faire défiler une liste et mettre un élément en surbrillance. Cliquez sur
la touche de fonction correspondante, par exemple Sélect. ou Compos. pour
achever l'opération.
Pour... Procédez comme suit :
Ouvrir ou fermer un
menu de fonctions
Cliquez sur bouton de fonction :
• Messages
• Services
• Aide
• Répertoires
• Paramètres
Faire défiler une liste ou
un menu
Cliquez sur le bouton Navigation.
Remonter d'un niveau
au sein d'un menu de
fonctions
Cliquez sur Quitter. (Notez que si vous cliquez sur Quitter alors que vous
êtes dans le niveau supérieur d'un menu, ce dernier est fermé.)
Basculer d'un menu de
fonctions actif à un
autre
Cliquez sur un onglet de fonction sur l'écran du téléphone. (À chaque menu
d'options correspond un onglet en haut de l'écran du téléphone. Celui-ci est
visible lorsque le menu de fonctions est ouvert.)
Pour sélectionner un
élément de l'écran du
téléphone... Procédez comme suit :Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator
Navigation dans l'interface
2-16
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Saisie et modification d'un texte
Combiné décroché et raccroché
Certaines tâches et instructions de Cisco IP Communicator varient selon que
Cisco IP Communicator est raccroché ou décroché.
• Raccroché : aucun appel n'est actif, aucune tonalité. Sur votre
Cisco IP Communicator, vous pouvez composer votre numéro le combiné
raccroché (pré-numérotation), ce qui vous permet d'entrer ou de sélectionner
des numéros de téléphone avant d'activer l'appel. Lorsque votre
Cisco IP Communicator est raccroché, l'icône suivante apparaît en regard de
chaque numéro de téléphone :
• Décroché : le haut-parleur est actif ou une autre méthode est utilisée pour
obtenir une tonalité et répondre à un appel entrant. Lorsque le téléphone est
décroché, l'une des icônes suivantes apparaît, selon l'état de l'appel ou de la
ligne : , , , , ou
Rubriques connexes
• États et icônes d'appel et de ligne, page 2-17
Pour... Procédez comme suit :
Entrer une lettre sur
l'écran du téléphone
Cliquez pour mettre en surbrillance une fonction d'appel et utilisez le clavier
pour entrer des lettres ou des chiffres.
Supprimer des
caractères dans une
entrée ou déplacer le
curseur
Utilisez la touche Retour arrière du clavier ou cliquez sur << ou sur Suppr.
sur l'écran du téléphone pour supprimer une lettre ou un chiffre. Pour
déplacer le curseur vers la droite, cliquez sur >> sur l'écran du téléphone.
Vous pouvez peut-être utiliser le bouton Navigation ou les touches fléchées
gauche et droite de votre clavier.2-17
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator
Navigation dans l'interface
États et icônes d'appel et de ligne
• Lignes : chaque ligne est associée à un numéro de répertoire ou intercom que
vos interlocuteurs peuvent utiliser pour vous appeler. Votre
Cisco IP Communicator prend en charge un maximum de huit lignes, selon
sa configuration. Le nombre de lignes dont vous disposez figure dans la partie
droite de l'écran du téléphone. Vous disposez d'autant de lignes que de
numéros de téléphone et d'icônes de ligne téléphonique : .
• Appels : chaque ligne peut prendre en charge plusieurs appels. Par défaut,
Cisco IP Communicator prend en charge quatre appels connectés par ligne,
mais votre administrateur système peut ajuster ce nombre en fonction de vos
besoins. Un seul appel à la fois peut être actif à un moment donné ; les autres
appels sont automatiquement mis en attente.
Le Tableau 2-4 décrit les icônes qui vous permettront de déterminer l'état des
appels et des lignes.
Ta b l e a u 2-4 Icônes d'état d'appel et de ligne
Icône
État de l'appel ou
de la ligne Description
Ligne raccrochée Aucune activité d'appel sur cette ligne. Si vous composez un numéro avec
le téléphone raccroché (pré-numérotation), l'appel ne débute que lorsque
vous décrochez.
Ligne décrochée Vous êtes en train de composer un numéro ou un appel sortant est en
sonnerie. Voir Passer un appel, page 3-3.
Appel connecté La communication avec votre interlocuteur est établie.
Appel en sonnerie Un appel est en sonnerie sur l'une de vos lignes. Voir Réponse à un appel,
page 3-9.
Appel en attente Vous avez mis cet appel en attente. Voir Utilisation des fonctions Attente
et Reprise, page 3-12.
Utilisé à distance Un autre téléphone qui partage votre ligne est associé à un appel connecté.
Vo ir Utilisation de lignes partagées, page 3-35.
Appel authentifié L'appel connecté est sécurisé. Voir Déconnexion de groupes de recherche,
page 3-29.
Appel chiffré L'appel connecté est chiffré. Les appels chiffrés sont également
authentifiés. Voir Déconnexion de groupes de recherche, page 3-29.Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator
Navigation dans l'interface
2-18
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Le Tableau 2-5 décrit les icônes indiquant comment les boutons de ligne sont
configurés.
Ta b l e a u 2-5 Icônes de bouton de ligne
Icôn
e
État de l'appel ou
de la ligne Description
Ligne inactive
(FLO)
Vo ir Utilisation des indicateurs de fonction de ligne occupée pour
déterminer l'état d'une ligne, page 3-34.
Ligne occupée
(FLO)
Vo ir Utilisation des indicateurs de fonction de ligne occupée pour
déterminer l'état d'une ligne, page 3-34.
Ligne en mode Ne
pas déranger
(FLO)
Vo ir Utilisation des indicateurs de fonction de ligne occupée pour
déterminer l'état d'une ligne, page 3-34.
Ligne intercom
inactive
La ligne intercom n'est pas en cours d'utilisation. Voir Établissement ou
prise d'appels intercom, page 3-38.
Appel intercom
unidirectionnel
La ligne intercom envoie ou reçoit de l'audio unidirectionnelle. Voir
Établissement ou prise d'appels intercom, page 3-38.
Appel intercom
bidirectionnel
Le destinataire a appuyé sur le bouton de ligne intercom pour utiliser la
fonction audio bidirectionnelle avec l'appelant. Voir Établissement ou
prise d'appels intercom, page 3-38.2-19
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator
Accès à l'aide en ligne
Accès à l'aide en ligne
Cisco IP Communicator comprend un système complet d’aide en ligne. Les
rubriques d'aide apparaissent sur l'écran du téléphone.
Pour... Procédez comme suit :
Afficher le menu
principal
Cliquez sur le bouton Aide de Cisco IP Communicator et attendez quelques
secondes que le menu s'affiche. Si l'aide est déjà ouverte, cliquez sur Princ.
Les éléments du menu principal sont les suivants :
• À propos de Cisco IP Communicator : description détaillée de
Cisco IP Communicator
• Comment... ? Procédures et informations relatives aux tâches courantes
dans Cisco IP Communicator
• Fonctions d'appel : description et procédures d'utilisation des fonctions
d'appel
• Aide : conseils sur l'utilisation et l'accès à l'Aide
Obtenir des
informations sur un
bouton ou une touche de
fonction
Cliquez sur le bouton Aide, puis cliquez rapidement sur un bouton ou une
touche de fonction.
Obtenir des
informations sur un
élément de menu
Cliquez sur le bouton Aide, puis cliquez rapidement sur un élément de menu
sur l'écran du téléphone.
Vous pouvez également cliquer rapidement deux fois sur le bouton Aide
après avoir sélectionné l'élément de menu.
Apprendre à utiliser
l'Aide
Cliquez sur le bouton Aide. Attendez une secondes ou deux, puis cliquez de
nouveau sur le bouton Aide ou sélectionnez Aide dans le menu principal.
Accéder au Guide de
l'utilisateur
Sélectionnez menu > Aide ou effectuez un clic droit sur > Aide.Chapitre 2 Généralités sur les fonctionnalités et l'interface de Cisco IP Communicator
Fonctionnement et disponibilité des fonctions
2-20
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Fonctionnement et disponibilité des fonctions
Le fonctionnement de Cisco IP Communicator et les fonctionnalités dont vous
disposez peuvent varier selon l'agent de traitement des appels utilisé par votre
société et selon la façon dont l'assistance technique de votre société a configuré
votre système téléphonique. Pour tout renseignement sur le fonctionnement ou la
disponibilité des fonctions, contactez l'assistance technique ou votre
administrateur système. Vous pouvez accéder à de nombreuses fonctionnalité en
appuyant sur une touche de fonction ou sur un bouton de ligne. Vous pouvez
configurer certaines fonctionnalités, mais votre administrateur système contrôle
la plupart d'entre elles. Voici quelques informations sur l'accès aux fonctionnalités
à l'aide des touches de fonction :
Fonctionnalité
Touche de
fonction
Rappel Rappel
Renvoi d'appels RenvTt
Parcage d'appel Parquer
Interception d'appel Intrcpt
Conférence Conf.
Liste de conférence ListConf
Ne pas déranger NPD
Mettre fin à un appel FinApp.
Interception d'appels de groupe GrpIntr
Mise en attente Attente
Identification d'appels
malveillants
IDAM
Conférences Meet-Me MeetMe
Mobilité Mobilité
NvAppel NvAppel
Autre groupe de prise d'appel AGrpIntr
Outil de génération de rapports
sur la qualité
QRT
Bis Bis
Suppression du dernier
participant à une conférence
SupDerA
Trnsfer TrnsferC H A P I T R E
3-1
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
3
Traitement des appels avec
Cisco IP Communicator
• Comment traiter les appels simples, page 3-1
• Établissement de conférences téléphoniques, page 3-21
• Traitement des fonctions d'appel avancées, page 3-25
Comment traiter les appels simples
Cette section décrit les principales tâches de gestion des appels telles que
l'établissement, la prise et le transfert d'appels. Les fonctions nécessaires pour
réaliser ces tâches sont standard et disponibles sur la plupart des systèmes
téléphoniques.
Remarque Le protocole utilisé par votre téléphone peut déterminer les fonctionnalités dont
vous disposez. Demandez à votre administrateur quelles fonctionnalités sont
prises en charge par votre téléphone.
• Passer un appel, page 3-3
• Établissement d'un appel vidéo, page 3-8
• Réponse à un appel, page 3-9
• Fin d'un appel, page 3-11
• Utilisation des fonctions Attente et Reprise, page 3-12Chapitre 3 Traitement des appels avec Cisco IP Communicator
Comment traiter les appels simples
3-2
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
• Utilisation de la fonction Secret, page 3-13
• Transfert d'un appel connecté, page 3-14
• Sélection des appels, page 3-15
• Passage d'un appel à l'autre, page 3-15
• Renvoi de vos appels vers un autre numéro, page 3-17
• Utilisation de la fonction Ne pas déranger, page 3-193-3
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 3 Traitement des appels avec Cisco IP Communicator
Comment traiter les appels simples
Passer un appel
Pour... Procédez comme suit :
Pré-numéroter
(composer le numéro
avec le combiné
raccroché, sans entendre
de tonalité au départ)
• Entrez un numéro de téléphone (la fonction de numérotation
automatique peut vous proposer des numéros de téléphone de votre
journal Appels composés correspondant aux chiffres saisis).
ou
• Cliquez sur le bouton Navigation pour afficher les numéros de
téléphone de votre journal Appels composés.
Cliquez ensuite sur le numéro affiché sur l'écran du téléphone pour le
composer. Vous pouvez également effectuer l'une des opérations suivantes
pour décrocher le téléphone et composer le numéro en surbrillance :
• Cliquez sur le bouton Haut-parleur ou Casque.
• Cliquez sur Compos. ou appuyez sur la touche Entrée du clavier.
• Cliquez sur un bouton de ligne.
• Appuyez sur la touche Entrée du clavier.
ou
• Faites glisser un numéro à partir d'un programme Windows prenant en
charge le glisser-déplacer, déposez-le n'importe où dans l'interface de
Cisco IP Communicator, puis cliquez sur Compos. ou appuyez sur la
touche Entrée du clavier.
• Faites glisser une vCard et déposez-la n'importe où dans l'interface de
Cisco IP Communicator. Si la vCard contient plusieurs numéros,
sélectionnez celui à composer dans la fenêtre contextuelle et cliquez sur
Compos. ou appuyez sur la touche Entrée du clavier.
ou
• Copiez un numéro à partir d'une autre source, puis cliquez sur Menu >
Coller. (Vous pouvez également coller un numéro de téléphone à l'aide
du raccourci clavier Ctrl + V.) Le numéro est automatiquement saisi.
Cliquez sur Compos. ou appuyez sur la touche Entrée du clavier.
Composer le numéro
après avoir décroché
(après la tonalité)
Cliquez sur NvAppel, sur les boutons Haut-parleur ou Casque, ou sur un
bouton de ligne, et entrez un numéro. Chapitre 3 Traitement des appels avec Cisco IP Communicator
Comment traiter les appels simples
3-4
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Rappeler le dernier
numéro composé
Cliquez sur Bis. Par défaut, la fonction Bis utilise votre ligne principale.
Toutefois, vous pouvez ouvrir une ligne secondaire, puis cliquer sur Bis.
Pour ouvrir une ligne, cliquez sur un bouton de ligne.
Composer un numéro
abrégé
• Cliquez sur un bouton de numérotation abrégée avant ou après avoir
décroché.
ou
• Entrez un code de numérotation abrégée (de 1 à 99 sur le clavier) avec
le téléphone raccroché, puis cliquez sur NumAbr.
Passer un appel lorsqu'un
autre appel est actif (en
utilisant une autre ligne)
Cliquez sur un bouton de ligne pour la nouvelle ligne. L'appel de la première
ligne est automatiquement mis en attente.
Passer un appel lorsqu'un
autre appel est actif (en
utilisant la même ligne)
Cliquez sur Attente, puis sur NvAppel. Vous pouvez à présent composer le
numéro ou utiliser la fonction Bis ou la numérotation abrégée. Vous avez
également la possibilité de poursuivre l'appel actif tout en vous préparant à
composer un numéro à partir d'un journal d'appels ou d'un répertoire Pour
récupérer l'appel en attente, cliquez sur Reprend. (voir les deux lignes
suivantes de ce tableau pour plus de détails).
Composer un numéro à
partir d'un journal
d'appels
Cliquez sur le bouton Répertoires.
Sélectionnez Appels en absence, Appels reçus, ou Appels composés. Pour
composer un numéro, cliquez dessus ou recherchez-le en faisant défiler la
liste et décrochez le téléphone.
Si vous souhaitez composer un numéro à partir d'un journal d'appels tout en
poursuivant un appel actif, faites défiler la liste pour afficher
l'enregistrement souhaité et cliquez sur Compos. ou appuyez sur la touche
Entrée du clavier. Choisissez ensuite un élément de menu pour traiter l'appel
initial :
• Attente : met le premier appel en attente et compose le second.
• Transfert : transfère le premier interlocuteur vers le second (cliquez de
nouveau sur Transfert pour terminer l'opération).
• Conférence : établit une conférence téléphonique entre tous les
interlocuteurs (cliquez sur Conf. pour terminer l'opération).
• Fin app. : déconnecte le premier appel et compose le second.
Pour... Procédez comme suit :3-5
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 3 Traitement des appels avec Cisco IP Communicator
Comment traiter les appels simples
Composer une entrée
d'un annuaire
d'entreprise sur le
téléphone
Cliquez sur le bouton Répertoires.
Sélectionnez Répertoire d'entreprise (le nom exact de ce service peut
varier). Entrez les lettres à l'aide du clavier, puis cliquez sur Recher. Pour
composer un numéro, cliquez dessus ou recherchez-le en faisant défiler la
liste et décrochez le téléphone.
Si vous souhaitez composer un numéro à partir d'un répertoire tout en
poursuivant un appel actif, faites défiler la liste pour afficher
l'enregistrement souhaité et cliquez sur Compos. ou appuyez sur la touche
Entrée du clavier. Choisissez ensuite un élément de menu pour traiter l'appel
initial :
• Attente : met le premier appel en attente et compose le second.
• Transfert : transfère le premier interlocuteur vers le second (cliquez de
nouveau sur Transfert pour terminer l'opération).
• Conférence : établit une conférence téléphonique entre tous les
interlocuteurs (cliquez sur Conf. pour terminer l'opération).
• Fin app. : déconnecte le premier appel et compose le second.
Composer un numéro à
partir d'un répertoire
d'entreprise de votre
ordinateur personnel à
l'aide Cisco WebDialer
• Ouvrez un navigateur Web et accédez à un répertoire d'entreprise
compatible avec WebDialer.
• Cliquez sur le numéro à composer.
Voir le guide Customizing Your Cisco Unified IP Phone on the Web
(Personnalisation de votre téléphone IP Cisco Unified) pour plus de détails :
http://www.cisco.com/en/US/products/hw/phones/ps379/products_user_
guide_list.html
Utiliser la fonction de
rappel de Cisco pour
recevoir une notification
lorsqu'un poste occupé
ou qui ne répond pas se
libère
• Appuyez sur Rappel lorsque vous entendez la tonalité occupé ou la
sonnerie.
• Raccrochez. Votre téléphone vous avertit lorsque la ligne se libère.
• Passez à nouveau l'appel.
Pour... Procédez comme suit :Chapitre 3 Traitement des appels avec Cisco IP Communicator
Comment traiter les appels simples
3-6
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Voir si une ligne associée
à la numérotation abrégée,
à l'enregistrement d'appel,
ou à l'inscription à un
répertoire est occupée
avant de passer un appel
sur cette ligne
Recherchez des indicateurs de fonction de ligne occupée. Utilisation des
indicateurs de fonction de ligne occupée pour déterminer l'état d'une ligne,
page 3-34
Composer un numéro en
mode Casque
• Si le bouton Casque n'est pas allumé, cliquez dessus avant ou après la
numérotation, la recomposition du dernier numéro (bis) ou la composition
d'un numéro abrégé.
ou
• Si le bouton Casque est allumé, cliquez sur NvAppel, Bis, un bouton de
numérotation abrégée ou un bouton de ligne. Le cas échéant, entrez un
numéro de téléphone et cliquez sur Compos. ou appuyez sur la touche
Entrée du clavier. Voir Utilisation d'un casque, page 5-2.
Composer un numéro en
mode Haut-parleur
Vérifiez tout d'abord qu'aucun casque analogique n'est branché sur les prises
jacks audio de l'ordinateur. Cliquez sur NvAppel ou sur appuyez sur le bouton
Haut-parleur et saisissez un numéro de téléphone. Vous pouvez également
utiliser une autre méthode pour passer l'appel, puis cliquer sur le bouton
Haut-parleur pour basculer en mode Haut-parleur.
Un grand nombre d'opérations réalisées lorsque vous composez un numéro
entraînent le déclenchement automatique du mode Haut-parleur. Voir Utilisation
de votre ordinateur comme poste téléphonique à haut-parleur, page 5-4.
Composer un numéro en
mode Combiné
Décrochez le combiné avant ou après la numérotation, la recomposition du
dernier numéro (bis) ou la composition d'un numéro abrégé. Voir Utilisation d'un
combiné USB, page 5-5.
Pour... Procédez comme suit :3-7
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 3 Traitement des appels avec Cisco IP Communicator
Comment traiter les appels simples
Composer un numéro à
partir de votre carnet
d'adresses personnel
Uniquement disponible si activé sur Cisco Unified
Communications Manager (anciennement Cisco Unified CallManager).
Renseignez-vous auprès de votre administrateur système.
• Si vous utilisez une autre version de Cisco Unified
Communications Manager que la version 4.x, cliquez sur le bouton
Répertoires et sélectionnez Répertoire personnel.
• Si vous utilisez Cisco Unified Communications Manager 4.x, cliquez
sur le bouton Services et sélectionnez Service PAB (le nom exact peut
varier).
(Selon la configuration, vous pourrez également utiliser la fonction
Recherche rapide. Consultez la Utilisation du répertoire personnel,
page 6-7.)
Avant d'utiliser ce service, vous devez vous y abonner. Voir Utilisation de
votre Carnet d'adresses personnel.
Composer un numéro à
l'aide d'un code de
numérotation abrégée
Uniquement disponible si activé sur Cisco Unified
Communications Manager (anciennement Cisco Unified CallManager).
Renseignez-vous auprès de votre administrateur système.
• Si vous utilisez une autre version de Cisco Unified
Communications Manager que la version 4.x, cliquez sur le bouton
Répertoires et sélectionnez Répertoire personnel.
• Si vous utilisez Cisco Unified Communications Manager 4.x, cliquez
sur le bouton Services et sélectionnez Fast Dials (Numérotation
abrégée) (le nom exact peut varier). Pour composer un numéro à partir
d'une liste, cliquez dessus ou sélectionnez-le et décrochez.
Pour plus d'informations sur le service de numérotation abrégée, consultez
la Configuration de numéros abrégés, page 7-4.
Passer un appel en
utilisant un code de
facturation ou de suivi
Composez un numéro ou entrez un code d'affaire client ou un code
d'autorisation forcée lorsque vous entendez une tonalité différente.
L'administrateur système vous indiquera si vous avez besoin d'entrer ces
types de code et peut vous fournir des instructions détaillées si nécessaire.
Pour... Procédez comme suit :Chapitre 3 Traitement des appels avec Cisco IP Communicator
Comment traiter les appels simples
3-8
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Conseils
• Pour ajouter un préfixe à un numéro figurant dans l'un de vos journaux
d'appels, sélectionnez le numéro et cliquez sur ModNum.
• Si vous composez le numéro avant de décrocher, le numéro ne peut pas
commencer par un astérisque (*) ou le signe dièse (#). Si vous avez besoin
d'utiliser ces caractères, décrochez le combiné pour obtenir la tonalité et
composez le numéro.
Rubriques connexes
• Réponse à un appel, page 3-9
• Fin d'un appel, page 3-11
Établissement d'un appel vidéo
Lorsque vous utilisez Cisco IP Communicator avec Cisco Unified Video
Advantage, vous pouvez passer des appels vidéo.
Pour passer un appel vidéo, vous devez remplir les critères suivants :
• Cisco Unified Video Advantage doit être installé sur votre système.
• Cisco IP Communicator doit être activé pour les appels vidéo sur le serveur
de traitement des appels. Après l'activation, Cisco IP Communicator affiche
l'icône dans le coin inférieur droit de l'écran du téléphone.
Passer un appel
prioritaire
Entrez le numéro d'accès MLPP (Multilevel Precedence and Preemption)
(fourni par votre administrateur système), puis le numéro de téléphone.
Passer un appel en
utilisant votre profil de
mobilité de poste Cisco
Vérifiez que vous êtes connecté à la fonction de mobilité de poste. Appuyez
sur le bouton Services et sélectionnez Service EM (le nom exact de ce
service peut varier), puis entrez vos informations de connexion à l'aide du
clavier. Si vous partagez un téléphone, il se peut que vous deviez vous
connecter au service de mobilité de poste pour accéder à certaines fonctions
ou passer un appel. Le service de mobilité de poste est une fonction spéciale
qui n'est pas disponible par défaut et que votre administrateur système peut
affecter aux téléphones et à leurs utilisateurs.
Pour... Procédez comme suit :3-9
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 3 Traitement des appels avec Cisco IP Communicator
Comment traiter les appels simples
• Vous devez lancer Cisco Unified Video Advantage avant d'établir l'appel
vidéo.
• Votre correspondant doit également satisfaire aux mêmes critères et utiliser
un périphérique qui soit un point d'accès vidéo.
Si vous souhaitez activer votre téléphone pour les appels vidéo, contactez votre
administrateur système pour obtenir de l'aide et consultez le guide d'utilisation de
Cisco Unified Video Advantage :
http://www.cisco.com/en/US/products/sw/voicesw/ps5662/products_user_
guide_list.html
Réponse à un appel
Pour... Procédez comme suit :
Répondre en mode Casque Cliquez sur le bouton Casque, s'il n'est pas allumé.
Ou, si le bouton Casque est allumé, cliquez sur Répond. ou sur un
bouton de ligne clignotant. Voir Utilisation d'un casque, page 5-2.
Répondre en mode Haut-parleur Cliquez sur le bouton Haut-parleur ou Répond. ou sur un bouton
de ligne clignotant. Voir Utilisation de votre ordinateur comme
poste téléphonique à haut-parleur, page 5-4.
Répondre en mode Combiné Soulevez le combiné (ou activez-le comme il convient). Voir
Utilisation d'un combiné USB, page 5-5.
Prendre un appel à l'aide du
raccourci clavier
Appuyez sur F2 ou sur Ctrl + Maj + A sur votre clavier.
Répondre avec la notification
d'appel entrant
Cliquez sur l'icône de sonnerie ou sur les informations d'ID de
l'appelant.
Si vous cliquez sur l'icône Secret dans la fenêtre de notification
d'appel entrant qui apparaît au cours d'un appel actif, la sonnerie est
coupée et la fenêtre de notification disparaît. Vous devez revenir
dans l'interface de l'application pour afficher les détails de l'appel
placé en mode Secret et désactiver cette fonction pour les futurs
appels entrants.
Répondre à un appel en sonnerie
à partir d'un appel déjà connecté
Voir Passage d'un appel à l'autre, page 3-15 et Utilisation des
fonctions Attente et Reprise, page 3-12.Chapitre 3 Traitement des appels avec Cisco IP Communicator
Comment traiter les appels simples
3-10
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Rubriques connexes
• Fin d'un appel, page 3-11
• Utilisation des fonctions Attente et Reprise, page 3-12
• Transfert d'un appel connecté, page 3-14
• Passage d'un appel à l'autre, page 3-15
• Utilisation de la fonction de mobilité de poste de Cisco, page 3-26
Paramétrer
Cisco IP Communicator pour qu'il
se connecte automatiquement à
l'appel entrant après une ou deux
sonneries
Demandez à votre administrateur de configurer la fonction Réponse
automatique pour vos lignes. Vous pouvez utiliser cette fonction en
mode Haut-parleur ou Casque. Voir Utilisation de casques d'écoute et
d'autres périphériques audio avec Cisco IP Communicator, page 5-1.
Récupérer ou permettre à une
autre personne de récupérer un
appel en attente sur un autre
téléphone (celui d'une salle de
conférence, par exemple)
Utilisez la fonction de parcage d'appel. Voir Utilisation de la fonction
de mobilité de poste de Cisco, page 3-26.
Utiliser votre téléphone pour
répondre à un appel en sonnerie
sur un autre téléphone
Utilisez la fonction d'interception d'appels. Voir Redirection d'un appel
entrant vers Cisco IP Communicator, page 3-33.
Répondre à un appel prioritaire Mettez fin à l'appel en cours en raccrochant, puis cliquez sur Répond.
Envoyer un appel entrant
directement vers votre système de
messagerie vocale
Cliquez sur Rvoi Im. L'appel entrant est automatiquement transféré
vers l'annonce d'accueil de votre messagerie vocale.
Prendre un appel sur votre
téléphone portable ou à sur un
autre périphérique cible distant
Configurez Mobile Connect et répondez au téléphone.
Lorsque vous activez Mobile Connect :
Les appels sont simultanément reçus sur votre Bureau et sur les
périphériques cibles à distance. Lorsque vous prenez l'appel sur votre
téléphone de bureau, les périphériques cibles distants cessent de
sonner, sont déconnectés, et affichent un message indiquant un appel en
absence. Lorsque vous prenez l'appel sur un périphérique cible distant,
les autres périphériques cibles distants cessent de sonner, sont
déconnectés, et un message indiquant un appel en absence s'affiche sur
les autres périphériques cibles distants.
Pour... Procédez comme suit :3-11
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 3 Traitement des appels avec Cisco IP Communicator
Comment traiter les appels simples
Fin d'un appel
Conseil Vous devez conserver le mode Casque activé pour utiliser la fonction Réponse
automatique avec le casque (cette fonction doit être configurée par
l'administrateur système). Si vous utilisez un casque sans la fonction Réponse
automatique, il peut également être préférable de maintenir le mode Casque
activé. Voir Obtention de périphériques audio, page 5-1.
Rubriques connexes
• Passer un appel, page 3-3
• Réponse à un appel, page 3-9
• Transfert d'un appel connecté, page 3-14
Pour... Procédez comme suit :
Raccrocher lorsque vous utilisez
le mode Combiné
Désactivez le combiné, cliquez sur FinApp ou appuyez sur la
touche Échap du clavier. Voir Utilisation d'un combiné USB,
page 5-5.
Raccrocher lorsque vous utilisez
le mode Casque
Cliquez sur le bouton Casque, s'il est allumé.
Pour que le mode Casque reste actif, maintenez le bouton allumé en
cliquant sur FinApp ou en appuyant sur la touche Échap du clavier.
Vo ir Utilisation d'un casque, page 5-2.
Raccrocher lorsque vous utilisez
le mode Haut-parleur
Cliquez sur FinApp ou appuyez sur la touche Échap du clavier.
Vo ir Utilisation de votre ordinateur comme poste téléphonique à
haut-parleur, page 5-4.
Mettre fin à un appel sans pour
autant mettre fin à un autre appel
sur la même ligne
Cliquez sur FinApp ou appuyez sur la touche Échap. Si nécessaire,
commencez par cliquer sur Reprend pour récupérer un appel en
attente.Chapitre 3 Traitement des appels avec Cisco IP Communicator
Comment traiter les appels simples
3-12
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Utilisation des fonctions Attente et Reprise
Vous pouvez mettre en attente ou reprendre des appels. Lorsque vous mettez un
appel en attente, l'icône Attente apparaît en regard de l'ID de l'appelant et le
bouton de ligne correspondant clignote en vert.
Si la fonction d'inversion de la mise en attente est activée pour votre téléphone,
les appels mis en attente sonnent à nouveau après un certain temps. L'appel «
inversé » reste en attente jusqu'à ce que vous le repreniez ou jusqu'à l'expiration
du délai d'inversion.
Votre téléphone indique la présence d'un appel inversé :
• En vous avertissant à intervalles réguliers à l'aide d'une simple sonnerie (ou
d'un clignotement ou d'un bip, selon la configuration de votre ligne
téléphonique).
• En affichant brièvement un message d'inversion de mise en attente dans la
barre d'état au bas de l'écran du téléphone.
• En affichant l'icône animée d'inversion de mise en attente en regard de l'ID de
l'appelant correspondant à l'appel en attente.
• En affichant un bouton de ligne clignotant de couleur orange (selon l'état de
la ligne).
Pour... Procédez comme suit :
Mettre un appel en attente 1. Vérifiez que l'appel à mettre en attente est sélectionné.
2. Cliquez sur Attente.
Reprendre sur la ligne active
un appel mis en attente
1. Vérifiez que l'appel adéquat et mis en surbrillance.
2. Cliquez sur Reprendre.
Reprendre sur une autre ligne
un appel mis en attente
1. Cliquez sur un bouton de ligne vert clignotant. Si cette ligne ne
comporte qu'un seul appel en attente, la reprise de ce dernier est
automatique.
2. Si elle en comporte plusieurs, assurez-vous que l'appel concerné
est mis en surbrillance, puis cliquez sur Reprend.3-13
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 3 Traitement des appels avec Cisco IP Communicator
Comment traiter les appels simples
Conseils
• Habituellement, l’activation de la fonction de mise en attente génère de la
musique ou un bip.
• Si un message vous alerte simultanément d'un appel entrant et d'un appel
inversé, l'écran de votre téléphone affiche par défaut l'appel entrant. Votre
administrateur système peut changer cette priorité d'affichage.
• Si vous utilisez une ligne partagée, l'inversion de mise en attente ne sonne que
sur le téléphone sur lequel l'appel a été mis en attente, et non sur les autres
téléphones qui partagent la ligne.
• L'intervalle entre les alertes d'inversion est déterminé par votre
administrateur système.
Utilisation de la fonction Secret
La fonction Secret coupe le son du casque, du haut-parleur ou du microphone.
Lorsque la fonction Secret est activée, vous pouvez entendre vos interlocuteurs,
mais ces derniers ne peuvent pas vous entendre.
Remarque Si vous lancez Cisco IP Communicator alors que votre périphérique audio ou
ordinateur est mis en sourdine, la fenêtre Vérifier les paramètres audio vous invite
à rétablir, régler ou annuler vos paramètres audio. Si les paramètres audio que
vous aviez définis auparavant fonctionnaient correctement, choisissez Rétablir.
Si vous souhaitez les afficher ou les modifier, choisissez Régler. Pour conserver
la fonction Secret activée, choisissez Annuler.
Pour... Procédez comme suit :
Activer la fonction Secret Cliquez sur le bouton Secret qui n'est pas allumé.
Désactiver la fonction Secret Cliquez sur le bouton Secret qui est allumé.Chapitre 3 Traitement des appels avec Cisco IP Communicator
Comment traiter les appels simples
3-14
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Transfert d'un appel connecté
Le transfert permet de rediriger un appel connecté. La cible est le numéro vers
lequel vous souhaitez transférer l'appel.
Conseils
• Si le transfert en mode téléphone raccroché est activé, vous pouvez
raccrocher directement ou cliquer sur Trnsfer avant de raccrocher.
• S'il n'est pas activé sur votre téléphone, sachez que le fait de raccrocher plutôt
que de cliquer surCisco IP Communicator Trnsfer a pour effet d'annuler le
transfert et de mettre en attente la personne dont l'appel doit être transféré.
• Vous ne pouvez pas utiliser la touche Trnsfer pour rediriger un appel en
attente. Cliquez sur Reprend. pour le reprendre avant de le transférer.
Pour... Procédez comme suit :
Transférer un appel sans en
informer le destinataire du
transfert
Au cours de l'appel, cliquez sur Transférer et entrez le numéro cible.
Quand vous entendez la sonnerie d'appel, cliquez de nouveau sur
Transférer.
Informer le destinataire du
transfert avant de lui
transférer un appel
(transférer en consultant)
Au cours de l'appel, cliquez sur Transférer et entrez le numéro cible.
Patientez quelques instants pour laisser le temps au destinataire du
transfert de répondre. Si le destinataire accepte l'appel transféré, cliquez
de nouveau sur Transférer. Si le destinataire refuse l'appel, appuyez sur
Reprend. pour récupérer l'appel initial.
Transférer deux appels en
cours l'un vers l'autre
(transfert direct)
Sélectionnez un appel sur la ligne, puis cliquez sur Sélect. Renouvelez
cette procédure pour le second appel. Lorsque l'un des appels
sélectionnés est mis en surbrillance, cliquez sur TrnsDir (il se peut que
vous deviez au préalable cliquer sur autres pour afficher cette option.)
Les deux appels se connectent l'un à l'autre et vous ne participez plus à
l'appel.
Pour rester en ligne avec ces interlocuteurs, utilisez l'option Joindre
pour créer une conférence téléphonique.
Transférer un appel vers
votre système de messagerie
vocale
Cliquez sur Rvoi Im. L'appel est automatiquement transféré vers le
message d'accueil de votre messagerie vocale. Cette fonction est
disponible lorsqu'un appel est actif, en sonnerie ou en attente.3-15
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 3 Traitement des appels avec Cisco IP Communicator
Comment traiter les appels simples
Sélection des appels
De nombreuses fonctions de Cisco IP Communicator nécessitent que vous
sélectionniez les appels à utiliser avec une fonction particulière. Par exemple, si
vous avez quatre appels en attente mais que vous souhaitiez ne joindre que deux
d'entre eux à une conférence téléphonique, vous pouvez sélectionner les appels à
ajouter avant d'activer la fonction de conférence.
Passage d'un appel à l'autre
Vous pouvez passer d'un appel à l'autre sur une ou plusieurs lignes. Si l'appel vers
lequel vous souhaitez basculer n'est pas sélectionné (mis en surbrillance)
automatiquement, cliquez sur l'image qui lui est associée sur l'écran du téléphone.
Pour... Procédez comme suit :
Mettre un appel en
surbrillance
Cliquez sur un appel dans la liste des appels. Les appels mis en surbrillance
apparaissent sur un fond plus clair et plus lumineux.
Sélectionner un appel Mettez en surbrillance un appel connecté ou en attente, puis cliquez sur Sélect.
Les appels sélectionnés sont signalés par une coche.
Vérifier les appels
sélectionnés
Cliquez sur le bouton Navigation pour faire défiler la liste des appels. Les
appels sélectionnés sont signalés par une coche et regroupés au sein de la liste
des appels.
Pour... Procédez comme suit :
Basculer entre des appels
connectés sur une ligne
Sélectionnez l'appel vers lequel vous souhaitez basculer et cliquez sur
Reprend. L'autre appel est automatiquement mis en attente.
Basculer entre des appels
connectés sur des lignes
différentes
Cliquez sur le bouton de ligne vert clignotant qui correspond à la ligne
(et à l'appel) vers laquelle vous souhaitez basculer. Si cette ligne ne
comporte qu'un seul appel en attente, la reprise de ce dernier est
automatique. Si elle en comporte plusieurs, mettez en surbrillance
l'appel concerné (si nécessaire) et cliquez sur Reprend.
Répondre à un appel en
sonnerie à partir d'un appel
déjà connecté
Cliquez sur Répond. ou sur un bouton de ligne jaune clignotant. Cette
procédure permet de répondre au nouvel appel et de placer
automatiquement le premier appel en attente. Chapitre 3 Traitement des appels avec Cisco IP Communicator
Comment traiter les appels simples
3-16
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Conseils
• Un seul appel à la fois peut être actif à un moment donné ; les autres appels
connectés sont automatiquement mis en attente.
• Lorsque vous avez plusieurs appels sur une même ligne, les appels avec le
niveau de priorité le plus élevé et dont la durée est la plus longue apparaissent
en haut de la liste des appels.
• Les appels d'un même type sont regroupés au sein de la liste des appels. Par
exemple, les appels auxquels vous avez participé sont regroupés vers le haut ;
ensuite viennent les appels sélectionnés. Ceux auxquels vous n'avez pas
encore répondu sont regroupés en bas (en dernier).
Passer d'un appel entrant à
l'autre à l'aide de la
notification d'appel entrant
Cliquez dans la fenêtre de notification de l'appel entrant (sauf sur
l'icône Secret). L'appel actif est ainsi mis en attente et vous pouvez
répondre à l'appel entrant.
Afficher la liste des appels
actifs
Cliquez sur un bouton de ligne vert pendant un appel actif afin de
revenir à l'écran principal en masquant les informations associées à
l'appel actif. Vous obtenez ainsi la liste de tous les appels actifs sur
chacune de vos lignes. Il s'agit de l'appel actif ou, si tous les appels
sont en attente, de l'appel qui est en attente depuis la plus longue
durée. Cliquez de nouveau sur le bouton de ligne vert pour revenir à
l'affichage initial.
Consulter tous les appels sur
une ligne donnée
Cliquez sur le bouton Aide puis cliquez immédiatement sur le bouton
de ligne. Cette action permet d'afficher les détails sur l'appel sans
affecter l'état de l'appel. Utilisez cette procédure lorsque vous êtes sur
une ligne et que vous voulez afficher les appels en attente sur une autre
ligne.
Pour... Procédez comme suit :3-17
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 3 Traitement des appels avec Cisco IP Communicator
Comment traiter les appels simples
Transfert d'un appel en cours vers un autre téléphone
Si vous utilisez la configuration Mobile Connect, vous pouvez transférer les
appels en cours du téléphone logiciel Cisco IP Communicator vers votre
téléphone portable ou vers une autre destination distante.
Renvoi de vos appels vers un autre numéro
Vous pouvez utiliser les fonctions de renvoi d'appel pour rediriger des appels
entrants de votre téléphone vers un autre numéro.
Remarque Entrez le numéro cible pour le renvoi de tous les appels exactement comme vous
le composeriez sur votre téléphone. Par exemple, si nécessaire, entrez un code
d'accès, tel que le 9 ou l'indicatif régional.
Pour... Procédez comme suit :
Transférer un appel en cours de votre
téléphone logiciel Cisco IP
Communicator vers un téléphone
portable
Appuyez sur la touche de fonction
Mobilité et sélectionez Transférer
l'appel vers le téléphone portable.
Prenez l'appel en cours sur votre
téléphone portable.
Le bouton de la ligne téléphonique
devient rouge et des icônes de combiné
et le numéro de l'appelant sont affichés
à l'écran du téléphone. Bien que vous
ne puissiez pas utiliser la même ligne
téléphonique pour d'autres appels,
vous pouvez prendre ou passer des
appels sur une autre ligne si votre
téléphone prend en charge plusieurs
lignes.
Transférer un appel en cours d'un
téléphone portable vers le téléphone
logiciel Cisco IP Communicator
Raccrochez votre téléphone portable
pour déconnecter le téléphone portable
mais pas l'appel.
Appuyez sur Reprend. sur votre
téléphone dans les 4 secondes et
commencez à parler au téléphone de
bureau.Chapitre 3 Traitement des appels avec Cisco IP Communicator
Comment traiter les appels simples
3-18
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Votre administrateur système peut vous proposer de choisir entre deux types de
fonctions de renvoi d'appels :
• Le renvoi d'appels sans condition (Renvoi de tous les appels) : s'applique à
tous les appels que vous recevez.
• Le renvoi d'appel conditionnel (Renvoi si sans réponse, Renvoi si occupé, Pas
de couverture) : s'applique à certains appels que vous recevez, sous certaines
conditions.
Vous pouvez accéder à la fonction de renvoi de tous les appels sur votre téléphone;
les autres fonctions de renvoi d'appels ne sont accessibles que sur les pages Web
Options utilisateur Cisco Unified CM. Votre administrateur système détermine
quelles fonctions de renvoi d'appels sont disponibles sur votre téléphone.
Conseils
• Entrez le numéro cible du renvoi d'appels exactement comme si vous le
composiez sur votre téléphone. Par exemple, le cas échéant, entrez un code
d'accès ou l'indicatif régional.
Pour... Procédez comme suit :
Configurer le renvoi de tous
vos appels sur votre ligne
principale
Appuyez sur RenvTt ou Renvoyer tout, puis entrez un numéro de
téléphone cible.
Annuler le renvoi de tous les
appels sur votre ligne
principale
Appuyez surRenvTt ou Renvoyer tout.
Vérifier que le renvoi de tous
les appels est activé sur votre
ligne principale
Recherchez :
• L'icône de renvoi d'appel au-dessus du numéro de téléphone
principal : .
• Le numéro cible du renvoi d'appel sur la ligne d'état.
Configurer ou annuler le
renvoi d'appels à distance, ou
pour une ligne secondaire
1. Accédez aux pages Web Options utilisateur Cisco Unified CM.
2. Allez aux paramètres de renvoi d'appel. Voir Contrôle des
paramètres de ligne, page 7-10.
Remarque Lorsque la fonction de renvoi d'appels est activée pour
toute autre ligne que la ligne principale, aucun signal sur
votre téléphone ne vous confirme que les appels sont
bien renvoyés. Vous devez vérifier vos paramètres dans
les pages Web Options utilisateur Cisco Unified CM. 3-19
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 3 Traitement des appels avec Cisco IP Communicator
Comment traiter les appels simples
• Le renvoi d'appel dépend de la ligne téléphonique. Si le renvoi d'appels n'est
pas activé sur la ligne sur laquelle il arrive, l'appel déclenche la sonnerie
normale.
• Votre administrateur système peut activer une fonction d'annulation du renvoi
d'appel pour que la personne qui reçoit vos appels transférés puisse vous
joindre. Lorsque l'annulation est activée, les appels passés à partir du
téléphone cible vers votre téléphone ne sont pas transférés ; ils déclenchent
une sonnerie sur votre poste.
Rubriques connexes
• Réponse à un appel, page 3-9
• Transfert d'un appel connecté, page 3-14
• Traitement des fonctions d'appel avancées, page 3-25
Utilisation de la fonction Ne pas déranger
Vous pouvez utiliser la fonction Ne pas déranger (NPD) pour bloquer les appels
entrants sur votre téléphone à l'aide de la tonalité occupé.
Lorsque la fonction NDP et le renvoi d'appels sont activés sur votre téléphone, les
appels sont renvoyés et l'appelant n'entend pas de tonalité occupé.Chapitre 3 Traitement des appels avec Cisco IP Communicator
Comment traiter les appels simples
3-20
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Conseils
• Lorsque vous activez la fonction NPD :
– Cisco IP Communicator ne bloque ni les appels à destination de lignes
intercom, ni les appels critiques tels que les appels provenant de
Cisco Emergency Responder et les appels MLPP.
– Cisco IP Communicator n'enregistre pas les appels entrants dans le
journal des Appels en absence de votre téléphone.
– Si vous avez également activé Renvoyer tout, cette fonction est prioritaire
sur les appels entrants. C'est-à-dire que Cisco IP Communicator
transfère tous vos appels, et que l'appelant n'entend pas de tonalité
occupé.
– Si la fonction Renvoi si occupé est activée sur votre ligne,
Cisco IP Communicator transfère les appels au numéro Renvoi si
occupé. Les appelants n'entendent pas de tonalité occupé.
• Si la fonction NPD est désactivée sur votre téléphone, contactez votre
administrateur système.
Rubriques connexes
• Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2
Pour... Procédez comme suit :
Activer la fonction Ne pas
déranger
1. Cliquez sur Paramètres> Configuration du périphérique>
Préférences d'appel> Ne pas déranger.
2. Sélectionnez Oui, puis cliquez sur Enregistrer.
Ne pas déranger s'affiche sur la ligne d'état et la touche de fonction
NPD est ajoutée.
Désactiver la fonction
NPD
Cliquez sur la touche de fonction NPD. La touche de fonction NPD est
supprimée.
Personnaliser les options
Ne pas déranger
1. Sélectionnez Options utilisateur Cisco Unified CM.
2. Accédez aux pages Web Options utilisateur Cisco Unified CM.
3. À partir du menu déroulant, choisissez Options utilisateur>
Périphérique
4. Sélectionnez le Nom de votre périphérique Cisco IP Communicator.
5. Il est possible d'utiliser les caractères génériques suivants :
– Ne pas déranger : Activer/désactiver NPD.
– Alerte d’appel entrant avec la fonction NPD : configurez l'alerte
afin qu'elle émette unbip seulement ou qu'elle clignote seulement,
ou désactivez toutes les notifications visuelles et sonores. 3-21
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 3 Traitement des appels avec Cisco IP Communicator
Établissement de conférences téléphoniques
Établissement de conférences téléphoniques
Vous pouvez créer une conférence de différentes manières, en fonction de vos
besoins et des fonctions disponibles sur votre téléphone.
• Conférence : Permet de créer une conférence standard (ad hoc) en appelant
chaque participant. Utilisez la touche de fonction Conf.
• Joindre : permet de créer une conférence standard (ad hoc) en associant des
appels existants. Utilisez la touche de fonction Joindre. La fonction Joindre
n'est disponible que sur les téléphones SCCP.
• InsConf : permet de créer une conférence standard (ad hoc) en vous ajoutant
à un appel sur une ligne partagée. Appuyez sur un bouton de ligne ou sur la
touche de fonction InsConf. La fonction InsConf est disponible uniquement
sur les téléphones qui utilisent des lignes partagées.
• Meet-Me : permet de créer ou de rejoindre une conférence en appelant un
numéro de conférence. Utilisez la touche de fonction MeetMe.
Utilisation de la fonction Conférence.
Pour... Procédez comme suit :
Créer une conférence 1. Au cours d'un appel, appuyez sur Conf. (Il se peut que vous
deviez appuyer sur la touche autres pour accéder à la touche
Conf.)
2. Entrez le numéro de téléphone du participant.
3. Attendez que l'appel soit établi.
4. Appuyez de nouveau sur Conf. pour ajouter ce participant à votre
appel.
5. Répétez cette procédure pour ajouter d'autres participants.
Ajouter de nouveaux
participants à une conférence
existante
Répétez les étapes ci-dessus.
Votre administrateur système détermine si vous pouvez ajouter ou
supprimer des participants si vous n'êtes pas l'organisateur de la
conférence.Chapitre 3 Traitement des appels avec Cisco IP Communicator
Établissement de conférences téléphoniques
3-22
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Utilisation de la fonction Joindre (uniquement sur les téléphones
SCCP)
La fonction Joindre permet de combiner plusieurs appels existants afin de créer
une conférence à laquelle vous participez.
Pour... Procédez comme suit :
Créer une conférence en
joignant des appels existants
passés sur une même ligne
téléphonique
1. À partir d'un appel actif, mettez en surbrillance un autre appel à
inclure dans la conférence, puis appuyez sur Sélect.
2. Répétez cette étape pour chacun des appels à ajouter.
3. Appuyez sur Joindre. (Il se peut que vous deviez appuyer sur la
touche de fonction autres pour accéder à la touche Joindre.)
Créer une conférence en
joignant des appels existants
passés sur plusieurs lignes
téléphoniques
1. À partir d'un appel en cours, appuyez sur Joindre. (Il se peut que
vous deviez appuyer sur la touche de fonction autres pour
accéder à la touche Joindre.)
2. Appuyez sur le bouton de ligne vert clignotant correspondant aux
appels à inclure à la conférence.
L'un des événements suivants se produit :
• Les appels sont joints.
• Une fenêtre s'ouvre sur l'écran du téléphone ; un message vous y
invite à sélectionner les appels à joindre. Mettez les appels en
surbrillance et appuyez ensuite sur Sélect, puis sur Joindre pour
terminer l'opération.
Remarque Si votre téléphone ne prend pas en charge la fonction
Joindre pour les appels sur plusieurs lignes, transférez
les appels vers une ligne unique. Vous pourrez alors
utiliser la fonction Joindre.
Combiner deux conférences
existantes
Utilisez les touches de fonction Joindre ou TrnsDir.
Demandez à votre administrateur système si votre système est équipé
de cette fonction.3-23
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 3 Traitement des appels avec Cisco IP Communicator
Établissement de conférences téléphoniques
Utilisation de la fonction InsConf
Vous pouvez créer une conférence en utilisant la fonction InsConf pour vous
ajouter à un appel sur une ligne partagée.
Utilisation de la fonction Meet-Me
Le mode de conférence téléphonique Meet-Me permet de démarrer une
conférence ou de s'y joindre en composant son numéro.
Pour... Procédez comme suit :
Créer une conférence en vous
connectant par insertion à un
appel sur une ligne partagée
Appuyez sur le bouton de ligne correspondant à la ligne partagée.
Dans certains cas, vous devez mettre l'appel en surbrillance et appuyer
sur InsConf pour terminer l'opération.
Pour plus d'informations, consultez Procédure pour se connecter
personnellement à un appel sur une ligne partagée, page 3-36.
Pour... Procédez comme suit :
Lancer une conférence
Meet-Me
1. Demandez à votre administrateur système un numéro de téléphone
Meet-Me.
2. Communiquez ce numéro à tous les participants.
3. Lorsque vous êtes prêt à lancer la conférence, décrochez pour
obtenir une tonalité, puis appuyez sur MeetMe.
4. Composez le numéro de la conférence Meet-Me.
Les participants peuvent à présent se joindre à la conférence en
composant le numéro correspondant.
Remarque Les participants entendront une tonalité occupé s'ils
composent le numéro de la conférence avant que
l'organisateur ne soit lui-même connecté. Dans ce cas, ils
doivent rappeler.Chapitre 3 Traitement des appels avec Cisco IP Communicator
Établissement de conférences téléphoniques
3-24
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Affichage ou exclusion des participants à une conférence
Rejoindre une conférence
Meet-Me
Composez le numéro de la conférence Meet-Me (que vous a
communiqué l'organisateur de la conférence).
Remarque Vous entendrez une tonalité occupé si vous composez le
numéro de la conférence avant que l'organisateur ne soit
connecté. Dans ce cas, rappelez ultérieurement.
Mettre fin à une conférence
Meet-Me
Tous les participants doivent raccrocher.
La conférence ne s'arrête pas automatiquement lorsque l'organisateur se
déconnecte.
Pour... Procédez comme suit :
Afficher la liste des participants
à une conférence
Appuyez sur ListConf.
Les participants sont répertoriés dans l'ordre dans lequel ils rejoignent la
conférence, les derniers à la rejoindre apparaissant en tête de liste.
Mettre à jour la liste des
participants à une conférence
Lorsque la liste des participants à la conférence est affichée, appuyez sur
MàJ.
Savoir qui a organisé la
conférence
La liste des participants à la conférence étant affichée, recherchez le
participant qui apparaît au bas de la liste, avec un astérisque (*) en regard
de son nom.
Exclure un participant de la
conférence
La liste étant affichée, mettez en surbrillance le nom du participant, puis
appuyez sur Suppr.
Abandonner le dernier
interlocuteur à avoir rejoint la
conférence
Alors que la liste des participants à la conférence est affichée, appuyez sur
SupDerA ou sur Supprimer dernier participant.
Pour... Procédez comme suit :3-25
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 3 Traitement des appels avec Cisco IP Communicator
Traitement des fonctions d'appel avancées
Traitement des fonctions d'appel avancées
Les tâches avancées de traitement des appels font intervenir des fonctions
spéciales (non standard) que votre administrateur système peut configurer sur
Cisco IP Communicator en fonction de vos besoins et de votre environnement de
travail. Par défaut, vous ne pouvez pas accéder à ces fonctions.
• Utilisation de la fonction de mobilité de poste de Cisco, page 3-26
• Traitement des appels professionnels à l'aide d'un seul numéro de téléphone,
page 3-27
• Utilisation de la fonction de mobilité de poste de Cisco, page 3-26
• Déconnexion de groupes de recherche, page 3-29
• Suivi des appels suspects, page 3-31
• Donner la priorité aux appels critiques, page 3-32
• Redirection d'un appel entrant vers Cisco IP Communicator, page 3-33
• Rappel d'une ligne occupée dès qu'elle devient disponible, page 3-34
• Utilisation des indicateurs de fonction de ligne occupée pour déterminer l'état
d'une ligne, page 3-34
• Utilisation de lignes partagées, page 3-35
• Établissement ou prise d'appels intercom, page 3-38Chapitre 3 Traitement des appels avec Cisco IP Communicator
Traitement des fonctions d'appel avancées
3-26
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Utilisation de la fonction de mobilité de poste de Cisco
La fonctionnalité de mobilité de poste de Cisco (EM, Cisco Extension Mobility)
permet de configurer temporairement un téléphone Cisco Unified IP comme étant
le vôtre. Lorsque vous vous connectez à EM, le téléphone adopte votre profil
utilisateur, vos lignes téléphoniques, vos fonctions, vos services établis et vos
paramètres Web. Seul l'administrateur système peut configurer la mobilité de
poste.
Conseils
• Vous êtes automatiquement déconnecté de la mobilité de poste au bout d'un
certain temps. Ce délai est déterminé par l'administrateur système.
• Les modifications que vous apportez à votre profil de mobilité de poste dans
les pages Web Options utilisateur sont prises en compte immédiatement si
vous êtes connecté à la fonction de mobilité de poste par téléphone. Sinon,
elles ne seront prises en compte qu'à votre prochaine connexion.
• Les modifications que vous apportez à votre téléphone dans les pages Web
Options utilisateur sont prises en compte immédiatement si vous êtes
déconnecté d'EM. Sinon, elles prendront effet après votre déconnexion.
• Les paramètres locaux réglables sur le téléphone ne sont pas enregistrés dans
votre profil de mobilité de poste.
Pour... Procédez comme suit :
Vous connecter
au service EM
1. Cliquez sur le bouton Services et sélectionnez Service EM (le nom de la
fonction peut varier).
2. Saisissez votre ID utilisateur et votre numéro d'identification personnel
(fournis par votre administrateur système).
3. Si vous y êtes invité, sélectionnez un profil de périphérique.
Vous déconnecter
du service EM
1. Cliquez sur le bouton Services et sélectionnez Service EM (le nom de la
fonction peut varier).
2. Lorsque vous êtes invité à vous déconnecter, appuyez sur Oui.3-27
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 3 Traitement des appels avec Cisco IP Communicator
Traitement des fonctions d'appel avancées
Traitement des appels professionnels à l'aide d'un seul numéro
de téléphone
Lorsque Mobile Connect et Mobile Voice Access sont installés, vous pouvez
utiliser votre téléphone portable pour traiter les appels associés au numéro de
votre téléphone de bureau. Un smartphone est un téléphone portable doté de
fonctionnalités d'ordinateur personnel telles que la navigation Web, la messagerie
électronique, le carnet d'adresses et le calendrier.
Pour... Procédez comme suit :
Configurer Mobile Connect Utilisez les pages Web Options utilisateur Cisco Unified CM pour
configurer des destinations distantes et créer des listes d'accès pour
autoriser ou bloquer le transfert d'appels provenant de numéros
spécifiques vers ces destinations distantes. Voir Configuration de
téléphones et de listes d'accès pour la connexion mobile, page 7-12.
Répondre à un appel sur
votre téléphone portable
Vo ir Réponse à un appel, page 3-9.
Passer un appel en cours de
votre téléphone de bureau à
un téléphone portable
Vo ir Transfert d'un appel en cours vers un autre téléphone, page 3-17.
Mettre en attente un appel
pris sur votre smartphone
1. Appuyez sur la touche de mise en attente d'appel professionnel (le
nom de la fonction peut varier) du smartphone.
Votre interlocuteur est mis en attente.
2. Sur votre smartphone, appuyez sur la touche de fonction Reprend.
(le nom de la fonction peut varier) du smartphone. Voir Transfert
d'un appel en cours vers un autre téléphone, page 3-17.
Transférer un appel pris sur
un smartphone vers un autre
numéro
1. Appuyez sur la touche de fonction de transfert d'appel
professionnel (le nom de la fonction peut varier) du smartphone.
2. Composez le code d'accès de transfert d'appel de votre société pour
initier un nouvel appel. Votre interlocuteur est mis en attente.
3. Appuyez sur la touche de fonction de transfert d'appel
professionnel pour terminer le transfert d'appel.Chapitre 3 Traitement des appels avec Cisco IP Communicator
Traitement des fonctions d'appel avancées
3-28
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Initier une conférence
téléphonique lors d'un appel
pris sur un smartphone
1. Appuyez sur la touche de fonction de conférence professionnelle (le
nom de la fonction peut varier) du smartphone.
2. Composez le code d'accès de conférence de votre société pour
initier un nouvel appel. Votre interlocuteur est mis en attente.
3. Appuyez sur la touche de fonction de conférence professionnelle
pour finir de configurer la conférence et inclure les deux
interlocuteurs dans la conférence.
Obtenir la fonction d'accès
vocal mobile (Mobile Voice
Access)
1. À partir de n'importe quel téléphone, composez le numéro d'accès
vocal mobile qui vous a été attribué.
2. Saisissez le numéro depuis lequel vous appelez, si vous y êtes invité,
et votre numéro d'identification personnel.
Activer la connexion mobile
(Mobile Connect) à partir de
votre téléphone portable
1. Composez le numéro d'accès vocal mobile qui vous a été attribué.
2. Saisissez votre numéro de téléphone portable (si vous y êtes invité),
et votre numéro d'identification personnel.
3. Appuyez sur 2 pour activer la connexion mobile.
4. Choisissez d'activer la connexion mobile pour tous les téléphones
configurés ou pour un seul :
– Tous les téléphones : saisissez 2.
– Un seul téléphone : saisissez 1, puis le numéro à ajouter en tant
que destination distante, suivi de #.
Désctiver la connexion
mobile (Mobile Connect) à
partir de votre téléphone
portable
1. Composez le numéro d'accès vocal mobile qui vous a été attribué.
2. Saisissez votre numéro de téléphone portable (si vous y êtes invité),
et votre numéro d'identification personnel.
3. Appuyez sur 3 pour désactiver la connexion mobile.
4. Choisissez de désactiver la connexion mobile pour tous les
téléphones configurés ou pour un seul :
– Tous les téléphones : saisissez 2.
– Un seul téléphone : saisissez 1, puis le numéro à supprimer en
tant que destination distante, suivi de #.
Pour... Procédez comme suit :3-29
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 3 Traitement des appels avec Cisco IP Communicator
Traitement des fonctions d'appel avancées
Stockage et récupération des appels parqués
Lorsque vous souhaitez stocker un appel, vous pouvez le parquer pour qu'une
autre personne ou vous-même puissiez le récupérer sur un autre téléphone (par
exemple, le téléphone du bureau d'un collègue ou celui d'une salle de conférence)
du système de traitement des appels. Le parcage d'appel est une fonction spéciale
que votre administrateur système peut paramétrer pour vous.
Remarque Vous disposez d'undélai limité pour récupérer l'appel avant qu'il recommence à sonner
sur le poste auquel il était destiné à l'origine. Consultez votre administrateur
système pour connaître ce délai.
Rubriques connexes
• Comment traiter les appels simples, page 3-1
• Utilisation des fonctions Attente et Reprise, page 3-12
• Transfert d'un appel connecté, page 3-14
Déconnexion de groupes de recherche
Si votre entreprise reçoit un volume importantd 'appels entrants, vous pouvez être
membre d'un groupe de recherche. Un groupe de recherche inclut une série de
numéros de répertoire partageant la charge des appels entrants. Lorsque le
premier numéro de répertoire du groupe de recherche est occupé, le système
recherche le prochain numéro de répertoire disponible dans le groupe et dirige les
appels vers ce téléphone.
Pour... Procédez comme suit :
Stocker un appel actif à
l'aide de la fonction de
parcage d'appel
Au cours d'un appel, cliquez sur Parquer (vous devrez peut-être cliquer
au préalable sur la touche de fonction autres). Cette opération indique à
Cisco IP Communicator qu'il doit stocker l'appel. Notez le numéro de
parcage d'appels affiché sur l'écran du téléphone et raccrochez.
Récupérer un appel parqué Entrez le numéro de parcage sur n'importe quel téléphone
Cisco IP Communicator ou téléphone IP Cisco du réseau pour vous
connecter à l'appel.Chapitre 3 Traitement des appels avec Cisco IP Communicator
Traitement des fonctions d'appel avancées
3-30
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Lorsque vous n'êtes pas à votre poste, vous pouvez vous déconnecter des groupes
de recherche pour que votre téléphone ne sonne pas.
Conseil La déconnexion des groupes de recherche n'empêche pas votre téléphone de
sonner lorsque d'autres appels arrivent.
Emission et réception d'appels sécurisés
Selon la configuration que votre administrateur système a choisie pour votre
système téléphonique, Cisco IP Communicator peut prendre en charge
l'établissement et la réception d'appels sécurisés.
Cisco IP Communicator prend en charge les types d'appel suivants :
• Appel authentifié : l'identité de tous les téléphones participant à l'appel a été
vérifiée.
• Appel chiffré : le téléphone reçoit et transmet des données audio chiffrées
(votre conversation) sur le réseau IP Cisco. Les appels chiffrés sont
également authentifiés.
• Appel non sécurisé : au moins un des téléphones participant à l'appel ou la
connexion ne prennent pas en charge cette fonction de sécurité ou il n'est pas
possible de vérifier l'identité des téléphones.
Pour... Procédez comme suit :
Vous déconnecter des groupes
de recherche pour bloquer
temporairement les appels de
groupes de recherche
Appuyez sur Groupmt ou sur Groupe de recherche. L'écran du
téléphone affiche le texte « Déconnecté du grpe rech. »
Vous connecter pour recevoir
des appels des groupes de
recherche
Appuyez sur Groupmt ou sur Groupe de recherche. Lorsque vous
êtes connecté, le bouton Groupe de recherche est allumé.3-31
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 3 Traitement des appels avec Cisco IP Communicator
Traitement des fonctions d'appel avancées
Remarque Des interactions, des restrictions et des limites affectent le fonctionnement des
fonctions de sécurité sur Cisco IP Communicator. Pour en savoir plus, contactez
votre administrateur système.
Suivi des appels suspects
Si vous recevez des appels suspects ou malveillants, votre administrateur système
peut ajouter la fonction d'identification des appels malveillants (IDAM) sur votre
téléphone. Cette fonction vous permet d'identifier un appel actif comme suspect,
ce qui lance une série de messages automatisés de suivi et de notification. Le
système de traitement des appels peut alors identifier et enregistrer la source de
l'appel entrant sur le réseau.
Pour... Procédez comme suit :
Contrôler le niveau de sécurité d’un
appel
Regardez si l'une des icônes de sécurité suivantes apparaît en
haut à droite de la zone d'activité des appels, en regard de
l'indicateur de durée d'appel :
Appel authentifié ou conférence
Appel chiffré ou conférence
Si ces icônes ne sont pas affichées, l'appel n'est pas sécurisé.
Déterminer s'il est possible de passer
des appels sécurisés au sein de votre
société
Contactez votre administrateur système.
Pour... Procédez comme suit :
Informer votre
administrateur système d'un
appel suspect ou malveillant
Appuyez sur IDAM.
Vous entendez une tonalité et le message IDAM réussie s'affiche sur
votre téléphone.Chapitre 3 Traitement des appels avec Cisco IP Communicator
Traitement des fonctions d'appel avancées
3-32
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Donner la priorité aux appels critiques
Dans certains environnements spécialisés, tels que des bureaux de l’Armée ou de
l’État, il se peut que vous ayez besoin de passer et de recevoir des appels urgents
ou critiques. Si vous avez besoin de ce traitement spécialisé des appels, votre
administrateur système peut ajouter une fonction de préséance et préemption à
plusieurs niveaux (MLPP) sur votre téléphone.
Il est utile de se souvenir des termes suivants :
• La préséance indique la priorité associée à un appel.
• La préemption est le processus qui permet de mettre fin à un appel existant
dont la priorité est inférieure, tout en acceptant un appel de priorité supérieure
qui est envoyé vers votre téléphone.
Si... Procédez comme suit :
Souhaitez pouvoir choisir le niveau de
priorité (préséance) d’un appel sortant
Contactez votre administrateur système pour obtenir la liste
des numéros de priorité correspondant aux appels.
Souhaitez passer un appel prioritaire
(qui a la préséance)
Entrez le numéro d'accès MLPP (que vous a fourni votre
administrateur système), puis le numéro de téléphone.
Entendez une sonnerie différente (plus
rapide que d'habitude) ou une tonalité
d'attente spéciale
Vous recevez un appel prioritaire (qui a la préséance). Une
icône MLPP s'affiche sur l'écran de votre téléphone pour
indiquer le niveau de priorité de l'appel.
Souhaitez afficher le niveau de priorité
d’un appel
Recherchez une icône MLPP sur l'écran de votre téléphone :
Appel prioritaire
Appel d’importance moyenne (immédiat)
Appel très important (rapide)
Appel de la plus haute importance (suppression
rapide) ou appel prioritaire
Les appels les plus importants s’affichent en haut de la liste
des appels. Si aucune icône MLPP n'apparaît, l'appel est un
appel normal (routine).
Vous entendez une tonalité continue
qui interrompt votre appel
Cela signifie que vous ou votre interlocuteur recevez un appel
qui est prioritaire sur l'appel en cours. Raccrochez
immédiatement pour permettre à l'appel plus important de
sonner sur votre téléphone.3-33
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 3 Traitement des appels avec Cisco IP Communicator
Traitement des fonctions d'appel avancées
Conseils
• Lorsque vous passez ou recevez un appel compatible MLPP, vous entendez
une sonnerie et une tonalité d'attente spéciales, différentes des sonnerie et
tonalité standard.
• Si vous entrez un numéro d’accès MLPP incorrect, un message vocal vous en
avertit.
• Un appel MLPP garde son statut prioritaire lorsque vous :
– le mettez en attente
– le transférez
– l'ajoutez à une conférence
– y répondez par interception.
• La fonction MLPP est prioritaire sur la fonction NPD (Ne pas déranger).
Redirection d'un appel entrant vers Cisco IP Communicator
La fonction d'interception d'appels vous permet de réacheminer un appel en
sonnerie sur le téléphone d'un collègue vers votre Cisco IP Communicator pour
que vous puissiez répondre à cet appel. L'interception d'appels est une fonction
spéciale que votre administrateur système peut configurer pour vous, en fonction
de vos besoins en matière de gestion d'appels et de votre environnement de travail.
Par exemple, vous pouvez avoir besoin de cette fonction si vous partagez avec vos
collègues des responsabilités au niveau de la gestion des appels.
Pour... Procédez comme suit :
Répondre à un appel en sonnerie sur
un autre poste de votre groupe
Cliquez sur un bouton de ligne disponible et sur Intrcpt.
L'appel sonne sur votre ligne.
Répondre à un appel en sonnerie sur
un autre poste en dehors du groupe
Cliquez sur un bouton de ligne disponible et sur GrpIntr.
Entrez le code d'interception du groupe fourni par votre
administrateur système. L'appel sonne sur votre ligne.
Répondre à un appel en sonnerie, que
ce soit sur un autre poste de votre
groupe ou sur celui d'un groupe
associé
Cliquez sur un bouton de ligne disponible et sur AGrpIntr. Chapitre 3 Traitement des appels avec Cisco IP Communicator
Traitement des fonctions d'appel avancées
3-34
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Conseils
• Pour prendre l'appel qui sonne depuis plus longtemps, appuyez sur Intrcpt
ou sur GrpIntr.
• Pour prendre l'appel du groupe d'interception qui a la plus haute priorité,
appuyez sur AGrpIntr.
Rubriques connexes
• Transfert d'un appel connecté, page 3-14
Rappel d'une ligne occupée dès qu'elle devient disponible
Si le numéro que vous appelez est occupé ou ne répond pas, vous pouvez
configurer Cisco IP Communicator pour vous avertir dès que la ligne devient
disponible. Pour configurer la notification, composez le numéro et cliquez sur
Rappel lorsque vous entendez la tonalité occupé ou la sonnerie. Ensuite,
raccrochez.
Lorsque le poste se libère, vous recevez un signal sonore et visuel sur votre
téléphone. Le rappel du numéro n'est pas automatique ; vous devrez passer
l'appel. Le rappel d'un numéro est une fonction spéciale que votre administrateur
système peut configurer pour vous sur votre téléphone.
Conseil Le rappel ne fonctionne pas si le renvoi d'appels est activé sur le poste de votre
interlocuteur.
Utilisation des indicateurs de fonction de ligne occupée pour
déterminer l'état d'une ligne
Selon la configuration, vous pouvez utiliser les indicateurs de fonction de ligne
occupée (FLO) pour déterminer l'état d'une ligne téléphonique associée à un
bouton de numérotation abrégée, un journal d'appels, ou une liste de répertoire de
votre Cisco IP Communicator. Vous pouvez appeler cette ligne quel que soit l'état
de l'indicateur FLO. Cette fonction n'empêche pas de composer un numéro.3-35
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 3 Traitement des appels avec Cisco IP Communicator
Traitement des fonctions d'appel avancées
Utilisation de lignes partagées
Votre administrateur système peut vous affecter une ligne partagée. Une ligne
partagée est utilisée principalement dans les cas suivants:
• Vous souhaitez utiliser une même ligne pour plusieurs téléphones, afin que
votre téléphone de bureau et votre téléphone Cisco IP Communicatorsoient
associés au même numéro de poste, par exemple 23456. Dans ce cas, tous les
appels entrants destinés au numéro de poste 23456 sonneront sur le téléphone
Cisco IP Communicator et sur le téléphone de bureau et vous pourrez prendre
l'appel sur l'un ou l'autre.
• Plusieurs personnes partagent une même ligne. Par exemple, vous êtes
directeur et vous partagez une ligne et un poste avec votre assistant. Tous les
appels entrants destinés au numéro de poste partagé sonneront alors
simultanément sur votre téléphone et celui de votre assistant. Si votre
assistant répond, vous pourrez utiliser la fonction de ligne partagée intitulée
« Insertion » afin de participer à la conversation engagée.
Pour... Procédez comme suit :
Afficher l'état d'une
ligne de numérotation
abrégée
Recherchez l'un des indicateurs suivant près du numéro de ligne :
+ La ligne est en cours d'utilisation.
+ La ligne est inactive.
L'indicateur FLO n'est pas disponible ou n'est pas configuré pour
cette ligne.
+ La ligne est en mode Ne pas déranger.
Afficher l'état d'une
ligne figurant dans un
journal d'appels ou un
répertoire
Recherchez l'un des indicateurs suivant près du numéro de ligne :
La ligne est en cours d'utilisation.
La ligne est inactive.
L'indicateur FLO n'est pas disponible pour cette ligne.
La ligne est en mode Ne pas déranger.Chapitre 3 Traitement des appels avec Cisco IP Communicator
Traitement des fonctions d'appel avancées
3-36
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
• Pour plus d'informations sur les lignes partagées, consultez votre
administrateur système. Les fonctions de ligne partagée telles que la fonction
Insertion ne s'appliquent pas aux lignes standard, non partagées.
Rubriques connexes
• Procédure pour se connecter personnellement à un appel sur une ligne
partagée, page 3-36
• Procédures pour empêcher d'autres personnes d'afficher ou de se joindre à un
appel sur une ligne partagée, page 3-37
Procédure pour se connecter personnellement à un appel sur une ligne partagée
Si vous utilisez une ligne partagée, vous pouvez rejoindre une conversation en
cours à l'aide de l'option Insertion. Quand vous utilisez cette fonction, tous les
autres interlocuteurs de l'appel entendent un bip signalant votre présence. Lorsque
vous raccrochez, les autres interlocuteurs entendent une tonalité de déconnexion
et l'appel initial continue. La fonction Insertion s'applique aux lignes partagées
uniquement.
Pour... Procédez comme suit :
Intégrer un appel en cours sur une
ligne partagée
Sélectionnez l'appel sur l'écran du téléphone et cliquez sur
Insert (vous devrez peut-être cliquer auparavant sur la touche
de fonction autres).
Terminer un appel en insertion sur
une ligne partagée
Raccrochez.3-37
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 3 Traitement des appels avec Cisco IP Communicator
Traitement des fonctions d'appel avancées
Conseils
• Vous serez déconnecté de l'appel en cours que vous avez intégré sur une ligne
partagée si cet appel est mis en attente, transféré ou transformé en conférence
téléphonique.
• Vous ne pouvez pas répondre à un appel sur une autre ligne lorsque vous
intervenez dans un appel en cours sur une ligne partagée.
• Cliquez sur un bouton de ligne vert lorsque l'appel est actif pour revenir à
l'écran principal. Vous obtiendrez ainsi la liste de tous les appels actifs.
Rubriques connexes
• Comment traiter les appels simples, page 3-1
• Utilisation des indicateurs de fonction de ligne occupée pour déterminer l'état
d'une ligne, page 3-34
• Procédures pour empêcher d'autres personnes d'afficher ou de se joindre à un
appel sur une ligne partagée, page 3-37
Procédures pour empêcher d'autres personnes d'afficher ou de se joindre à un
appel sur une ligne partagée
Si vous partagez une ligne téléphonique, vous pouvez utiliser la fonctionnalité de
confidentialité pour empêcher les personnes qui partagent votre ligne d'afficher
vos appels ou de s'y joindre.
Pour... Procédez comme suit :
Empêcher d'autres personnes
d’afficher des appels sur une ligne
partagée ou de s'y connecter
1. Appuyez sur Confidentiel.
2. Pour vérifier que la fonction de confidentialité est désactivée,
vérifiez la présence de l'icône de la fonction désactivée en
regard d'un bouton de ligne de couleur orange.
Autoriser d'autres personnes à
afficher ou à se joindre aux appels
sur une ligne partagée
1. Appuyez sur Confidentiel.
2. Pour vérifier que la fonction de confidentialité est désactivée,
vérifiez la présence de l'icône de la fonction désactivée en
regard d'un bouton de ligne de couleur éteint.Chapitre 3 Traitement des appels avec Cisco IP Communicator
Traitement des fonctions d'appel avancées
3-38
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Conseils
• Si vous partagez la ligne avec un téléphone dont la fonction de confidentialité
est activée, vous pouvez passer et recevoir des appels normalement sur la
ligne partagée.
• La fonction de confidentialité s’applique à toutes les lignes partagées de votre
téléphone. Par conséquent, si vous avez plusieurs lignes partagées et que la
fonction de confidentialité est activée, vos collègues ne pourront pas afficher
les appels sur vos lignes partagées, ni s'y joindre.
Rubriques connexes
• Comment traiter les appels simples, page 3-1
• Utilisation des indicateurs de fonction de ligne occupée pour déterminer l'état
d'une ligne, page 3-34
• Procédure pour se connecter personnellement à un appel sur une ligne
partagée, page 3-36
Établissement ou prise d'appels intercom
Vous pouvez passer un appel intercom vers un téléphone cible qui réponde
automatiquement à l'appel en mode Haut-parleur et coupure du microphone. Les
appels intercom unidirectionnels permettent d'envoyer un bref message à leur
destinataire. Si le destinataire utilise un combiné ou un casque, il entend le
message dans ce périphérique. Si le destinataire a déjà un appel en cours, celui-ci
se poursuit simultanément.
Le destinataire de l'appel reçoit une tonalité d'alerte intercom et peut alors choisir de :
• Écouter l'appelant, son microphone étant coupé (il peut écouter l'appelant,
mais ce dernier ne peut pas l'entendre).
• Mettre fin à l'appel intercom en appuyant sur la touche de fonction FinApp.
après avoir sélectionné l'appel intercom. Utilisez cette option si vous ne
souhaitez pas écouter le message.
• Parler à l'appelant en appuyant sur le bouton intercom actif, en utilisant le
combiné, le casque ou le haut-parleur. L'appel intercom devient une
connexion bidirectionnelle au cours de laquelle vous pouvez parler avec
l'appelant.
Lorsque vous utilisez la fonction intercom, souvenez-vous que :3-39
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 3 Traitement des appels avec Cisco IP Communicator
Traitement des fonctions d'appel avancées
• À partir d'une ligne intercom, vous ne pouvez appeler que d'autres lignes
intercom.
• Vous ne pouvez utiliser qu'une ligne intercom à la fois.
• Vous ne pouvez pas prendre ou passer d'appel intercom si votre appel actif est
surveillé ou enregistré.
• Vous ne pouvez pas mettre un appel intercom en attente.
Remarque Si vous vous connectez à votre téléphone de bureau tous les jours à l'aide de votre
profil de mobilité de poste, vérifiez que votre administrateur système a configuré
votre profil de mobilité de poste en y incluant la fonction intercom.
Pour... Procédez comme suit :
Passer un appel intercom vers une
cible intercom préconfigurée
1. Appuyez sur une ligne intercom cible.
2. Attendez jusqu'à ce que vous entendiez la tonalité d'alerte
intercom.
3. Commencez à parler.
Passer un appel intercom vers un
numéro intercom
1. Appuyez sur une ligne intercom cible.
2. Procédez comme suit :
– Entrez le numéro intercom cible.
– Appuyez sur le numéro abrégé de votre cible.
3. Attendez jusqu'à ce que vous entendiez la tonalité d'alerte
intercom.
4. Commencez à parler.
Recevoir un appel intercom Lorsque vous entendez la tonalité d'alerte intercom, vous pouvez
traiter l'appel de l'une des manières suivantes :
• Écouter le message en audio unidirectionnel.
• Appuyer sur une ligne intercomme orange active pour parler
à l'appelant. (La ligne devient verte lorsque l'appel devient
bidirectionnel.)
• Appuyez sur Fin app. après avoir sélectionné l'appel
intercom pour déconnecter ce dernier.Chapitre 3 Traitement des appels avec Cisco IP Communicator
Traitement des fonctions d'appel avancées
3-40
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01C H A P I T R E
4-1
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
4
Personnalisation des paramètres sur
Cisco IP Communicator
• Accès aux paramètres, page 4-1
• Réglage du volume d'un appel, page 4-2
• Personnalisation des sonneries et des indicateurs de message, page 4-3
• Personnalisation de l'écran du téléphone, page 4-4
• Affichage et personnalisation des préférences, page 4-5
Accès aux paramètres
Voici des informations utiles concernant les paramètres de Cisco IP Communicator :
• Vous pouvez accéder à la plupart des paramètres en choisissant Préférences dans
le menu. Vous pouvez accéder au menu à partir de l'icône de menu dans la barre
de boutons de contrôle de la fenêtre, en cliquant avec le bouton droit dans
l'interface, ou en appuyant sur Maj+ F10
• Les paramètres associés aux sonneries et aux images d'arrière-plan peuvent être
définis en choisissant bouton Paramètres > Préférences utilisateur.
• La plupart des paramètres sont accessibles dans IP Communicator, mais
quelques-uns d'entre eux sont accessibles en ligne via vos pages Web
Options utilisateur. Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator
Réglage du volume d'un appel
4-2
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Remarque Si vous n'obtenez pas de réponse lorsque vous appuyez sur le bouton Paramètres,
il est possible que votre administrateur système ait désactivé cette touche sur votre
téléphone. Pour plus d'informations, contactez votre administrateur système.
Rubriques connexes
• Affichage et personnalisation des préférences, page 4-5
• Personnalisation des sonneries et des indicateurs de message, page 4-3
• Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2
Réglage du volume d'un appel
.
Conseils
• Vous pouvez régler le volume uniquement pour le mode audio actif. Si vous
augmentez le volume en mode Haut-parleur, par exemple, le volume du mode
Casque demeure inchangé.
• Si vous réglez le volume d'un mode audio sans enregistrer la modification, le
niveau précédent sera rétabli lorsque vous réutiliserez ce mode.
• Si vous réglez le volume d'un périphérique audio directement sur celui-ci (par
exemple, si vous réglez les contrôles de volume de l'ordinateur), il est
possible que la fenêtre Vérifier les paramètres audio apparaisse au prochain
démarrage de Cisco IP Communicator. Voir Utilisation de l'Assistant de
réglage audio, page 1-6.
Pour... Procédez comme suit :
Régler le volume au
cours d'un appel
Cliquez sur le bouton Volume ou appuyez sur les touches Page préc./Page
suiv au cours d'un appel ou après avoir déclenché la tonalité. Cliquez sur
Enreg. pour adopter le nouveau volume comme niveau par défaut du mode
audio actif.
Vous pouvez également régler le niveau du volume à l'aide des options de
réglage de l'ordinateur ou des réglages disponibles sur le périphérique audio
(voir la section Conseils pour plus d'informations sur la procédure à suivre).
Régler le volume de la
sonnerie
Cliquez sur le bouton Vo lume alors que Cisco IP Communicator est raccroché
(aucun appel et aucune tonalité en cours). Le nouveau volume de la sonnerie
est automatiquement enregistré.4-3
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator
Personnalisation des sonneries et des indicateurs de message
Personnalisation des sonneries et des indicateurs
de message
Vous pouvez personnaliser la manière dont Cisco IP Communicator signale la
présence d'un appel entrant ou d'un nouveau message vocal sur chacune de vos
lignes. La personnalisation des sonneries et autres indicateurs peut vous aider à
différencier rapidement plusieurs lignes. Par exemple, vous pouvez sélectionner
un pépiement d'oiseau pour indiquer que l'appel entrant est sur la ligne1 et un
battement de tambour pour les appels entrants sur la ligne 2. Les options des pages
Web Options utilisateur Cisco Unified CM peuvent varier. Si vous ne parvenez
pas à trouver une option, contactez votre administrateur système.
Pour... Procédez comme suit :
Utiliser une mélodie
différente pour chaque ligne
1. Cliquez sur le bouton Paramètres et sélectionnez Préférences
utilisateur> Sonneries.
2. Choisissez une ligne téléphonique ou la sonnerie par défaut.
3. Sélectionnez une sonnerie pour en entendre un échantillon.
4. Appuyez sur Sélect. et sur Enreg. pour utiliser cette sonnerie, ou
appuyez sur Annuler.
Modifier la séquence de la
sonnerie (clignotement
seulement, une sonnerie, bip
seulement, etc.)
1. Sélectionnez Options utilisateur Cisco Unified CM dans le menu
contextuel.
2. Accédez aux pages Web Options utilisateur Cisco Unified CM.
3. Sélectionnez votre périphérique.
4. Cliquez sur Paramètres de ligne, et effectuez des sélections dans la
section Paramètres de sonnerie.Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator
Personnalisation de l'écran du téléphone
4-4
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Rubriques connexes
• Réglage du volume d'un appel, page 4-2
• Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2
Personnalisation de l'écran du téléphone
Rubriques connexes
• Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2
Modifier le comportement
de l'indicateur de message
vocal
1. Sélectionnez Options utilisateur Cisco Unified CM dans le menu
contextuel.
2. Accédez aux pages Web Options utilisateur Cisco Unified CM.
3. Sélectionnez votre périphérique.
4. Cliquez sur Paramètres de ligne, et effectuez vos modifications
dans la section Indicateur de messages en attente. En général, la
stratégie par défaut est de toujours allumer l'indicateur lorsque vous
recevez un nouveau message vocal.
Notez l'emplacement de l'indicateur de messages en attente :
• Si vous utilisez le mode par défaut (clic droit > Apparences >
Mode par défaut), l'indicateur est la bande lumineuse qui apparaît
sur le côté gauche de l'interface.
• Si vous utilisez le mode compact (clic droit > Apparences > Mode
compact), l'indicateur est l'icône d'enveloppe clignotante à côté du
bouton de ligne.
Pour... Procédez comme suit :
Pour... Procédez comme suit :
Modifier l'image
d'arrière-plan de l'écran
du téléphone
Cliquez sur le bouton Paramètres et sélectionnez >Préférences
utilisateur > Images d'arrière-plan. Cliquez sur le bouton affiché à gauche
de l'image à utiliser, cliquez sur Sélect., puis sur Aperçu pour afficher
l'arrière-plan. Cliquez sur Quitter pour revenir au menu de sélection.
Cliquez sur Enreg. pour accepter l'image ou sur Annuler pour revenir au
paramètre précédemment enregistré.
Modifier la langue de
l'écran de votre
téléphone
Connectez-vous à vos pages Web Options utilisateur Cisco Unified CM et
sélectionnez votre périphérique. Sélectionnez Options utilisateur >
Paramètres utilisateur, modifiez les informations sur la langue de
l'utilisateur, puis cliquez sur Enreg.4-5
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator
Affichage et personnalisation des préférences
Affichage et personnalisation des préférences
Vous pouvez accéder à la plupart des paramètres de Cisco IP Communicator par
le biais de la fenêtre Préférences (clic droit > Préférences).
• Paramètres utilisateur, page 4-5
• Paramètres réseau, page 4-7
• Paramètres audio, page 4-8
• Affectation de modes audio, page 4-9
• Paramètres audio du réseau, page 4-13
• Paramètres audio avancés, page 4-13
• Paramètres de répertoire, page 4-15
Paramètres utilisateur
Vous pouvez accéder à l'onglet Utilisateur de la fenêtre Préférences (clic droit >
Préférences > onglet Utilisateur).
Élément Description
Pour plus d'informations,
consultez...
Activer la
journalisation
Lorsque cette option est activée, votre administrateur
système peut extraire des journaux Cisco IP
Communicator détaillés pour procéder à la résolution
de problèmes.
Votre administrateur système peut vous demander
d'activer ce paramètre.
Dépannage
Cisco IP Communicator,
page 8-1
Fermer masque
l'application
Lorsque vous activez cette fonctionnalité puis fermez
l'application, CIPC n'est pas fermé : il est caché dans
l'icône de la barre d'état système . Double-cliquez sur
l'icône de la barre d'état système pour restaurer
l'application. Cette fonctionnalité est activée par
défaut.
Passer un appel, page 3-3Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator
Affichage et personnalisation des préférences
4-6
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Rubriques connexes
• Paramètres réseau, page 4-7
• Paramètres audio, page 4-8
• Paramètres de répertoire, page 4-15
Ramener au
premier plan lors
d'un appel actif
Lorsque cette option est activée, l'application est
affichée au-dessus de toutes les autres lorsqu'un appel
entrant arrive. Lorsque l'option est désactivée,
l'application n'est pas affichée au-dessus des autres
lorsqu'un appel entrant arrive. Les seuls éléments
indiquant l'arrivée de l'appel sont la sonnerie et la
fenêtre intempestive de notification.
Réponse à un appel, page 3-9
Masquer la
notification
d'appel entrant
Lorsque cette option, le message de notification
d'appel entrant ne s'affiche plus lorsqu'un appel
arrive.
Réponse à un appel, page 3-9
Utiliser la valeur
par défaut
(Serveur TFTP)
Lorsque cette option est sélectionnée, l'adresse du
serveur TFTP spécifiée dans l'onglet Paramètres
réseau est utilisée. Il s'agit de la valeur par défaut.
Le format est le suivant :
http:///utilisateurccm
Votre administrateur système vous indiquera si
vous devez modifier ce paramètre.
Chapitre 7, “Personnalisation
de Cisco IP Communicator à
l'aide des options utilisateur
Cisco Unified CM”
Utiliser une URL
spécifique
Saisissez une autre URL à utiliser lors de
l'ouverture de la page Options utilisateur Cisco
Unified CM. Utilisez le format suivant :
http:///utilisateurccm
Votre administrateur système vous indiquera si
vous devez modifier ce paramètre.
Chapitre 7, “Personnalisation
de Cisco IP Communicator à
l'aide des options utilisateur
Cisco Unified CM”
Élément Description
Pour plus d'informations,
consultez...4-7
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator
Affichage et personnalisation des préférences
Paramètres réseau
Vous pouvez accéder à l'onglet Réseau de la fenêtre Préférences (clic droit >
Préférences > onglet Réseau).
Attention La modification de ces paramètres risque d'entraîner une panne sur votre
téléphone. Ne modifiez pas ces paramètres avant d'avoir consulté votre
administrateur système.
Rubriques connexes
• Paramètres audio, page 4-8
• Paramètres de répertoire, page 4-15
Élément Description
Pour plus d'informations,
consultez...
Utiliser l'adaptateur
réseau pour générer le
nom de périphérique
Ce paramètre, défini immédiatement après
l'installation, permet à Cisco IP
Communicator de s'identifier sur le réseau ; il
n'est pas utilisé pour les transmissions audio.
C'est pourquoi vous n'avez pas besoin de
modifier ce paramètre une fois qu'il a été
défini, à moins que vous ne supprimiez ou
désactiviez définitivement la carte réseau
sélectionnée. Dans ce cas, contactez votre
administrateur système avant de sélectionner
une autre carte.
Si vous disposez de plusieurs cartes réseau et
si vous êtes invité à en choisir une
immédiatement après l'installation de Cisco IP
Communicator, votre administrateur système
vous indiquera quelle carte utiliser.
Configuration et
enregistrement
Cisco IP Communicator,
page 1-9
Utiliser ce nom de
périphérique
Ce paramètre permet de saisir un nom de
périphérique en texte libre que Cisco IP
Communicator pourra utiliser pour s'identifier
auprès du réseau. Votre administrateur
système vous fournira le nom du périphérique.
Configuration et
enregistrement
Cisco IP Communicator,
page 1-9
Zone Serveurs TFTP Cette zone permet d'indiquer les serveurs
TFTP ou de rétablir l'utilisation du serveur
TFTP par défaut. Votre administrateur vous
indiquera si vous devez modifier ce paramètre.
Configuration et
enregistrement
Cisco IP Communicator,
page 1-9Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator
Affichage et personnalisation des préférences
4-8
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Paramètres audio
Vous pouvez accéder à l'onglet Audio de la fenêtre Préférences (clic droit >
Préférences > onglet Audio).
Rubriques connexes
• Affectation de modes audio, page 4-9
• Paramètres audio du réseau, page 4-13
• Paramètres audio avancés, page 4-13
Élément Description Pour plus d'informations, voir...
Zone
Périphériques
pour les modes
audio
Cette zone permet d'associer un périphérique à un
mode audio. La liste déroulante affiche les
périphériques audio actuellement disponibles,
installés avant le démarrage de Cisco IP
Communicator.
Pour des informations sur le paramètre
Périphérique audio Windows par défaut, voir
Sélection d'un mode audio, page 4-9.
• Installation de
périphériques audio avant
le lancement initial,
page 1-3
• Affectation de modes
audio, page 4-9
• Utilisation de casques
d'écoute et d'autres
périphériques audio avec
Cisco IP Communicator,
page 5-1
Zone
Périphérique
pour la sonnerie
Cette zone permet d'associer un périphérique à la
sonnerie.
Installation de périphériques
audio avant le lancement
initial, page 1-3
Optimiser pour
une bande
passante étroite
Si vous utilisez Cisco IP Communicator sur une
connexion à distance (par exemple, la connexion
VPN de votre domicile ou d'un hôtel), vous
risquez de rencontrer des problèmes de qualité
vocale en raison d'une bande passante
insuffisante. Lorsque vous utilisez Cisco IP
Communicator sur une connexion à distance, vous
pouvez éviter les éventuels problèmes de son
robotisé.et d'autres problèmes en activant l'option
Optimiser pour une bande passante étroite.
Dépannage
Cisco IP Communicator,
page 8-1
Bouton Réseau Ce bouton permet d'ouvrir la fenêtre Paramètres
audio réseau.
Paramètres audio du réseau,
page 4-13
Bouton Avancés Ce bouton permet d'ouvrir la fenêtre Paramètres
audio avancés.
Paramètres audio avancés,
page 4-134-9
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator
Affichage et personnalisation des préférences
Affectation de modes audio
Vous devez affecter un mode audio à chaque périphérique audio utilisé avec Cisco
IP Communicator :
• mode Casque
• mode Haut-parleur
• mode Combiné
• mode de sonnerie
La sélection d'un mode audio indique à Cisco IP Communicator quels
périphériques audio utiliser pour les entrées et les sorties audio.
Au démarrage initial de Cisco IP Communicator, vous pouvez affecter des
périphériques audio à des modes audio à l'aide de l'Assistant de réglage audio.
Vous pouvez ensuite affecter des périphériques audio aux modes en cliquant avec
le bouton droit dans Cisco IP Communicator et en sélectionnant Préférences >
onglet Audio.
Rubriques connexes
• Installation de périphériques audio avant le lancement initial, page 1-3
• Sélection d'un mode audio, page 4-9
• Activation d'un mode audio, page 4-11
• À propos des périphériques audio des listes déroulantes Audio, page 4-12
Sélection d'un mode audio
Par défaut, Cisco IP Communicator sélectionne un périphérique audio pour tous
les modes audio et pour la sonnerie. Il peut s'agir d'une carte son, par exemple. Si
vous disposez de plusieurs périphériques audio, vous bénéficiez d'options de
configuration supplémentaires. Par exemple, si vous utilisez un casque USB, vous
pouvez le sélectionner pour le mode Casque et l'activer en cliquant sur le bouton
Casque.Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator
Affichage et personnalisation des préférences
4-10
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Vous pouvez conserver la configuration par défaut ou la personnaliser. Si vous
décidez de personnaliser la configuration, suivez les recommandations ci-après :
• Si vous utilisez un casque USB, associez-le au mode Casque.
• Si vous utilisez un haut-parleur USB externe, associez-le au mode
Haut-parleur.
• Si vous utilisez un combiné USB, associez-le au mode Combiné.
• Si vous utilisez un casque analogique, associez la carte son de l'ordinateur au
mode Casque.
• Si vous ne disposez pas d'un haut-parleur externe, sélectionnez la carte son
de l'ordinateur pour le mode Haut-parleur.
• Associez la sonnerie au périphérique qui doit vous signaler les appels
entrants. Notez toutefois que si vous associez la sonnerie à une carte son et
branchez un casque analogique sur l'ordinateur, vous n'entendrez pas le
téléphone sonner si vous ne portez pas le casque.
Conseil Vous pouvez utiliser les paramètres de lecture et d'enregistrement du son du
Panneau de configuration de Windows (Sons et multimédia > onglet Audio ou
Sons et périphériques audio > onglet Audio pour Windows XP) comme
périphériques audio de Cisco IP Communicator. Dans la fenêtre Préférences de
Cisco IP Communicator (clic droit > Préférences > onglet Audio), sélectionnez
Périphérique audio Windows par défaut dans le liste déroulante pour un ou
plusieurs paramètres et cliquez sur OK. Utilisez cette méthode pour utiliser un
périphérique pour la lecture du son et un autre (par exemple, un microphone de
caméra VT) pour l'enregistrement du son.
Rubriques connexes
• Activation d'un mode audio, page 4-11
• À propos des périphériques audio des listes déroulantes Audio, page 4-124-11
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator
Affichage et personnalisation des préférences
Activation d'un mode audio
Rubriques connexes
• Sélection d'un mode audio, page 4-9
• À propos des périphériques audio des listes déroulantes Audio, page 4-12
• Utilisation d'un casque, page 5-2
• Utilisation de votre ordinateur comme poste téléphonique à haut-parleur,
page 5-4
• Utilisation d'un combiné USB, page 5-5
Pour... Procédez comme suit :
Activer le mode Casque Cliquez sur le bouton Casque (éteint). Cette action active le
périphérique que vous avez sélectionné pour ce mode.
Si vous souhaitez adopter le mode Casque comme mode par défaut,
cliquez sur le bouton Casque (éteint) et sur FinApp.
Le mode Casque restera le mode audio par défaut tant que le bouton
Casque sera allumé (sauf si un combiné USB est activé).
Activer le mode Haut-parleur Cliquez sur le bouton Haut-parleur. Cette action active le
périphérique que vous avez sélectionné pour ce mode.
Par défaut, le mode Haut-parleur est activé lorsque vous cliquez sur
les touches de fonction, les boutons de ligne et les boutons de
numérotation abrégée (sauf si un combiné USB est activé).
Activer le mode Combiné Décrochez à l'aide du combiné USB (à condition que ce
périphérique soit disponible et associé au mode Combiné). La
méthode employée pour décrocher le combiné USB dépend de la
façon dont le combiné est conçu. Vous devrez peut-être appuyer sur
un interrupteur ou sur un bouton de mise en route.
Activer la sonnerie La sonnerie est activée quand vous recevez un appel.Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator
Affichage et personnalisation des préférences
4-12
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
À propos des périphériques audio des listes déroulantes Audio
Les listes déroulantes Audio de l'onglet Audio (clic droit > Préférences > onglet
Audio) contiennent un ou plusieurs périphériques audio. Voici quelques
informations sur le contenu de ces listes :
• Si un seul périphérique audio est installé au démarrage de Cisco IP
Communicator, un seul périphérique audio apparaît dans chaque liste.
• Tous les périphériques audio installés ne figurent pas dans les listes des
modes audio. Les périphériques présentés dans ces menus sont ceux
nécessitant des pilotes (combinés USB, casques USB et cartes son).
• Les périphériques audio analogiques, qui se branchent dans les prises audio
de l'ordinateur, ne figurent pas dans les listes de modes audio. Cisco IP
Communicator ne fait aucune distinction entre les périphériques audio
analogiques et votre carte son. Pour sélectionner un périphérique analogique,
sélectionnez votre carte son
• Si aucun périphérique audio USB installé et aucune carte son ne figurent dans
la liste, vérifiez que le périphérique est inséré et relancez Cisco IP
Communicator. Cisco IP Communicator ne reconnaît que les périphériques
audio qui sont installés et branchés lors du lancement de l'application.)
Remarque Si le système d'exploitation Windows trouve des périphériques audio et si
Périphérique audio Windows par défaut apparaît dans la liste déroulante,
consultez Sélection d'un mode audio, page 4-9.
Rubriques connexes
• Installation de périphériques audio avant le lancement initial, page 1-3
• Utilisation de l'Assistant de réglage audio, page 1-6
• Affichage et personnalisation des préférences, page 4-5
• Suppression et réinstallation de périphériques audio, page 5-64-13
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator
Affichage et personnalisation des préférences
Paramètres audio du réseau
Vous pouvez accéder à l'onglet Audio du réseau de la fenêtre Préférences (clic
droit > Préférences > onglet Audio> bouton Réseau).
Attention La modification de ces paramètres risque d'entraîner une panne sur votre
téléphone. Ne modifiez pas ces paramètres avant d'avoir consulté votre
administrateur système.
Rubriques connexes
• Paramètres audio, page 4-8
• Paramètres audio avancés, page 4-13
• Dépannage Cisco IP Communicator, page 8-1
Paramètres audio avancés
Vous pouvez accéder aux paramètres audio avancés dans la fenêtre Préférences
(clic droit > Préférences > onglet Audio> bouton Avancés).
Élément Description
Zone Adresse IP audio Le paramètre par défaut de cette zone est Détecter
automatiquement. Ne le modifiez que si l'administrateur
système vous le demande.
Zone Plage de ports audio Le paramètre par défaut de cette zone est Utiliser la plage de
ports par défaut. Ne le modifiez que si l'administrateur système
vous le demande.Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator
Affichage et personnalisation des préférences
4-14
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Élément Description Pour plus d'informations, voir...
Mode Sélectionne le mode audio (haut-parleur, casque
ou combiné) auquel appliquer les modifications.
• Affectation de modes audio,
page 4-9
• Utilisation de casques
d'écoute et d'autres
périphériques audio avec
Cisco IP Communicator,
page 5-1
Noise Suppression
Enabled (Annulation
du bruit active)
Tente de supprimer les bruits de fond entendus
dans le microphone et qui interfèrent avec votre
voix. L'annulation du bruit est activée par défaut.
Dépannage
Cisco IP Communicator, page 8-1
Levels of
Aggressiveness
(Niveaux
d'agressivité)
Définit le degré d'annulation du bruit.
L'annulation de bruit minimale est la valeur par
défaut.
Vous devez augmenter le niveau d'agressivité
d'un cran si votre interlocuteur se plaint de ne
pas bien vous entendre à cause des bruits de
fond.
Ne passez pas directement d'un extrême à
l'autre ; par exemple, passez toujours du niveau
minimum au niveau moyen, et du niveau moyen
au niveau maximum. Tentez de sélectionner le
mode le moins agressif pour réduire ou éliminer
le bruit.
Remarque En changeant le niveau
d'agressivité, vous risquez de
modifier également la manière
dont votre voix est transmise.
Votre interlocuteur risque
d'entendre une voix robotisée ou
métallique.
Dépannage
Cisco IP Communicator, page 8-14-15
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator
Affichage et personnalisation des préférences
Rubriques connexes
• Paramètres audio, page 4-8
• Paramètres audio du réseau, page 4-13
Paramètres de répertoire
Vous pouvez accéder à l'onglet Répertoires de la fenêtre Préférences (clic droit >
Préférences > onglet Répertoires).
Avant d'utiliser la fonction Recherche rapide pour consulter les répertoires
d'entreprise, vous devrez peut-être entrer un nom d'utilisateur et un mot de passe
dans la fenêtre Répertoires. Essayez tout d'abord d'utiliser la fonction Recherche
rapide sans entrer ces informations. Si la fonction ne répond pas, demandez vos
nom d'utilisateur et mot de passe pour la fenêtre Répertoires à votre
administrateur système et entrez ces informations ici.
Vous devez également indiquer vos nom d'utilisateur et mot de passe pour les
répertoires dans cette fenêtre si vous souhaitez utiliser la fonction Recherche
rapide pour consulter votre Carnet d'adresses personnel.
Rubriques connexes
• Utilisation du répertoire personnel, page 6-7
• Saisie d'informations de mot de passe pour la fonction Recherche rapide,
page 6-11
Bouton OK Enregistre toutes les modifications effectuées
(y compris les changements apportés aux
modes qui ne sont pas actuellement
sélectionnés).
Affectation de modes audio,
page 4-9
Bouton Appliquer à
tous
Applique les paramètres du mode audio
actuellement sélectionné à tous les autres
modes audio.
Affectation de modes audio,
page 4-9
Élément Description Pour plus d'informations, voir...Chapitre 4 Personnalisation des paramètres sur Cisco IP Communicator
Affichage et personnalisation des préférences
4-16
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01C H A P I T R E
5-1
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
5
Utilisation de casques d'écoute et
d'autres périphériques audio avec
Cisco IP Communicator
Ce chapitre décrit comment utiliser des périphériques tels qu'un combiné, un
casque d'écoute et les haut-parleurs et le microphone de l'ordinateur avec les
modes audio de Cisco IP Communicator (mode Combiné, mode Casque et mode
Haut-parleur).
• Obtention de périphériques audio, page 5-1
• Utilisation d'un casque, page 5-2
• Utilisation de votre ordinateur comme poste téléphonique à haut-parleur,
page 5-4
• Utilisation d'un combiné USB, page 5-5
• Suppression et réinstallation de périphériques audio, page 5-6
Obtention de périphériques audio
Votre administrateur système vous fournira peut-être des périphériques audio. Si
vous prévoyez d'en acheter, demandez à votre administrator système de vous
fournir la plus récente liste de périphériques pris en charge.Chapitre 5 Utilisation de casques d'écoute et d'autres périphériques audio avec Cisco IP Communicator
Utilisation d'un casque
5-2
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Utilisation d'un casque
Vous pouvez utiliser un casque USB ou un casque analogique avec
Cisco IP Communicator.
• Les casques USB sont dotés de fiches plates et rectangulaires qui se branchent
dans un port USB de votre ordinateur.
• Les casques analogiques sont dotés de fiches rondes qui se branchent dans les
connecteurs audio de l'ordinateur.
Les casques analogiques fonctionnent avec la carte son de l'ordinateur et ne
nécessitent pas de pilote de périphérique.
Le tableau suivant indique comment utiliser un casque pour passer et prendre des
appels.
Pour... Procédez comme suit :
Utiliser un casque
pour passer et
prendre des appels
Vérifiez que le bouton Casque est activé (allumé) pour indiquer que
Cisco IP Communicator fonctionne en mode Casque. Vous pouvez activer et
désactiver le mode Casque en cliquant sur le bouton Casque ou à l'aide du
raccourci clavier Ctrl + H.
Si vous utilisez un casque en tant que périphérique audio principal, il est utile de
garder le bouton Casque allumé même après la fin d'un appel, en cliquant sur
FinApp. au lieu d'appuyer sur le bouton Casque pour raccrocher. Lorsque le
bouton Casque n'est pas allumé, Cisco IP Communicator utilise le mode
Haut-parleur comme mode audio par défaut. Cisco IP Communicator répond à
l'activation de touches de fonctions et de boutons de numérotation abrégée, ainsi
qu'à d'autres fonctionnalités, en acheminant l'audio par le biais du mode actif.
Vous pouvez utiliser un casque avec tous les contrôles de
Cisco IP Communicator, y compris le bouton Volume et le bouton Secret.
Remarque Bien que les casques analogiques fonctionnent en mode
Haut-parleur, leur utilisation en mode Casque permet
d'améliorer la qualité du son.5-3
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 5 Utilisation de casques d'écoute et d'autres périphériques audio avec Cisco IP Communicator
Utilisation d'un casque
Conseil La fonction Réponse automatique est une fonction spéciale que votre
administrateur système peut activer pour vous si vous recevez un volume
important d'appels entrants, ou si vous gérez les appels d'autres personnes.
Lorsque la fonction Réponse automatique est activée, Cisco IP Communicator
répond automatiquement aux appels téléphoniques et les achemine par le biais du
mode Haut-parleur ou du mode Casque, selon votre configuration.
Rubriques connexes
• Comment traiter les appels simples, page 3-1
• Affectation de modes audio, page 4-9
• Utilisation de votre ordinateur comme poste téléphonique à haut-parleur,
page 5-4
Utiliser un casque
analogique comme
périphérique audio
unique
Suivez les directives décrites à la ligne précédente. Souvenez-vous que la
sonnerie n'est audible que par le biais des haut-parleurs de votre casque lorsque
ce dernier est branché dans votre ordinateur. Vous devez porter votre casque pour
pouvoir entendre la sonnerie du téléphone.
Utiliser la fonction
Réponse
automatique avec
un casque
Gardez le bouton Casque activé (allumé) en cliquant sur FinApp pour
raccrocher. (Cliquez d'abord sur le bouton Casque si nécessaire). Lorsque le
bouton Casque est allumé, Cisco IP Communicator fonctionne en mode Casque.
Passer au mode
Casque pendant un
appel
Cliquez sur le bouton Casque ou utilisez le raccourci clavier Ctrl + H. Si vous
utilisiez un combiné USB avant le changement de mode, vous pouvez l'éteindre
ou le raccrocher.
Pour... Procédez comme suit :Chapitre 5 Utilisation de casques d'écoute et d'autres périphériques audio avec Cisco IP Communicator
Utilisation de votre ordinateur comme poste téléphonique à haut-parleur
5-4
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Utilisation de votre ordinateur comme poste
téléphonique à haut-parleur
Vous pouvez utiliser la carte son de l'ordinateur pour passer et prendre des appels
en mode Haut-parleur.
Conseil La fonction Réponse automatique est une fonction spéciale que votre
administrateur système peut activer pour vous si vous recevez un volume
important d'appels entrants, ou si vous gérez les appels d'autres personnes.
Lorsque la fonction Réponse automatique est activée, Cisco IP Communicator
répond automatiquement aux appels téléphoniques et les achemine par le biais du
mode Haut-parleur ou du mode Casque, selon votre configuration.
Pour... Procédez comme suit :
Utiliser votre ordinateur
comme un téléphone à
haut-parleur pour passer
et prendre des appels
Vérifiez que le bouton Haut-parleur est allumé pour vous assurer que
Cisco IP Communicator fonctionne en mode Haut-parleur. À l'encontre des
autres modes, le mode Haut-parleur permet la suppression de l'écho. Vous
pouvez activer et désactiver le mode Haut-parleur en cliquant sur le bouton
Haut-parleur ou à l'aide du raccourci clavier Ctrl + P.
Le mode Haut-parleur est activé par défaut. Cela signifie que de nombreuses
actions nécessaires pour passer ou prendre un appel (telles que l'utilisation
d'un bouton de numérotation abrégée ou d'une touche de fonction)
déclenchent automatiquement le mode Haut-parleur.
Remarque Lorsqu'un casque analogique est branché sur votre ordinateur,
vous ne pouvez pas entendre de son par le biais des
haut-parleurs de l'ordinateur en mode Haut-parleur.
Passer au mode
Haut-parleur pendant un
appel
Cliquez sur le bouton Haut-parleur ou utilisez le raccourci clavier Ctrl + P.
Si vous utilisiez un combiné avant le changement de mode, éteignez-le ou
raccrochez-le.
Utiliser le haut-parleur
de l'ordinateur comme
sonnerie pour vous
avertir des appels
entrants
Vérifiez que votre carte son est affectée au mode Sonnerie et que vous n'avez
pas coupé le son du haut-parleur de l'ordinateur. Si vous branchez un casque
analogique sur votre ordinateur, la sonnerie n'est audible que par le biais des
haut-parleurs du casque.
Utiliser la fonction
Réponse automatique
en mode Haut-parleur
Cliquez sur le bouton Haut-parleur pour passer, prendre ou mettre fin à des
appels, pour ouvrir et fermer des lignes et pour passer d'un autre
périphérique audio au mode Haut-parleur. Comme le mode Haut-parleur est
activé par défaut, il n'est pas nécessaire de garder le bouton correspondant
allumé comme pour le mode Casque.5-5
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 5 Utilisation de casques d'écoute et d'autres périphériques audio avec Cisco IP Communicator
Utilisation d'un combiné USB
Rubriques connexes
• Comment traiter les appels simples, page 3-1
• Affectation de modes audio, page 4-9
• Utilisation d'un casque, page 5-2
• Utilisation d'un combiné USB, page 5-5
Utilisation d'un combiné USB
Vous devez affecter un combiné USB au mode Combiné. Cette configuration
permet à Cisco IP Communicator de savoir si le combiné est raccroché
ou décroché, pour que vous puissiez, par exemple, mettre fin à un appel en
raccrochant le combiné USB. Pour plus d'informations sur cette affectation, voir
Affectation de modes audio, page 4-9.
Rubriques connexes
• Installation de périphériques audio avant le lancement initial, page 1-3
• Comment traiter les appels simples, page 3-1
• Utilisation d'un casque, page 5-2
• Utilisation de votre ordinateur comme poste téléphonique à haut-parleur,
page 5-4
• Suppression et réinstallation de périphériques audio, page 5-6
Pour... Procédez comme suit :
Passer ou mettre fin à un appel à
l'aide du combiné
Activer ou désactiver le combiné USB. De nombreux combinés sont
dotés d'un crochet commutateur ou d'un interrupteur. Soulevez le
combiné ou activez-le pour le décrocher.
Vous pouvez utiliser un combiné USB avec tous les contrôles de
Cisco IP Communicator, y compris le bouton Volume et le bouton
Secret.
Passer au mode Combiné
pendant un appel
Soulevez le combiné (ou activez-le comme il convient). Chapitre 5 Utilisation de casques d'écoute et d'autres périphériques audio avec Cisco IP Communicator
Suppression et réinstallation de périphériques audio
5-6
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Suppression et réinstallation de périphériques audio
Si vous utilisez Cisco IP Communicator sur un ordinateur portable, vous devrez
sans doute souvent supprimer et réinstaller les périphériques audio lorsque vous
vous déplacez. Le tableau suivant contient des informations sur la réinstallation
d'un périphérique audio lorsque vous êtes prêt à l'utiliser de nouveau.
Pour... Procédez comme suit :
Réinstaller un
combiné USB, un
casque USB ou une
carte son
préalablement réglés
1. Installer le périphérique audio (par exémple, branchez le combiné USB)
lorsque Cisco IP Communicator n'est pas en cours d'exécution.
2. Lancez Cisco IP Communicator.
3. Sélectionnez le périphérique et réglez-le si nécessaire. Vous pouvez accéder
manuellement à l'Assistant de réglage audio par le biais de
Cisco IP Communicator (cliquez avec le bouton droit de la souris sur>
Préférences > onglet Audio).
4. Si nécessaire, affectez le périphérique aux modes audio souhaités.
Installer un nouveau
périphérique lorsque
l'application est en
cours d'exécution et
l'utiliser comme
périphérique audio de
Cisco IP Communica
tor
1. Cliquez avec le bouton droit de la souris sur > Préférences > onglet Audio,
et sélectionnez le périphérique dans la liste déroulante pour le mode audio.
2. Cliquez sur OK.
3. Réglez le périphérique lorsque l'Assistant de réglage audio est
automatiquement lancé.
Définissez un
périphérique
spécifique à utiliser
lors du prochain
appel
1. Vérifiez que Cisco IP Communicator est en cours d'exécution.
2. Configurez-le pour utiliser le périphérique Windows par défaut (cliquez avec
le bouton droit de la souris sur > Préférences > onglet Audio et
sélectionnez Périphérique audio Windows par défaut).
3. Connectez un nouveau périphérique et définissez-le comme périphérique
audio Windows par défaut dans le Panneau de configuration de Windows.
4. Lancez manuellement l'Assistant de réglage audio (cliquez avec le bouton
droit de la souris sur > Assistant de réglage audio) pour régler ce
périphérique avant de l'utiliser.
Si vous redémarrez l'application sans avoir réglé le périphérique, l'Assistant de
réglage audio est automatiquement lancé afin que vous puissiez régler le
périphérique, et Cisco IP Communicator utilise ce périphérique lors du prochain
appel.5-7
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 5 Utilisation de casques d'écoute et d'autres périphériques audio avec Cisco IP Communicator
Suppression et réinstallation de périphériques audio
Conseils
• Chaque fois que vous le lancez, Cisco IP Communicator vérifie que le
périphérique audio que vous avez utilisé lors de votre session pécédente est
présent. Si le périphérique est introuvable, Cisco IP Communicator vous
invite à le brancher.
• Si vous installez un périphérique audio qui nécessite des pilotes de
périphérique (un combiné USB, un casque USB ou une carte son) après le
lancement de Cisco IP Communicator, ce dernier ne reconnaîtra pas le
périphérique tant que vous n'aurez pas lancé à nouveau l'application.
L'Assistant de réglage audio est automatiquement lancé afin que vous
puissiez régler le périphérique.
• Si vous utilisez Cisco IP Communicator sur une connexion à distance,
établissez la connectivité VPN avant de lancer Cisco IP Communicator.
• Si vous réinstallez un combiné ou un casque USB sur un poste de travail
Microsoft Vista, assurez-vous que le système d'exploitation détecte le
périphérique USB. Sinon, Cisco IP Communicator ne pourra pas le trouver.
Rubriques connexes
• Installation de périphériques audio avant le lancement initial, page 1-3
• Utilisation de l'Assistant de réglage audio, page 1-6
• Affectation de modes audio, page 4-9
• Suppression et réinstallation de périphériques audio, page 5-6Chapitre 5 Utilisation de casques d'écoute et d'autres périphériques audio avec Cisco IP Communicator
Suppression et réinstallation de périphériques audio
5-8
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01C H A P I T R E
6-1
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
6
Utilisation de la messagerie vocale,
des journaux d'appels et des
répertoires sur Cisco IP Communicator
• Accès aux messages vocaux, page 6-1
• Utilisation des journaux d'appels, page 6-3
• Composition à partir d'un répertoire, page 6-5
• Utilisation du répertoire personnel, page 6-7
Accès aux messages vocaux
Votre société détermine le service de messagerie vocale utilisé par votre système
téléphonique. Pour obtenir des informations précises et détaillées sur ce service,
consultez la documentation correspondante. Le tableau suivant fournit une vue
d'ensemble des fonctionnalités du service de messagerie vocale.Chapitre 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires sur
Accès aux messages vocaux
6-2
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Rubriques connexes
• Contrôle des paramètres de ligne, page 7-10
• Personnalisation des sonneries et des indicateurs de message, page 4-3
Pour... Procédez comme suit :
Configurer et
personnaliser votre
service de messagerie
vocale
Cliquez sur le bouton Messages et suivez les invites vocales. Si un menu
apparaît à l'écran de votre téléphone, sélectionnez l'élément de menu
approprié.
Consulter vos nouveaux
messages vocaux
Recherchez :
• Un témoin lumineux rouge fixe sur votre combiné. (Cet indicateur peut
varier.)
• Une icône d'enveloppe clignotante et un message texte sur l'écran du
téléphone.
Remarque Le témoin lumineux rouge et l'icône de message en attente ne
s'affichent que lorsque vous avez un message sur votre ligne
principale, même si des messages vocaux arrivent sur d'autres
lignes.
Vé r if iez s i :
Une tonalité accélérée se fait entendre dans le combiné, le casque ou le
haut-parleur lorsque vous passez un appel.
Remarque La tonalité accélérée est propre à la ligne. Vous ne l'entendez que
lorsque vous utilisez la ligne associée au message en attente.
Écouter vos messages
vocaux ou accéder au
menu des messages
vocaux
Cliquez sur le bouton Messages. Selon le service de messagerie vocale dont
vous disposez, cette opération compose automatiquement le numéro du
service de messagerie ou affiche un menu à l'écran.
Transférer un appel vers
votre système de
messagerie vocale
Cliquez sur Rvoi Im. La fonction Rvoi Im transfère automatiquement un
appel (y compris un appel en sonnerie ou en attente) vers votre système de
messagerie vocale. Les appelants entendent le message d'accueil de votre
messagerie vocale et peuvent vous laisser un message.6-3
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires sur Cisco IP Communicator
Utilisation des journaux d'appels
Utilisation des journaux d'appels
Cisco IP Communicator tient à jour des journaux d'appels. Les journaux
contiennent les enregistrement de vos appels en absence, passés et reçus.
Pour... Procédez comme suit :
Afficher les
journaux d’appels
Cliquez sur le bouton Répertoires et choisissez Appels en absence, Appels
composés ou Appels reçus. Chaque journal peut contenir un nmaximum de 100
enregistrements.
Afficher les détails
d'un enregistrement
d'appel
1. Cliquez sur le bouton Répertoires et choisissez Appels en absence, Appels
composés ou Appels reçus.
2. Mettre un enregistrement d'appel en surbrillance
3. Appuyez sur Détails. Cette action permet d'afficher des informations
comme le numéro appelé, le numéro de l'appelant, l'heure et la durée de
l'appel (uniquement pour les appels passés et reçus).
Effacer les
enregistrements
d'appels de tous les
journaux
Cliquez sur le bouton Répertoires puis sur Effacer.
Effacer tous les
enregistrements
d'appels d'un journal
1. Cliquez sur le bouton Répertoires et choisissez Appels en absence, Appels
composés ou Appels reçus.
2. Mettre un enregistrement d'appel en surbrillance
3. Appuyez sur Effacer. (Vous devrez peut-être appuyer d'abord sur la touche
de fonction autres pour afficher le bouton Effacer).
Effacer un seul
enregistrement
d'appel
1. Cliquez sur le bouton Répertoires et choisissez Appels en absence, Appels
composés ou Appels reçus.
2. Mettre un enregistrement d'appel en surbrillance
3. Cliquez sur Supprimer. Chapitre 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires sur
Utilisation des journaux d'appels
6-4
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Rubriques connexes
• Utilisation des indicateurs de fonction de ligne occupée pour déterminer l'état
d'une ligne, page 3-34
Composer un
numéro à partir d'un
journal d'appel (sans
être déjà en ligne)
1. Cliquez sur le bouton Répertoires et choisissez Appels en absence, Appels
composés ou Appels reçus.
2. Mettre un enregistrement d'appel en surbrillance
Remarque Si la touche de fonction Détails apparaît, l'appel est l'entrée
principale d'un appel à plusieurs interlocuteurs.
3. Pour afficher le numéro, appuyez sur ModNum puis sur << ou >>. Pour
supprimer le numéro, appuyez sur ModNum puis sur Supprimer. (Vous
devrez peut-être appuyer d'abord sur la touche de fonction autres pour
afficher le bouton Supprimer).
4. Décrochez pour passer l'appel.
Composer un
numéro à partir d'un
journal d'appel (en
étant déjà en ligne)
1. Cliquez sur le bouton Répertoires et choisissez Appels en absence, Appels
composés ou Appels reçus.
2. Mettre un enregistrement d'appel en surbrillance
3. Pour afficher le numéro, appuyez sur ModNum puis sur << ou >>. Pour
supprimer le numéro, appuyez sur ModNum puis sur Supprimer. (Vous
devrez peut-être appuyer d'abord sur la touche de fonction autres pour
afficher le bouton Supprimer).
4. Appuyez sur Compos.
5. Choisissez ensuite un élément de menu pour traiter l'appel initial :
– Attente : met le premier appel en attente et compose le second.
– Transfert : transfère le premier interlocuteur vers le second et vous
déconnecte de l'appel. Sélectionnez à nouveau cette option après avoir
composé le numéro pour terminer l'opération.
– Conférence : établit une conférence téléphonique entre tous les
interlocuteurs, vous y compris. (Appuyez à nouveau sur Conf. ou
Conférence après avoir composé le numéro pour terminer l'opération.)
– FinApp. : déconnecte le premier appel et compose le second.
Voir si la ligne
figurant dans le
journal d'appels est
occupée avant
d'appeler cette ligne
Recherchez des indicateurs de fonction de ligne occupée.
Afficher l'historique
des appels intercom
Cliquez sur le bouton Répertoires et sélectionnez Historique intercom. Les
détails des 25 plus récents appels intercom sont enregistrés. Il est impossible de
composer des numéros intercom à partir de cette liste.
Pour... Procédez comme suit :6-5
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires sur Cisco IP Communicator
Composition à partir d'un répertoire
Composition à partir d'un répertoire
Selon sa configuration, Cisco IP Communicator peut proposer des fonctionnalités
de répertoire d'entreprise et personnel :
• Répertoire d'entreprise : contacts professionnels auxquels vous pouvez
accéder sur Cisco IP Communicator. Il est configuré et géré par votre
administrateur système.
• Répertoire personnel : il s'agit, le cas échéant, de contacts personnels et des
codes de numérotation abrégée associés que vous pouvez configurer et
auxquels vous pouvez accéder à partir de Cisco IP Communicator et de vos
pages Web Options utilisateur Cisco Unified CM. Le répertoire personnel
comprend le carnet d'adresses personnel et les numéros abrégés :
– Le carnet d'adresses personnel est un répertoire contenant vos contacts
personnels.
– Les numéros abrégés sont des codes affectés aux entrées du carnet
d'adresses personnel pour permettre leur composition rapide.Chapitre 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires sur
Composition à partir d'un répertoire
6-6
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Utilisation du répertoire d’entreprise
Rubriques connexes
• Utilisation des indicateurs de fonction de ligne occupée pour déterminer l'état
d'une ligne, page 3-34
Pour... Procédez comme suit :
Composer un numéro à
partir d'un répertoire
d'entreprise (sans être
déjà en ligne)
1. Appuyez sur le bouton Répertoires, puis sélectionnez Répertoire
d'entreprise (le nom exact de ce service peut varier).
2. Saisissez un nom complet ou partiel à l'aide du clavier, puis appuyez sur
Recher.
3. Pour composer un numéro, appuyez dessus dans la liste ou recherchez-le
en faisant défiler la liste et décrochez le combiné.
Composer un numéro à
partir d'un répertoire
d'entreprise (lorsque
vous êtes déjà en ligne)
1. Appuyez sur le bouton Répertoires, puis sélectionnez Répertoire
d'entreprise (le nom exact de ce service peut varier).
2. Saisissez un nom complet ou partiel à l'aide du clavier, puis appuyez sur
Recher.
3. Faites défiler la liste jusqu'au numéro souhaité et appuyez sur Sélect.
4. Choisissez ensuite un élément de menu pour traiter l'appel initial :
– Attente : met le premier appel en attente et compose le second.
– Transfert : transfère le premier interlocuteur vers le second et vous
déconnecte de l'appel. Sélectionnez à nouveau cette option après
avoir composé le numéro pour terminer l'opération.
– Conférence : établit une conférence téléphonique entre tous les
interlocuteurs, vous y compris. (Appuyez à nouveau sur Conf. ou
Conférence après avoir composé le numéro pour terminer
l'opération.)
– FinApp. : déconnecte le premier appel et compose le second.
Vérifier si la ligne de
téléphone du répertoire
est occupée
Vérifiez la présence d'indicateurs d'affichage de ligne occupé (FLO). 6-7
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires sur Cisco IP Communicator
Composition à partir d'un répertoire
Utilisation du répertoire personnel
Les fonctions du répertoire personnel comprennent le carnet d'adresses personnel
et les numéros abrégés.
Pour... Procédez comme suit :
Accéder au répertoire
personnel (pour le
carnet d'adresses
personnel et les codes
de numérotation
abrégée)
1. Cliquez sur le bouton Répertoires, puis sélectionnez Répertoire
personnel (le nom exact de ce service peut varier).
2. Saisissez votre ID utilisateur et votre PIN Cisco Unified Communications
Manager, puis appuyez sur Soum.
Rechercher une
entrée dans le carnet
d'adresses personnel
1. Accédez au répertoire personnel, puis sélectionnez Carnet d'adresses
personnel.
2. Saisissez des critères de recherche, puis appuyez sur Soum.
3. Vous pouvez cliquer sur Préc. ou sur Suivant pour passer d'une entrée à
l'autre.
4. Mettez en surbrillance l'entrée de carnet d'adresses personnel de votre
choix et appuyez sur Sélect.
Composer un numéro
à partir d’une entrée
du carnet d’adresses
personnel
1. Recherchez une entrée.
2. Mettez l'entrée en surbrillance, puis appuyez sur Sélect.
3. Appuyez sur Compos. (Vous devrez peut-être d'abord cliquer sur la
touche de fonction autres pour afficher le bouton Compos.)
4. Entrez le numéro de téléphone du participant.
5. Mettez en surbrillance le numéro à composer et cliquez sur OK.
6. Appuyez de nouveau sur OK pour composer le numéro.
Supprimer une entrée
du carnet d'adresses
personnel
1. Recherchez une entrée.
2. Mettez l'entrée en surbrillance, puis appuyez sur Sélect.
3. Cliquez sur Supprimer.
4. Cliquez sur OK pour confirmer la suppression.Chapitre 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires sur
Composition à partir d'un répertoire
6-8
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Modifier une entrée
du carnet d'adresses
personnel
1. Recherchez une entrée.
2. Mettez l'entrée en surbrillance et appuyez surModif. pour changer un nom
ou une adresse électronique.
3. Si nécessaire, sélectionnez Téléph. pour modifier un numéro de
téléphone.
4. Cliquez sur MàJ.
Ajouter une nouvelle
entrée au carnet
d'adresses personnel
1. Accédez au répertoire personnel, puis sélectionnez Carnet d'adresses
personnel.
2. Accéder à la page Recherche en sélectionnant Soum. (Il n'est pas
nécessaire d'entrer les critères de recherche au préalable.)
3. Cliquez sur Nouveau.
4. Utilisez le clavier de votre téléphone pour saisir un nom et les informations
de l'adresse électronique.
5. Sélectionnez Téléph. et utilisez le clavier pour saisir des numéros de
téléphone. Prenez soin d'inclure tous les codes d'accès nécessaires, comme
9 ou 1.
6. Sélectionnez Soum. pour ajouter l'entrée à la base de données.
Affecter un code de
numérotation abrégée
à une entrée du carnet
d'adresses personnel
1. Rechercher l'entrée dans le carnet d'adresses personnel.
2. Mettez l'entrée en surbrillance, puis appuyez sur Sélect.
3. Appuyez sur Numéro abrégé.
4. Mettez en surbrillance le numéro à composer et appuyez sur Sélect.
5. Mettez en surbrillance le code de numérotation abrégée à affecter au
numéro, puis appuyez sur Sélect.
Ajouter un code de
numérotation abrégée
(sans utiliser une
entrée du carnet
d’adresses personnel)
1. Cliquez sur le bouton Répertoires et sélectionnez Répertoire personnel>
Numéros abrégés personnels.
2. Appuyez sur Numéro abrégé.
3. Mettez en surbrillance un code de numérotation abrégée non affecté, puis
appuyez sur Sélect.
4. Appuyez sur Affecter.
5. Entrez un numéro de téléphone
6. Cliquez sur MàJ.
Pour... Procédez comme suit :6-9
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires sur Cisco IP Communicator
Composition à partir d'un répertoire
Conseils
• L’administrateur système peut vous fournir l’ID utilisateur et le code PIN
nécessaires pour vous connecter au répertoire personnel.
• Vous êtes automatiquement déconnecté du répertoire personnel au bout d'un
certain temps. Ce délai est variable. Pour plus d'informations, contactez votre
administrateur système.
Rubriques connexes
• Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2
• Utilisation de votre Carnet d'adresses personnel, page 7-3
• Configuration de numéros abrégés, page 7-4
Rechercher des codes
de numérotation
abrégée
1. Cliquez sur le bouton Répertoires et sélectionnez Numéros abrégés
personnels.
2. Vous pouvez cliquer sur Préc. ou sur Suivant pour passer d'une entrée à
l'autre.
3. Mettez en surbrillance l'entrée de votre choix et appuyez sur Sélect.
Passer un appel à
l’aide d’un code de
numérotation abrégée
1. Recherchez un code de numérotation abrégée.
2. Mettez en surbrillance l'entrée de votre choix et appuyez sur Sélect.
3. Appuyez sur Compos.
4. Appuyez sur OK pour terminer l'opération.
Supprimer un code de
numérotation abrégée
1. Recherchez un code de numérotation abrégée.
2. Mettez en surbrillance l'entrée de votre choix et appuyez sur Sélect.
3. Appuyez sur Suppr.
Vous déconnecter du
répertoire personnel
1. Cliquez sur le bouton Répertoires, puis sélectionnez Répertoire
personnel (le nom exact de ce service peut varier).
2. Choisissez Déconn.
Pour... Procédez comme suit :Chapitre 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires sur
Utilisation de la fonction Recherche rapide
6-10
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Utilisation de la fonction Recherche rapide
La fonction Recherche rapide permet de lancer une recherche dans un ou plusieurs
répertoires à l'aide d'une même commande. La recherche peut porter sur plusieurs
répertoires d'entreprise et votre carnet d'adresses personnel, selon les paramètres
configurés par votre administrateur système.
Remarque La Recherche rapide dans le carnet d'adresses personnel n'est pas prise en charge
dans toutes les versions de Cisco Unified Communications Manager. Demandez
à votre administrateur système si cete fonctionnalité est disponible sur votre
système.
Pour accéder à la Recherche rapide, cliquez avec le bouton droit de la souris sur
Cisco IP Communicator, et sélectionnez Recherche rapide.
Dans la fenêtre Recherche rapide, entrez un nom ou un numéro de poste, puis
cliquez sur Numérotation rapide ou sur Rechercher :
• Numérotation rapide : permet de composer automatiquement le numéro
lorsque le résultat fournit une seule correspondance. Vous devez toutefois
cliquer sur la touche de fonction Compos. pour établir l'appel. Si la recherche
renvoie plusieurs correspondances, celles-ci sont affichées.
• Rechercher : affiche les résultats de la recherche sans composer
automatiquement de numéro.
Remarque Seuls les numéros de téléphone saisis dans le champ Professionnel du carnet
d'adresses sont affichés dans les résultats de la Recherche rapide. Les numéros de
téléphone personnels et de téléphone portable ne sont pas affichés.
Pour passer un appel à partir des résultats de la recherche, cliquez sur une entrée
de la fenêtre Recherche rapide, puis cliquez sur Compos.
Rubriques connexes
• Saisie d'informations de mot de passe pour la fonction Recherche rapide,
page 6-116-11
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires sur Cisco IP Communicator
Utilisation de la fonction Recherche rapide
Saisie d'informations de mot de passe pour la fonction
Recherche rapide
Selon la manière dont vous souhaitez utiliser la Recherche rapide, vous derez
peut-être saisir vos informations d'ouverture de session (nom d'utilisateur et mot
de passe) comme décrit dans le tableau suivant.
Pour... Procédez comme suit :
Effectuer une
recherche dans un
répertoire d'entreprise
Si vous n'utilisez pas le service Carnet d'adresses personnel et si vous faites
appel à la fonction Recherche rapide uniquement pour trouver des collègues
dans le répertoire de l'entreprise, il ne sera peut-être pas nécessaire d'effectuer
de configuration. Effectuez un test en sélectionnant Recherche rapide dans le
menu contextuel :
• Si la fenêtre Recherche rapide apparaît, aucune configuration n'est
nécessaire.
• Si la fenêtre Recherche rapide ne s'ouvre pas, entrez un nom d'utilisateur
et un mot de passe (clic droit > Préférences > onglet Répertoire).
Demandez les informations correspondantes à votre administrateur
système.Chapitre 6 Utilisation de la messagerie vocale, des journaux d'appels et des répertoires sur
Utilisation de la fonction Recherche rapide
6-12
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Rubriques connexes
• Traitement des appels avec Cisco IP Communicator, page 3-1
• Personnalisation des paramètres sur Cisco IP Communicator, page 4-1
• Utilisation des journaux d'appels, page 6-3
• Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2
Effectuer une
recherche dans votre
carnet d'adresses
personnel
Si vous utilisez le service Carnet d'adresses personnel, la fonction Recherche
rapide peut essayer d'établir des correspondances dans un premier temps avec
votre carnet d'adresses et dans un deuxième temps avec le répertoire de
l'entreprise. Les conditions suivantes doivent être remplies pour que la
Recherche rapide puisse accéder à votre carnet d'adresses personnel :
• Votre administrateur système doit configurer la fonction Recherche rapide
afin de l'intégrer dans les répertoires personnels.
• Vous devez vous abonner au service Carnet d'adresses personnel (clic
droit > Options utilisateur Cisco Unified CM).
• Vous devez entrer votre nom d'utilisateur et votre mot de passe dans la
fenêtre Répertoires (clic droit >Préférences > onglet Répertoires).
Utiliser une autre
méthode de recherche
Si vous souhaitez utiliser une autre méthode de recherche que la fonction
Recherche rapide, vous disposez des options suivantes :
• Pour effectuer une recherche dans des répertoires d'entreprise, cliquez sur
le bouton Répertoires, puis sélectionnez Répertoire d'entreprise (le nom
exact de ce service peut varier).
• Pour effectuer une recherche dans votre carnet d'adresses personenl,
cliquez sur le bouton Services et sélectionnez Service Carnet d'adresses
personnel (le nom exact de ce service peut varier).
Entrez les informations concernant la recherche et cliquez sur Rechercher.
Pour... Procédez comme suit :C H A P I T R E
7-1
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
7
Personnalisation de Cisco IP
Communicator à l'aide des options
utilisateur Cisco Unified CM
Comme votre téléphone Cisco IP Communicator est un périphérique réseau, il
peut partager des données avec d’autres périphériques réseau de votre société,
notamment votre ordinateur et vos services Web accessibles via un navigateur
Web sur votre ordinateur.
Vous pouvez établir des services téléphoniques et contrôler les fonctions à partir
de votre ordinateur à l'aide des pages Web Options utilisateur de votre serveur de
traitement d'appels Cisco Unified Communications Manager. Une fois les
fonctions et services configurés sur les pages Web, vous pouvez y accéder à partir
de votre Cisco IP Communicator. Vous pouvez, par exemple, configurer des
boutons de numérotation abrégée à partir des pages Web, puis y accéder sur votre
téléphone.
• Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2
• Utilisation de votre Carnet d'adresses personnel, page 7-3
• Configuration de la numérotation abrégée, page 7-5
• Configuration de services téléphoniques, page 7-7
• Contrôle des paramètres utilisateur, page 7-9
• Contrôle des paramètres de ligne, page 7-10
• Configuration de téléphones et de listes d'accès pour la connexion mobile,
page 7-12
• Utilisation de Cisco WebDialer, page 7-15Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM
Connexion aux pages Web Options utilisateur Cisco Unified CM
7-2
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Connexion aux pages Web Options utilisateur Cisco
Unified CM
Procédure
Étape 1 Cliquez sur le bouton Menu (ou cliquez avec le bouton droit de la souris sur Cisco
IP Communicator), et choisissez Options utilisateur Cisco Unified CM.
Étape 2 Entrez l'ID d'utilisateur et le mot de passe par défaut fournis par votre
administrateur système.
Étape 3 À partir du menu principal, choisissez Options utilisateur > Périphérique.
a. Sélectionnez le nom de périphérique qui correspond à Cisco IP
Communicator.
b. Une fois votre sélection effectuée, utilisez les boutons situés au bas de la
fenêtre pour accéder aux paramètres appropriés pour votre périphérique.
c. Cliquez sur Déconnecter pour quitter l'application.
Étape 3 Si vous utilisez Cisco Unified Communications Manager 4.x :
a. Dans le menu général, choisissez un type de périphérique dans la liste
déroulante Sélectionner un périphérique.
b. Une fois votre sélection effectuée, un menu contextuel apparaît et propose les
options appropriées pour ce type de périphérique. (Si le type de périphérique
ne figure pas dans la liste, contactez votre administrateur.)
c. Cliquez sur Déconnecter pour quitter l'application.
Conseil • Sélectionnez votre périphérique dans la page de menu pour afficher
l'ensemble de vos options.
• Cliquez sur MàJ pour appliquer et enregistrer vos modifications.
• Cliquez sur Retour au menu pour revenir au menu contextuel.7-3
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM
Utilisation de votre Carnet d'adresses personnel
Utilisation de votre Carnet d'adresses personnel
Rubriques connexes
• Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2
• Configuration de numéros abrégés, page 7-4
• Configuration de la numérotation abrégée, page 7-5
Pour...
Effectuez l'action suivante après avoir accédé à la page Web
Options utilisateur Cisco Unified CM
Ajouter une nouvelle entrée
au carnet d'adresses
personnel
1. Choisissez Options utilisateur> Carnet d'adresses personnel.
2. Cliquez sur Ajouter nouveau.
3. Saisissez les informations correspondant à l'entrée.
4. Cliquez sur Enregistrer.
Rechercher une entrée dans
le carnet d'adresses
personnel
1. Choisissez Options utilisateur> Carnet d'adresses personnel.
2. Indiquez les informations recherchées et cliquez sur Rechercher.
Modifier une entrée du
carnet d'adresses personnel
1. Recherchez l'entrée dans le carnet d'adresses personnel.
2. Cliquez sur un nom ou un pseudonyme.
3. Modifiez l'entrée et cliquez sur Enreg.
Supprimer une entrée du
carnet d'adresses personnel
1. Recherchez l'entrée dans le carnet d'adresses personnel.
2. Sélectionnez une ou plusieurs entrées.
3. Cliquez sur Supprimer la sélection.Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM
Utilisation de votre Carnet d'adresses personnel
7-4
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Configuration de numéros abrégés
Rubriques connexes
• Utilisation de votre Carnet d'adresses personnel, page 7-3
• Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2
Pour...
Effectuez l'action suivante après avoir accédé à la page Web Options
utilisateur Cisco Unified CM
Affecter un code de
numérotation abrégée à
une entrée du carnet
d'adresses personnel
1. Créez une entrée dans le carnet d'adresses personnel.
2. Sélectionnez Options utilisateur> Numéros abrégés.
3. Cliquez sur Ajouter nouveau.
4. Utilisez la zone des options de recherche pour trouver l'entrée du carnet
d'adresses personnel.
5. Cliquez sur un numéro de téléphone dans la zone des résultats de
recherche.
6. Modifiez le code de numérotation abrégée, le cas échéant.
7. Cliquez sur Enregistrer.
Affecter un code de
numérotation abrégée à
un numéro de téléphone
(sans utiliser d'entrée du
carnet d'adresses
personnel)
1. Sélectionnez Options utilisateur> Numéros abrégés.
2. Cliquez sur Ajouter nouveau.
3. Modifiez le code de numérotation abrégée, le cas échéant.
4. Entrez un numéro de téléphone
5. Cliquez sur Enregistrer.
Rechercher une entrée
de numérotation
abrégée
1. Sélectionnez Options utilisateur> Numéros abrégés.
2. Indiquez les informations recherchées et cliquez sur Rechercher.
Modifier le numéro de
téléphone
correspondant à un
numéro abrégé
1. Sélectionnez Options utilisateur> Numéros abrégés.
2. Recherchez le numéro abrégé à modifier.
3. Cliquez sur un composant de l’entrée.
4. Modifiez le numéro de téléphone.
5. Cliquez sur Enregistrer.
Supprimer un numéro
abrégé
1. Recherchez le numéro abrégé.
2. Sélectionnez une ou plusieurs entrées.
3. Cliquez sur Supprimer la sélection.7-5
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM
Configuration de la numérotation abrégée
Conseil Vous pouvez créer jusqu'à 500 entrées de numéros abrégés et de carnet d'adresses
personnel.
Conseil Vous pouvez créer de nouveaux numéros abrégés sans utiliser d'entrée du carnet
d'adresses personnel. Ces entrées de numérotation abrégée sont étiquetées brut
dans les pages Web Options utilisateur et n’affichent pas d’étiquette de texte
configurable.
Configuration de la numérotation abrégée
Selon sa configuration, votre Cisco IP Communicator peut prendre en charge
plusieurs fonctions de numérotation abrégée :
• Les boutons de numérotation abrégée
• La numérotation abrégée
• Les numéros abrégés.
Pour...
Effectuez l'action suivante après avoir accédé à la page Web Options
utilisateur Cisco Unified CM
Configurer les
boutons de
numérotation
abrégée
1. Sélectionnez Options utilisateur > Périphérique.
2. Sélectionnez un téléphone dans le menu déroulant Nom.
3. Cliquez sur Numérotations abrégées.
4. Saisissez le numéro et l'intitulé correspondant à un bouton de numérotation
abrégée (bouton programmable) de votre téléphone.
5. Cliquez sur Enregistrer.
Remarque Votre téléphone utilise le champ Nom sans caract. accentués.Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM
Configuration de la numérotation abrégée
7-6
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Rubriques connexes
• Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2
• Configuration de numéros abrégés, page 7-4
• Utilisation du répertoire personnel, page 6-7
Configurer les
boutons de
numérotation
abrégée
Cisco Unified Communications Manager version 4.x
Accédez à vos pages Web Options utilisateur Cisco Unified CM, sélectionnez
votre périphérique, puis sélectionnez Ajouter/mettre à jour vos numéros
abrégés dans le menu principal.
Dans la section Paramètres de numérotation abrégée du téléphone, entrez un
numéro de téléphone et un intitulé pour chaque bouton de numérotation abrégée
disponible. Entrez le numéro exactement comme si vous le composiez sur votre
téléphone fixe. Par exemple, si nécessaire, entrez un code d'accès, tel que le 9 ou
l'indicatif régional.
L'intitulé que vous entrez apparaît en regard du bouton de numérotation abrégée
sur l'écran de votre téléphone.
Configurer la
numérotation
abrégée
1. Sélectionnez Options utilisateur > Périphérique.
2. Sélectionnez un téléphone dans le menu déroulant Nom.
3. Cliquez sur Numérotations abrégées.
4. Saisissez le numéro et le libellé correspondant à un code de numérotation
abrégée.
5. Cliquez sur Enregistrer.
Configuration de la
numérotation
abrégée
Cisco Unified Communications Manager version 4.x
Accédez à vos pages Web Options utilisateur Cisco Unified CM, sélectionnez
votre périphérique, puis sélectionnez Ajouter/mettre à jour vos numéros
abrégés dans le menu principal.
1. Dans la section Paramètres de numérotation abrégée non associés à un
bouton du téléphone, entrez un numéro de téléphone et un intitulé pour
chaque bouton de numérotation abrégée disponible. Entrez le numéro
exactement comme si vous le composiez sur votre téléphone. Par exemple,
si nécessaire, entrez un code d'accès, tel que le 9 ou l'indicatif régional.
Pour...
Effectuez l'action suivante après avoir accédé à la page Web Options
utilisateur Cisco Unified CM7-7
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM
Configuration de services téléphoniques
Configuration de services téléphoniques
Les services téléphoniques peuvent inclure des fonctions téléphoniques spéciales,
des données réseau et des informations basées sur le Web (par exemple les cours
de la bourse ou les programmes de cinéma). Vous devez vous abonner à un service
téléphonique pour pouvoir y accéder sur votre téléphone.
Pour...
Effectuez l'action suivante après avoir accédé à la page Web Options
utilisateur Cisco Unified CM
S'abonner à un service 1. Sélectionnez Options utilisateur > Périphérique.
2. Sélectionnez un nom Cisco IP Communicator dans le menu déroulant.
3. Cliquez sur Services téléphoniques.
4. Cliquez sur Ajouter nouveau.
5. Choisissez un service dans la liste déroulante et cliquez sur Suivant.
6. Changez l'intitulé du service et/ou saisissez des informations
supplémentaires sur le service, le cas échéant (facultatif).
7. Cliquez sur Enregistrer.
Cisco Unified Communications Manager 4.x
Dans le menu principal, sélectionnez Configurer vos services
téléphoniques IP Cisco. Sélectionnez un service dans la liste déroulante
Services disponibles, puis cliquez sur Continuer. Saisissez les
renseignements supplémentaires qui vous sont demandés (par exemple, un
code postal ou un code PIN), puis cliquez sur S'abonner.
Rechercher des services 1. Sélectionnez un Nom de périphérique Cisco IP Communicator.
2. Cliquez sur Services téléphoniques.
3. Cliquez sur Rechercher.
Modifier un service ou
vous désabonner
1. Recherchez les services.
2. Sélectionnez une ou plusieurs entrées.
3. Cliquez sur Supprimer la sélection.
Cisco Unified Communications Manager 4.x
Dans le menu principal, sélectionnez Configurer vos services
téléphoniques IP Cisco. Cliquez sur un service dans le volet Vos
abonnements. Cliquez sur MàJ après avoir effectué vos modifications ou sur
Se désabonner. Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM
Configuration de services téléphoniques
7-8
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Changer le nom d’un
service
1. Recherchez les services.
2. Cliquez sur le nom du service.
3. Modifiez les informations et cliquez sur Enreg.
Associer un service à un
bouton programmable
disponible
1. Sélectionnez Options utilisateur > Périphérique.
2. Sélectionnez un nom Cisco IP Communicator dans le menu déroulant.
3. Cliquez sur URL de service.
Remarque Si cette option n'apparaît pas à l'écran, demandez à votre
administrateur système de configurer un bouton d'URL de
service pour votre téléphone.
4. Sélectionnez un service dans la liste déroulante Bouton de service.
5. Si vous souhaitez renommer le service, modifiez les champs
d’étiquettes.
Remarque Votre téléphone utilise le champ Nom sans caract. accentués s'il
ne prend pas en charge les jeux de caractères à deux octets.
6. Cliquez sur Enregistrer.
7. Cliquez sur Réinitialiser pour réinitialiser votre téléphone (nécessaire
pour afficher le nouveau libellé du bouton sur votre téléphone).
Cisco Unified Communications Manager version 4.x
Après vous être abonné à un service, sélectionnez Ajouter/mettre à jour
vos boutons URL de service dans le menu principal. Pour chaque touche
disponible, sélectionnez un service dans la liste déroulante, puis saisissez
une description. Une fois vos modifications effectuées, cliquez sur MàJ.
L'administrateur du système détermine le nombre de touches pouvant être
associées à des services ; il peut également affecter des touches de service à
votre téléphone.
Accéder à un service sur
le téléphone
Cliquez sur le bouton Services. Ou bien, si vous avez ajouté un service à un
bouton programmable, appuyez sur le bouton.
Pour...
Effectuez l'action suivante après avoir accédé à la page Web Options
utilisateur Cisco Unified CM7-9
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM
Contrôle des paramètres utilisateur
Contrôle des paramètres utilisateur
Les paramètres utilisateur incluent votre mot de passe, votre nuémro
d'identification personnel et vos paramètres de langue.
Conseil Votre code PIN et votre mot de passe permettent d'accéder à plusieurs fonctions
et services. Par exemple, utilisez votre code PIN pour vous connecter au service
de mobilité de poste de Cisco ou au répertoire personnel de votre téléphone.
Utilisez votre mot de passe pour vous accéder à vos pages Web Options utilisateur
et à Cisco WebDialer sur votre ordinateur. Pour en savoir plus, contactez votre
administrateur système.
Pour...
Effectuez l'action suivante après avoir accédé à la page Web
Options utilisateur Cisco Unified CM
Changement de mot de passe 1. Sélectionnez Options utilisateur > Paramètres utilisateur.
2. Remplissez les champs de la zone Mot de passe du navigateur.
3. Cliquez sur Sauvegarder.
Modification de votre numéro
d'identification personnel
1. Sélectionnez Options utilisateur > Paramètres utilisateur.
2. Remplissez les champs de la zone PIN du téléphone,
3. Cliquez sur Enregistrer.
Modifier la langue des pages
Web Options utilisateur
1. Sélectionnez Options utilisateur > Paramètres utilisateur.
2. Dans la zone Langue utilisateur, choisissez une option dans la
liste déroulante Langue.
3. Cliquez sur Enregistrer.
Modifier la langue de l'écran de
votre téléphone
1. Sélectionnez Options utilisateur > Paramètres utilisateur.
2. Sélectionnez une option dans la liste déroulante Langue
utilisateur.
3. Cliquez sur Enregistrer.Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM
Contrôle des paramètres de ligne
7-10
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Contrôle des paramètres de ligne
Les paramètres de ligne affectent une ligne précise (numéro d'annuaire) de votre
Cisco IP Communicator. Les paramètres de ligne peuvent inclure le transfert
d'appels, les indicateurs de message vocal, la mélodie de sonneries et les libellés
de ligne.
Vous pouvez configurer d'autres paramètres de ligne directement sur votre Cisco
IP Communicator :
Pour...
Effectuez l'action suivante après avoir accédé à la page Web Options
utilisateur Cisco Unified CM...
Configurer le renvoi
d'appels par ligne
1. Sélectionnez Options utilisateur > Périphérique.
2. Sélectionnez un nom de Cisco IP Communicator dans le menu déroulant
Nom.
3. Cliquez sur Paramètres de ligne.
4. Si plusieurs numéros de répertoire (lignes) sont affectés à votre
téléphone, sélectionnez une ligne dans le menu déroulant Ligne.
5. Dans la zone Renvoi des appels entrants, choisissez les paramètres de
transfert d'appels correspondant à diverses circonstances.
6. Cliquez sur Enregistrer.
Modifier le paramètre
d'indicateur de message
vocal selon la ligne
(témoin lumineux)
1. Sélectionnez Options utilisateur> Périphérique.
2. Sélectionnez un nom de Cisco IP Communicator dans le menu déroulant
Nom.
3. Cliquez sur Paramètres de ligne.
4. Si plusieurs numéros de répertoire (lignes) sont affectés à votre
téléphone, sélectionnez une ligne dans le menu déroulant Ligne.
5. Dans la zone Indicateur de messages en attente, choisissez un ou
plusieurs paramètres.
Remarque En général, le paramètre par défaut pour les messages en
attente demande à votre téléphone d'afficher un témoin
lumineux rouge fixe sur la bande lumineuse du combiné pour
signaler la présence d'un nouveau message vocal.
6. Cliquez sur Enregistrer.7-11
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM
Contrôle des paramètres de ligne
Rubriques connexes
• Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2
• Personnalisation des sonneries et des indicateurs de message, page 4-3
• Accès aux paramètres, page 4-1
Modifier le paramètre
d'indicateur sonore de
message vocal selon la
ligne
1. Sélectionnez Options utilisateur > Périphérique.
2. Sélectionnez un nom de Cisco IP Communicator dans le menu déroulant
Nom.
3. Cliquez sur Paramètres de ligne.
4. Si plusieurs numéros de répertoire (lignes) sont affectés à votre
téléphone, sélectionnez une ligne dans le menu déroulant Ligne.
5. Dans la zone Indicateur de messages en attente, choisissez un ou
plusieurs paramètres.
Remarque En général, le paramètre par défaut pour les messages en attente
demande à votre téléphone d'afficher un témoin lumineux rouge
fixe sur la bande lumineuse du combiné pour signaler la
présence d'un nouveau message vocal.
6. Cliquez sur Enregistrer.
Modifier ou créer un
libellé de ligne affiché à
l'écran de votre
téléphone
1. Sélectionnez Options utilisateur > Périphérique.
2. Sélectionnez un téléphone dans le menu déroulant Nom.
3. Cliquez sur Paramètres de ligne.
4. Si plusieurs numéros de répertoire (lignes) sont affectés à votre
téléphone, sélectionnez une ligne dans le menu déroulant Ligne.
5. Dans la zone Libellé de ligne, saisissez un libellé.
6. Cliquez sur Enregistrer.
Remarque Votre téléphone utilise le champ Nom sans caract. accentués s'il
ne prend pas en charge les jeux de caractères à deux octets.
Pour...
Effectuez l'action suivante après avoir accédé à la page Web Options
utilisateur Cisco Unified CM...Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM
Configuration de téléphones et de listes d'accès pour la connexion mobile
7-12
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Configuration de téléphones et de listes d'accès
pour la connexion mobile
Lorsque vous utilisez la fonction de connexion mobile Cisco Mobile Connect,
vous devez indiquer les téléphones portables et les autres téléphones à utiliser
pour passer et prendre des appels en utilisant les mêmes numéros de répertoire que
ceux de votre téléphone de bureau. Ces téléphones sont appelés destinations
distantes. Vous pouvez également définir des listes d'accès pour interdire ou
autoriser l'envoi vers votre téléphone portable d'appels en provenance de certains
numéros.
Pour...
Effectuez l'action suivante après avoir accédé à la page Web Options
utilisateur Cisco Unified CM
Créer une liste
d'accès
1. Sélectionnez Options utilisateur > Paramètres de mobilité > Listes
d'accès.
2. Cliquez sur Ajouter nouveau.
3. Saisissez les informations suivantes :
– Nom : identifie la liste d'accès
– Description : décrit la liste d'accès.
4. Sélectionnez l'une des options suivantes :
– Liste d'accès bloqué : crée la liste des numéros à bloquer
– Liste d'accès autorisé : crée la liste des numéros autorisés
5. Cliquez sur Enregistrer. 7-13
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM
Configuration de téléphones et de listes d'accès pour la connexion mobile
Ajouter des
membres à une liste
d'accès.
1. Créez une liste d'accès.
2. Cliquez sur Ajouter un membre pour ajouter des numéros de téléphone ou
des filtres à la liste.
3. Sélectionnez une option dans la liste déroulante Masque de filtre. Vous
pouvez filtrer un numéro de répertoire ou les appels dont l'ID d'appelant est
restreint (Non disponible) ou anonyme (Confidentiel).
4. Si vous sélectionnez un numéro de répertoire dans la liste déroulante Masque
de filtre, saisissez un numéro de téléphone ou un filtre dans le champ Masque
NR. Vous pouvez utiliser les caractères génériques suivants pour définir un
filtre :
– X (majuscule ou minuscule) : correspond à un chiffre. Par exemple,
408555123X correspond à n'importe quel numéro compris entre
4085551230 et 4085551239.
– ! : correspond à un nombre indéfini de chiffres. Par exemple, 408!
correspond à tout numéro commençant par 408.
– # : remplace un chiffre pour créer une correspondance exacte.
5. Cliquez sur Enreg. pour ajouter ce membre à la liste d'accès.
6. Cliquez de nouveau sur Enreg. pour enregistrer la liste d'accès.
Pour...
Effectuez l'action suivante après avoir accédé à la page Web Options
utilisateur Cisco Unified CMChapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM
Configuration de téléphones et de listes d'accès pour la connexion mobile
7-14
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Rubriques connexes
• Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2
Ajouter une
nouvelle
destination distante
1. Sélectionnez Options utilisateur > Paramètres de mobilité > Destinations
distantes.
2. Sélectionnez le périphérique dans la zone de liste déroulante Nom.
3. Cliquez sur Destinations distantes.
4. Cliquez sur Ajouter nouveau.
5. Sisissez les informations suivantes :
– Nom : saisissez un nom pour le téléphone portable (ou tout autre
téléphone).
– Numéro de destination : saisissez le numéro de votre téléphone portable.
– Minuteur de réponse précoce : Saisissez le délai (en millisecondes) à
observer avant la prise d'un appel sur le périphérique de destination
distante.
– Minuteur de réponse tardive : Saisissez le délai (en millisecondes) à
observer avant la prise d'un appel sur le périphérique de destination
distante.
– Indicateur de délai avant sonnerie : Saisissez le délai (en millisecondes)
à observer avant que la sonnerie ne retentisse sur le périphérique
de destination distante.
– Profil de destination distante : Sélectionnez un profil de destination
distante (contient les paramètres applicables à toutes vos destinations
distantes).
– Liste d'accès autorisé : Sélectionnez un numéro de téléphone ou une
règle qui autorise votre téléphone portable à sonner lorsqu'un appel
arrive sur votre téléphone de bureau. Vous pouvez sélectionner une liste
d'accès autorisé ou une liste d'accès bloqué, mais pas les deux.
– Liste d'accès bloqué : Sélectionnez un numéro de téléphone ou une règle
qui empêche votre téléphone portable de sonner lorsqu'un appel arrive
sur votre téléphone de bureau. Vous pouvez sélectionner une liste
d'accès autorisé ou une liste d'accès bloqué, mais pas les deux.
– Téléphone portable : Sélectionnez cette option pour que votre téléphone
portable accepte un appel composé à partir de votre téléphone de bureau.
– Activer la connexion mobile : Sélectionnez cette option pour que votre
téléphone portable sonne en même temps que votre téléphone de bureau.
Vous pouvez également configurer un calendrier de sonnerie.
6. Cliquez sur Enregistrer.
Pour...
Effectuez l'action suivante après avoir accédé à la page Web Options
utilisateur Cisco Unified CM7-15
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM
Utilisation de Cisco WebDialer
Utilisation de CiscoWebDialer
Cisco WebDialer permet d'appeler des contacts du répertoire Cisco IP
Communicator en cliquant sur les éléments d'un navigateur Web. Votre
administrateur système doit configurer cette fonction à votre place.
Pour...
Effectuez l'action suivante après avoir accédé à la page Web Options
utilisateur Cisco Unified CM
Utiliser WebDialer
avec votre répertoire
Options utilisateur
1. Sélectionnez Options utilisateur > Répertoire et recherchez un collègue.
2. Cliquez sur le numéro à composer.
3. Si vous utilisez WebDialer pour la première fois, configurez vos
préférences et cliquez sur Soum. (voir la dernière ligne de ce tableau pour
plus de détails).
4. Si la page Passer un appel s'affiche, cliquez sur Compos. (Voir à la dernière
ligne de ce tableau la procédure permettant de ne plus afficher cette page
à l'avenir.)
L'appel est passé sur votre téléphone.
5. Cliquez sur Raccrocher ou raccrochez le combiné de votre téléphone pour
mettre fin à un appel.
Utiliser WebDialer
avec un autre
répertoire d'entreprise
en ligne (et non votre
répertoire Options
utilisateur)
1. Connectez-vous à un répertoire d'entreprise compatible avec WebDialer et
recherchez des collègues.
2. Cliquez sur le numéro à composer.
3. Lorsque vous y êtes invité, entrez votre ID utilisateur et votre mot de
passe.
4. Si vous utilisez WebDialer pour la première fois, configurez vos
préférences et cliquez sur Soum. (voir la dernière ligne de ce tableau pour
plus de détails).
5. Si la page Passer un appel s'affiche, cliquez surCompos. (Voir à la dernière
ligne de ce tableau la procédure permettant de ne plus afficher cette page
à l'avenir.)
L'appel est passé sur votre téléphone.
6. Cliquez sur Raccrocher ou raccrochez le combiné de votre téléphone pour
mettre fin à un appel.Chapitre 7 Personnalisation de Cisco IP Communicator à l'aide des options utilisateur Cisco Unified CM
Utilisation de Cisco WebDialer
7-16
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Rubriques connexes
• Connexion aux pages Web Options utilisateur Cisco Unified CM, page 7-2
Vous déconnecter de
WebDialer
Cliquez sur l'icône de déconnexion à la page Passer un appel ou Raccrocher.
Configurer, afficher
ou modifier des
préférences de
WebDialer
Accédez à la page Préférences.
La page Préférences s'affiche la première fois que vous utilisez WebDialer
(après avoir cliqué sur le numéro à composer).
Pour revenir aux préférences par la suite, cliquez sur l'icône Préférences des
pages Passer un appel ou Raccrocher.
La page Préférences contient les options suivantes :
• Langue souhaitée : détermine la langue utilisée pour les paramètres et les
invites de WebDialer.
• Utiliser un périphérique permanent : identifie le téléphone
IP Cisco Unified et le numéro de répertoire (ligne) à utiliser pour passer
des appels WebDialer. Si votre téléphone dispose d'une seule ligne, ce
téléphone et cette ligne sont sélectionnés automatiquement. Sinon,
choisissez un téléphone et/ou une ligne. Les téléphones sont indiqués par
leur nom d'hôte. (Pour afficher le nom système de votre téléphone, cliquez
sur le bouton Paramètres et sélectionnez Configuration réseau > Nom
d'hôte.)
• Utiliser la mobilité de poste : lorsque qu'elle est sélectionnée, cette
option invite WebDialer à utiliser le téléphone IP Cisco Unified associé à
votre profil de mobilité de poste (le cas échéant).
• Ne pas afficher la boîte de dialogue de confirmation d'appel : lorsque
qu'elle est sélectionnée, cette option invite WebDialer à supprimer la page
Passer un appel. Cette page s'affiche par défaut lorsque vous cliquez sur un
numéro de téléphone dans un répertoire en ligne compatible avec
WebDialer.
Pour...
Effectuez l'action suivante après avoir accédé à la page Web Options
utilisateur Cisco Unified CMC H A P I T R E
8-1
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
8
Dépannage Cisco IP Communicator
• Problèmes d'ordre général, page 8-1
• Problèmes de qualité vocale, page 8-5
• Utilisation de l'outil de génération de rapports sur la qualité pour résoudre les
problèmes de performance, page 8-10
• Activation de journaux détaillés, page 8-11
• Capture d'informations sur les problèmes, page 8-11
Problèmes d'ordre général
Problème La qualité audio est mauvaise lorsque je participe à des téléconférences
MeetingPlace et que j'utilise Cisco IP Communicator.
Solution Fermez les applications inutilisées lorsque vous participez à une
téléconférence. Si vous utilisez une connexion VPN, envisagez d'utiliser l'option
de connectivité de la console Cisco Unified MeetingPlace.
Vous pouvez également optimiser la bande passante de la session de
téléconférence en utilisant différentes connexions. Les utilisateurs de Cisco
Unified MeetingPlace disposent d'une option permettant de vérifier que leur
connexion est adéquate. Les détails sur l'optimisation de la bande passante dans
MeetingPlace sont fournis dans le Guide d'utilisation de Cisco Unified
MeetingPlace.Chapitre 8 Dépannage Cisco IP Communicator
Problèmes d'ordre général
8-2
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Problème Après le démarrage initial, aucun numéro de poste n'apparaît et la ligne
d'état affiche le libellé Enregistrement en cours.
Solution Vérifiez que vous avez sélectionné un serveur TFTP, le cas échéant. Si
vous devez définir une adresse TFTP, votre administrateur doit vous la fournir. Si
vous êtes un utilisateur distant, veillez à établir la connexion réseau avant de
lancer Cisco IP Communicator.
Rubriques connexes
• Configuration et enregistrement Cisco IP Communicator, page 1-9
• Paramètres réseau, page 4-7
Problème Après son démarrage, Cisco IP Communicator ne trouve pas votre carte
réseau et vous demande de l'insérer.
Solution Si possible, sélectionnez un autre périphérique d'interface réseau. Vous
pouvez par exemple remplacer une carte sans fil ou un adaptateur Ethernet USB
par un autre adaptateur.
Si vous avez lancé Cisco IP Communicator pour la première fois sur un ordinateur
portable connecté à une station d'accueil, essayez de connecter l'ordinateur à la
station. Si cela résoud le problème, demandez à votre administrateur système de
vous aider à configurer le nom du périphérique afin que Cisco IP Communicator
fonctionne sans qu'il ne soit nécessaire de connecter l'ordinateur à la station
d'accueil.
Si vous avez retiré ou désactivé définitivement l'adaptateur réseau qui avait été
sélectionné, contactez votre administrateur système avant de sélectionner un autre
adaptateur.
Rubriques connexes
• Configuration et enregistrement Cisco IP Communicator, page 1-9
• Paramètres réseau, page 4-7
Problème Votre périphérique audio n'apparaît pas dans le menu déroulant d'un
mode audio.
Solution Si le périphérique est un combiné USB, un casque USB ou une carte son,
vérifiez qu'il est correctement installé et redémarrez Cisco IP Communicator. Les
périphériques qui sont installés lorsque l'application est ouverte ne sont reconnus
qu'au lancement suivant de celle-ci.8-3
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 8 Dépannage Cisco IP Communicator
Problèmes d'ordre général
S'il s'agit d'un périphérique analogique, il n'apparaît pas dans les listes des modes
audio car ce type de périphérique est considéré comme une extension de votre
carte son. Dans ce cas, sélectionnez cette dernière.
Pour utiliser un périphérique pour la lecture du son et un autre (par exemple, un
microphone de caméra VT) pour l'enregistrement du son dans
Cisco IP Communicator, cliquez avec le bouton droit sur > Préférences >
onglet Audio. Sélectionnez Périphérique audio Windows par défaut dans la
liste déroulante pour un ou plusieurs paramètres, puis cliquez sur OK.
Rubriques connexes
• Installation de périphériques audio avant le lancement initial, page 1-3
• Affectation de modes audio, page 4-9
• Sélection d'un mode audio, page 4-9
• Suppression et réinstallation de périphériques audio, page 5-6
Problème Après son démarrage, Cisco IP Communicator n'affiche aucun numéro
de poste ou affiche un numéro de poste incorrect.
Solution Contactez votre administrateur système pour obtenir de l'aide.
Il se peut que vous ayez sélectionné une carte réseau incorrecte. Si vous disposez
de plusieurs cartes et si vous êtes invité à en sélectionner une immédiatement
après l'installation de Cisco IP Communicator, sélectionnez une carte susceptible
d'offrir une connexion ininterrompue ou une carte activée en permanence (même
si elle est débranchée). Contactez votre administrateur système pour savoir quelle
carte sélectionner.
Le paramètre de carte réseau permet à Cisco IP Communicator de s'identifier
auprès du réseau ; il n'est pas utilisé pour la transmission audio. C'est pourquoi
vous ne devez pas modifier ce paramètre une fois qu'il a été défini, à moins que
vous ne supprimiez ou désactiviez définitivement la carte réseau sélectionnée.
Dans ce cas, contactez votre administrateur système avant de sélectionner une
autre carte.
Rubriques connexes
• Configuration et enregistrement Cisco IP Communicator, page 1-9
• Paramètres réseau, page 4-7Chapitre 8 Dépannage Cisco IP Communicator
Problèmes d'ordre général
8-4
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Problème Rien ne se passe lorsque vous sélectionnez l'option Recherche rapide.
Solution Cliquez avec le bouton droit de la souris sur > Préférences > onglet
Répertoires, et saisissez le nom d'utilisateur et le mot de passe fournis par votre
administrateur système.
Rubriques connexes
• Paramètres de répertoire, page 4-15
• Utilisation du répertoire personnel, page 6-7
Problème La sonnerie de votre téléphone n'est pas audible ou est difficile à
entendre.
Solution Réglez le volume de votre sonnerie en cliquant sur le bouton Vo lume
lorsqu'aucun appel n'est actif.
• Si vous utilisez un combiné USB, ne le sélectionnez pas pour la sonnerie. De
manière générale, il est conseillé de sélectionner la carte son pour la sonnerie.
• Si votre carte son est sélectionnée pour le mode Sonnerie et qu'un casque est
connecté aux prises jack audio de l'ordinateur, vous devez porter le casque
pour entendre la sonnerie.
Rubriques connexes
• Installation de périphériques audio avant le lancement initial, page 1-3
• Affectation de modes audio, page 4-9
• Utilisation de l'Assistant de réglage audio, page 1-6
• Accès aux paramètres, page 4-1
• Problèmes de qualité vocale, page 8-58-5
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 8 Dépannage Cisco IP Communicator
Problèmes de qualité vocale
Problèmes de qualité vocale
Avant de commencer
• Si le problème concerne le volume, commencez par essayer de régler celui-ci
en cliquant sur Volume dans Cisco IP Communicator.
• Appelez d'autres personnes afin de déterminer si le problème est lié à
Cisco IP Communicator ou au téléphone de votre interlocuteur. Si vous
pensez que le problème provient du téléphone de votre interlocuteur, réglez
le volume dans Cisco IP Communicator. Évitez dans ce cas de modifier les
paramètres à l'aide de l'Assistant de réglage audio (ces modifications
risqueraient en effet de ne pas convenir à tous les appels).
• Votre administrateur système peut vous demander d'activer la journalisation
afin d'enregistrer des informations détaillées en vue du dépannage.
En cas de problème concernant le niveau du volume, procédez comme suit :
• Dans l'Assistant de réglage audio, commencez par régler le curseur de volume
principal. Ce paramètre s'applique à toutes les applications qui lisent des
données audio. Vous devez donc tester ce paramètre dans les autres
applications (telles que le Lecteur Microsoft Windows Media et RealPlayer)
afin de vérifier que les niveaux de volume sont corrects.
• Dans l'Assistant de réglage audio, réglez ensuite le curseur de volume Wave
afin d'atteindre un niveau d'écoute confortable pour les appels téléphoniques.
• Si vous avez modifié les paramètres de volume dans Microsoft Windows,
exécutez de nouveau l'Assistant de réglage audio (voir procédure ci-dessus)
afin de régler de nouveau les paramètres de volume principal et de volume
Wave.
Rubriques connexes
• Activation de journaux détaillés, page 8-11
Problème La voix de votre interlocuteur est trop forte.
Solution
• Essayez de régler le volume en cliquant sur le bouton Vo lume.
• Lancez l'Assistant de réglage audio et réglez le volume du haut-parleur du
périphérique audio en cours d'utilisation. Chapitre 8 Dépannage Cisco IP Communicator
Problèmes de qualité vocale
8-6
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Problème Votre interlocuteur vous indique que votre voix est trop forte.
Solution
• Essayez d'éloigner légèrement le microphone de votre bouche, en le
déplaçant vers votre menton si vous utilisez un casque.
• Si le problème persiste, lancez l'Assistant de réglage audio et diminuez le
volume du microphone pour le périphérique audio en cours d'utilisation.
• Si votre voix reste trop forte, désactivez la fonction Amplificateur de
microphone pour ce périphérique de l'Assistant de réglage audio.
Problème La voix de votre interlocuteur est trop faible.
Solution
• Essayez de régler le volume en cliquant sur le bouton Vo lume.
• Lancez l'Assistant de réglage audio et réglez le volume du haut-parleur du
périphérique audio en cours d'utilisation.
Problème Votre interlocuteur vous indique que votre voix est trop faible.
Solution
• Si vous utilisez un casque, vérifiez que Cisco IP Communicator fonctionne
en mode Casque et non en mode Haut-parleur. Le mode Casque est activé
lorsque le bouton Casque best allumé. Si ce bouton n'est pas allumé, cliquez
dessus.
• Si vous utilisez un casque, vérifiez que le microphone est correctement
positionné.
• Si le problème persiste, lancez l'Assistant de réglage audio et augmentez le
volume du microphone pour le périphérique audio en cours d'utilisation.
Avant de régler un périphérique audio disposant de sa propre commande de
volume (un casque USB avec des commandes de volume sur le cordon, par
exemple), augmentez au maximum le volume du périphérique.
• Si votre voix reste trop faible, activez la fonction Amplificateur de
microphone pour le périphérique audio dans l'Assistant de réglage audio.
Problème La voix de votre interlocuteur est assourdie. 8-7
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 8 Dépannage Cisco IP Communicator
Problèmes de qualité vocale
Solution
• Si vous utilisez Cisco IP Communicator à distance, activez l'option Optimiser
pour une bande passante étroite (clic droit > Préférences > onglet Audio).
• Si vous n'utilisez pas Cisco IP Communicator sur une connexion à distance,
désactivez l'option Optimiser pour une bande passante étroite.
• Demandez à votre interlocuteur de diminuer le volume de son microphone, si
cela est possible.
Rubriques connexes
• Paramètres audio, page 4-8
Problème Votre interlocuteur vous indique que votre voix est assourdie.
Solution
• Lancez l'Assistant de réglage audio et réglez le volume du microphone du
périphérique audio en cours d'utilisation.
• Si vous n'utilisez pas Cisco IP Communicator sur une connexion à distance,
désactivez l'option Optimiser pour une bande passante étroite.
Problème La voix de votre interlocuteur semble lointaine ou étrange.
Solution Si vous utilisez un casque, vérifiez que Cisco IP Communicator
fonctionne en mode Casque et non en mode Haut-parleur. (Le bouton Casque
devrait être allumé.)
Problème Votre interlocuteur vous indique que votre voix semble lointaine ou
étrange.
Solution Activez l'option Optimiser pour une bande passante étroite (clic droit >
Préférences > onglet Audio).
Rubriques connexes
• Paramètres audio, page 4-8
Problème La voix de votre interlocuteur est entrecoupée de silences ou hachée.Chapitre 8 Dépannage Cisco IP Communicator
Problèmes de qualité vocale
8-8
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Solution
• Fermez toutes les applications inutiles. Tenez compte du fait que le lancement
d'applications et les opérations qui sollicitent le réseau (envoi de courriers
électroniques, par exemple) peuvent avoir une incidence sur la qualité audio.
• Vérifiez que le mode Haut-parleur n'est pas activé.
• Sélectionnez un autre paramètre audio en choisissant Préférences > onglet
Audio > onglet Avancés.
• Si vous utilisez Cisco IP Communicator sur une connexion à distance (par
exemple, la connexion VPN de votre domicile ou d'un hôtel), vous risquez de
rencontrer des problèmes de qualité vocale en raison d'une bande passante
insuffisante. Activez l'option Optimiser pour une bande passante étroite (clic
droit > Préférences > onglet Audio.
• Vérifiez que votre carte son et vos pilotes audio sont correctement installés.
Remarque La transmission peut être interrompue par des bruits secs, des
craquements ou des silences en cas d'encombrement du réseau ou de
problèmes de trafic de données.
Problème Les bruits de fond vous empêchent d'entendre la voix de l'intervenant.
Solution Demandez à l'intervenant de :
• Se déplacer vers un endroit plus calme.
• Activer l'annulation du bruit ou augmenter le niveau d'agressivité de
l'annulation du bruit (clic droit > Préférences > onglet Audio > bouton
Avancés). L'annulation du bruit est appliquée au microphone (périphérique
d'entrée) pour empêcher la transmission du bruit vers la destination distante.
Lors d'une conférence téléphonique, demandez aux autres participants de couper
le son sur leur téléphone lorsqu'ils ne prennent pas la parole.
Problème Vous entendez un écho.
Solution
• Demandez à votre interlocuteur de diminuer le volume de son microphone ou
de son haut-parleur, si possible.
• Si votre interlocuteur utilise Cisco IP Communicator comme téléphone à
haut-parleur, demandez-lui de vérifier que le bouton Haut-parleur est
allumé.8-9
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 8 Dépannage Cisco IP Communicator
Problèmes de qualité vocale
• Vérifiez que votre carte son n'envoie pas les données audio du haut-parleur
vers le microphone. Procédez comme suit :
a. Réglez le volume (Panneau de configuration > Sons et multimédia >
onglet Audio).
b. Cliquez sur Lecture des sons bouton Volume.
c. Choisissez Options > Propriétés > Lecture et vérifiez que toutes les
cases à cocher figurant dans la partie inférieure de la fenêtre sont
sélectionnées, puis cliquez sur OK.
d. Dans la fenêtre Contrôle du volume, vérifiez que l'option Muet est
sélectionnée pour la colonne Balance du microphone. Certains
périphériques audio sont dotés de plusieurs entrées de microphone (par
exemple, interne et externe) pouvant capter le son provenant du
haut-parleur et créer un signal en retour.
Problème Votre interlocuteur entend un écho.
Solution
• Lancez l'Assistant de réglage audio et réduisez le volume du microphone du
périphérique audio en cours d'utilisation. Vérifiez que la fonction
Amplificateur de microphone est désactivée. Ensuite, vérifiez le nouveau
paramètre de volume en appelant un interlocuteur.
• Si vous utilisez votre ordinateur en tant que haut-parleur, laissez le bouton
Haut-parleur allumé.
• En dernier ressort, changez de périphérique audio.
• Si vous utilisez un ordinateur portable sans casque ni combiné, les trois
modes sont mappés sur la carte son et agissent comme des haut-parleurs.
Mettez le périphérique en mode Haut-parleur.
Problème Votre interlocuteur ne vous entend pas du tout (mais vous l'entendez).
Solution
• Vérifiez que vous n'avez pas activé l'option Muet à partir des commandes du
cordon du casque ou du combiné USB.
• Vérifiez que les fiches du haut-parleur et du microphone sont insérées dans
les prises jacks audio correctes de l'ordinateur.
• Vérifiez qu'aucune autre application n'utilise le microphone (un enregistreur
audio ou un autre téléphone logiciel, par exemple).Chapitre 8 Dépannage Cisco IP Communicator
Utilisation de l'outil de génération de rapports sur la qualité pour résoudre les problèmes de performance
8-10
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Problème Votre interlocuteur vous entend, mais vous ne l'entendez pas.
Solution
• Vérifiez que les fiches du haut-parleur et du microphone sont insérées dans
les prises jacks audio correctes de l'ordinateur.
• Vérifiez les paramètres de volume et de coupure du son des périphériques
audio système dans le Panneau de configuration.
• Vérifiez le réglage du volume de Cisco IP Communicator (le bouton Vo lume
et l'Assistant de réglage audio).
Problème Vous ne pouvez pas parler en même temps que votre interlocuteur.
Solution Vérifiez que vous utilisez une carte son duplex intégral.
Problème Vous n'entendez aucun son, pas même une tonalité.
Solution
• Si vous utilisez une station d'accueil et si votre périphérique audio est
connecté à celle-ci, vérifiez que l'ordinateur est connecté à la station
d'accueil.
• Redémarrez Cisco IP Communicator.
Utilisation de l'outil de génération de rapports sur la
qualité pour résoudre les problèmes de performance
L'administrateur système peut configurer temporairement votre téléphone à l'aide
de l'Outil de génération de rapports sur la qualité pour régler les problèmes de
performance. Vous pouvez cliquer sur QRT (vous devrez peut-être cliquer
plusieurs fois sur autres pour afficher la touche de fonction QRT) pour envoyer
des informations à votre administrateur système. Selon la configuration de votre
système, l'outil QRT permet de :
• signaler immédiatement un problème audio lors d'un appel en cours ;
• sélectionner un problème général dans une liste de types de problèmes et
choisir des codes de raison.
L'administrateur système peut également vous demander de capturer des
informations (journaux détaillés) pour aider à résoudre un problème.8-11
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 8 Dépannage Cisco IP Communicator
Activation de journaux détaillés
Rubriques connexes
• Utilisation de l'Assistant de réglage audio, page 1-6
• Accès aux paramètres, page 4-1
• Problèmes d'ordre général, page 8-1
• Capture d'informations sur les problèmes, page 8-11
Activation de journaux détaillés
Si vous rencontrez des problèmes lors de l'utilisation de Cisco IP Communicator
et si votre administrateur système vous y invite, activez la journalisation détaillée
(clic droit > Préférences > onglet Utilisateur et activez l'option Activer la
journalisation).
Remarque Votre paramétrage est conservé jusqu'à ce que vous le changiez, même après un
redémarrage. La journalisation détaillée pouvant affecter la performance,
désactivez-la dès que vous n'en avez plus besoin. Désactivez Activer la
journalisation pour désactiver cette fonctionnalité.
Rubriques connexes
• Capture d'informations sur les problèmes, page 8-11
Capture d'informations sur les problèmes
En cas de fermeture inopinée de Cisco IP Communicator, l'Outil de génération de
rapports de problèmes démarre automatiquement et capture les données
pertinentes en vue d'un dépannage. Utilisez cette procédure pour envoyer le
rapport à votre administrateur système. Chapitre 8 Dépannage Cisco IP Communicator
Capture d'informations sur les problèmes
8-12
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Étape 1 Suivez les instructions de l'Outil de génération de rapports de problèmes pour
décrire le problème. N'oubliez pas d'inclure les informations suivantes :
• Une description du problème.
• Une explication de l'action que vous accomplissiez lorsque le problème s'est
produit.
• Le périphérique audio utilisé quand le problème s'est produit.
• Tout autre détail pertinent.
Étape 2 Recherchez sur votre bureau un fichier appelé CIPC-ProblemReportxxx.zip, xxx
correspondant à un nombre.
Étape 3 Envoyez ce fichier par email à votre administrateur système avec les informations
suivantes :
Si vous rencontrez d'autres problèmes et si le rapport de problèmes n'est pas créé
automatiquement, votre administrateur système pourra vous demander de lui
fournir des fichiers journaux. Contrairement à QRT (qui signale la nature du
problème), ces journaux fournissent des informations détaillées qui aident à
résoudre le problème. Utilisez cette procédure pour collecter ces fichiers :
Étape 1 Activez la journalisation détaillée (clic droit > Préférences > onglet
Utilisateur, et activez l'option Activer la journalisation).
Étape 2 Tentez de reproduire le problème. Si vous ne parvenez pas à reproduire le
problème, les journaux ne contiendront pas d'informations détaillées.
Étape 3 Créez le rapport en sélectionnant Démarrer > Tous les programmes >
Cisco IP Communicator > Create CIPC Problem Report.
Étape 4 Suivez les instructions affichées pour décrire le problème. N'oubliez pas d'inclure
les informations suivantes :
• Une description du problème.
• Une explication de l'action que vous accomplissiez lorsque le problème s'est
produit.
• Le périphérique audio utilisé quand le problème s'est produit.
• Tout autre détail pertinent.
Étape 5 Avant de cliquer sur Terminer, notez le nom du fichier qui a été créé sur votre
bureau.
Étape 6 Envoyez ce fichier par email à votre administrateur système.8-13
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Chapitre 8 Dépannage Cisco IP Communicator
Capture d'informations sur les problèmes
Conseil À l'aide de l'Assistant de réglage audio, vous pouvez lancer l'Outil de génération
de rapports de problèmes pour signaler des problèmes audio. Cliquez dans le coin
supérieur gauche de la barre de titres de l'Assistant de réglage audio, et
sélectionnez Infos de dépannage... Un message intempestif vous invite à lancer
l'Outil de génération de rapports de problèmes.
Rubriques connexes
• Utilisation de l'outil de génération de rapports sur la qualité pour résoudre les
problèmes de performance, page 8-10
• Activation de journaux détaillés, page 8-11Chapitre 8 Dépannage Cisco IP Communicator
Capture d'informations sur les problèmes
8-14
Guide d'utilisation de Cisco IP Communicator version 7.0
OL-19177-01
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Command Reference, Cisco ACE
Application Control Engine
For the Cisco ACE Application Control Engine Module and
Cisco ACE 4700 Series Application Control Engine Appliance
Software Version A5(1.0)
September 2011
Text Part Number: OL-25339-01THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at
www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1005R)
Command Reference, Cisco ACE Application Control Engine
Copyright © 2007-2011 Cisco Systems, Inc. All rights reserved.iii
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
C O N T E N T S
Preface xxxi
Audience xxxi
How to Use This Guide xxxii
Related Documentation xxxii
Symbols and Conventions xxxv
Obtaining Documentation, Obtaining Support, and Security Guidelines xxxvi
C H A P T E R 2 CLI Commands 2-1
Exec Mode Commands 2-2
backup 2-3
capture 2-5
changeto 2-6
checkpoint 2-8
clear access-list 2-9
clear accounting log 2-10
clear acl-merge statistics 2-10
clear arp 2-11
clear buffer stats 2-12
clear capture 2-13
clear cde 2-14
clear cfgmgr internal history 2-14
clear conn 2-16
clear cores 2-17
clear crypto session-cache 2-19
clear dc 2-20
clear debug-logfile 2-20
clear fifo stats 2-21
clear ft 2-23
clear icmp statistics 2-24
clear interface 2-25
clear ip 2-26
clear ipv6 2-27
clear line 2-27
clear logging 2-29Contents
iv
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
clear netio stats 2-29
clear np 2-31
clear ntp statistics 2-32
clear probe 2-32
clear processes log 2-34
clear rserver 2-34
clear rtcache 2-35
clear screen 2-37
clear serverfarm 2-37
clear service-policy 2-38
clear ssh 2-40
clear startup-config 2-41
clear stats 2-42
clear sticky database 2-44
clear syn-cookie 2-46
clear tcp statistics 2-46
clear telnet 2-47
clear udp statistics 2-48
clear user 2-48
clear vnet stats 2-49
clear xlate 2-51
clock set 2-53
compare 2-54
configure 2-55
copy capture 2-56
copy checkpoint 2-57
copy core: 2-59
copy disk0: 2-60
copy ftp: 2-62
copy image: 2-63
copy licenses 2-65
copy probe: 2-66
copy running-config 2-68
copy startup-config 2-69
copy sftp: 2-70
copy tftp: 2-72
crypto crlparams 2-73
crypto delete 2-74
crypto export 2-75
crypto generate csr 2-76Contents
v
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
crypto generate key 2-77
crypto import 2-78
crypto verify 2-82
debug 2-83
delete 2-86
dir 2-87
dm 2-89
exit 2-90
format flash: 2-91
ft switchover 2-93
gunzip 2-94
invoke context 2-95
license 2-96
mkdir disk0: 2-97
move disk0: 2-98
np session 2-99
ping 2-101
reload 2-103
reprogram bootflash 2-104
restore 2-105
rmdir disk0: 2-107
setup 2-108
set dc 2-110
set sticky-ixp 2-111
show 2-112
show aaa 2-113
show access-list 2-114
show accounting log 2-115
show acl-merge 2-117
show action-list 2-118
show arp 2-119
show backup 2-121
show banner motd 2-122
show bootvar 2-123
show buffer 2-125
show capture 2-127
show cde 2-129
show cfgmgr 2-130
show checkpoint 2-132
show clock 2-134Contents
vi
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
show conn 2-135
show context 2-136
show copyright 2-137
show crypto 2-138
show dc 2-141
show debug 2-145
show domain 2-148
show download information 2-149
show eobc 2-150
show fifo 2-152
show file 2-153
show fragment 2-155
show ft 2-156
show hardware 2-158
show hyp 2-159
show icmp statistics 2-159
show interface 2-161
show inventory 2-163
show ip 2-164
show ipcp 2-167
show ipv6 2-168
show kalap udp load 2-170
show lcp event-history 2-172
show ldap-server 2-173
show license 2-174
show line 2-176
show logging 2-177
show login timeout 2-179
show nat-fabric 2-180
show netio 2-181
show nexus-device 2-182
show np 2-184
show ntp 2-188
show optimization-global 2-189
show parameter-map 2-190
show probe 2-191
show processes 2-192
show pvlans 2-193
show radius-server 2-194
show resource allocation 2-195Contents
vii
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
show resource internal 2-196
show resource usage 2-198
show restore 2-201
show role 2-203
show rserver 2-204
show running-config 2-206
show scp 2-208
show script 2-209
show security internal event-history 2-211
show serverfarm 2-212
show service-policy 2-214
show snmp 2-216
show ssh 2-218
show startup-config 2-220
show stats 2-221
show sticky cookie-insert group 2-223
show sticky database 2-224
show sticky hash 2-227
show conn sticky 2-228
show syn-cookie 2-229
show system 2-230
show tacacs-server 2-232
show tcp statistics 2-233
show tech-support 2-234
show telnet 2-235
show terminal 2-236
show udp statistics 2-237
show user-account 2-238
show users 2-239
show version 2-240
show vlans 2-242
show vm-controller 2-243
show vnet 2-244
show xlate 2-245
ssh 2-246
system internal 2-248
system watchdog 2-249
tac-pac 2-251
telnet 2-253
terminal 2-254Contents
viii
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
traceroute 2-255
undebug all 2-256
untar disk0: 2-258
write 2-259
xml-show 2-260
Configuration Mode Commands 2-262
(config) aaa accounting default 2-263
(config) aaa authentication login 2-265
(config) aaa group server 2-266
(config) access-group 2-267
(config) access-list ethertype 2-270
(config) access-list extended 2-272
(config) access-list remark 2-281
(config) access-list resequence 2-282
(config) action-list type modify http 2-283
(config) action-list type optimization http 2-285
(config) arp 2-287
(config) banner 2-289
(config) boot system image: 2-290
(config) buffer threshold 2-292
(config) class-map 2-294
(config) clock timezone 2-297
(config) clock summer-time 2-300
(config) config-register 2-301
(config) context 2-303
(config) crypto authgroup 2-304
(config) crypto chaingroup 2-305
(config) crypto crl 2-306
(config) crypto crlparams 2-307
(config) crypto csr-params 2-309
(config) crypto ocspserver 2-310
(config) crypto rehandshake enabled 2-312
(config) domain 2-313
(config) end 2-314
(config) exit 2-314
(config) ft auto-sync 2-315
(config) ft connection-sync disable 2-317
(config) ft group 2-318
(config) ft interface vlan 2-320
(config) ft peer 2-321Contents
ix
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
(config) ft track host 2-322
(config) ft track hsrp 2-323
(config) ft track interface 2-324
(config) hostname 2-325
(config) hw-module 2-326
(config) interface 2-327
(config) ip dhcp relay 2-330
(config) ip domain-list 2-332
(config) ip domain-lookup 2-333
(config) ip domain-name 2-335
(config) ip name-server 2-337
(config) ip route 2-338
(config) ipv6 nd interval 2-340
(config) ipv6 nd learned-interval 2-341
(config) ipv6 nd retries 2-342
(config) ipv6 nd sync disable 2-343
(config) ipv6 nd sync-interval 2-344
(config) kalap udp 2-345
(config) ldap-server host 2-346
(config) ldap-server port 2-347
(config) ldap-server timeout 2-348
(config) line console 2-349
(config) line vty 2-350
(config) login timeout 2-352
(config) logging buffered 2-353
(config) logging console 2-355
(config) logging device-id 2-357
(config) logging enable 2-359
(config) logging facility 2-360
(config) logging fastpath 2-361
(config) logging history 2-362
(config) logging host 2-364
(config) logging message 2-366
(config) logging monitor 2-368
(config) logging persistent 2-369
(config) logging queue 2-370
(config) logging rate-limit 2-371
(config) logging standby 2-373
(config) logging supervisor 2-374
(config) logging timestamp 2-375Contents
x
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
(config) logging trap 2-376
(config) nexus-device 2-377
(config) ntp 2-379
(config) object-group 2-380
(config) optimize 2-382
(config) parameter-map type 2-382
(config) peer hostname 2-385
(config) peer shared-vlan-hostid 2-386
(config) policy-map 2-388
(config) probe 2-392
(config) radius-server attribute nas-ipaddr 2-395
(config) radius-server deadtime 2-396
(config) radius-server host 2-397
(config) radius-server key 2-400
(config) radius-server retransmit 2-401
(config) radius-server timeout 2-402
(config) regex compilation-timeout 2-403
(config) resource-class 2-404
(config) role 2-405
(config) rserver 2-406
(config) script file name 2-407
(config) serverfarm 2-408
(config) service-policy 2-409
(config) shared-vlan-hostid 2-411
(config) snmp-server community 2-412
(config) snmp-server contact 2-414
(config) snmp-server enable traps 2-415
(config) snmp-server engineid 2-418
(config) snmp-server host 2-420
(config) snmp-server location 2-421
(config) snmp-server trap link ietf 2-422
(config) snmp-server trap-source vlan 2-423
(config) snmp-server unmask-community 2-424
(config) snmp-server user 2-425
(config) ssh key 2-428
(config) ssh maxsessions 2-429
(config) ssl-proxy service 2-430
(config) static 2-431
(config) sticky http-content 2-433
(config) sticky http-cookie 2-434Contents
xi
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
(config) sticky http-header 2-436
(config) sticky ip-netmask 2-438
(config) sticky layer4-payload 2-439
(config) sticky radius framed-ip 2-440
(config) sticky rtsp-header 2-441
(config) sticky sip-header 2-442
(config) switch-mode 2-443
(config) tacacs-server deadtime 2-445
(config) tacacs-server host 2-446
(config) tacacs-server key 2-448
(config) tacacs-server timeout 2-449
(config) telnet maxsessions 2-451
(config) timeout xlate 2-452
(config) udp 2-453
(config) username 2-454
(config) vm-controller 2-456
Action List Modify Configuration Mode Commands 2-457
(config-actlist-modify) description 2-458
(config-actlist-modify) header delete 2-459
(config-actlist-modify) header insert 2-461
(config-actlist-modify) header rewrite 2-462
(config-actlist-modify) ssl header-insert 2-464
(config-actlist-modify) ssl url rewrite location 2-473
Action List Optimization Configuration Mode Commands 2-474
(config-actlist-optm) appscope 2-475
(config-actlist-optm) cache 2-476
(config-actlist-optm) delta 2-478
(config-actlist-optm) description 2-479
(config-actlist-optm) dynamic etag 2-480
(config-actlist-optm) flashforward 2-481
(config-actlist-optm) flashforward-object 2-481
Authentication Group Configuration Mode Commands 2-483
(config-authgroup) cert 2-484
Chaingroup Configuration Mode Commands 2-485
(config-chaingroup) cert 2-486
Class Map Configuration Mode Commands 2-488
(config-cmap) description 2-490
(config-cmap) match access-list 2-491
(config-cmap) match any 2-493Contents
xii
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
(config-cmap) match anyv6 2-494
(config-cmap) match destination-address 2-495
(config-cmap) match port 2-497
(config-cmap) match port-v6 2-500
(config-cmap) match source-address 2-502
(config-cmap) match virtual-address 2-504
Class Map FTP Inspection Configuration Mode Commands 2-507
(config-cmap-ftp-insp) description 2-508
(config-cmap-ftp-insp) match request-method 2-509
Class Map Generic Configuration Mode Commands 2-510
(config-cmap-generic) description 2-511
(config-cmap-generic) match class-map 2-513
(config-cmap-generic) match layer4-payload 2-514
(config-cmap-generic) match source-address 2-516
Class Map HTTP Inspection Configuration Mode Commands 2-517
(config-cmap-http-insp) description 2-519
(config-cmap-http-insp) match content 2-520
(config-cmap-http-insp) match content length 2-522
(config-cmap-http-insp) match cookie secondary 2-523
(config-cmap-http-insp) match header 2-524
(config-cmap-http-insp) match header length 2-528
(config-cmap-http-insp) match header mime-type 2-530
(config-cmap-http-insp) match port-misuse 2-533
(config-cmap-http-insp) match request-method 2-534
(config-cmap-http-insp) match transfer-encoding 2-535
(config-cmap-http-insp) match url 2-537
(config-cmap-http-insp) match url length 2-538
Class Map HTTP Load Balancing Configuration Mode Commands 2-539
(config-cmap-http-lb) description 2-541
(config-cmap-http-lb) match class-map 2-542
(config-cmap-http-lb) match cipher 2-544
(config-cmap-http-lb) match http content 2-545
(config-cmap-http-lb) match http cookie 2-546
(config-cmap-http-lb) match http header 2-547
(config-cmap-http-lb) match http url 2-550
(config-cmap-http-lb) match source-address 2-552
Class Map Management Configuration Mode Commands 2-553
(config-cmap-mgmt) description 2-554
(config-cmap-mgmt) match protocol 2-556Contents
xiii
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Class Map RADIUS Load Balancing Configuration Mode Commands 2-558
(config-cmap-radius-lb) description 2-560
(config-cmap-radius-lb) match radius attribute 2-561
Class Map RTSP Load Balancing Configuration Mode Commands 2-562
(config-cmap-rtsp-lb) description 2-564
(config-cmap-rtsp-lb) match class-map 2-565
(config-cmap-rtsp-lb) match rtsp header 2-566
(config-cmap-rtsp-lb) match rtsp url 2-567
(config-cmap-rtsp-lb) match source-address 2-570
Class Map SIP Inspection Configuration Mode Commands 2-571
(config-cmap-sip-insp) description 2-572
(config-cmap-sip-insp) match called-party 2-573
(config-cmap-sip-insp) match calling-party 2-575
(config-cmap-sip-insp) match content 2-577
(config-cmap-sip-insp) match im-subscriber 2-578
(config-cmap-sip-insp) match message-path 2-579
(config-cmap-sip-insp) match request-method 2-582
(config-cmap-sip-insp) match third-party registration 2-583
(config-cmap-sip-insp) match uri 2-585
Class Map SIP Load Balancing Configuration Mode Commands 2-586
(config-cmap-sip-lb) description 2-588
(config-cmap-sip-lb) match class-map 2-589
(config-cmap-sip-lb) match sip header 2-590
(config-cmap-sip-lb) match source-address 2-593
Console Configuration Mode Commands 2-595
(config-console) databits 2-596
(config-console) parity 2-597
(config-console) speed 2-598
(config-console) stopbits 2-599
Context Configuration Mode Commands 2-600
(config-context) allocate-interface 2-601
(config-context) description 2-603
(config-context) member 2-604
CSR Parameters Configuration Mode Commands 2-605
(config-csr-params) common-name 2-606
(config-csr-params) country 2-607
(config-csr-params) email 2-608
(config-csr-params) locality 2-609
(config-csr-params) organization-name 2-611Contents
xiv
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
(config-csr-params) organization-unit 2-612
(config-csr-params) serial-number 2-613
(config-csr-params) state 2-614
DCI Configuration Mode Commands 2-615
(config-dci) credentials 2-616
(config-dci) ip-address 2-617
Domain Configuration Mode Commands 2-618
(config-domain) add-object 2-620
FT Group Configuration Mode Commands 2-622
(config-ft-group) associate-context 2-623
(config-ft-group) inservice 2-624
(config-ft-group) peer 2-625
(config-ft-group) peer priority 2-626
(config-ft-group) preempt 2-627
(config-ft-group) priority 2-628
FT Interface Configuration Mode Commands 2-629
(config-ft-intf) ip 2-630
(config-ft-intf) peer ip 2-632
(config-ft-intf) shutdown 2-633
FT Peer Configuration Mode Commands 2-634
(config-ft-peer) ft-interface vlan 2-635
(config-ft-peer) heartbeat 2-636
(config-ft-peer) query-interface 2-637
FT Track Host Configuration Mode Commands 2-638
(config-ft-track-host) peer priority 2-640
(config-ft-track-host) peer probe 2-641
(config-ft-track-host) peer track-host 2-643
(config-ft-track-host) priority 2-645
(config-ft-track-host) probe 2-646
(config-ft-track-host) track-host 2-647
FT Track HSRP Configuration Mode Commands 2-648
(config-ft-track-hsrp) peer priority 2-649
(config-ft-track-hsrp) peer track-hsrp 2-650
(config-ft-track-hsrp) priority 2-651
(config-ft-track-hsrp) track-hsrp 2-652
FT Track Interface Configuration Mode Commands 2-653
(config-ft-track-interface) peer priority 2-654
(config-ft-track-interface) peer track-interface vlan 2-655
(config-ft-track-interface) priority 2-656Contents
xv
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
(config-ft-track-interface) track-interface vlan 2-657
Interface Configuration Mode Commands 2-658
(config-if) access-group 2-660
(config-if) alias 2-661
(config-if) arp 2-663
(config-if) arp inspection 2-664
(config-if) bridge-group 2-666
(config-if) carrier-delay 2-667
(config-if) channel-group 2-668
(config-if) description 2-669
(config-if) duplex 2-670
(config-if) fragment chain 2-671
(config-if) fragment min-mtu 2-672
(config-if) fragment timeout 2-673
(config-if) ft-port vlan 2-674
(config-if) icmp-guard 2-675
(config-if) ip address 2-677
(config-if) ip df 2-680
(config-if) ip dhcp relay enable 2-681
(config-if) ip dhcp relay server 2-682
(config-if) ip options 2-683
(config-if) ip route inject vlan 2-684
(config-if) ip ttl minimum 2-685
(config-if) ip verify reverse-path 2-686
(config-if) ipv6 dhcp relay enable 2-687
(config-if) ipv6 dhcp relay fwd-interface 2-688
(config-if) ipv6 dhcp relay server 2-689
(config-if) ipv6 enable 2-691
(config-if) ipv6 extension-header 2-692
(config-if) ipv6 fragment chain 2-693
(config-if) ipv6 fragment min-mtu 2-694
(config-if) ipv6 fragment timeout 2-695
(config-if) ipv6 icmp-guard 2-696
(config-if) ipv6 mtu 2-698
(config-if) ipv6 nd dad-attempts 2-699
(config-if) ipv6 nd managed-config-flag 2-700
(config-if) ipv6 nd ns-interval 2-701
(config-if) ipv6 nd other-config-flag 2-702
(config-if) ipv6 nd prefix 2-703
(config-if) ipv6 nd ra hop-limit 2-705Contents
xvi
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
(config-if) ipv6 nd ra interval 2-706
(config-if) ipv6 nd ra lifetime 2-707
(config-if) ipv6 nd ra suppress 2-708
(config-if) ipv6 nd reachable-time 2-709
(config-if) ipv6 nd retransmission-time 2-710
(config-if) ipv6 neighbor 2-711
(config-if) ipv6 normalization 2-712
(config-if) ipv6 route inject vlan 2-714
(config-if) ipv6 verify reverse-path 2-715
(config-if) mac-address autogenerate 2-716
(config-if) mac-sticky enable 2-717
(config-if) mtu 2-719
(config-if) nat-pool 2-720
(config-if) normalization 2-721
(config-if) normalization send-reset 2-723
(config-if) peer ip address 2-723
(config-if) port-channel load-balance 2-726
(config-if) qos trust cos 2-727
(config-if) remove-eth-pad 2-728
(config-if) service-policy input 2-729
(config-if) shutdown 2-730
(config-if) speed 2-732
(config-if) switchport access vlan 2-734
(config-if) switchport trunk allowed vlan 2-736
(config-if) switchport trunk native vlan 2-738
(config-if) syn-cookie 2-739
(config-if) udp 2-741
KAL-AP UDP Configuration Mode Commands 2-743
(config-kalap-udp) ip address 2-744
LDAP Configuration Mode Commands 2-745
(config-ldap) attribute user-profile 2-746
(config-ldap) baseDN 2-748
(config-ldap) filter search-user 2-749
(config-ldap) server 2-750
Line Configuration Mode Commands 2-751
(config-line) session-limit 2-752
Object Group Configuration Mode Commands 2-753
(config-objgrp-netw) description 2-754
(config-objgrp-netw) host 2-755Contents
xvii
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
(config-objgrp-netw) ip_address 2-757
(config-objgrp-serv) description 2-759
(config-objgrp-serv) protocol 2-760
Optimize Configuration Mode Commands 2-767
(config-optimize) appscope-log 2-768
(config-optimize) concurrent-connections 2-769
(config-optimize) debug-level 2-770
Parameter Map Connection Configuration Mode Commands 2-772
(config-parammap-conn) description 2-774
(config-parammap-conn) exceed-mss 2-775
(config-parammap-conn) nagle 2-776
(config-parammap-conn) random-sequence-number 2-777
(config-parammap-conn) rate-limit 2-778
(config-parammap-conn) reserved-bits 2-779
(config-parammap-conn) set ip tos 2-780
(config-parammap-conn) set tcp ack-delay 2-781
(config-parammap-conn) set tcp buffer-share 2-782
(config-parammap-conn) set tcp mss 2-784
(config-parammap-conn) set tcp reassembly-timout 2-786
(config-parammap-conn) set tcp syn-retry 2-786
(config-parammap-conn) set tcp timeout 2-787
(config-parammap-conn) set tcp wan-optimization 2-788
(config-parammap-conn) set tcp window-scale 2-790
(config-parammap-conn) set timeout inactivity 2-791
(config-parammap-conn) slowstart 2-792
(config-parammap-conn) syn-data 2-793
(config-parammap-conn) tcp-options 2-794
(config-parammap-conn) urgent-flag 2-798
Parameter Map DNS Configuration Mode Commands 2-799
(config-parammap-dns) description 2-800
(config-parammap-dns) timeout query 2-801
Parameter Map Generic Configuration Mode Commands 2-801
(config-parammap-generi) case-insensitive 2-803
(config-parammap-generi) description 2-804
(config-parammap-generi) set max-parse-length 2-805
Parameter Map HTTP Configuration Mode Commands 2-806
(config-parammap-http) case-insensitive 2-808
(config-parammap-http) cookie-error-ignore 2-809
(config-parammap-http) description 2-810Contents
xviii
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
(config-parammap-http) compress 2-811
(config-parammap-http) header modify per-request 2-813
(config-parammap-http) length-exceed 2-815
(config-parammap-http) parsing non-strict 2-816
(config-parammap-http) persistence-rebalance 2-817
(config-parammap-http) server-conn reuse 2-819
(config-parammap-http) set content-maxparse-length 2-820
(config-parammap-http) set header-maxparse-length 2-822
(config-parammap-http) set secondary-cookie-delimiters 2-823
(config-parammap-http) set secondary-cookie-start 2-824
Parameter Map Optimization Configuration Mode Commands 2-825
(config-parammap-optmz) appscope optimize-rate-percent 2-826
(config-parammap-optmz) basefile anonymous-level 2-827
(config-parammap-optmz) cache key-modifier 2-828
(config-parammap-optmz) cache parameter 2-831
(config-parammap-optmz) cache ttl 2-833
(config-parammap-optmz) cache-policy request 2-834
(config-parammap-optmz) cache-policy response 2-835
(config-parammap-optmz) canonical-url 2-836
(config-parammap-optmz) clientscript-default 2-837
(config-parammap-optmz) description 2-838
(config-parammap-optmz) delta 2-839
(config-parammap-optmz) expires-setting 2-841
(config-parammap-optmz) extract meta 2-842
(config-parammap-optmz) flashforward refresh-policy 2-843
(config-parammap-optmz) ignore-server-content 2-844
(config-parammap-optmz) parameter-summary parameter-value-limit 2-845
(config-parammap-optmz) post-content-buffer-limit 2-846
(config-parammap-optmz) rebase 2-847
(config-parammap-optmz) request-grouping-string 2-848
(config-parammap-optmz) server-header 2-849
(config-parammap-optmz) server-load 2-850
(config-parammap-optmz) utf8 threshold 2-852
Parameter Map RTSP Configuration Mode Commands 2-852
(config-parammap-rtsp) case-insensitive 2-854
(config-parammap-rtsp) description 2-855
(config-parammap-rtsp) set header-maxparse-length 2-856
Parameter Map SCCP Configuration Mode Commands 2-857
(config-parammap-skinny) description 2-859Contents
xix
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
(config-parammap-skinny) enforce-registration 2-860
(config-parammap-skinny) message-id max 2-861
(config-parammap-skinny) sccp-prefix-len 2-862
Parameter Map SIP Configuration Mode Commands 2-863
(config-parammap-sip) description 2-865
(config-parammap-sip) im 2-865
(config-parammap-sip) max-forward-validation 2-866
(config-parammap-sip) software-version 2-867
(config-parammap-sip) strict-header-validation 2-868
(config-parammap-sip) timeout 2-870
(config-parammap-sip) uri-non-sip 2-871
Parameter Map SSL Configuration Mode Commands 2-872
(config-parammap-ssl) authentication-failure 2-873
(config-parammap-ssl) cdp-errors ignore 2-876
(config-parammap-ssl) cipher 2-877
(config-parammap-ssl) close-protocol 2-879
(config-parammap-ssl) description 2-880
(config-parammap-ssl) expired-crl reject 2-881
(config-parammap-ssl) purpose-check disabled 2-882
(config-parammap-ssl) queue-delay timeout 2-883
(config-parammap-ssl) rehandshake enabled 2-884
(config-parammap-ssl) session-cache timeout 2-885
(config-parammap-ssl) version 2-887
Policy Map Configuration Mode Commands 2-888
(config-pmap) class 2-890
(config-pmap) description 2-891
Policy Map Class Configuration Mode Commands 2-892
(config-pmap-c) appl-parameter dns advanced-options 2-893
(config-pmap-c) appl-parameter generic advanced-options 2-894
(config-pmap-c) appl-parameter http advanced-options 2-895
(config-pmap-c) appl-parameter rtsp advanced-options 2-896
(config-pmap-c) appl-parameter sip advanced-options 2-897
(config-pmap-c) appl-parameter skinny advanced-options 2-898
(config-pmap-c) connection advanced-options 2-899
(config-pmap-c) inspect 2-900
(config-pmap-c) kal-ap primary-oos 2-904
(config-pmap-c) kal-ap-tag 2-906
(config-pmap-c) loadbalance policy 2-907
(config-pmap-c) loadbalance vip advertise 2-908Contents
xx
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
(config-pmap-c) loadbalance vip icmp-reply 2-909
(config-pmap-c) loadbalance vip inservice 2-910
(config-pmap-c) loadbalance vip udp-fast-age 2-911
(config-pmap-c) nat dynamic 2-912
(config-pmap-c) nat static 2-913
(config-pmap-c) ssl-proxy 2-916
Policy Map FTP Inspection Configuration Mode Commands 2-917
(config-pmap-ftp-ins) class 2-919
(config-pmap-ftp-ins) description 2-920
(config-pmap-ftp-ins) match request-method 2-921
Policy Map FTP Inspection Class Configuration Mode Commands 2-922
(config-pmap-ftp-ins-c) deny 2-923
(config-pmap-ftp-ins-c) mask-reply 2-924
Policy Map FTP Inspection Match Configuration Mode Commands 2-924
(config-pmap-ftp-ins-m) deny 2-926
(config-pmap-ftp-ins-m) mask-reply 2-927
Policy Map Inspection HTTP Configuration Mode Commands 2-927
(config-pmap-ins-http) class 2-929
(config-pmap-ins-http) description 2-931
(config-pmap-ins-http) match content 2-932
(config-pmap-ins-http) match content length 2-934
(config-pmap-ins-http) match content-type-verification 2-935
(config-pmap-ins-http) match cookie secondary 2-936
(config-pmap-ins-http) match header 2-939
(config-pmap-ins-http) match header length 2-942
(config-pmap-ins-http) match header mime-type 2-944
(config-pmap-ins-http) match port-misuse 2-947
(config-pmap-ins-http) match request-method 2-948
(config-pmap-ins-http) match strict-http 2-950
(config-pmap-ins-http) match transfer-encoding 2-952
(config-pmap-ins-http) match url 2-953
(config-pmap-ins-http) match url length 2-955
Policy Map Inspection HTTP Class Configuration Mode Commands 2-956
(config-pmap-ins-http-c) passthrough log 2-957
(config-pmap-ins-http-c) permit 2-958
(config-pmap-ins-http-c) reset 2-959
Policy Map Inspection HTTP Match Configuration Mode Commands 2-959
(config-pmap-ins-http-m) passthrough log 2-961
(config-pmap-ins-http-m) permit 2-962Contents
xxi
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
(config-pmap-ins-http-m) reset 2-963
Policy Map Inspection SIP Configuration Mode Commands 2-964
(config-pmap-ins-sip) class 2-966
(config-pmap-ins-sip) description 2-967
(config-pmap-ins-sip) match called-party 2-968
(config-pmap-ins-sip) match calling-party 2-969
(config-pmap-ins-sip) match content 2-970
(config-pmap-ins-sip) match im-subscriber 2-972
(config-pmap-ins-sip) match message-path 2-973
(config-pmap-ins-sip) match request-method 2-974
(config-pmap-ins-sip) match third-party registration 2-976
(config-pmap-ins-sip) match uri 2-978
Policy Map Inspection SIP Class Configuration Mode Commands 2-979
(config-pmap-ins-sip-c) drop 2-980
(config-pmap-ins-sip-c) log 2-980
(config-pmap-ins-sip-c) permit 2-981
(config-pmap-ins-sip-c) reset 2-982
Policy Map Inspection SIP Match Configuration Mode Commands 2-983
(config-pmap-ins-sip-m) drop 2-984
(config-pmap-ins-sip-m) permit 2-985
(config-pmap-ins-sip-m) reset 2-986
Policy Map Inspection Skinny Configuration Mode Commands 2-986
(config-pmap-ins-skinny) description 2-988
(config-pmap-ins-skinny) match message-id 2-989
Policy Map Inspection Skinny Match Configuration Mode Commands 2-990
(config-pmap-ins-skinny-m) reset 2-991
Policy Map Load Balancing Generic Configuration Mode Commands 2-992
(config-pmap-lb-generic) class 2-994
(config-pmap-lb-generic) description 2-996
(config-pmap-lb-generic) match layer4-payload 2-997
(config-pmap-lb-generic) match source-address 2-998
Policy Map Load Balancing Generic Class Configuration Mode Commands 2-999
(config-pmap-lb-generic-c) drop 2-1000
(config-pmap-lb-generic-c) forward 2-1001
(config-pmap-lb-generic-c) serverfarm 2-1002
(config-pmap-lb-generic-c) set ip tos 2-1003
(config-pmap-lb-generic-c) sticky-serverfarm 2-1004
Policy Map Load Balancing Generic Match Configuration Mode Commands 2-1004
(config-pmap-lb-generic-m) drop 2-1006Contents
xxii
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
(config-pmap-lb-generic-m) forward 2-1006
(config-pmap-lb-generic-m) serverfarm 2-1007
(config-pmap-lb-generic-m) set ip tos 2-1009
(config-pmap-lb-generic-m) sticky-serverfarm 2-1010
Policy Map Load Balancing HTTP Configuration Mode Commands 2-1011
(config-pmap-lb) class 2-1012
(config-pmap-lb) description 2-1013
(config-pmap-lb) match cipher 2-1014
(config-pmap-lb) match http content 2-1016
(config-pmap-lb) match http cookie 2-1017
(config-pmap-lb) match http header 2-1019
(config-pmap-lb) match http url 2-1023
(config-pmap-lb) match source-address 2-1024
Policy Map Load Balancing HTTP Class Configuration Mode Commands 2-1025
(config-pmap-lb-c) action 2-1026
(config-pmap-lb-c) compress 2-1027
(config-pmap-lb-c) drop 2-1029
(config-pmap-lb-c) forward 2-1030
(config-pmap-lb-c) insert-http 2-1031
(config-pmap-lb-c) nat dynamic 2-1032
(config-pmap-lb-c) serverfarm 2-1033
(config-pmap-lb-c) set ip tos 2-1035
(config-pmap-lb-c) ssl-proxy client 2-1036
(config-pmap-lb-c) sticky-serverfarm 2-1037
Policy Map Load Balancing HTTP Match Configuration Mode Commands 2-1038
(config-pmap-lb-m) action 2-1038
(config-pmap-lb-m) compress 2-1040
(config-pmap-lb-m) drop 2-1041
(config-pmap-lb-m) forward 2-1043
(config-pmap-lb-m) insert-http 2-1044
(config-pmap-lb-m) serverfarm 2-1045
(config-pmap-lb-m) set ip tos 2-1046
(config-pmap-lb-m) ssl-proxy client 2-1047
(config-pmap-lb-m) sticky-serverfarm 2-1048
Policy Map Load Balancing RADIUS Configuration Mode Commands 2-1049
(config-pmap-lb-radius) class 2-1051
(config-pmap-lb-radius) description 2-1053
(config-pmap-lb-radius) match radius attribute 2-1054
Policy Map Load Balancing RADIUS Class Configuration Mode Commands 2-1055Contents
xxiii
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
(config-pmap-lb-radius-c) drop 2-1056
(config-pmap-lb-radius-c) forward 2-1057
(config-pmap-lb-radius-c) serverfarm 2-1058
(config-pmap-lb-radius-c) set ip tos 2-1059
(config-pmap-lb-radius-c) sticky-serverfarm 2-1060
Policy Map Load Balancing RADIUS Match Configuration Mode Commands 2-1060
(config-pmap-lb-radius-m) drop 2-1062
(config-pmap-lb-radius-m) forward 2-1063
(config-pmap-lb-radius-m) serverfarm 2-1064
(config-pmap-lb-radius-m) set ip tos 2-1065
(config-pmap-lb-radius-m) sticky-serverfarm 2-1066
Policy Map Load Balancing RDP Configuration Mode Commands 2-1066
(config-pmap-lb-rdp) class 2-1068
(config-pmap-lb-rdp) description 2-1069
Policy Map Load Balancing RDP Class Configuration Mode Commands 2-1069
(config-pmap-lb-rdp-c) drop 2-1071
(config-pmap-lb-rdp-c) forward 2-1072
(config-pmap-lb-rdp-c) serverfarm 2-1073
(config-pmap-lb-rdp-c) set ip tos 2-1074
(config-pmap-lb-rdp-c) sticky-serverfarm 2-1075
Policy Map Load Balancing RTSP Configuration Mode Commands 2-1076
(config-pmap-lb-rtsp) class 2-1078
(config-pmap-lb-rtsp) description 2-1079
(config-pmap-lb-rtsp) match rtsp header 2-1080
(config-pmap-lb-rtsp) match rtsp source-address 2-1082
(config-pmap-lb-rtsp) match rtsp url 2-1083
Policy Map Load Balancing RTSP Class Configuration Mode Commands 2-1084
(config-pmap-lb-rtsp-c) drop 2-1085
(config-pmap-lb-rtsp-c) forward 2-1086
(config-pmap-lb-rtsp-c) serverfarm 2-1087
(config-pmap-lb-rtsp-c) set ip tos 2-1088
(config-pmap-lb-rtsp-c) sticky-serverfarm 2-1089
Policy Map Load Balancing RTSP Match Configuration Mode Commands 2-1090
(config-pmap-lb-rtsp-m) drop 2-1091
(config-pmap-lb-rtsp-m) forward 2-1092
(config-pmap-lb-rtsp-m) serverfarm 2-1093
(config-pmap-lb-rtsp-m) set ip tos 2-1094
(config-pmap-lb-rtsp-m) sticky-serverfarm 2-1095
Policy Map Load Balancing SIP Configuration Mode Commands 2-1095Contents
xxiv
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
(config-pmap-lb-sip) class 2-1097
(config-pmap-lb-sip) description 2-1099
(config-pmap-lb-sip) match sip header 2-1100
(config-pmap-lb-sip) match source-address 2-1101
Policy Map Load Balancing SIP Class Configuration Mode Commands 2-1102
(config-pmap-lb-sip-c) drop 2-1103
(config-pmap-lb-sip-c) forward 2-1104
(config-pmap-lb-sip-c) serverfarm 2-1105
(config-pmap-lb-sip-c) set ip tos 2-1106
(config-pmap-lb-sip-c) sticky-serverfarm 2-1107
Policy Map Load Balancing SIP Match Configuration Mode Commands 2-1108
(config-pmap-lb-sip-m) drop 2-1109
(config-pmap-lb-sip-m) forward 2-1110
(config-pmap-lb-sip-m) serverfarm 2-1111
(config-pmap-lb-sip-m) set ip tos 2-1112
(config-pmap-lb-sip-m) sticky-serverfarm 2-1113
Policy Map Management Configuration Mode Commands 2-1113
(config-pmap-mgmt) class 2-1115
(config-pmap-mgmt) description 2-1117
Policy Map Management Class Configuration Mode Commands 2-1117
(config-pmap-mgmt-c) deny 2-1118
(config-pmap-mgmt-c) permit 2-1119
Policy Map Optimization Configuration Mode Commands 2-1119
(config-pmap-optmz) class 2-1121
(config-pmap-optmz) description 2-1122
(config-pmap-optmz) match http cookie 2-1123
(config-pmap-optmz) match http header 2-1124
(config-pmap-optmz) match http url 2-1127
Policy Map Optimization Class Configuration Mode Commands 2-1128
(config-pmap-optmz-c) action 2-1128
Policy Map Optimization Match Configuration Mode Commands 2-1129
(config-pmap-optmz-m) action 2-1130
Probe Configuration Mode Commands 2-1132
(config-probe-probe_type) append-port-hosttag 2-1135
(config-probe-probe_type) community 2-1137
(config-probe-probe_type) connection term 2-1138
(config-probe-probe_type) credentials 2-1139
(config-probe-probe_type) description 2-1140
(config-probe-probe_type) domain 2-1142Contents
xxv
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
(config-probe-probe_type) expect address 2-1143
(config-probe-probe_type) expect regex 2-1145
(config-probe-probe_type) expect status 2-1147
(config-probe-probe_type) faildetect 2-1148
(config-probe-probe_type) hash 2-1149
(config-probe-probe_type) header 2-1150
(config-probe-probe_type) interval 2-1153
(config-probe-probe_type) ip address 2-1154
(config-probe-probe_type) nas ip address 2-1156
(config-probe-probe_type) oid 2-1157
(config-probe-probe_type) open 2-1159
(config-probe-probe_type) passdetect 2-1160
(config-probe-probe_type) port 2-1162
(config-probe-probe_type) receive 2-1164
(config-probe-probe_type) request command 2-1165
(config-probe-probe_type) request method 2-1166
(config-probe-probe_type) script 2-1167
(config-probe-probe_type) send-data 2-1168
(config-probe-probe_type) ssl cipher 2-1169
(config-probe-probe_type) ssl version 2-1171
(config-probe-probe_type) version 2-1171
(config-probe-sip-udp) rport enable 2-1173
Probe SNMP OID Configuration Mode Commands 2-1174
(config-probe-snmp-oid) threshold 2-1176
(config-probe-snmp-oid) type absolute max 2-1178
(config-probe-snmp-oid) weight 2-1180
Probe VM Configuration Mode Commands 2-1181
(config-probe-vm) interval 2-1182
(config-probe-vm) load 2-1183
(config-probe-vm) vm-controller 2-1185
RADIUS Configuration Mode Commands 2-1186
(config-radius) deadtime 2-1188
(config-radius) server 2-1189
Real Server Host Configuration Mode Commands 2-1190
(config-rserver-host) conn-limit 2-1191
(config-rserver-host) description 2-1193
(config-rserver-host) fail-on-all 2-1194
(config-rserver-host) inservice 2-1195
(config-rserver-host) ip address 2-1196Contents
xxvi
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
(config-rserver-host) probe 2-1198
(config-rserver-host) rate-limit 2-1199
(config-rserver-host) weight 2-1201
Real Server Redirect Configuration Mode Commands 2-1202
(config-rserver-redir) conn-limit 2-1204
(config-rserver-redir) description 2-1206
(config-rserver-redir) inservice 2-1207
(config-rserver-redir) probe 2-1208
(config-rserver-redir) rate-limit 2-1209
(config-rserver-redir) webhost-redirection 2-1210
Resource Configuration Mode Commands 2-1212
(config-resource) limit-resource 2-1213
Role Configuration Mode Commands 2-1216
(config-role) description 2-1217
(config-role) rule 2-1218
Server Farm Host Configuration Mode Commands 2-1221
(config-sfarm-host) description 2-1223
(config-sfarm-host) dws 2-1224
(config-sfarm-host) failaction 2-1225
(config-sfarm-host) fail-on-all 2-1228
(config-sfarm-host) inband-health check 2-1230
(config-sfarm-host) partial-threshold 2-1233
(config-sfarm-host) predictor 2-1234
(config-sfarm-host) probe 2-1240
(config-sfarm-host) retcode 2-1242
(config-sfarm-host) rserver 2-1244
(config-sfarm-host) transparent 2-1245
Serverfarm Host Predictor Configuration Mode Commands 2-1246
(config-sfarm-host-predictor) autoadjust 2-1248
(config-sfarm-host-predictor) weight connection 2-1250
Server Farm Host Real Server Configuration Mode Commands 2-1251
(config-sfarm-host-rs) backup-rserver 2-1253
(config-sfarm-host-rs) conn-limit 2-1254
(config-sfarm-host-rs) cookie-string 2-1255
(config-sfarm-host-rs) description 2-1257
(config-sfarm-host-rs) fail-on-all 2-1258
(config-sfarm-host-rs) inservice 2-1260
(config-sfarm-host-rs) probe 2-1262
(config-sfarm-host-rs) rate-limit 2-1263Contents
xxvii
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
(config-sfarm-host-rs) weight 2-1264
Server Farm Redirect Configuration Mode Commands 2-1265
(config-sfarm-redirect) description 2-1267
(config-sfarm-redirect) failaction 2-1268
(config-sfarm-redirect) predictor 2-1270
(config-sfarm-redirect) probe 2-1276
(config-sfarm-redirect) rserver 2-1277
Serverfarm Redirect Predictor Configuration Mode Commands 2-1279
(config-sfarm-redirect-predictor) autoadjust 2-1281
(config-sfarm-redirect-predictor) weight connection 2-1283
Server Farm Redirect Real Server Configuration Mode Commands 2-1284
(config-sfarm-redirect-rs) backup-rserver 2-1286
(config-sfarm-redirect-rs) conn-limit 2-1287
(config-sfarm-redirect-rs) inservice 2-1288
(config-sfarm-host-rs) probe 2-1290
(config-sfarm-redirect-rs) rate-limit 2-1291
(config-sfarm-redirect-rs) weight 2-1292
SSL Proxy Configuration Mode Commands 2-1294
(config-ssl-proxy) authgroup 2-1295
(config-ssl-proxy) cert 2-1297
(config-ssl-proxy) chaingroup 2-1299
(config-ssl-proxy) crl 2-1300
(config-ssl-proxy) key 2-1302
(config-ssl-proxy) ocspserver 2-1304
(config-ssl-proxy) revcheckprio 2-1306
(config-ssl-proxy) ssl advanced-options 2-1308
Sticky HTTP Cookie Configuration Mode Commands 2-1309
(config-sticky-cookie) cookie insert 2-1310
(config-sticky-cookie) cookie 2-1311
(config-sticky-cookie) cookie secondary 2-1312
(config-sticky-cookie) replicate sticky 2-1313
(config-sticky-cookie) serverfarm 2-1314
(config-sticky-cookie) static cookie-value 2-1315
(config-sticky-cookie) timeout 2-1316
Sticky HTTP Content Configuration Mode Commands 2-1317
(config-sticky-content) content 2-1318
(config-sticky-content) replicate sticky 2-1320
(config-sticky-content) serverfarm 2-1321
(config-sticky-content) static content 2-1323Contents
xxviii
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
(config-sticky-content) timeout 2-1324
Sticky HTTP Header Configuration Mode Commands 2-1325
(config-sticky-header) header 2-1327
(config-sticky-header) replicate sticky 2-1329
(config-sticky-header) serverfarm 2-1330
(config-sticky-header) static header-value 2-1332
(config-sticky-header) timeout 2-1333
Sticky IP Configuration Mode Commands 2-1334
(config-sticky-ip) replicate sticky 2-1336
(config-sticky-ip) serverfarm 2-1337
(config-sticky-ip) static client source 2-1338
(config-sticky-ip) timeout 2-1341
Sticky Layer 4 Payload Configuration Mode Commands 2-1342
(config-sticky-l4payloa) layer4-payload 2-1344
(config-sticky-l4payloa) replicate sticky 2-1346
(config-sticky-l4payloa) response sticky 2-1347
(config-sticky-l4payloa) serverfarm 2-1348
(config-sticky-l4payloa) static layer4-payload 2-1349
(config-sticky-l4payloa) timeout 2-1350
Sticky RADIUS Configuration Mode Commands 2-1351
(config-sticky-radius) replicate sticky 2-1353
(config-sticky-radius) serverfarm 2-1354
(config-sticky-radius) timeout 2-1355
Sticky RTSP Header Configuration Mode Commands 2-1356
(config-sticky-header) header 2-1358
(config-sticky-header) replicate sticky 2-1360
(config-sticky-header) serverfarm 2-1361
(config-sticky-header) static header-value 2-1362
(config-sticky-header) timeout 2-1363
Sticky SIP Header Configuration Mode Commands 2-1364
(config-sticky-header) replicate sticky 2-1366
(config-sticky-header) serverfarm 2-1367
(config-sticky-header) static header-value 2-1368
(config-sticky-header) timeout 2-1369
TACACS+ Configuration Mode Commands 2-1371
(config-tacacs+) deadtime 2-1372
(config-tacacs+) server 2-1374
VM Configuration Mode Commands 2-1376
(config-vm) credentials 2-1377Contents
xxix
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
(config-vm) url 2-1378
C L I C O M M A N D
SU M M A R Y B Y
MO D EContents
xxx
Command Reference, Cisco ACE Application Control Engine
OL-25339-01xxxi
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Preface
This guide provides the command-line interface (CLI) information of the following products:
• Cisco ACE Application Control Engine Module (ACE module) in the Catalyst 6500 series switch or
Cisco 7600 series router, hereinafter referred to as the switch or router, respectively
• Cisco ACE 4700 Series Application Control Engine Appliance (ACE appliance)
The information in this guide applies to both the ACE module and the ACE appliance unless otherwise
noted. This information includes the following:
• How to use the CLI.
• The CLI commands, including syntax, options, and related commands.
This preface contains the following major sections:
• Audience
• How to Use This Guide
• Related Documentation
• Symbols and Conventions
• Obtaining Documentation, Obtaining Support, and Security Guidelines
Audience
This guide is intended for the following trained and qualified service personnel who are responsible for
configuring the ACE:
• Web master
• System administrator
• System operatorxxxii
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Preface
How to Use This Guide
This guide is organized alphabetically by command mode, as follows:
Related Documentation
In addition to this document, the ACE documentation set includes the following:
Chapter Description
Chapter 1, Using the
Command-Line
Interface
Describes how to use the command-line interface (CLI) on the ACE.
Chapter 1, CLI
Commands
Provides detailed information for the following types of CLI commands for
the ACE:
• Commands that you can enter after you log in to the ACE.
• Configuration mode commands that allow you to access global
configuration mode and its subset of modes after you log in to the ACE.
Document Title Description
Administration Guide, Cisco ACE
Application Control Engine
Describes how to perform the following administration tasks on
the ACE:
• Setting up the ACE
• Establishing remote access
• Managing software licenses
• Configuring class maps and policy maps
• Managing the ACE software
• Configuring SNMP
• Configuring redundancy
• Configuring the XML interface
• Upgrading the ACE software
Application Acceleration and
Optimization Guide, Cisco ACE
4700 Series Application Control
Engine Appliance
(ACE appliance only) Describes how to configure the web
optimization features of the ACE appliance. This guide also
provides an overview and description of those features.
Cisco Application Control Engine
(ACE) Configuration Examples Wiki
Provides examples of common configurations for load
balancing, security, SSL, routing and bridging, virtualization,
and so on.
Cisco Application Control Engine
(ACE) Troubleshooting Wiki
Describes the procedures and methodology in wiki format to
troubleshoot the most common problems that you may
encounter during the operation of your ACE.
Command Reference, Cisco ACE
Application Control Engine
Provides an alphabetical list and descriptions of all CLI
commands by mode, including syntax, options, and related
commands.xxxiii
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Preface
CSM-to-ACE Conversion Tool
Guide, Cisco ACE Application
Control Engine Module
(ACE module only) Describes how to use the CSM-to-ACE
module conversion tool to migrate Cisco Content Switching
Module (CSM) running- or startup-configuration files to the
ACE.
CSS-to-ACE Conversion Tool Guide,
Cisco ACE Application Control
Engine
Describes how to use the CSS-to-ACE conversion tool to
migrate Cisco Content Services Switches (CSS)
running-configuration or startup-configuration files to the ACE.
Device Manager Guide, Cisco ACE
4700 Series Application Control
Engine Appliance
(ACE appliance only) Describes how to use the Device Manager
GUI, which resides in flash memory on the ACE appliance, to
provide a browser-based interface for configuring and managing
the appliance.
Getting Started Guide, Cisco ACE
Application Control Engine Module
(ACE module only) Describes how to perform the initial setup
and configuration tasks for the ACE module.
Getting Started Guide, Cisco ACE
4700 Series Application Control
Engine Appliance
(ACE appliance only) Describes how to use the ACE appliance
Device Manager GUI and CLI to perform the initial setup and
configuration tasks.
Hardware Installation Guide, Cisco
ACE 4710 Application Control
Engine Appliance
(ACE appliance only) Provides information for installing the
ACE appliance.
Installation Note, Cisco ACE
Application Control Engine ACE30
Module
(ACE module only) Provides information for installing the ACE
module into the Catalyst 6500 series switch or a
Cisco 7600 series router.
Regulatory Compliance and Safety
Information, Cisco ACE 4710
Application Control Engine
Appliance
(ACE appliance only) Regulatory compliance and safety
information for the ACE appliance.
Release Note, Cisco ACE 4700
Series Application Control Engine
Appliance
(ACE appliance only) Provides information about operating
considerations, caveats, and command-line interface (CLI)
commands for the ACE appliance.
Release Note, Cisco ACE
Application Control Engine Module
(ACE module only) Provides information about operating
considerations, caveats, and command-line interface (CLI)
commands for the ACE module.
Routing and Bridging Guide, Cisco
ACE Application Control Engine
Describes how to perform the following routing and bridging
tasks on the ACE:
• (ACE appliance only) Ethernet ports
• VLAN interfaces
• IPv6, including transitioning IPv4 networks to IPv6, IPv6
header format, IPv6 addressing, and suported protocols.
• Routing
• Bridging
• Dynamic Host Configuration Protocol (DHCP)
Document Title Descriptionxxxiv
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Preface
Security Guide, Cisco ACE
Application Control Engine
Describes how to perform the following ACE security
configuration tasks:
• Security access control lists (ACLs)
• User authentication and accounting using a Terminal Access
Controller Access Control System Plus (TACACS+),
Remote Authentication Dial-In User Service (RADIUS), or
Lightweight Directory Access Protocol (LDAP) server
• Application protocol and HTTP deep packet inspection
• TCP/IP normalization and termination parameters
• Network Translation (NAT)
Server Load-Balancing Guide,
Cisco ACE Application Control
Engine
Describes how to configure the following server load-balancing
features on the ACE:
• Real servers and server farms
• Class maps and policy maps to load balance traffic to real
servers in server farms
• Server health monitoring (probes)
• Stickiness
• Dynamic workload scaling (DWS)
• Firewall load balancing
• TCL scripts
SSL Guide, Cisco ACE Application
Control Engine
Describes how to configure the following Secure Sockets Layer
(SSL) features on the ACE:
• SSL certificates and keys
• SSL initiation
• SSL termination
• End-to-end SSL
System Message Guide, Cisco ACE
Application Control Engine
Describes how to configure system message logging on the ACE.
This guide also lists and describes the system log (syslog)
messages generated by the ACE.
Upgrade/Downgrade Guide, Cisco
ACE 4700 Series Application
Control Engine Appliance
(ACE appliance only) Describes how to perform an ACE
appliance software upgrade or downgrade.
User Guide, Cisco Application
Networking Manager
Describes how to use Cisco Application Networking Manager
(ANM), a networking management application for monitoring
and configuring network devices, including the ACE.
Virtualization Guide, Cisco ACE
Application Control Engine
Describes how to operate your ACE in a single context or in
multiple contexts.
Document Title Descriptionxxxv
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Preface
Symbols and Conventions
This publication uses the following conventions:
Notes use the following conventions:
Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the
publication.
Cautions use the following conventions:
Caution Means reader be careful. In this situation, you might do something that could result in equipment
damage or loss of data.
For additional information about CLI syntax formatting, see Chapter 1, Using the Command-Line
Interface.
Convention Description
boldface font Commands, command options, and keywords are in boldface. Bold text also indicates
a command in a paragraph.
italic font Arguments for which you supply values are in italics. Italic text also indicates the first
occurrence of a new term, book title, emphasized text.
{ } Encloses required arguments and keywords.
[ ] Encloses optional arguments and keywords.
{ x | y | z } Required alternative keywords are grouped in braces and separated by vertical bars.
[ x | y | z ] Optional alternative keywords are grouped in brackets and separated by vertical bars.
string A nonquoted set of characters. Do not use quotation marks around the string or the
string will include the quotation marks.
screen font Terminal sessions and information the system displays are in screen font.
boldface
screen font
Information you must enter in a command line is in boldface screen font.
italic screen
font
Arguments for which you supply values are in italic screen font.
^ The symbol ^ represents the key labeled Control—for example, the key combination
^D in a screen display means hold down the Control key while you press the D key.
< > Nonprinting characters, such as passwords are in angle brackets.xxxvi
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Preface
Obtaining Documentation, Obtaining Support, and Security
Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback,
security guidelines, and also recommended aliases and general Cisco documents, see the monthly
What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical
documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.htmlC H A P T E R
1-1
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
1
CLI Commands
This chapter provides detailed information for the following types of CLI commands for the ACE:
• Commands that you can enter after you log in to the ACE.
• Configuration mode commands that allow you to access configuration mode and its subset of modes
after you log in to the ACE.
The description of each command includes the following:
• The syntax of the command
• Any related commands, when appropriate1-2
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Exec Mode Commands
You can access Exec mode commands immediately after you log in to an ACE. Many of these commands
are followed by keywords that make them distinct commands (for example, show aaa, show access-list,
show accounting, and so on). To increase readability of command syntax, these commands are presented
separately in this command reference.
You can also execute Exec mode commands from any of the configuration modes using the do command.
For example, to display the ACE running configuration from the Exec mode, use the show
running-config command. To execute the same command from the configuration mode, use the do show
running-config command.1-3
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
backup
To backup the configuration files and dependent files in a context or in all contexts, use the backup
command.
backup [all] [pass-phrase text_string] [exclude component]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The backup command has the following configuration guidelines and limitations:
• Use the Admin context for an ACE-wide backup and the corresponding context for a user context
backup.
• When you back up the running-configuration file, the ACE uses the output of the show
running-configuration command as the basis for the archive file.
• The ACE backs up only exportable certificates and keys.
• License files are backed up only when you back up the Admin context.
all (Optional) Specifies that the ACE should back up the configuration files and
dependencies in all contexts. You can specify this keyword only in the Admin
context.
exclude
component
(Optional) Specifies the components that you do not wish to back up.You can enter
any of the following components in any order separated by a comma if you enter
more than one:
• checkpoints—Excludes all checkpoints
• ssl-files—Excludes SSL certificate files and key files
pass-phrase
text_string
(Optional) Passphrase that you specify to encrypt the backed up SSL keys. Enter the
passphrase as an unquoted text string with no spaces and a maximum of 40
alphanumeric characters. You must enter the pass-phrase keyword before the
exclude keyword. If you enter a passphrase and then exclude the SSL files from the
archive, the ACE does not use the passphrase.
ACE Module Release Modification
A2(3.0) This command was introduced.
ACE Appliance Release Modification
A4(1.0) This command was introduced.1-4
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
• Use a passphrase to back up SSL keys in encrypted form. Remember the passphrase or write it down
and store it in a safe location. When you restore the encrypted keys, you must enter the passphrase
to decrypt the keys. If you use a passphrase when you back up the SSL keys, the ACE encrypts the
keys with AES-256 encryption using OpenSSL software.
• If you imported SSL certificates or keys with a crypto passphrase, you must use the pass-phrase
option to encrypt the crypto passphrase when you back up these files.
• Only probe scripts that reside in disk0: need to be backed up. The prepackaged probe scripts in the
probe: directory are always available. When you perform a backup, the ACE automatically identifies
and backs up the scripts in disk0: that are required by the configuration.
• The ACE does not resolve any other dependencies required by the configuration during a backup
except for scripts that reside in disk0:. For example, if you configured SSL certificates in an SSL
proxy in the running-configuration file, but you later deleted the certificates, the backup proceeds
as if the certificates still existed.
• To perform a backup or a restore operation, you must have the admin RBAC feature in your user role.
Examples To back up all contexts in the ACE, enter:
host1/Admin# backup all pass-phrase MY_PASS_PHRASE
Related Commands restore
show backup1-5
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
capture
To enable the context packet capture function for packet sniffing and network fault isolation, use the
capture command. As part of the packet capture process, you specify whether to capture packets from
all interfaces or an individual VLAN interface.
capture buffer_name {{all | {interface vlan number}} access-list name [bufsize buf_size
[circular-buffer]]} | remove | start | stop
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
buffer_name Name of the packet capture buffer. The buffer_name argument associates the packet
capture with a name. Specify an unquoted text string with no spaces from 1 to 80
alphanumeric characters.
all Specifies that packets from all input interfaces are captured.
interface Specifies a particular input interface from which to capture packets.
vlan number Specifies the VLAN identifier associated with the interface.
access-list name Selects packets to capture based on a specific access list. A packet must pass the
access list filters before the packet is stored in the capture buffer. Specify a
previously created access list identifier. Enter an unquoted text string with a
maximum of 64 characters.
Note Ensure that the access list is for an input interface; input is considered with
regards to the direction of the session that you wish to capture. If you
configure the packet capture on the output interface, the ACE will fail to
match any packets.
bufsize buf_size (Optional) Specifies the buffer size, in kilobytes (KB), used to store the packet
capture. The range is from 1 to 5000 KB.
circular-buffer (Optional) Enables the packet capture buffer to overwrite itself, starting from the
beginning, when the buffer is full.
remove Clears the packet capture configuration.
start Starts the packet capture function and displays the messages on the session console
as the ACE receives the packets. The CLI prompt returns and you can type other
commands at the same time that the ACE is capturing packets. To stop the capture
process, use the stop option. The packet capture function automatically stops when
the buffer is full unless you enable the circular buffer function.
stop Stops the packet capture process after a brief delay.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
3.0(0)A1(5) The buffer size was limited to 5000 KB.
A2(1.0) The stop option was introduced.1-6
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The packet capture function enables access control lists (ACLs) to control which packets are captured
by the ACE on the input interface. If the ACLs are selecting an excessive amount of traffic for the packet
capture operation, the ACE will see a heavy load, which can cause a degradation in performance. We
recommend that you avoid using the packet capture function when high network performance is critical.
To capture packets for both IPv6 and IPv4 in the same buffer, configure the capture command twice:
once with an IPv6 ACL and once with an IPv4 ACL.
Under high traffic conditions, you may observe up to 64 packets printing on the console after you enter
the stop keyword. These additional messages can occur because the packets were in transit or buffered
before you entered the stop keyword.
The capture packet function works on an individual context basis. The ACE traces only the packets that
belong to the context where you execute the capture command. You can use the context ID, which is
passed with the packet, to isolate packets that belong to a specific context. To trace the packets for a
single specific context, use the changeto command and enter the capture command for the new context.
The ACE does not automatically save the packet capture in a configuration file. To copy the capture
buffer information as a file in flash memory, use the copy capture command.
Examples To start the packet capture function for CAPTURE1, enter:
host1/Admin# capture CAPTURE1 interface vlan50 access-list ACL1
host1/Admin# capture CAPTURE1 start
To stop the packet capture function for CAPTURE1, enter:
host1/Admin# capture CAPTURE1 stop
Related Commands clear icmp statistics
copy capture
show capture
changeto
To move from one context on the ACE to another context, use the changeto command.
changeto context_name
Syntax Description
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(1.0) The stop option was introduced.
context_name Name of an existing context. This argument is case sensitive.1-7
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the changeto feature in your user role, and as found in all of the predefined user
roles. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide,
Cisco ACE Application Control Engine.
Only users authorized in the admin context or configured with the changeto feature can use the changeto
command to navigate between the various contexts. Context administrators without the changeto feature,
who have access to multiple contexts, must explicitly log in to the other contexts to which they have
access.
The command prompt indicates the context that you are currently in (see the following example).
The predefined user role that is enforced after you enter the changeto command is that of the Admin
context and not that of the non-Admin context.
You cannot add, modify, or delete objects in a custom domain after you change to a non-Admin context.
• If you originally had access to the default-domain in the Admin context prior to moving to a
non-Admin context, the ACE allows you to configure any object in the non-Admin context.
• If you originally had access to a custom domain in the Admin context prior to moving to a
non-Admin context, any created objects in the non-Admin context will be added to the
default-domain. However, an error message will appear when you attempt to modify existing objects
in the non-Admin context.
User-defined roles configured with the changeto feature retain their privileges when accessing different
contexts.
Examples To change from the Admin context to the context CTX1, enter:
host1/Admin# changeto CTX1
host1/CTX1#
Related Commands exit
show context
(config) context
(config-role) rule
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(1.3) You can apply the changeto feature to a rule for a user-defined role.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(2.2) You can apply the changeto feature to a rule for a user-defined role.1-8
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
checkpoint
To create or modify a checkpoint (snapshot) of the running configuration, use the checkpoint command.
checkpoint {create | delete | rollback} name
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the Admin role. For details about role-based access control (RBAC) and user
roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If the running-configuration file has the no ft auto-sync command configured and the checkpoint has
the ft auto-sync command configured, a checkpoint rollback will fail with the following message:
Warning : 'no ft auto-sync' & 'ft auto-sync' conflict detected - Rollback will fail
Failing Scenario - running config has 'no ft auto-sync' / checkpoint has 'ft auto-sync'
Examples To create the checkpoint CP102305, enter:
host1/Admin# checkpoint create CP102305
Related Commands compare
copy checkpoint
show checkpoint
create Creates a new checkpoint with the value of name.
delete Deletes the existing checkpoint with the value of name.
rollback Reverts back to the checkpoint with the value of name.
name Name of a new or existing checkpoint. Enter a text string from 1 to 50 alphanumeric
characters (no spaces).
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-9
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
clear access-list
To clear access control list (ACL) statistics, use the clear access-list command.
clear access-list name
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the access-list feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To clear the access control list ACL1, enter:
host1/Admin# clear access-list ACL1
Related Commands show access-list
(config) access-list ethertype
(config) access-list extended
name Name of an existing ACL.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-10
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
clear accounting log
To clear the accounting log, use the clear accounting log command.
clear accounting log
Syntax Description This command has no keywords or arguments.
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To clear the accounting log, enter:
host1/Admin# clear accounting log
Related Commands show accounting log
(config) aaa accounting default
clear acl-merge statistics
To clear the ACL-merge statistics, use the clear acl-merge statistics command.
clear acl-merge statistics
Syntax Description This command has no keywords or arguments.
Command Modes Exec
Admin and user contexts
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-11
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To clear the ACL-merge statistics, enter:
host1/Admin# clear acl-merge statistics
Related Commands show acl-merge
(config) access-list extended
clear arp
To clear the Address Resolution Protocol (ARP) entries in the ARP table or statistics with ARP
processes, use the clear arp command.
clear arp [no-refresh | {statistics [vlan number] [interface_name]}]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
ACE Module Release Modification
A4(1.0) This command was introduced.
ACE Appliance Release Modification
A3(2.5) This command was introduced.
no-refresh (Optional) Removes the learned ARP entries from the ARP table without
refreshing the ARP entries.
statistics [vlan number] (Optional) Clears ARP statistics counters globally or for the specified VLAN,
vlan number.
[interface_name] (Optional, ACE appliance only) Clears ARP statistics counters globally or for
the specified interface, interface_name.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(1.0) This command was revised with the vlan option.1-12
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If you enter the clear arp command with no option, it clears all learned ARP entries and then refreshes
the ARP entries.
Examples To clear the ARP statistics, enter:
host1/Admin# clear arp statistics
To clear the ARP learned entries and then refresh the ARP entries, enter:
host1/Admin# clear arp
Related Commands show arp
(config) arp
clear buffer stats
To clear the control plane buffer statistics, use the clear buffer stats command.
clear buffer stats
Syntax Description This command has no keywords or arguments.
Command Modes Exec
Admin context only
Command History
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(1.0) This command was revised with the vlan option.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-13
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples To clear the control plane buffer statistics, enter:
host1/Admin# clear buffer stats
Related Commands show buffer
clear capture
To clear an existing capture buffer, use the clear capture command.
clear capture name
Syntax Description
Command Modes Exec
Admin and user context
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Use the dir command to view the capture files that you copied to the disk0: file system using the copy
capture command.
Examples To clear the capture buffer CAPTURE1, enter:
host1/Admin# clear capture CAPTURE1
Related Commands capture
copy capture
name Name of an existing capture buffer.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-14
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
dir
show capture
clear cde
(ACE module only) To clear the classification and distribution engine (CDE) statistics and interrupt
counts, use the clear cde command.
clear cde {interrupt | stats}
Syntax Description
Command Modes Exec
Admin context
Command History
Usage Guidelines This command requires the Admin role. For details about role-based access control (RBAC) and user
roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples To clear the CDE interrupt counts, enter:
host1/Admin# clear cde interrupt
Related Commands show cde
clear cfgmgr internal history
To clear the Configuration Manager internal history, use the clear cfgmgr internal history command.
clear cfgmgr internal history
Syntax Description This command has no keywords or arguments.
interrupt Clears the CDE interrupt counts.
stats Clears the CDE statistics.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.1-15
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples To clear the Configuration Manager internal history, enter:
host1/Admin# clear cfgmgr internal history
Related Commands show cfgmgr
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-16
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
clear conn
To clear a connection that passes through, terminates, or originates with the ACE, use the clear conn
command.
clear conn [all | flow {prot_number | icmp | tcp | udp {source_ip | source_port | dest_ip |
dest_port}} | id number np number | rserver name [port_number] serverfarm sfarm_name]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
all (Optional) Clears all connections that go through the ACE, originate with the ACE,
or terminate with the ACE.
flow (Optional) Clears the connection that matches the specified flow descriptor.
prot_number Protocol number of the flow.
icmp Specifies the flow types using ICMP.
tcp Specifies the flow types using TCP.
udp Specifies the flow types using UDP.
source_ip Source IP address of the flow.
source_port Source port of the flow.
dest_ip Destination IP address of the flow.
dest_port Destination port of the flow.
id number (Optional) Clears the connection with the specified connection ID number as
displayed in the output of the show conn command.
np number Clears all the connections to the specified network processor with the specified
connection ID.
rserver name (Optional) Clears all connections to the specified real server.
port_number (Optional) Port number associated with the specified real server. Enter an integer
from 1 to 65535.
serverfarm
sfarm_name
(Optional) Clears all connections to the specified real server associated with this
server farm.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(1.0) This command was revised.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(1.0) This command was revised.1-17
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Usage Guidelines This command requires the loadbalance, inspect, NAT, connection, or SSL feature in your user role. For
details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE
Application Control Engine.
To clear only the connections that go through the ACE (flows that pass through the ACE between the
originating network host and the terminating network host), use the clear conn command without any
keywords. When you do not include any keywords, the connections that terminate or originate with the
ACE are not cleared.
Examples To clear the connections for the real server RSERVER1, enter:
host1/Admin# clear conn rserver RSERVER1
Related Commands show conn
clear cores
To clear all of the core dumps stored in the core: file system, use the clear cores command.
clear cores
Syntax Description This command has no keywords or arguments.
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command requires the Admin role. For details about role-based access control (RBAC) and user
roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Note The ACE creates a core dump when it experiences a fatal error. Core dump information is for Cisco
Technical Assistance Center (TAC) use only. We recommend that you contact TAC for assistance in
interpreting the information in the core dump.
To view the list of core files in the core: file system, use the dir core: command.
To save a copy of a core dump to a remote server before clearing it, use the copy capture command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-18
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
To delete a specific core dump file from the core: file system, use the delete core: command.
Examples To clear all core dumps, enter:
host1/Admin# clear cores
Related Commands copy capture
delete
dir1-19
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
clear crypto session-cache
To clear the session cache information in the context, use the clear crypto session-cache command.
clear crypto session-cache [all]
Syntax Description
Command Modes Exec
Admin and user context. The all option is available in the Admin context only.
Command History
Usage Guidelines This command has no usage guidelines.
Examples To clear the session cache information in the context, enter:
host1/Admin# clear crypto session-cache
Related Commands This command has no related commands.
all (Optional) Clears the session cache information for all contexts. This option
is available in the Admin context only.
ACE Module Release Modification
A2(1.0) This command was introduced.
ACE Appliance Release Modification
A3(1.0) This command was introduced.1-20
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
clear dc
(ACE module only) To clear the daughter card interrupt and register statistics on the ACE module, use
the clear dc command.
clear dc dc_number {controller {interrupts | stats} | interrupt}
Syntax Description
Command Modes Exec
Admin context only.
Command History
Usage Guidelines This command requires the Admin user role in the Admin context. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To clear the daughter card 1 controller interrupt statistics, enter:
host1/Admin# clear dc 1 controller interrupts
Related Commands set dc
show dc
clear debug-logfile
To remove a debug log file, use the clear debug-logfile command.
clear debug-logfile filename
Syntax Description
Command Modes Exec
Admin and user contexts
dc_number Number of the daughter card (1 or 2).
controller Specifies the daughter card controller.
interrupts Clears the specified daughter card controller interrupt statistics.
stats Clears the specified daughter card cumulative controller statistics.
interrupt Clears the specified daughter card interrupt count.
ACE Module Release Modification
A4(1.0) This command was introduced.
filename Name of an existing debug log file.1-21
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The ACE debug commands are intended for use by trained Cisco personnel only. Entering these
commands may cause unexpected results. Do not attempt to use these commands without guidance from
Cisco support personnel.
Examples To clear the debug log file DEBUG1, enter:
host1/Admin# clear debug-logfile DEBUG1
Related Commands debug
show debug
clear fifo stats
To clear the control plane packet first in, first out (FIFO) statistics, use the clear fifo stats command.
clear fifo stats
Syntax Description This command has no keywords or arguments.
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-22
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples To clear the control plane FIFO statistics, enter:
host1/Admin# clear fifo stats
Related Commands show fifo1-23
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
clear ft
To clear the various fault-tolerant (FT) statistics, use the clear ft command.
clear ft {all | ha-stats | hb-stats | history {cfg_cntlr | ha_dp_mgr | ha_mgr} | track-stats [all]}
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the fault-tolerant feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To clear all fault-tolerant statistics, enter:
host1/Admin# clear ft all
Related Commands show ft
all Clears all redundancy statistics, including all TL, heartbeat, and tracking counters.
ha-stats Clears all transport layer-related counters that the ACE displays as part of the show
ft peer detail command output.
hb-stats Clears all heartbeat-related statistics. When you enter this command for the first
time, the ACE sets the heartbeat statistics counters to zero and stores a copy of the
latest statistics locally. From that point on, when you enter the show ft hb-stats
command, the ACE displays the difference between the statistics that are stored
locally and the current statistics.
history Clears the redundancy history statistics.
track-stats Clears tracking-related statistics for the Admin FT group only, a user context FT
group only, or for all FT groups that are configured in the ACE.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(1.0) This command was extensively revised. This version of software
introduced the all, ha-stats, hb-stats, history, and track-stats
keywords, and removed the original stats keyword.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(1.0) This command was extensively revised. This version of software
introduced the all, ha-stats, hb-stats, history, and track-stats
keywords, and removed the original stats keyword.1-24
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
(config) ft auto-sync
(config) ft group
(config) ft interface vlan
(config) ft peer
(config) ft track host
(ACE module only) (config) ft track hsrp
(config) ft track interface
clear icmp statistics
To clear the Internet Control Message Protocol (ICMP) statistics, use the clear icmp statistics
command.
clear icmp statistics
Syntax Description This command has no keywords or arguments.
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To clear the ICMP statistics, enter:
host1/Admin# clear icmp statistics
Related Commands show icmp statistics
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-25
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
clear interface
To clear the interface statistics, use the clear interface command.
clear interface [bvi number | vlan number | gigabitEthernet slot_number/port_number]
Syntax Description
Command Modes Exec
BVI and VLAN—Admin and user contexts
(ACE appliance only) Ethernet data port—Admin context only
Command History
Usage Guidelines This command requires the interface feature in your user role. In addition, the Ethernet data port
interface command requires the Admin user role. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To clear all of the interface statistics, enter the clear interface command without using the optional
VLAN and BVI keywords.
Examples ACE Module Example
To clear all of the interface statistics for VLAN 212, enter:
host1/Admin# clear interface vlan 212
bvi number (Optional) Clears the statistics for the specified Bridge Group Virtual Interface
(BVI).
vlan number (Optional) Clears the statistics for the specified VLAN.
gigabitEthernet
slot_number/
port_number
(Optional, ACE appliance only) Clears the statistics for the specified Gigabit
Ethernet slot and port.
• The slot_number represents the physical slot on the ACE containing the
Ethernet ports. This selection is always 1.
• The port_number represents the physical Ethernet port on the ACE. Valid
selections are 1 through 4.
This keyword is available in the Admin context only.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-26
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
ACE Appliance Example
To clear the statistics for Ethernet port 3, enter:
host1/Admin# clear interface gigabitEthernet 1/3
Related Commands show interface
(config) interface
clear ip
To clear the IP and Dynamic Host Configuration Protocol (DHCP) relay statistics, use the clear ip
command.
clear ip [dhcp relay statistics | statistics]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the DHCP feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To clear the IP and DHCP relay statistics, execute the clear ip command without using the optional
keywords.
Examples To clear all of the IP normalization, fragmentation, and reassembly statistics, enter:
host1/Admin# clear ip statistics
Related Commands show ip
dhcp relay statistics (Optional) Clears all of the DHCP relay statistics.
statistics (Optional) Clears all of the statistics associated with IP normalization,
fragmentation, and reassembly.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-27
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
clear ipv6
To clear the Dynamic Host Configuration Protocol (DHCP) relay and neighbor discovery statistics, use
the clear ipv6 command.
clear ipv6 {dhcp relay statistics | {neighbors [no-refresh | vlan vlan_id ipv6_address
[no-refresh] | ipv6_address [no-refresh]]}}
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the DHCP feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To clear all the DHCPv6 statistics, enter:
host1/Admin# clear ipv6 dhcp relay statistics
Related Commands show ipv6
clear line
To close a specified virtual terminal (VTY) session, use the clear line command.
clear line vty_name
dhcp relay statistics Clears all the DHCPv6 relay statistics.
neighbors Clears all the statistics associated with neighbor discovery.
no-refresh (Optional) The ACE deletes the neighbor information from the cache and
does not perform a refresh
vlan vlan_id (Optional) Deletes the neighbor information associated with the specified
VLAN interface
ipv6_address (Optional) Deletes the neighbor information associated with the specified
IPv6 address.
ACE Module/Appliance Release Modification
A5(1.0) This command was introduced.1-28
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To terminate the VTY session VTY1, enter:
host1/Admin# clear line VTY1
Related Commands (ACE module only) (config) line console
(config) line vty
vty_name Name of a VTY session. Enter an unquoted text string with no spaces and a
maximum of 64 alphanumeric characters.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-29
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
clear logging
To clear information stored in the logging buffer, use the clear logging command.
clear logging [disabled | rate-limit]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To clear all of the information stored in the logging buffer, enter the clear logging command without
using either of the optional keywords.
Examples To clear all of the information stored in the logging buffer, enter:
host1/Admin# clear logging
Related Commands show logging
(config) logging buffered
clear netio stats
To clear the control plane network I/O statistics, use the clear netio stats command.
clear netio stats
Syntax Description This command has no keywords or arguments.
disabled (Optional) Clears the logging buffer of “disabled” messages.
rate-limit (Optional) Clears the logging buffer of “rate-limit configuration” messages.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-30
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples To clear the control plane network I/O statistics, enter:
host1/Admin# clear netio stats
Related Commands show netio
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-31
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
clear np
To clear the network processor interrupt error statistics that appear when you enter the show np number
interrupts command, use the clear np command.
clear np number interrupts
Syntax Description
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To clear the network processor interrupt error statistics, enter:
host1/Admin# clear np 1 interrupts
Related Commands show np
number Specifies the number of the network processor whose interrupt statistics you
want to clear. Enter an integer from 1 to 4.
interrupts Clears the interrupt statistics. of the network processor that you specify.
Release Modification
A4(1.0) This command was introduced.1-32
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
clear ntp statistics
(ACE appliance only) To clear the NTP statistics that display when you enter the show ntp command,
use the clear ntp command.
clear ntp statistics {all-peers | io | local | memory}
Syntax Description
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To clear the NTP memory statistics, enter:
host1/Admin# clear ntp statistics memory
Related Commands (config) ntp
clear probe
To clear the probe statistics displayed through the show probe command, use the clear probe command.
clear probe name
Syntax Description
Command Modes Exec
Admin and user contexts
all-peers Clears all peer statistics.
io Clears the I/O statistics.
local Clears the local statistics.
memory Clears the memory statistics.
ACE Appliance Release Modification
A1(7) This command was introduced.
name Name of an existing probe.1-33
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command History
Usage Guidelines This command requires the probe feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To clear all the statistics for the probe HTTP1, enter:
host1/Admin# clear probe HTTP1
Related Commands show probe
(config) probe
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-34
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
clear processes log
To clear the statistics for the processes log, use the clear processes log command.
clear processes log {all | pid id}
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To display the list of process identifiers assigned to each of the processes running on the ACE, use the show
processes command.
Examples To clear all the statistics for the processes log, enter:
host1/Admin# clear processes log all
Related Commands show processes
clear rserver
To clear the real server statistics of all instances of a particular real server regardless of the server farms
that it is associated with, use the clear rserver command.
clear rserver name
Syntax Description
all Clears all statistics for the processes logs.
pid id Specifies the processes log to clear.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.
name Name of the real server.1-35
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the rserver feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If you have redundancy configured, then you need to explicitly clear real-server statistics on both the
active and the standby ACEs. Clearing statistics on the active ACE only will leave the standby ACE’s
statistics at the old values.
Examples To clear the statistics for the real server RS1, enter:
host1/Admin# clear rserver RS1
Related Commands show rserver
(config) rserver
clear rtcache
To clear the route cache, use the clear rtcache command.
clear rtcache
Syntax Description This command has no keywords or arguments.
Command Modes Exec
Admin and user contexts
Command History
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.1-36
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To clear the route cache, enter:
host1/Admin# clear rtcache
Related Commands This command has no related commands.
ACE Appliance Release Modification
A1(7) This command was introduced.1-37
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
clear screen
To clear the display screen, use the clear screen command.
clear screen
Syntax Description This command has no keywords or arguments.
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To clear the display screen, enter:
host1/Admin# clear screen
Related Commands This command has no related commands.
clear serverfarm
To clear the statistics for all real servers in a specific server farm, use the clear serverfarm command.
clear serverfarm name [inband | predictor | retcode]
Syntax Description
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.
name Name of an existing server farm.
inband (Optional) Resets the inband health monitoring Total failure counters for
the specified server farm, as displayed by the show serverfarm name
inband command. 1-38
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the serverfarm feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To clear the statistics for the server farm SFARM1, enter:
host1/Admin# clear serverfarm SFARM1
Related Commands show serverfarm
(config) serverfarm
clear service-policy
To clear the service policy statistics, use the clear service-policy command.
clear service-policy policy_name
Syntax Description
predictor (Optional) Resets the average bandwidth field for each real server in the
specified server farm, as displayed by the show serverfarm name detail
command.
retcode (Optional) Clears the return-code statistics for the server farm.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(1.0) This command was revised.
A2(1.3) The predictor option was added.
A4(1.0) The inband option was added.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(1.0) This command was revised. The predictor option was added.
A4(1.0) The inband option was added.
policy_name Name of an existing policy map that is currently in service (applied to an
interface).1-39
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To clear the statistics for the service policy HTTP1, enter:
host1/Admin# clear service-policy HTTP1
Related Commands show service-policy
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-40
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
clear ssh
To clear a Secure Shell (SSH) session or clear the public keys of all SSH hosts, use the clear ssh
command.
clear ssh {session_id | hosts}
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To obtain the specific SSH session ID value, use the show ssh session-info command.
Examples To clear the SSH session with the identifier 345, enter:
host1/Admin# clear ssh 345
Related Commands clear telnet
show ssh
(config) ssh key
(config) ssh maxsessions
session_id Identifier of the SSH session to clear, terminating the session.
hosts Clears the public keys of all trusted SSH hosts. This keyword is available to
all users in all contexts.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-41
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
clear startup-config
To clear the startup configuration of the current context, use the clear startup-config command.
clear startup-config
Syntax Description This command has no keywords or arguments.
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Clearing the startup configuration does not affect the context running-configuration.
The clear startup-config command does not remove license files or crypto files (certs and keys) from
the ACE. To remove license files, see the license uninstall command. To remove crypto files, see the
crypto delete command.
To clear the startup configuration, you can also use the write erase command.
Before you clear a startup configuration, we recommend that you back up your current startup
configuration to a file on a remote server using the copy startup-config command. Once you clear the
startup configuration, you can perform one of the following processes to recover a copy of an existing
configuration:
• Use the copy running-config startup-config command to copy the contents of the running
configuration to the startup configuration.
• Upload a backup of a previously saved startup-configuration file from a remote server using the
copy startup-config command.
Examples To clear the startup configuration, enter:
host1/Admin# clear startup-config
Related Commands copy capture
show startup-config
write
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-42
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
clear stats
To clear the statistical information stored in the ACE buffer, use the clear stats command.
clear stats {all | connection | {crypto [client | server [alert | authentication | cipher |
termination]]} | http | inspect | kalap | loadbalance [radius | rdp | rtsp | sip] | optimization
| probe | resource-usage | sticky}
Syntax Description
Command Modes Exec
Admin and user contexts
all Clears all statistical information in a context. The all keyword also clears the
resource usage counters.
connection Clears connection statistical information.
crypto Clears TLS and SSL statistics from the context. If you do not enter the client or
server option, the ACE clears both the client and server statistics.
client (Optional) Clears the complete TLS and SSL client statistics for the current context.
server (Optional) Clears the complete TLS and SSL server statistics for the current context.
alert (Optional) Clears the back-end SSL alert statistics.
authentication (Optional) Clears the back-end SSL authentication statistics.
cipher (Optional) Clears the back-end SSL cipher statistics.
termination (Optional) Clears the back-end SSL termination statistics.
http Clears HTTP statistical information.
inspect Clears HTTP inspect statistical information.
kalap Clears the global server load-balancing (GSLB) statistics.
loadbalance Clears load-balancing statistical information.
radius (Optional) Clears Remote Authentication Dial-In User Service (RADIUS)
load-balancing statistical information.
rdp (Optional) Clears Reliable Datagram Protocol (RDP) load-balancing statistical
information.
rtsp (Optional) Clears Real-Time Streaming Protocol (RTSP) load-balancing statistical
information.
sip (Optional) Clears Session Initiation Protocol (SIP) load-balancing statistical
information.
optimization (ACE appliance only) Clears HTTP optimization statistics
probe Clears probe statistical information.
resource-usage Clears resource usage-related context statistics
sticky Clears sticky statistical information.1-43
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command History
Usage Guidelines This command requires the loadbalance, inspect, NAT, connection, sticky, or SSL feature in your user
role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide,
Cisco ACE Application Control Engine.
If you have redundancy configured, then you need to explicitly clear sticky statistics on both the active
and the standby ACEs. Clearing statistics on the active ACE only will leave the standby ACE’s statistics
at the old values.
Examples To clear sticky statistics, enter:
host1/Admin# clear stats sticky
Related Commands show stats
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A4(1.0) The crypto keyword and client | server [alert | authentication |
cipher | termination] options were added.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(1.0) The resource-usage keyword was added.
A3(2.1) The crypto keyword and client | server [alert | authentication |
cipher | termination] options were added.1-44
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
clear sticky database
To clear dynamic sticky database entries, use the clear sticky database command.
clear sticky database {active-conn-count min value1 max value2 | all | group group_name |
time-to-expire min value3 max value4 | type {hash-key value5 | http-cookie value6 |
ip-netmask {both {source ip_address2 destination ip_address3} | destination ip_address4 |
source ip_address5}}
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
active-conn-cou
nt min value1
max value2
Clears the sticky database entries within the specified connection count range.
all Clears all dynamic sticky database entries in a context.
group name Clears all dynamic sticky database entries for the specified sticky group.
time-to-expire
min value3 max
value4
Clears the sticky database entries within the specified time to expire range.
type {hash-key
value5 |
http-cookie
value6 |
ip-netmask
{both {source
ip_address1
destination
ip_address2} |
destination
ip_address3 |
source
ip_address4}}
Clears sticky database entries for one of the following sticky group types:
– hash-key value
– http-cookie value
– ip-netmask {both {source ip_address2 destination ip_address3} |
destination ip_address4 | source ip_address5}
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-45
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
This command does not clear static sticky database entries. To clear static sticky database entries, use
the no form of the appropriate sticky configuration mode command. For example, enter
(config-sticky-cookie) static cookie-value or (config-sticky-header) static header-value.
Examples To clear all dynamic sticky database entries in the Admin context, enter:
host1/Admin# clear sticky database all
Related Commands show sticky database1-46
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
clear syn-cookie
To clear the SYN cookie statistics, use the clear syn-cookie command. To clear SYN cookie statistics
for all VLANs that are configured in the current context, enter the command with no arguments.
clear syn-cookie [vlan number]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no usage guidelines.
Examples To clear SYN cookie statistics for VLAN 100, enter:
host1/C1# clear syn-cookie vlan 100
Related Commands show syn-cookie
clear tcp statistics
To clear all of the TCP connections and normalization statistics, use the clear tcp statistics command.
clear tcp statistics
Syntax Description This command has no keywords or arguments.
Command Modes Exec
Admin and user contexts
vlan number (Optional) Instructs the ACE to clear SYN cookie statistics for the specified
interface. Enter an integer from 2 to 2024.
ACE Module Release Modification
A2(1.0) This command was introduced.
ACE Appliance Release Modification
A3(1.0) This command was introduced.1-47
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command History
Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To clear the TCP statistics, enter:
host1/Admin# clear tcp statistics
Related Commands show tcp statistics
clear telnet
To clear a Telnet session, use the clear telnet command.
clear telnet session_id
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To obtain the specific Telnet session identification number, use the show telnet command.
Examples To clear the Telnet session with the identification number of 236, enter:
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.
session_id Identifier of the Telnet session to clear, terminating the session.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-48
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
host1/Admin# clear telnet 236
Related Commands clear ssh
show telnet
telnet
clear udp statistics
To clear the User Datagram Protocol (UDP) connection statistics, use the clear udp statistics command.
clear udp statistics
Syntax Description This command has no keywords or arguments.
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To clear the UDP statistics, enter:
host1/Admin# clear udp statistics
Related Commands show udp statistics
clear user
To clear a user session, use the clear user command.
clear user name
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-49
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To display the list of users that are currently logged in to the ACE, use the show users command.
Examples To log out the user USER1, enter:
host1/Admin# clear user USER1
Related Commands show users
(config) username
clear vnet stats
To clear control plane virtual network (VNET) device statistics, use the clear vnet stats command.
clear vnet stats
Syntax Description This command has no keywords or arguments.
Command Modes Exec
Admin context only
Command History
name Name of the user to log out.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.1-50
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples To clear the VNET statistics, enter:
host1/Admin# clear vnet stats
Related Commands show vnet
ACE Appliance Release Modification
A1(7) This command was introduced.1-51
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
clear xlate
To clear the global address to the local address mapping information based on the global address, global
port, local address, local port, interface address as global address, and NAT type, use the clear xlate
command.
clear xlate [{global | local} start_ip [end_ip [netmask netmask]]] [{gport | lport} start_port
[end_port]] [interface vlan number] [state static] [portmap]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the NAT feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
When you enter this command, the ACE releases sessions that are using the translations (Xlates).
If you configure redundancy, then you need to explicitly clear Xlates on both the active and the standby
ACEs. Clearing Xlates on the active ACE does not clear Xlates in the standby ACE.
global (Optional) Clears the active translation by the global IP address.
local (Optional) Clears the active translation by the local IP address.
start_ip Global or local IP address or the first IP address in a range of addresses.
Enter an IP address in dotted-decimal notation (for example, 172.27.16.10).
end_ip (Optional) Last IP address in a global or local range of IP addresses. Enter
an IP address in dotted-decimal notation (for example, 172.27.16.10).
netmask netmask (Optional) Specifies the network mask for global or local IP addresses. Enter
a mask in dotted-decimal notation (for example, 255.255.255.0).
gport (Optional) Clears active translations by the global port.
lport (Optional) Clears active translations by the local port.
start_port Global or local port number.
end_port (Optional) Last port number in a global or local range of ports.
interface vlan number (Optional) Clears active translations by the VLAN number.
state static (Optional) Clears active translations by the state.
portmap (Optional) Clears active translations by the port map.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-52
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Examples To clear all static translations, enter:
host1/Admin# clear xlate state static
Related Commands show xlate1-53
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
clock set
(ACE appliance only) To set the time and the date for an ACE, use the clock set command in Exec mode.
clock set hh:mm:ss DD MONTH YYYY
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
When you enter this command, the ACE displays the current configured date and time.
If you want to use the Network Time Protocol (NTP) to automatically synchronize the ACE system clock
to an authoritative time server (such as a radio clock or an atomic clock), see Chapter 1, Setting Up the
ACE, in the Administration Guide, Cisco ACE Application Control Engine. In this case, the NTP time
server automatically sets the ACE system clock.
hh:mm:ss Current time to which the ACE clock is being reset.
Specify one or two digits for the hour, minutes, and
seconds.
DD MONTH YYYY Current date to which the ACE clock is being reset.
Specify the full name of the month, one or two digits
for the day, and four digits for the year. The following
month names are recognized:
• January
• February
• March
• April
• May
• June
• July
• August
• September
• October
• November
• December
ACE Appliance Release Modification
A1(7) This command was introduced.1-54
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
If you previously configured NTP on an ACE, the ACE prevents you from using the clock set command
and displays an error message. To manually set the ACE system clock, remove the NTP peer and NTP
server from the configuration before setting the clock on an ACE.
Examples For example, to specify a time of 1:38:30 and a date of October 7, 2008, enter:
host1/Admin# clock set 01:38:30 7 Oct 2008
Wed Oct 7 01:38:30 PST 2008
Related Commands show clock
(config) clock timezone
(config) clock summer-time
compare
To compare an existing checkpoint with the running-configuration file, use the compare command.
compare checkpoint_name
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If the checkpoint configuration is the same as the running-config, the output of this command is:
Checkpoint config is same as running config
If the checkpoint configuration is different from the running-config, the output will be the difference
between the two configurations.
Examples To compare the CHECKPOINT_1 checkpoint with the running-config, enter the following command:
host1/Admin# compare CHECKPOINT_1
checkpoint_name Specifies the name of an existing checkpoint. The compare function defaults to
comparing the specified checkpoint with the running-config.
ACE Module/Appliance
Release Modification
A4(1.0) This command was introduced.1-55
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Related Commands checkpoint
copy checkpoint
show checkpoint
configure
To change from the Exec mode to the configuration mode, use the configure command.
configure [terminal]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires one or more features assigned to your user role, such as the AAA, interface, or
fault-tolerant features. For details about role-based access control (RBAC) and user roles, see the
Virtualization Guide, Cisco ACE Application Control Engine.
To return to the Exec mode from the configuration mode, use the exit command.
To execute an Exec mode command from any of the configuration modes, use the do version of the
command.
Examples To change to the configuration mode from the Exec mode, enter:
host1/Admin# configure
host1/Admin(config)#
Related Commands exit
terminal (Optional) Enables you to configure the system from the terminal.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-56
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
copy capture
To copy an existing context packet capture buffer as the source file in the ACE compact flash to another
file system, use the copy capture command.
copy capture capture_name disk0: [path/]destination_name
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the config-copy feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
After you copy a capture file to a remote server, you can use the delete disk0:filename command to
delete the file from the ACE and free memory.
Examples To copy the packet capture buffer to a file in disk0: called MYCAPTURE1, enter:
host1/Admin# copy capture CAPTURE1 disk0:MYCAPTURE1
Related Commands clear capture
show capture
capture_name Name of the packet capture buffer on the disk0: file system. Enter an
unquoted text string with no spaces and a maximum of 64 alphanumeric
characters.
disk0: Specifies that the buffer is copied to the disk0: file system.
[path/]destination_name Destination path (optional) and name for the packet capture buffer. Specify
a text string from 1 to 80 alphanumeric characters. If you do not provide the
optional path, the ACE copies the file to the root directory on the disk0: file
system.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-57
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
copy checkpoint
To copy a checkpoint file to a remote server, use the copy checkpoint command.
copy checkpoint:filename disk0:[path/]filename | image:image_name | startup-config |
{ftp://server/path[/filename] | sftp://[username@]server/path[/filename] |
tftp://server[:port]/path[/filename]}
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the config-copy feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:
• Prompts you for your username and password if the destination file system requires user
authentication.
• Prompts you for the server information if you do not provide the information with the command.
filename Filename of the checkpoint file residing on the ACE in
flash memory.
disk0:[path/]filename Specifies that the file destination is the disk0: directory of
the current context and the filename for the checkpoint. If
you do not provide the optional path, the ACE copies the
file to the root directory on the disk0: file system.
image:image_name Specifies that the file destination is an image in the image:
directory.
startup-config Specifies that the destination file is the
startup-configuration file.
ftp://server/path[/filename] Specifies the File Transfer Protocol (FTP) network server
and optional renamed checkpoint file.
sftp://[username@]server/path[/filename] Specifies the Secure File Transfer Protocol (SFTP)
network server and optional renamed checkpoint file.
tftp://server[:port]/path[/filename] Specifies the Trivial File Transfer Protocol (TFTP)
network server and optional renamed checkpoint file.
ACE Module Release Modification
A2(1.6) This command was introduced.
ACE Appliance Release Modification
A4(1.0) This command was introduced.1-58
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
• Copies the file to the root directory of the destination file system if you do not provide the path
information.
Examples To copy a checkpoint file from the ACE to a remote FTP server, enter:
host1/Admin# copy checkpoint:CHECKPOINT1.txt ftp://192.168.1.2
Enter the destination filename[]? [CHECKPOINT1.txt]
Enter username[]? user1
Enter the file transfer mode[bin/ascii]: [bin]
Password:
Passive mode on.
Hash mark printing on (1024 bytes/hash mark).
Note The bin (binary) file transfer mode is intended for transferring compiled files (executables). The ascii
file transfer mode is intended for transferring text files, such as config files. The default selection of bin
should be sufficient in all cases when copying files to a remote FTP server.
Related Commands checkpoint
compare
show checkpoint1-59
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
copy core:
To copy a core file to a remote server, use the copy core: command.
copy core:filename disk0:[path/]filename | {ftp://server/path[/filename] |
sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Syntax Description
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command requires the config-copy feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To display the list of available core files, use the dir core: command. Copy the complete filename (for
example, 0x401_vsh_log.25256.tar.gz) into the copy core: command.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:
• Prompts you for your username and password if the destination file system requires user
authentication.
• Prompts you for the server information if you do not provide the information with the command.
• Copies the file to the root directory of the destination file system if you do not provide the path
information.
filename1 Filename of the core dump residing on the ACE in flash
memory. Use the dir core: command to view the core
dump files available in the core: file system.
disk0:[path/]filename2 Specifies that the file destination is the disk0: directory of
the current context and the filename for the core. If you do
not provide the optional path, the ACE copies the file to
the root directory on the disk0: file system.
ftp://server/path[/filename] Specifies the File Transfer Protocol (FTP) network server
and optional renamed core dump.
sftp://[username@]server/path[/filename] Specifies the Secure File Transfer Protocol (SFTP)
network server and optional renamed core dump.
tftp://server[:port]/path[/filename] Specifies the Trivial File Transfer Protocol (TFTP)
network server and optional renamed core dump.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-60
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Examples To copy a core file from the ACE to a remote FTP server, enter:
host1/Admin# copy core:np0_crash.txt ftp://192.168.1.2
Enter the destination filename[]? [np0_crash.txt]
Enter username[]? user1
Enter the file transfer mode[bin/ascii]: [bin]
Password:
Passive mode on.
Hash mark printing on (1024 bytes/hash mark).
Note The bin (binary) file transfer mode is intended for transferring compiled files (executables). The ascii
file transfer mode is intended for transferring text files, such as config files. The default selection of bin
should be sufficient in all cases when copying files to a remote FTP server.
Related Commands dir
copy disk0:
To copy a file from one directory in the disk0: file system of flash memory to another directory in disk0: or a
network server, use the copy disk0: command.
copy disk0:[path/]filename1 {disk0:[path/]filename2 | ftp://server/path[/filename] |
image:image_filename | sftp://[username@]server/path[/filename] |
tftp://server[:port]/path[/filename] | running-config | startup-config}
Syntax Description disk0:[path/]filename1 Specifies the name of the file to copy in the disk0: file
system. Use the dir disk0: command to view the files
available in disk0:. If you do not provide the optional path,
the ACE copies the file from the root directory on the
disk0: file system.
disk0:[path/]filename2 Specifies that the file destination is the disk0: directory of
the current context and the filename for the core. If you do
not provide the optional path, the ACE copies the file to
the root directory on the disk0: file system.
ftp://server/path[/filename] Specifies the File Transfer Protocol (FTP) network server
and optional renamed file.
image:image_filename Specifies the image: filesystem and the image filename.
sftp://[username@]server/path[/filename] Specifies the Secure File Transfer Protocol (SFTP)
network server and optional renamed file.
ftp://server[:port]/path[/filename] Specifies the Trivial File Transfer Protocol (TFTP)
network server and optional renamed file.
running-config Specifies to replace the running-configuration file that
currently resides on the ACE in volatile memory.
startup-config Specifies to replace the startup-configuration file that
currently resides on the ACE in flash memory.1-61
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the config-copy feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:
• Prompts you for your username and password if the destination file system requires user
authentication.
• Prompts you for the server information if you do not provide the information with the command.
• Copies the file to the root directory of the destination file system if you do not provide the path
information.
Examples To copy the file called SAMPLEFILE to the MYSTORAGE directory in flash memory, enter:
host1/Admin# copy disk0:samplefile disk0:MYSTORAGE/SAMPLEFILE
Related Commands dir
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-62
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
copy ftp:
To copy a file, software image, running-configuration file, or startup-configuration file from a remote
File Transfer Protocol (FTP) server to a location on the ACE, use the copy ftp: command.
copy ftp://server/path[/filename] {disk0:[path/]filename | image:[image_name] | running-config |
startup-config}
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the config-copy feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To copy a startup-configuration file from a remote FTP server to the ACE, enter:
host1/Admin# copy ftp://192.168.1.2/startup_config_Adminctx startup-config
Related Commands show running-config
show startup-config
ftp://server/path[/filename] Specifies the FTP network server and optional file to copy.
disk0:[path/]filename Specifies that the file destination is the disk0: directory of the current
context and the filename. If you do not provide the optional path, the
ACE copies the file to the root directory on the disk0: file system.
image: [image_name] Specifies to copy a system software image to flash memory. Use the
boot system command in configuration mode to specify the BOOT
environment variable. The BOOT environment variable specifies a list
of image files on various devices from which the ACE can boot at
startup. The image: keyword is available only in the Admin context.
The image_name argument is optional. If you do not enter a name, the
ACE uses the source filename.
running-config Specifies to replace the running-configuration file that currently resides
on the ACE in RAM (volatile memory).
startup-config Specifies to replace the startup-configuration file that currently resides
on the ACE in flash memory (nonvolatile memory).
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-63
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
copy image:
To copy an ACE software system image from flash memory to a remote server using File Transfer
Protocol (FTP), Secure File Transfer Protocol (SFTP), or Trivial File Transfer Protocol (TFTP), use the
copy image: command.
copy image:image_filename {ftp://server/path[/filename] |
sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Syntax Description
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command requires the config-copy feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:
• Prompts you for your username and password if the destination file system requires user
authentication.
• Prompts you for the server information if you do not provide the information with the command.
• Copies the file to the root directory of the destination file system if you do not provide the path
information.
Examples ACE Module Example
To save a software system image to a remote FTP server, enter:
host1/Admin# copy image:sb-ace.NOV_11 ftp://192.168.1.2
image_filename Name of the ACE system software image. Use the dir
image: command or the show version command to view
the software system images available in flash memory.
ftp://server/path[/filename] Specifies the FTP network server and optional renamed
image.
sftp://[username@]server/path[/filename] Specifies the SFTP network server and optional renamed
image.
tftp://server[:port]/path[/filename] Specifies the TFTP network server and optional renamed
image.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-64
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
ACE Appliance Example
To save a software system image to a remote FTP server, enter:
host1/Admin# copy image:c4710ace-mz.A3_1_0.bin ftp://192.168.1.2
Related Commands dir
show version1-65
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
copy licenses
To create a backup license file for the ACE licenses in the .tar format and copy it to the disk0: file system,
use the copy licenses command.
copy licenses disk0:[path/]filename.tar
Syntax Description
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command requires the config-copy feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To copy the installed software licenses to the disk0: file system, enter:
host1/Admin# copy licenses disk0:mylicenses.tar
Related Commands show license
untar disk0:
disk0: Specifies that the backup license file is copied to the disk0: file system.
[path/]filename.tar Specifies the destination filename for the backup licenses. The destination
filename must have a .tar file extension. If you do not provide the optional path,
the ACE copies the file to the root directory on the disk0: file system.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-66
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
copy probe:
To copy scripted probe files from the probe: directory to the disk0: file system on the ACE or a remote
server using File Transfer Protocol (FTP), Secure File Transfer Protocol (SFTP), or Trivial File Transfer
Protocol (TFTP), use the copy probe: command.
copy probe:probe_filename {disk0:[path/]filename | ftp://server/path[/filename] |
sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Syntax Description
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command requires the config-copy feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:
• Prompts you for your username and password if the destination file system requires user
authentication.
• Prompts you for the server information if you do not provide the information with the command.
• Copies the file to the root directory of the destination file system if you do not provide the path
information.
Examples To copy a probe file to a remote FTP server, enter:
host1/Admin# copy probe:IMAP_PROBE ftp://192.168.1.2
probe_filename Name of the scripted probe file. Use the dir probe:
command to view the files available in flash memory.
disk0: Specifies that the probe file is copied to the disk0: file
system.
ftp://server/path[/filename] Specifies the FTP network server and optional renamed
image.
sftp://[username@]server/path[/filename] Specifies the SFTP network server and optional renamed
image.
tftp://server[:port]/path[/filename] Specifies the TFTP network server and optional renamed
image.
ACE Module/Appliance
Release Modification
A4(1.0) This command was introduced.1-67
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Related Commands dir1-68
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
copy running-config
To copy the contents of the running configuration file in RAM (volatile memory) to the startup configuration
file in flash memory (nonvolatile memory) or a network server, use the copy running-config command.
copy running-config {disk0:[path/]filename | startup-config | ftp://server/path[/filename] |
sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the config-copy feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:
• Prompts you for your username and password if the destination file system requires user
authentication.
• Prompts you for the server information if you do not provide the information with the command.
• Copies the file to the root directory of the destination file system if you do not provide the path
information.
To copy the running configuration to the startup configuration, you can also use the write memory
command.
disk0:[path/]filename Specifies that the running configuration is copied to a file
on the disk0: file system. If you do not provide the
optional path, the ACE copies the file to the root
directory on the disk0: file system.
startup-config Copies the running configuration file to the startup
configuration file.
ftp://server/path[/filename] Specifies the File Transfer Protocol (FTP) network
server and optional renamed file.
sftp://[username@]server/path[/filename] Specifies the Secure File Transfer Protocol (SFTP)
network server and optional renamed file.
tftp://server[:port]/path[/filename] Specifies the Trivial File Transfer Protocol (TFTP)
network server and optional renamed file.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-69
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Examples To save the running-configuration file to the startup-configuration file in flash memory on the ACE,
enter:
host1/Admin# copy running-config startup-config
Related Commands show running-config
show startup-config
write
copy startup-config
To merge the contents of the startup configuration file into the running configuration file or copy the startup
configuration file to a network server, use the copy startup-config command.
copy startup-config {disk0:[path/]filename | running-config | ftp://server/path[/filename] |
sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the config-copy feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
disk0:[path/]filename Specifies that the startup configuration is copied to a file
on the disk0: file system. If you do not provide the
optional path, the ACE copies the file to the root directory
on the disk0: file system.
running-config Merges contents of the startup configuration file into the
running configuration file.
ftp://server/pat[/filename] Specifies the File Transfer Protocol (FTP) network server
and optional renamed file.
sftp://[username@]server/path[/filename] Specifies the Secure File Transfer Protocol (SFTP)
network server and optional renamed file.
tftp://server[:port]/path[/filename] Specifies the Trivial File Transfer Protocol (TFTP)
network server and optional renamed file.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-70
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
When you select a destination file system using ftp:, sftp:, or tftp:, the ACE does the following:
• Prompts you for your username and password if the destination file system requires user
authentication.
• Prompts you for the server information if you do not provide the information with the command.
• Copies the file to the root directory of the destination file system if you do not provide the path
information.
Examples To merge the contents of the startup-configuration file into the running-configuration file in flash
memory, enter:
host1/Admin# copy startup-config running-config
Related Commands show startup-config
copy sftp:
To copy a file, software image, running-configuration file, or startup-configuration file from a remote
Secure File Transfer Protocol (SFTP) server to a location on the ACE, use the copy sftp: command.
copy sftp://[username@]server/path[/filename] {disk0:[path/]filename| image:[image_name] |
running-config | startup-config}
Syntax Description
Command Modes Exec
sftp://[username@]server/path[/filename] Specifies the SFTP network server and optional renamed
file.
disk0:[path/]filename Specifies that the file destination is the disk0: directory of
the current context and the filename. If you do not provide
the optional path, the ACE copies the file to the root
directory on the disk0: file system.
image: [image_name] Specifies to copy a system software image to flash
memory. Use the boot system command in configuration
mode to specify the BOOT environment variable. The
BOOT environment variable specifies a list of image files
on various devices from which the ACE can boot at
startup. The image: keyword is available only in the
Admin context. The image_name argument is optional. If
you do not enter a name, the ACE uses the source
filename.
running-config Specifies to replace the running-configuration file that
currently resides on the ACE in RAM (volatile memory).
startup-config Specifies to replace the startup-configuration file that
currently resides on the ACE in flash memory
(nonvolatile memory).1-71
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Admin and user contexts
Command History
Usage Guidelines This command requires the config-copy feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To copy a startup-configuration file from a remote SFTP server to the ACE, enter:
host1/Admin# copy sftp://192.168.1.2/startup_config_Adminctx startup-config
Related Commands show running-config
show startup-config
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-72
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
copy tftp:
To copy a file, software image, running-configuration file, or startup-configuration file from a remote
Trivial File Transfer Protocol (TFTP) server to a location on the ACE, use the copy tftp: command.
copy tftp://server[:port]/path[/filename] {disk0:[path/]filename | image:[image_name] |
running-config | startup-config}
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the config-copy feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To copy a startup-configuration file from a remote TFTP server to the ACE, enter:
host1/Admin# copy tftp://192.168.1.2/startup_config_Adminctx startup-config
tftp://server[:port]/path[/filename] Specifies the TFTP network server and optional renamed file.
disk0:[path/]filename Specifies that the file destination is the disk0: directory of the
current context and the filename. If you do not provide the
optional path, the ACE copies the file to the root directory on the
disk0: file system.
image: [image_name] Specifies to copy a system software image to flash memory. Use
the boot system command in configuration mode to specify the
BOOT environment variable. The BOOT environment variable
specifies a list of image files on various devices from which the
ACE can boot at startup. The image: keyword is available only
in the Admin context. The image_name argument is optional. If
you do not enter a name, the ACE uses the source filename.
running-config Specifies to replace the running-configuration file that currently
resides on the ACE in RAM (volatile memory).
startup-config Specifies to replace the startup-configuration file that currently
resides on the ACE in flash memory (nonvolatile memory).
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-73
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Related Commands show running-config
show startup-config
crypto crlparams
To configure signature verification on a Certificate Revocation List (CRL) to determine that it is from a
trusted certificate authority, use the crypto crlparams command.
crypto crlparams crl_name cacert ca_cert_filename
no crypto crlparams crl_name
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the PKI feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To configure signature verification on a CRL, enter:
host1/Admin(config)# crypto crlparams CRL1 cacert MYCERT.PEM
To remove signature verification from a CRL, enter:
host1/Admin(config)# no crypto crlparams CRL1
Related Commands (config-ssl-proxy) crl
crl_name Name of an existing CRL.
ca_cert_filename Name of the CA certificate file used for signature verification.
ACE Module Release Modification
A2(1.4) and A2(2.1) This command was introduced.
ACE Appliance Release Modification
A3(2.2) This command was introduced.1-74
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
crypto delete
To delete a certificate and key pair file from the ACE that is no longer valid, use the crypto delete
command.
crypto delete {filename | all}
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the PKI feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The all option does not delete the preinstalled sample certificate and key files. When you use the all
keyword, the ACE prompts you with the following message to verify the deletion:
This operation will delete all crypto files for this context from the disk, but will not
interrupt existing SSL services. If new SSL files are not applied SSL services will be
disabled upon next vip inservice or device reload.
Do you wish to proceed? (y/n) [n]
To view the list of the certificate and key pair files stored on the ACE for the current context, use the
show crypto files command.
You cannot delete the ACE cisco-sample-key and cisco-sample-cert files.
Examples To delete the key pair file MYRSAKEY.PEM, enter:
host1/Admin# crypto delete MYRSAKEY.PEM
Related Commands crypto export
crypto import
show crypto
filename Name of a specific certificate or key pair file to delete. Enter an unquoted text
string with no spaces and a maximum of 40 alphanumeric characters.
all Deletes all of the certificate and key pair files.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-75
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
crypto export
To export a copy of a certificate or key pair file from the ACE to a remote server or the terminal screen,
use the crypto export command.
crypto export local_filename {ftp | sftp | tftp | terminal} ip_addr username remote_filename
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the PKI feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
You cannot export a certificate or key pair file that you marked as nonexportable when you imported the
file to the ACE.
The remote server variables listed after the terminal keyword in the “Syntax Description” are used by
the ACE only when you select a transport type of ftp, sftp, or tftp (the variables are not used for
terminal). We recommend using SFTP as it provides the most security.
To view the list of the certificate and key pair files stored on the ACE for the current context, use the
show crypto files command.
local_filename Name of the file stored on the ACE to export. Enter an unquoted text string with
no spaces and a maximum of 40 alphanumeric characters.
ftp Specifies the File Transfer Protocol (FTP) file transfer process.
sftp Specifies the Secure File Transfer Protocol (SFTP) file transfer process.
tftp Specifies the Trivial File Transfer Protocol (TFTP) file transfer process.
terminal Displays the file content on the terminal for copy and paste purposes. Use the
terminal keyword when you need to cut and paste certificate or private key
information from the console. You can only use the terminal method to display
PEM files, which are in ASCII format.
ip_addr IP address or name of the remote server. Enter an IP address in dotted-decimal
notation (for example, 172.27.16.10).
username Username required to access the remote server. The ACE prompts you for your
password when you enter the command.
remote_filename Name to save the file to on the remote server. Enter an unquoted text string with
no spaces and a maximum of 40 alphanumeric characters.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-76
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Examples To use SFTP to export the key file MYKEY.PEM from the ACE to a remote SFTP server, enter:
host1/Admin# crypto export MYKEY.PEM sftp 192.168.1.2 JOESMITH /USR/KEYS/MYKEY.PEM
User password: ****
Writing remote file /usr/keys/mykey.pem
host1/Admin#
Related Commands crypto delete
crypto import
show crypto
crypto generate csr
To generate a Certificate Signing Request (CSR) file, use the crypto generate csr command.
crypto generate csr csr_params key_filename
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the PKI feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The crypto generate csr command generates the CSR in PKCS10 encoded in PEM format and outputs
it to the screen. Most major certificate authorities have web-based applications that require you to cut
and paste the certificate request to the screen. If necessary, you can also cut and paste the CSR to a file.
csr_params CSR parameters file that contains the distinguished name attributes. The ACE applies
the distinguished name attributes contained in the CSR parameters file to the CSR.
To create a CSR parameters file, use the (config) crypto csr-params command in the
configuration mode.
key_filename RSA key pair filename that contains the key on which the CSR is built. Enter an
unquoted text string with no spaces and a maximum of 40 alphanumeric characters.
It is the public key that the ACE embeds in the CSR. Ensure that the RSA key pair
file is loaded on the ACE for the current context. If the appropriate key pair does not
exist, the ACE logs an error message.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-77
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Note The ACE does not save a copy of the CSR locally.
After submitting your CSR to the CA, you will receive your signed certificate in one to seven business
days. When you receive your certificate, use the crypto import command to import the certificate to the
ACE.
Examples To generate a CSR that is based on the CSR parameter set CSR_PARAMS_1 and the RSA key pair in
the file MYRSAKEY_1.PEM, enter:
host1/Admin# crypto generate csr CSR_PARAMS_1 MYRSAKEY_1.PEM
Related Commands crypto import
(config) crypto csr-params
crypto generate key
To generate an RSA key pair file, use the crypto generate key command.
crypto generate key [non-exportable] bitsize filename
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
non-exportable (Optional) Marks the key pair file as nonexportable, which means that you cannot
export the key pair file from the ACE.
bitsize Key pair security strength. The number of bits in the key pair file defines the size
of the RSA key pair used to secure web transactions. Longer keys produce a more
secure implementation by increasing the strength of the RSA security policy.
Available entries (in bits) are as follows:
• 512 (least security)
• 768 (normal security)
• 1024 (high security, level 1)
• 1536 (high security, level 2)
• 2048 (high security, level 3
filename Name that you assign to the generated RSA key pair file. Enter an unquoted text
string with no spaces and a maximum of 40 alphanumeric characters.The key pair
filename is used only for identification purposes by the ACE.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.1-78
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Usage Guidelines This command requires the PKI feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To generate the RSA key pair file MYRSAKEYS.PEM with a bit size of 1536, enter:
host1/Admin# crypto generate key 1536 MYRSAKEYS.PEM
Related Commands crypto delete
crypto export
crypto generate csr
crypto import
crypto verify
show crypto
crypto import
To import certificate or key pair files to the ACE or terminal screen from a remote server, use the crypto
import command.
crypto import [non-exportable] {bulk sftp [passphrase passphrase] ip_addr username
remote_url} | {{ftp | sftp} [passphrase passphrase] ip_addr username remote_filename
local_filename} | {tftp [passphrase passphrase] ip_addr remote_filename local_filename} |
terminal local_filename [passphrase passphrase]
Syntax Description
ACE Appliance Release Modification
A1(7) This command was introduced.
non-exportable (Optional) Specifies that the ACE marks the imported file as nonexportable, which
means that you cannot export the file from the ACE.
bulk Specifies the importing of multiple certificate or key pair files simultaneously.
sftp Specifies the Secure File Transfer Protocol (SFTP) file transfer process.
ftp Specifies the File Transfer Protocol (FTP) file transfer process.
passphrase
passphrase
(Optional) Indicates that the file was created with a passphrase, which you must
submit with the file transfer request in order to use the file. The passphrase
pertains only to encrypted PEM files and PKCS files.
ip_addr IP address or name of the remote server. Enter an IP address in dotted-decimal
notation (for example, 172.27.16.10).
username Username required to access the remote server. The ACE prompts you for your
password when you enter the command.1-79
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the PKI feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Because a device uses its certificate and corresponding public key together to prove its identity during
the SSL handshake, be sure to import both corresponding file types: the certificate file and its
corresponding key pair file.
The remote server variables listed after the passphrase variable in the Syntax Description table are only
used by the ACE when you select a transport type of ftp, sftp, or tftp (the variables are not used for
terminal). If you select one of these transport types and do not define the remote server variables, the
ACE prompts you for the variable information. We recommend using SFTP because it provides the most
security.
The ACE supports the importation of PEM-encoded SSL certificates and keys with a maximum line
width of 130 characters using the terminal. If an SSL certificate or key is not wrapped or it exceeds 130
characters per line, use a text editor such as the visual (vi) editor or Notepad to manually wrap the
remote_url Path to the certificate or key pair files that reside on the remote server to import.
The ACE matches only files specified by the URL. Enter a file path including
wildcards (for example, /remote/path/*.pem). To fetch all files from a remote
directory, specify a remote URL that ends with a wildcard character (for example,
/remote/path/*).
The ACE module fetches all files on the remote server that matches the wildcard
criteria. However, it imports only files with names that have a maximum of
40 characters. If the name of a file exceeds 40 characters, the ACE module does
not import the file and discards it.
remote_filename Name of the certificate or key pair file that resides on the remote server to import.
Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric
characters.
local_filename Name to save the file to when imported to the ACE. Enter an unquoted text string
with no spaces and a maximum of 40 alphanumeric characters.
tftp Specifies the Trivial File Transfer Protocol (TFTP) file transfer process.
terminal Allows you to import a file using cut and paste by pasting the certificate and key
pair information to the terminal display. You can only use the terminal method to
display PEM files, which are in ASCII format.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(2.0) The bulk keyword was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.
A4(1.0) The bulk keyword was introduced.1-80
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
certificate or key to less than 130 characters per line. Alternatively, you can import the certificate or key
by using SFTP, FTP, or TFTP with no regard to line width. Of these methods, we recommend SFTP
because it is secure.
This bulk keyword imports files with the names that they have on the remote server and does not allow
you to rename the files.
If you attempt to import a file that has the same filename of an existing local file, the ACE module does
not overwrite the existing file. Before importing the updated file, you must either delete the local file or
rename the imported file.
The ACE supports 4096 certificates and 4096 keys.
The ACE allows a maximum public key size of 4096 bits. The maximum private key size is 2048 bits.
To view the list of the certificate and key pair files stored on the ACE for the current context, use the
show crypto files command.
Examples To import the RSA key file MYRSAKEY.PEM from an SFTP server, enter:
host1/Admin# crypto import non-exportable sftp 1.1.1.1 JOESMITH /USR/KEYS/MYRSAKEY.PEM
MYKEY.PEM
Password: ********
Passive mode on.
Hash mark printing on (1024 bytes/hash mark).
#
Successfully imported file from remote server.
host1/Admin#
This example shows how to use the terminal keyword to allow pasting of the certificate information to
the file MYCERT.PEM:
host1/Admin# crypto import terminal MYCERT.PEM
Enter PEM formatted data ending with a blank line or “quit” on a line by itself
--------BEGIN CERTIFICATE-----------------------
MIIC1DCCAj2gAwIBAgIDCCQAMA0GCSqGSIb3DQEBAgUAMIHEMQswCQYDVQQGEwJa
QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAb
BgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0
aW9uIFNlcnZpY2VzIERpdmlzaW9uMRkwFwYDVQQDExBUaGF3dGUgU2VydmVyIENB
MSYwJAYJKoZIhvcNAQkBFhdzZXJ2ZXItY2VydHNAdGhhd3RlLmNvbTAeFw0wMTA3
-----------END CERTIFICATE------------------------
QUIT
host1/Admin#
This example shows how to use the bulk keyword to import all of the RSA key files from an SFTP server:
host1/Admin# crypto import bulk sftp 1.1.1.1 JOESMITH /USR/KEYS/*.PEM
Initiating bulk import. Please wait, it might take a while...
Connecting to 1.1.1.1...
Password: password
...
Bulk import complete. Summary:
Network errors: 0
Bad file URL: 0
Specified local files already exists: 0
Invalid file names: 1
Failed reading remote files: 5
Failed reading local files: 0
Failed writing local files: 0
Unknown errors: 0
Successfully imported: 10
host1/Admin#1-81
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Related Commands crypto delete
crypto export
crypto verify
show crypto1-82
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
crypto verify
To compare the public key in a certificate with the public key in a key pair file, and to verify that they
are identical, use the crypto verify command.
crypto verify key_filename cert_filename
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the PKI feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If the public key in the certificate does not match the public key in the key pair file, the ACE logs an
error message.
To view the list of the certificate and key pair files stored on the ACE for the current context, use the
show crypto files command.
Examples To verify that the public keys in the Admin context files MYRSAKEY.PEM and MYCERT.PEM match,
enter:
host1/Admin# crypto verify MYRSAKEY.PEM MYCERT.PEM
keypair in myrsakey.pem matches certificate in mycert.pem
This example shows what happens when the public keys do not match:
host1/Admin# crypto verify MYRSAKEY2.PEM MYCERT.PEM
Keypair in myrsakey2.pem does not match certificate in mycert.pem
host1/Admin#
Related Commands crypto import
key_filename Name of the key pair file (stored on the ACE) that the ACE uses to verify against
the specified certificate. Enter an unquoted text string with no spaces and a
maximum of 40 alphanumeric characters.
cert_filename Name of the certificate file (stored on the ACE) that the ACE uses to verify against
the specified key pair. Enter an unquoted text string with no spaces and a
maximum of 40 alphanumeric characters.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-83
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show crypto
debug
To enable the ACE debugging functions, use the debug command.
debug {aaa | access-list | accmgr | arpmgr | bpdu | buffer | cfg_cntlr | cfgmgr [rhi-info] | clock
| fifo | fm | gslb | ha_dp_mgr | ha_mgr | hm | ifmgr | ip | ipcp | lcp | ldap | license | logfile |
mtsmon | nat-download | netio | ntp | pfmgr | pktcap | portmgr | radius | routemgr | scp |
scripted_hm | security | sme | snmp | ssl | syslogd | system | tacacs+ | time | tl | virtualization
| vnet}
Syntax Description aaa Enables debugging for authentication, authorization, and accounting
(AAA).
access-list Enables access-list debugging.
accmgr Loglevel options for application acceleration CM.
arpmgr Enables Address Resolution Protocol (ARP) manager debugging.
bpdu Enables bridge protocol data unit (BPDU) debugging.
buffer Configures debugging of CP buffer manager.
cfg_cntlr Enables configuration controller debugging.
cfgmgr Enables configuration manager debugging.
rhi-info (Optional, ACE module only) Enables route health injection (RHI)
debugging.
clock (ACE module only) Enables clock module debugging.
fifo Configures debugging of the packet first in, first out (FIFO) driver.
fm Enables ACE feature manager debugging.
gslb Enables GSLB protocol debugging.
ha_dp_mgr Enables HA-DP debugging.
ha_mgr Enables HA debugging.
hm Enables HM debugging.
ifmgr Enables interface manager debugging.
ip Enables IP service debugging.
ipcp Enables interprocess control protocol debugging.
lcp (ACE module only) Enables the debugging of the line card processor.
ldap Configures debugging for Lightweight Directory Access Protocol
(LDAP).
license Enables the debugging of licensing.
logfile Directs the debug output to a log file.
mtsmon Enables MTS monitor debugging.
nat-download Enables Network Address Translation (NAT) download debugging.
netio Enables the debugging of the CP network I/O.
ntp (ACE appliance only) Debugs the Network Time Protocol (NTP)
module.1-84
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command is available to roles that allow debugging and to network monitor or technician users. For
details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE
Application Control Engine.
pfmgr Enables the debugging of the platform manager.
pktcap Enables packet capture debugging.
portmgr (ACE appliance only) Debugs the port manager.
radius Configures debugging for the Remote Authentication Dial-In User
Service (RADIUS) daemon.
routemgr Enables route manager debugging.
ipcp Enables the debugging of the kernel IPCP component.
scp (ACE module only) Configures debugging for the Switch Module
Control protocol.
scripted_hm Enables scripted health monitoring debugging.
security Enables the debugging for security and accounting.
sme Enables the debugging for the System Manager Extension.
snmp Configures Simple Network Management Protocol (SNMP) server
debugging.
ssl Enables ACE SSL manager debugging.
syslogd Enables syslogd debugging.
system Enables debugging of the system components.
tacacs+ Configures debugging for Terminal Access Controller Access Control
System Plus (TACACS+).
tl Configures debugging of TL driver.
virtualization Enables virtualization debugging.
vnet Configures debugging of virtual net-device driver.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(1.0) This command was revised.
A4(1.0) The rhi-info option was added.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(1.0) This command was revised.
A4(1.0) The hardware and optimize options was removed.1-85
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
The ACE debug commands are intended for use by trained Cisco personnel only. Entering these
commands may cause unexpected results. Do not attempt to use these commands without guidance from
Cisco support personnel.
Examples To enable access-list debugging, enter:
host1/Admin# debug access-list
Related Commands clear debug-logfile
show debug1-86
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
delete
To delete a specified file in an ACE file system, use the delete command.
delete {core:filename | disk0:[path/]filename | image:filename | volatile:filename}
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If you do not specify a filename with the file system keyword, the ACE prompts you for a filename.
To display the list of files that reside in a file system, use the dir command.
Examples To delete the file 0x401_VSH_LOG.25256.TAR.GZ from the core: file system, enter:
host1/Admin# delete core:0x401_VSH_LOG.25256.TAR.GZ
Related Commands dir
core:filename Deletes the specified file from the core: file system.
disk0:[path/]filename Deletes the specified file from the disk0: file system. If you do not
specify the optional path, the ACE looks for the file in the root directory
of the disk0: file system.
image:filename Deletes the specified file from the image: file system.
volatile:filename Deletes the specified file from the volatile: file system.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-87
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
dir
To display the contents of a specified ACE file system, use the dir command.
dir {core: | disk0:[path/][filename] | image:[filename] | probe:[filename] | volatile:[filename]}
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To delete a file from a file system, use the delete command.
To delete all core dumps, use the clear cores command.
Examples ACE Module Example
To display the contents of the disk0: file system, enter:
host1/Admin# dir disk0:
core: Displays the contents of the core: file system.
disk0:[path/] Displays the contents of the disk0: file system. Specify the optional path to
display the contents of a specific directory on the disk0: file system.
image: Displays the contents of the image: file system.
probe: Displays the contents of the probe: file system. This directory contains the
Cisco-supplied scripts. For more information about these scripts, see the
Server Load-Balancing Guide, Cisco ACE Application Control Engine.
volatile: Displays the contents of the volatile: file system.
filename (Optional) Specified file to display. Displays information, such as the file
size and the date that it was created. You can use wildcards in the filename.
A wildcard character (*) matches all patterns. Strings after a wildcard are
ignored.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(1.0) The probe: option was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(1.0) The probe: option was introduced.1-88
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
ACE Appliance Example
To display the contents of the image: file system, enter:
switch/Admin# dir image:
176876624 Aug 08 2008 14:15:31 c4710ace-mz.A3_1_0.bin
176876624 Jun 9 14:15:31 2008 c4710ace-mz.A1_8_0A.bin
Usage for image: filesystem
896978944 bytes total used
11849728 bytes free
908828672 bytes total
Related Commands clear cores
delete
show file1-89
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
dm
(ACE Appliance only) To verify the state of the Device Manager (DM), restart it when it is inoperative,
or upload a lifeline file to a TFTP server, use the dm command.
dm {help | {lifeline tftp host port}| reload | status}
Syntax Description
Command Modes Exec
Admin context
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To display the status of the DM, enter:
host1/Admin# dm status
Related Commands This command has no related commands.
help Displays the list of keywords that are available for use on the dm
command.
lifeline tftp host port Creates and uploads a lifeline (anm-lifeline.tar.gz) file through TFTP.
reload Restarts the DM with a reinitialized database.
status Displays the status of the DM.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(2.6) This command is no longer hidden1-90
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
exit
To exit out of Exec mode and log out the CLI session, use the exit command.
exit
Syntax Description This command has no keywords or arguments.
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To log out of an active CLI session, enter:
host1/Admin# exit
Related Commands This command has no related commands.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-91
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
format flash:
To erase all data stored in the Flash memory and reformat it with the ACE module FAT16 filesystem or
the ACE appliance third extended filesystem (ext3) as the base file system, use the format flash:
command. All user-defined configuration information is erased and the ACE returns to the
factory-default settings.
format flash:
Syntax Description This command has no keywords or arguments.
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
(ACE appliance only) The ACE performs the following verification sequence prior to reformatting Flash
memory:
• If the system image (the current loaded image) is present in the GNU GRand Unified Bootloader
(GRUB) boot loader, the ACE automatically performs a backup of that image and then performs the
reformat of Flash memory.
• If the system image is not present in the GRUB boot loader, the ACE prompts you for the location
of an available image to backup prior to reformatting the Flash memory.
• If you choose not to backup an available image file, the ACE searches for the
ACE-APPLIANCE-RECOVERY-IMAGE.bin image in the Grub partition of Flash memory.
ACE-APPLIANCE-RECOVERY-IMAGE.bin is the recovery software image that the ACE uses if
the disk partition in Flash memory is corrupted.
– If ACE-APPLIANCE-RECOVERY-IMAGE.bin is present, the ACE continues with the Flash
memory reformat. The CLI prompt changes to “switch(RECOVERY-IMAGE)/Admin#” as a
means for you to copy the regular ACE software image.
– If ACE-APPLIANCE-RECOVERY-IMAGE.bin is not present, the ACE stops the Flash memory
reformat because there is no image to boot after format.
Before you reformat the Flash memory, you should save a copy of the following ACE operation and
configuration attributes to a remote server:
• ACE software image (use the copy image: command)
ACE Module Release Modification
A4(1.0) This command was introduced and replaced the format disk0:
command.
ACE Appliance Release Modification
A1(7) This command was introduced.1-92
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
• ACE license (use the copy licenses command)
• Startup configuration of each context (use the copy startup-config command)
• Running configuration of each context (use the copy running-config command)
• Core dump files of each context (use the copy core: command)
• Packet capture buffers of each context (use the copy capture command)
• Secure Sockets Layer (SSL) certificate and key pair files of each context (use the crypto export
command)
After you reformat the Flash memory, perform the following actions:
• Copy the ACE software image to the image: file system using the copy ftp:, copy tftp:, or copy
sftp: command
• Reinstall the ACE license using the license command
• Import the following configuration files into the associated context using the copy disk0: command:
– Startup-configuration file
– Running-configuration file
• Import the following SSL files into the associated context using the crypto import command:
– SSL certificate files
– SSL key pair files
Examples For example, to erase all information in Flash memory and reformat it, enter:
host1/Admin# format flash:
Warning!! This will erase everything in the compact flash including startup configs for
all the contexts and reboot the system!!
Do you wish to proceed anyway? (yes/no) [no] yes
If the ACE fails to extract a system image from the Grub bootloader, it prompts you to provide the
location of an available system image to backup:
Failed to extract system image Information from Grub
backup specific imagefile? (yes/no) [no] yes
Enter Image name: scimi-3.bin
Saving Image [scimi-3.bin]
Formatting the cf.....
Unmounting ext3 filesystems...
Unmounting FAT filesystems...
Unmounting done...
Unmounting compact flash filesystems...
format completed successfully
Restoring Image backupimage/scimi-3.bin
kjournald starting. Commit interval 5 seconds
REXT3 FS on hdb2, internal journal
EXT3-fs: mounted filesystem with ordered data mode.
starting graceful shutdown
switch/Admin# Unmounting ext3 filesystems...
Unmounting FAT filesystems...
Unmounting done...1-93
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Related Commands copy capture
copy ftp:
copy tftp:
copy sftp:
crypto export
crypto import
dir
license
ft switchover
To purposely cause a failover to make a particular context active, use the ft switchover command.
ft switchover [all [force] | force | group_id [force]]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the fault-tolerant feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
By using the ft switchover command, you direct the standby group member to statefully become the
active member of the FT group, which forces a switchover.
all (Optional) Causes a switchover of all FT groups configured in the ACE
simultaneously.
force (Optional) Causes a switchover of the Admin context if you enter the command in
the Admin context and do not specify a group ID, or the specified FT group, while
ignoring the state of the standby member. Use this option only when the
fault-tolerant (FT) VLAN is down.
group_id (Optional) Causes a switchover of the specified FT group. Enter the ID of an
existing FT group as an integer from 1 to 255.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(1.0) Added the all keyword.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(1.0) Added the all keyword.
A3(2.2) This command is disabled by default for the network-monitor role.1-94
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
You may need to force a switchover when you want to make a particular context the standby (for
example, for maintenance or a software upgrade on the currently active context). If the standby group
member can statefully become the active member of the FT group, a switchover occurs. To use this
command, you must configure the no preempt command in FT group configuration mode.
The ft switchover command exhibits the following behavior, depending on whether you enter the
command from the Admin context or a user context:
• Admin context—If you specify an FT group ID, then the FT group specified by the group ID
switches over. If you do not specify a group ID, then the Admin context switches over.
• User context—Because you cannot specify an FT group ID in a user context, the context in which
you enter the command switches over.
When you specify the ft switchover command, there may be brief periods of time when the
configuration mode is enabled on the new active group member to allow the administrator to make
configuration changes. However, these configuration changes are not synchronized with the standby
group member and will exist only on the active group member. We recommend that you refrain from
making any configuration changes after you enter the ft switchover command until the FT states
stabilize to ACTIVE and STANDBY_HOT. Once the FT group reaches the steady state of ACTIVE and
STANDBY_HOT, any configuration changes performed on the active group member will be
incrementally synchronized to the standby group member, assuming that configuration synchronization
is enabled.
Examples To cause a switchover from the active ACE to the standby ACE of FT group1, enter:
host1/Admin# ft switchover 1
Related Commands (config-ft-group) preempt
gunzip
To uncompress (unzip) LZ77 coded files residing in the disk0: file system (for example, zipped probe
script files), use the gunzip command.
gunzip disk0:[path/]filename.gz
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
disk0:[path/]filename.gz Specifies the name of the compressed file on the disk0: file system. The
filename must end with a .gz extension. If you do not specify the
optional path, the ACE looks for the file in the root directory.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.1-95
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is useful in uncompressing large files. The filename must end with a .gz extension for the
file to be uncompressed using the gunzip command. The .gz extension indicates a file that is zipped by
the gzip (GNU zip) compression utility.
To display a list of available zipped files on disk0:, use the dir command.
Examples To unzip a compressed series of probe script files from the file PROBE_SCRIPTS in the disk0: file
system, enter:
host1/Admin# gunzip disk0:PROBE_SCRIPTS.gz
Related Commands dir
invoke context
To display the context running configuration information from the Admin context, use the invoke context
command.
invoke context context_name show running-config
Syntax Description
Command Modes Exec
Admin context
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
ACE Appliance Release Modification
A1(7) This command was introduced.
context_name Name of user-created context. This argument is case sensitive.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-96
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Examples To display the running configuration for the C1 user context from the Admin context, enter:
host1/Admin# invoke context C1 show running-config
Related Commands This command has no related commands.
license
To install, update, or uninstall licenses on the ACE, use the license command.
license {install disk0:[path/]filename [target_filename] | uninstall {name | all} |
update disk0:[path/]permanent_filename demo_filename}
Syntax Description
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
install
disk0:[path/]filename
Installs a demo or permanent license from the disk0: file system into
flash memory on the ACE. The filename is the name of the license on
the disk0: file system. If you do not specify the optional path, the ACE
looks for the file in the root directory.
target_filename (Optional) Target filename for the license file.
uninstall name Uninstalls the specified license file. Enter the license name as an
unquoted text string with no spaces.
all Uninstalls all installed licenses in the ACE.
update disk0: Updates an installed demo license with a permanent license.
[path/]permanent_filename Filename for the permanent license.
demo_filename Filename for the demo license.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A4(1.0) Added the all keyword to the uninstall option
ACE Appliance Release Modification
A1(7) This command was introduced.
A4(1.0) Added the all keyword to the uninstall option1-97
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
After you receive a demo or permanent software license key in an e-mail from Cisco Systems, you must
copy the license file to a network server and then use the copy tftp command in Exec mode to copy the
file to the disk0: file system on the ACE.
To update an installed demo license with a permanent license, use the license update command. The
demo license is valid for 60 days. To view the expiration of the demo license, use the show license usage
command.
To back up license files, use the copy licenses command
Caution When you remove a demo or permanent virtual context license, the ACE removes all user contexts from
the Admin running configuration. By removing the user contexts, their running and startup
configurations are also removed from the ACE. Before removing any virtual context license, back up the
Admin running configuration and the user context running configurations to a remote server.
For more information about the types of ACE licenses available and how to manage the licenses on your
ACE, see the Administration Guide, Cisco ACE Application Control Engine.
Examples To install a new permanent license, enter:
host1/Admin# license install disk0:ACE-VIRT-020.LIC
To uninstall a license, enter:
host1/Admin# license uninstall ACE-VIRT-20.LIC
ACE Module Example
To update the demo license with a permanent license, enter:
host1/Admin# license update disk0:ACE-VIRT-250.LIC ACE-VIRT-250-demo.LIC
ACE Appliance Example
To update the demo license with a permanent license, enter:
host1/Admin# license update disk0:ACE-AP-VIRT-020.lic ACE-AP-VIRT-020-DEMO.lic
Related Commands copy licenses
copy tftp:
show license
mkdir disk0:
To create a new directory in disk0:, use the mkdir disk0: command.
mkdir disk0:[path/]directory_name
Syntax Description [path/]directory_name Name that you assign to the new directory. Specify the optional path if you
want to create a directory within an existing directory.1-98
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If a directory with the same name already exists, the ACE does not create the new directory and the
“Directory already exists” message appears.
Examples To create a directory in disk0: called TEST_DIRECTORY, enter:
host1/Admin# mkdir disk0:TEST_DIRECTORY
Related Commands dir
rmdir disk0:
move disk0:
To move a file between directories in the disk0: file system, use the move disk0: command.
move disk0:[source_path/]filename disk0:[destination_path/]filename
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.
disk0: Indicates the disk0: file system of the current context.
source_path/ (Optional) Path of the source directory.
destination_path/ (Optional) Path of the destination directory.
filename Name of the file to move in the disk0: file system.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.1-99
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If a file with the same name already exists in the destination directory, that file is overwritten by the file
that you move.
Examples To move the file called SAMPLEFILE in the root directory of disk0: to the MYSTORAGE directory in
disk0:, enter:
host1/Admin# move disk0:SAMPLEFILE disk0:MYSTORAGE/SAMPLEFILE
Related Commands dir
np session
(ACE module only) To execute network processor-related commands, use the np session command.
np session {disable | enable}
Syntax Description
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To enable sessions to the network processor from the supervisor engine, enter:
host1/Admin# np session enable
ACE Appliance Release Modification
A1(7) This command was introduced.
disable Disables sessions to the network processor from the supervisor engine.
enable Enables sessions to the network processor from the supervisor engine.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.1-100
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Related Commands This command has no related commands.1-101
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
ping
To verify the connectivity of a remote host or server by sending echo messages from the ACE, use the
ping command.
ping [ip | ipv6 [system_address [count count [size size [timeout time]]]]]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The ping command sends an echo request packet to an address from the current context on the ACE and
then awaits a reply. The ping output can help you evaluate path-to-host reliability, delays over displaying
the name of the current directory and the path, and whether the host can be reached or is functioning.
To terminate a ping session before it reaches its timeout value, press Ctrl-C.
ip | ipv6 (Optional) Specifies the IPv4 or IPv6 protocol. If you do not specify the IP protocol,
it is inferred from the address.
system_address (Optional) IP address of the remote host to ping. Enter an IP address in
dotted-decimal notation (for example, 172.27.16.10). If you do not specify the IP
address of the remote host, the CLI prompts you for the information.
count count (Optional) Repeat count. Enter the repeat count as an integer from 1 to 65000. The
default is 5.
size size (Optional) Datagram size. Enter the datagram size as an integer from 36 to 1440.
The default is 100.
timeout time (Optional) Timeout in seconds. Enter the timeout value as an integer from 0 to 3600.
The default is 2.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A4(1.0) The size option was increased from 452 to 1440.
A5(1.0) Added IPv6 support.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(2.5) At the datagram size prompt for the extended ping command, the size
was increased from 452 to 1400.
A3(2.6) The size option was increased from 452 to 1440.
A5(1.0) Added IPv6 support.1-102
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Examples IPv6 Example
To send a ping to the IPv6 loopback address 0:0:0:0:0:0:0:1, enter the following command:
host1/Admin# ping ::1
PING 0:0:0:0:0:0:0:1(::1) 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=255 time=0.039 ms
64 bytes from ::1: icmp_seq=2 ttl=255 time=0.000 ms
64 bytes from ::1: icmp_seq=3 ttl=255 time=0.000 ms
64 bytes from ::1: icmp_seq=4 ttl=255 time=0.108 ms
64 bytes from ::1: icmp_seq=5 ttl=255 time=0.126 ms
--- 0:0:0:0:0:0:0:1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 8002ms
rtt min/avg/max/mdev = 0.000/0.054/0.126/0.053 ms
To abnormally terminate a ping session, press Ctrl-C.
IPv4 Example
To ping the FTP server with an IP address of 196.168.1.2 using the default ping session values, enter:
host1/Admin# ping 196.168.1.2
Related Commands traceroute1-103
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
reload
To reload the configuration on the ACE, use the reload command.
reload
Syntax Description This command has no keywords or arguments.
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The reload command reboots the ACE and performs a full power cycle of both the hardware and
software. The reset process can take several minutes. Any open connections with the ACE are dropped
after you enter the reload command.
Caution Configuration changes that are not written to flash memory are lost after a reload. Before rebooting,
enter the copy running-conf startup-config command to save a copy of the running configuration to
the startup configuration in flash memory. If you fail to save your running configuration changes, the
ACE reverts to the last saved version of the startup configuration upon restart.
Examples To execute a soft reboot, enter:
host1/Admin# reload
This command will reboot the system
Save configurations for all the contexts. Save? [yes/no]: [yes]
Related Commands copy capture
show running-config
show startup-config
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-104
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
reprogram bootflash
(ACE module only) To reprogram the field upgradable (FUR) partition of the ROM monitor (rommon)
image on the ACE, use the reprogram bootflash command.
reprogram bootflash {default-image {disk0:[path/]filename | image:[path/]filename} |
fur-image {disk0:[path/]filename | image:[path/]filename} | invalidate-fur-image |
validate-fur-image}
Syntax Description
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The reprogram bootflash command is intended for use by trained Cisco personnel only. Entering this
command may cause unexpected results. Do not attempt to use the reprogram bootflash command
without guidance from Cisco support personnel.
Examples To reprogram the rommon image FUR partition on the image: file system, enter:
host1/Admin# reprogram bootflash fur-image image:sb-ace.NOV_11
Related Commands This command has no related commands.
default-image Reprograms the rommon image default partition.
fur-image Reprograms the rommon image FUR partition.
disk0:[path/]filename Specifies a file stored on the disk0: file system.
image:[path/]filename Specifies the rommon image stored on the image: file system.
invalidate-fur-image Invalidates the rommon image FUR partition.
validate-fur-image Validates the rommon image FUR partition.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.1-105
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
restore
To restore the configuration files and dependent files in a context or in all contexts, use the restore
command.
restore {[all] disk0:archive_filename} [pass-phrase text_string] [exclude {licenses | ssl-files}]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The restore command has the following configuration guidelines and limitations:
• The restore command will cause an interruption in service for the two contexts in a redundant
configuration. We recommend that you schedule the restoration of a backup archive on a redundant
pair during a maintenance window.
• When you instruct the ACE to restore the archive for the entire ACE in the Admin context, it restores
the Admin context completely first, and then it restores the other contexts. The ACE restores all
dependencies before it restores the running context. The order in which the ACE restores
dependencies is as follows:
– License files
all Specifies that the ACE should restore the configuration files and dependencies in all
contexts. You can specify this keyword only in the Admin context.
disk0:archive_
filename
Name of the archive file that you want to restore.
exclude licenses
| ssl-files
(Optional) Excludes licenses or SSL certificates and keys from the restoration. Use
this option only if you want to keep the license or SSL files already present in your
ACE and ignore the license or SSL files in the backup archive, if any.
pass-phrase
text_string
Passphrase that you used to encrypt the backed up SSL keys in the archive. Enter the
passphrase as an unquoted text string with no spaces and a maximum of 40
alphanumeric characters. If you used a passphrase when you backed up the SSL
keys, the ACE encrypted the keys with AES-256 encryption using OpenSSL
software. To restore the SSL keys, you must enter that same passphrase.
Note If you forget your passphrase, import the required SSL files first. Then, use
the exclude option of the restore command to restore e the backup archive.
ACE Module Release Modification
A2(3.0) This command was introduced.
ACE Appliance Release Modification
A4(1.0) This command was introduced.1-106
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
– SSL certificates and key files
– Health-monitoring scripts
– Checkpoints
– Startup-configuration file
– Running-configuration file
• After you restore license files, previously installed license files are uninstalled and the restored files
are installed in their place.
• In a redundant configuration, if the archive that you want to restore is different from the peer
configurations in the FT group, redundancy may not operate properly after the restoration.
• You can restore a single context from an ACE-wide backup archive provided that:
– You enter the restore command in the context that you want to restore
– All files dependencies for the context exist in the ACE-wide backup archive
• If you upgrade to software version A4(1.0) or later from a release before A4(1.0), the ACE cannot
install the earlier license files because they are unsupported. The ACE ignores these license files and
keeps the existing licenses.
• If you enter the exclude option first, you cannot enter the pass-phrase option.
Examples To restore a backup archive in the Admin context, enter:
host1/Admin# restore disk0:switch_Admin_07_July_2009_11_08_04_AM.tgz pass-phrase
MY_PASS_PHRASE
Related Commands backup
show restore1-107
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
rmdir disk0:
To remove a directory from the disk0: file system, use the rmdir disk0: command.
rmdir disk0:directory
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To remove a directory from disk0:, the directory must be empty. To view the contents of a directory, use
the dir command. To delete files from a directory, use the delete command.
Examples To remove the directory TEST_DIRECTORY from disk0:, enter:
host1/Admin# rmdir disk0:TEST-DIRECTORY
Related Commands delete
dir
mkdir disk0:
directory Name of the directory to remove.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-108
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
setup
(ACE appliance only) To initiate a special setup script that guides you through the basic process of
configuring an Ethernet port on the ACE as the management port to access the Device Manager GUI,
use the setup command.
setup
Syntax Description This command has no keywords or arguments.
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The setup script is intended primarily as the means to guide you though a basic configuration of the ACE
to quickly access the Device Manager. Use the setup command when the ACE boots without a
startup-configuration file. This situation may occur when the ACE is new and the appliance was not
configured upon initial startup. The setup script guides you through configuring a management VLAN
on the ACE through one of its Gigabit Ethernet ports.
After you specify a gigabit Ethernet port, the port mode, and management VLAN, the setup script
automatically applies the following default configuration:
• Management VLAN allocated to the specified Ethernet port.
• VLAN 1000 assigned as the management VLAN interface.
• GigabitEthernet port mode configured as VLAN access port.
• Extended IP access list that allows IP traffic originating from any other host addresses.
• Traffic classification (class map and policy map) created for management protocols HTTP, HTTPS,
ICMP, SSH, Telnet, and XML-HTTPS. HTTPS is dedicated for connectivity with the Device
Manager GUI.
• VLAN interface configured on the ACE and a policy map assigned to the VLAN interface.
The ACE provides a default answer in brackets [ ] for each question in the setup script. To accept a
default configuration prompt, press Enter, and the ACE accepts the setting. To skip the remaining
configuration prompts, press Ctrl-C any time during the configuration sequence.
When completed, the setup script prompts you to apply the configuration settings.
Examples To run the setup script from the CLI, enter:
host1/Admin# setup
ACE Appliance Release Modification
A1(7) This command was introduced.1-109
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
This script will perform the configuration necessary for a user to manage the ACE
Appliance using the ACE Device Manager.The management port is a designated Ethernet port
which has access to the same network as your management tools including the ACE Device
Manager. You will be prompted for the Port Number, IP Address, Netmask and Default Route
(optional). Enter 'ctrl-c' at any time to quit the script
Would you like to enter the basic configuration (yes/no): y
Enter the Ethernet port number to be used as the management port (1-4):? [1]: 3
Enter the management port IP Address (n.n.n.n): [192.168.1.10]: 192.168.1.10
Enter the management port Netmask(n.n.n.n): [255.255.255.0]: 255.255.255.2
Enter the default route next hop IP Address (n.n.n.n) or to skip this step:
172.16.2.1
Summary of entered values:
Management Port: 3
Ip address 192.168.1.10
Netmask: 255.255.255.2
Default Route: 172.16.2.1
Submit the configuration including security settings to the ACE Appliance?
(yes/no/details): [y]: d
Detailed summary of entered values:
interface gigabit/Ethernet 1/3
switchport access vlan 1000
no shut
access-list ALL extended permit ip any any class-map type management match-any
remote_access
match protocol xml-https any
match protocol dm-telnet any
match protocol icmp any
match protocol telnet any
match protocol ssh any
match protocol http any
match protocol https any
match protocol snmp any
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
permit
interface vlan 1000
ip address 192.168.1.10 255.255.255.0
access-group input ALL
service-policy input remote_mgmt_allow_policy
no shutdown
ssh key rsa
ip route 0.0.0.0 0.0.0.0 172.16.2.1
Submit the configuration including security settings to the ACE Appliance?
(yes/no/details): [y]: y
Configuration successfully applied. You can now manage this ACE Appliance by entering the
url 'https://192.168.1.10' into a web browser to access the Device Manager GUI.
Related Commands This command has no related commands.1-110
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
set dc
(ACE module only) To set the daughter card console access to the master or the slave network processor,
use the set dc command.
set dc dc_number console {master | slave}
Syntax Description
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command requires the Admin user role in the Admin context. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To set the daughter card 1 console access to the slave network processor, enter:
host1/Admin# set dc 1 console slave
Switched the console access to slave network processor
Related Commands clear dc
show dc
dc_number Specifies the daughter card on the ACE module. Enter either 1 or 2.
console Sets the console access to the specified network processor.
master | slave Specifies the master or the slave network processor on the specified daughter card
for console access. The default is master.
ACE Module Release Modification
A4(1.0) This command was introduced.1-111
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
set sticky-ixp
(ACE module only) This command has been deprecated in software version A4(1.0).
Command History ACE Module Release Modification
A2(1.0) This command was introduced.
A4(1.0) This command was removed from the software.1-112
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show
To display ACE statistical and configuration information, use the show command.
show keyword [| {begin pattern | count | end | exclude pattern | include pattern | next | prev}]
[> {filename | {disk0:| volatile}:[path/][filename] | ftp://server/path[/filename] |
sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]}]
Syntax Description
Command Modes Exec
Command History
keyword Keyword associated with the show command. See the show
commands that follow.
| (Optional) Enables an output modifier that filters the command
output.
begin pattern Begins with the line that matches the pattern that you specify.
count Counts the number of lines in the output.
end pattern Ends with the line that matches the pattern that you specify.
exclude pattern Excludes the lines that match the pattern that you specify.
include pattern Includes the lines that match the pattern that you specify.
next Displays the lines next to the matching pattern that you specify.
prev Displays the lines before the matching pattern that you specify.
> (Optional) Enables an output modifier that redirects the
command output to a file.
filename Name of the file that the ACE saves the output to on the volatile:
file system.
disk0: Specifies that the destination is the disk0: file system on the
ACE flash memory.
volatile: Specifies that the destination is the volatile: file system on the
ACE.
[path/][filename] (Optional) Path and filename to the disk0: or volatile: file
system. This path is optional because the ACE prompts you for
this information if you omit it.
ftp://server/path[/filename] Specifies the File Transfer Protocol (FTP) network server and
optional filename.
sftp://[username@]server/path
[/filename]
Specifies the Secure File Transfer Protocol (SFTP) network
server and optional filename.
tftp://server[:port]/path[/filename] Specifies the Trivial File Transfer Protocol (TFTP) network
server and optional filename.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.1-113
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Usage Guidelines The features required in your user role to execute a specific show command are described in the “Usage
Guidelines” section of the command. For details about role-based access control (RBAC) and user roles,
see the Virtualization Guide, Cisco ACE Application Control Engine.
Most commands have an associated show command. For example, the associated show command for the
interface command in configuration mode is the show interface command. Use the associated show
command to verify changes that you make to the running configuration.
The output of the show command may vary depending on the context that you enter the command from.
For example, the show running-config command displays the running-configuration for the current
context only.
To convert show command output from the ACE to XML for result monitoring by an NMS, use the
xml-show command.
Examples To display the current running configuration, enter:
host1/Admin# show running-config
Related Commands xml-show
show aaa
To display AAA accounting and authentication configuration information for the current context, use the
show aaa command.
show aaa {accounting | authentication [login error-enable] | groups} [|] [>]
Syntax Description
ACE Appliance Release Modification
A1(7) This command was introduced.
accounting Displays accounting configuration information.
authentication Displays authentication configuration information.
login
error-enable
(Optional) Displays the status of the login error message configuration.
groups Displays the configured server groups.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.1-114
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show aaa command output, see the Security Guide, Cisco ACE
Application Control Engine.
Examples To display the accounting configuration information, enter:
host1/Admin# show aaa accounting
default: local
Related Commands show accounting log
(config) aaa accounting default
(config) aaa authentication login
show access-list
To display statistics associated with a specific access control list (ACL), use the show access-list command.
show access-list name [detail] [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.
name Name of an existing ACL. Enter the name as an unquoted text string.
detail Displays detailed information for the specified ACL.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering
the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the options
available for redirecting the command output, see the show command.1-115
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command History
Usage Guidelines This command requires the access-list feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The ACL information that the ACE displays when you enter the show access-list command includes the
ACL name, the number of elements in the ACL, the operating status of the ACL (ACTIVE or NOT
ACTIVE), any configured remarks, the ACL entry, and the ACL hit count.
For information about the fields in the show access-list command output, see the Security Guide, Cisco
ACE Application Control Engine.
Examples To display statistical and configuration information for the ACL ACL1, enter:
host1/Admin# show access-list ACL1
Related Commands clear access-list
show running-config
(config) access-list ethertype
(config) access-list extended
(config) access-list remark
(config) access-list resequence
show accounting log
To display AAA accounting log information, use the show accounting log command.
show accounting log [size] [all] [|] [>]
Syntax Description
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(1.0) This command was revised with the detail option.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(1.0) This command was revised with the detail option.
size (Optional) Size (in bytes) of the local accounting file. Enter a value from 0 to
250000. The default is 250000 bytes.
all (Optional) Displays the accounting logs of all contexts in the ACE. This option is
available only in the Admin context.1-116
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show accounting log command output, see the Security Guide,
Cisco ACE Application Control Engine.
Examples To display the contents of the accounting log file, enter:
host1/Admin# show accounting log
Related Commands show aaa
(config) aaa accounting default
| (Optional) Pipe character (|) for enabling an output modifier that filters the command
output. For a complete description of the options available for filtering the command
output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A4(1.0) The all option was added.
ACE Appliance Release Modification
A1(7) This command was introduced.
A4(1.0) The all option was added.1-117
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show acl-merge
The ACE merges individual ACLs into one large ACL called a merged ACL. The ACL compiler then
parses the merged ACL and generates the ACL lookup mechanisms. A match on this merged ACL can
result in multiple actions. To display statistics related to merged ACLs, use the show acl-merge command.
show acl-merge {acls {vlan number | internal vlan 1 | 4095} {in | out} [summary]} |
{event-history} | {match {acls {vlan number | internal vlan 1 | 4095} {in | out} ip_address1
ip_address2 protocol src_port dest_port}} | {merged-list {acls {vlan number | internal vlan 1
| 4095}{in | out} [non-redundant | summary]}} | {statistics} [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
acls Displays various feature ACLs and their entries before the merge.
vlan number Specifies the interface on which the ACL was applied.
internal vlan 1 | 4095 Displays the ACL merge information for internal VLAN 1 or 4095
(ACE appliance).
in | out Specifies the direction in which the ACL was applied to network
traffic: incoming or outgoing.
summary (Optional) Displays summary information before or after the merge.
event-history Displays the ACL merge event-history log.
match Displays the ACL entry that matches the specified tuple.
ip_address1 Source IP address. Enter an IP address in dotted-decimal notation (for
example, 172.27.16.10).
ip_address2 Destination IP address. Enter an IP address in dotted-decimal notation
(for example, 172.27.16.10).
protocol Protocol specified in the ACL.
src_port Source port specified in the ACL.
dest_port Destination port specified in the ACL.
merged-list (Optional) Displays the merged ACL.
non-redundant (Optional) Displays only those ACL entries that have been
downloaded to a network processor.
statistics Displays ACL merge node failure statistics and other merge and
compiler errors.
| (Optional) Pipe character (|) for enabling an output modifier that filters
the command output. For a complete description of the options
available for filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier
that redirects the command output to a file. For a complete description
of the options available for redirecting the command output, see the
show command.1-118
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command History
Usage Guidelines This command requires the acl-merge feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
The ACL merge list number (instance ID) is locally generated (not synchronized) on each ACE in a
redundant configuration. The number assigned depends on the order in which the ACLs are applied to
the VLANs. This number can be different on the two ACEs. The ACL merged list could be different on
the two ACEs depending on when redundancy is enabled.
Examples To display the ACL merge information for VLAN 401, enter:
host1/Admin# show acl-merge acls vlan 401 in summary
Related Commands This command has no related commands.
show action-list
To display information about an action list configuration, use the show action-list command in Exec
mode. The show action-list command output displays all modify HTTP and ACE appliance optimization
action list configurations and configured values.
show action-list [list_name] [|] [>]
Syntax Description
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(1.5) and A2(2.1) This command was revised to include the internal vlan 1 keywords.
A4(1.0) This command was revised to include the event-history and
statistics keywords.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(2.3) This command was revised to include the internal vlan 1 | 4095
keywords.
A3(2.5) This command was revised to include the event-history and
statistics keywords.
list_name (Optional) Identifier of an existing action list as an unquoted text string with a
maximum of 64 alphanumeric characters. If you do not enter an action list name, the
ACE displays all configured action lists.1-119
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show action-list command output, see the Application
Acceleration and Optimization Guide, Cisco ACE 4700 Series Application Control Engine Appliance
and the Server Load-Balancing Guide, Cisco ACE Application Control Engine.
Examples To display configuration information for the ACT_LIST1 action list, enter:
host1/Admin# show action-list ACT_LIST1
Related Commands show running-config
(config) action-list type modify http
(ACE appliance only) (config) action-list type optimization http
show arp
To display the current active IP address-to-MAC address mapping in the Address Resolution Protocol
(ARP) table, statistics, or inspection or timeout configuration, use the show arp command.
show arp [inspection | internal event-history dbg | statistics [vlan vlan_number] | timeout] [|] [>]
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
A4(1.0) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(2.3) The Description field has been added to the show action-list
command output. This field displays the previously entered summary
about the specific parameter map. 1-120
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the routing feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The show arp command without options displays the active IP address-to-MAC address mapping in the
ARP table.
For information about the fields in the show arp command output, see the Routing and Bridging Guide,
Cisco ACE Application Control Engine.
Examples To display the current active IP address-to-MAC address mapping in the ARP table, enter:
host1/Admin# show arp
Related Commands clear arp
(config) arp
inspection (Optional) Displays the ARP inspection configuration.
internal event-history dbg (Optional) Displays the ARP internal event history. The ACE debug
commands are intended for use by trained Cisco personnel only. Do not
attempt to use these commands without guidance from Cisco support
personnel.
statistics (Optional) Displays the ARP statistics for all VLAN interfaces.
vlan vlan_number (Optional) Displays the statistics for the specified VLAN number.
timeout (Optional) Displays the ARP timeout values.
| (Optional) Pipe character (|) for enabling an output modifier that filters
the command output. For a complete description of the options available
for filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier
that redirects the command output to a file. For a complete description
of the options available for redirecting the command output, see the
show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-121
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show backup
To display backup errors (in the case of a failed backup) or the backup status, use the show backup
command.
show backup errors | status [details] [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To display the status of an ongoing backup, enter:
host1/Admin# show backup status detail
Backup Archive: host1_2010_09_16_21_34_03.tgz
Type : Full
Start-time : Thu Sep 16 21:34:03 2010
Finished-time : Thu Sep 16 21:34:18 2010
Status : SUCCESS
Current vc : ct3
Completed : 4/4
------------------------+---------------+--------------------------+------------
Context component Time Status
------------------------+---------------+--------------------------+------------
errors Displays errors that may occur during a backup operation. For information about
backup system messages, see the System Message Guide, Cisco ACE Application
Control Engine.
status [details] Displays the status of the last backup operation. Backup status details are not stored
across reboots.
Possible values in the Status column are as follows:
• SUCCESS—The component was successfully backed up
• FAILED—The component failed to be backed up
• N/A—The component (for example, a checkpoint or probe script) being backed
up contains 0 files
ACE Module Release Modification
A2(3.0) This command was introduced.
ACE Appliance Release Modification
A4(1.0) This command was introduced.1-122
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Admin Running-cfg Thu Sep 16 21:34:04 2010 SUCCESS
Admin Startup-cfg Thu Sep 16 21:34:04 2010 SUCCESS
Admin Checkpoints Thu Sep 16 21:34:07 2010 SUCCESS
Admin Cert/Key Thu Sep 16 21:34:07 2010 SUCCESS
Admin License Thu Sep 16 21:34:07 2010 SUCCESS
Admin Probe script Thu Sep 16 21:34:07 2010 N/A
ct1 Running-cfg Thu Sep 16 21:34:12 2010 SUCCESS
ct1 Startup-cfg Thu Sep 16 21:34:12 2010 SUCCESS
ct1 Checkpoints Thu Sep 16 21:34:12 2010 N/A
ct1 Cert/Key Thu Sep 16 21:34:12 2010 SUCCESS
ct1 Probe script Thu Sep 16 21:34:12 2010 N/A
ct2 Running-cfg Thu Sep 16 21:34:13 2010 SUCCESS
ct2 Startup-cfg Thu Sep 16 21:34:13 2010 SUCCESS
ct2 Checkpoints Thu Sep 16 21:34:13 2010 N/A
ct2 Cert/Key Thu Sep 16 21:34:13 2010 SUCCESS
ct2 Probe script Thu Sep 16 21:34:13 2010 N/A
ct3 Running-cfg Thu Sep 16 21:34:13 2010 SUCCESS
ct3 Startup-cfg Thu Sep 16 21:34:13 2010 SUCCESS
ct3 Checkpoints Thu Sep 16 21:34:13 2010 N/A
ct3 Cert/Key Thu Sep 16 21:34:13 2010 SUCCESS
ct3 Probe script Thu Sep 16 21:34:13 2010 N/A
Related Commands backup
show banner motd
To display the configured banner message of the day, use the show banner motd command.
show banner motd [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-123
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To configure the banner message, use the banner command in the configuration mode.
For information about the fields in the show banner motd command output, see the Administration
Guide, Cisco ACE Application Control Engine.
Examples To display the message of the day, enter:
host1/Admin# show banner motd
Related Commands (config) banner
show bootvar
To display the current BOOT environment variable and configuration register setting, use the show
bootvar command. This command is available only in the Admin context.
show bootvar [|] [>]
Syntax Description
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To set the BOOT environment variable, use the boot system image: command in the configuration
mode.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-124
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
For information about the fields in the show bootvar command output, see the Administration Guide,
Cisco ACE Application Control Engine.
Examples ACE Module Example
To display the current BOOT environment variable and configuration register setting, enter:
host1/Admin# show bootvar
BOOT variable = "disk0:c6ace-t1k9-mzg.3.0.0_A0_2.48.bin"
Configuration register is 0x1
ACE Appliance Example
To display the current BOOT environment variable and configuration register setting, enter:
host1/Admin# show bootvar
BOOT variable = “disk0:c4710ace-mz.A5_1_0.bin”
Configuration register is 0x1
Related Commands This command has no related commands.1-125
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show buffer
To display the buffer manager module messages, use the show buffer command.
show buffer {events-history | stats | usage} [|] [>]
Syntax Description
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples To display the control plane buffer event history, enter:
host1/Admin# show buffer events-history
1) Event:E_DEBUG, length:72, at 477729 usecs after Sat Jan 1 00:01:29 2000
[102] headers=0xd2369000, ctrl_blocks=0xd280a040, data_blocks=0xd5403aa0
2) Event:E_DEBUG, length:50, at 477707 usecs after Sat Jan 1 00:01:29 2000
[102] total blocks=151682 (ctrl=75841, data=75841)
events-history Displays a historic log of the most recent messages generated by the buffer manager
event history.
stats Displays detailed counters for various buffer manager event occurrences.
usage Displays the number of buffers currently being held (allocated but not freed) by each
buffer module. The usage keyword also shows an estimate of the number of times a
particular buffer module has freed the same buffer more than once (this condition
indicates a software error). Displays the Hi watermark field which allows more
visibility for buffer usage when monitoring high watermarks
| (Optional) Pipe character (|) for enabling an output modifier that filters the command
output. For a complete description of the options available for filtering the command
output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-126
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Related Commands clear buffer stats1-127
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show capture
To display the packet information that the ACE traces as part of the packet capture function, use the show
capture command.
show capture buffer_name [detail [connid connection_id | range packet_start packet_end] |
status] [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For all types of received packets, the console display is in tcpdump format.
To copy the capture buffer information as a file in flash memory, use the copy capture command.
For information about the fields in the show capture command output, see the Administration Guide,
Cisco ACE Application Control Engine.
buffer_name Name of the packet capture buffer. Specify an unquoted text string with no spaces
from 1 to 80 alphanumeric characters.
detail (Optional) Displays additional protocol information for each packet.
connid
connection_id
(Optional) Displays protocol information for a specified connection identifier.
range
packet_start
packet_end
(Optional) Displays protocol information for a range of captured packets.
status (Optional) Displays capture status information for each packet.
| (Optional) Pipe character (|) for enabling an output modifier that filters the command
output. For a complete description of the options available for filtering the command
output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-128
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Examples To display the captured packet information contained in packet capture buffer CAPTURE1, enter:
switch/Admin# show capture CAPTURE1
Related Commands copy capture1-129
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show cde
(ACE module only) To display the classification and distribution engine (CDE) interface statistics,
health, and register values, use the show cde command. This command includes statistics for the CDE
daughter card interface, the CDE control plane interface, and the CDE switch fabric interface.
show cde {all | count | dist | hash index_number | health | interrupts | reg cde_number register |
stats {cumulative | stats} | vlan vlan_number} [|] [>]
Syntax Description
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
all Displays all CDE register values.
count Displays the cumulative count of the CDE interrupts.
dist Displays the CDE distribution type.
hash index_number Displays the hash distribution table. Enter a value from 0 to 63.
health Displays the CDE health, including the daughter card statistics.
interrupts Displays the CDE interrupts.
reg Displays the specified CDE register.
cde_number CDE number (0 or 1).
register Register value. Enter a hexadecimal value from 0x0 to 0x1d9.
stats Displays the specified CDE statistics.
cumulative Displays the cumulative CDE statistics from the last invocation of the show cde
command.
delta Displays the delta CDE statistics from the last invocation of the show cde
command.
vlan vlan_number Displays the VLAN distribution table for the specified VLAN. Enter the desired
VLAN number from 0 to 4096.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering
the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the options
available for redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.1-130
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Examples To display all of the CDE register values, enter:
host1/Admin# show cde all
Related Commands clear cde
show cfgmgr
To display the Configuration Manager internal information, use the show cfgmgr command.
show cfgmgr internal {history | {table {access-group | ace name| acl name| action-list | arp |
class-map | context | icmp-vip | if-zone | interface | l2-ace | l2-acl | l3-rule| match-item | nat
| nat-dynamic | nat-pool | nat-pool-data | nat-static | og name | og-data name | og-exp name
| parameter-map | policy-map | probe | probe-instance | rserver | script-file | script-task |
sfarm | sfarm-real | slb-policy | ssl-proxy | sticky-grp | sticky-static-grp | time-range |
track-probe | vip} [all | context name | detail]} [|] [>]
Syntax Description history Displays the Configuration Manager debug log.
table Displays the specified Configuration Manager internal table.
access-group Displays the access group table.
ace name Displays the specified ACE table.
acl name Displays the specified ACL table.
action-list Displays the action-list table.
arp Displays the ARP table.
class-map Displays the class map table.
context Displays the context table.
icmp-vip Displays the ICMP state in VIP table.
if-zone Displays the if zone table.
interface Displays the interface table.
l2-ace Displays the Layer 2 ACE table.
l2-acl Displays the Layer 2 ACL table.
l3-rule Displays the Layer 3 rule table.
match-item Displays the match-item table.
nat Displays the NAT table.
nat-dynamic Displays the NAT dynamic table.
nat-pool Displays the NAT pool table.
nat-pool-data Displays the NAT pool data table.
nat-static Displays the NAT static table.
og name Displays the specified Object Group table.
og-data name Displays the specified Object Group Data table.
og-exp name Displays the specified Object Group Expanded table.
parameter-map Displays the parameter map table.
policy-map Displays the policy map table.1-131
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
probe Displays the probe table.
probe-instance Displays the probe instance table.
rserver Displays the real server table.
script-file Displays the script file table.
script-task Displays the script task table.
sfarm Displays the server farm table.
sfarm-real Displays the server farm and real server table.
slb-policy Displays the server load-balancing policy table.
ssl-proxy Displays the SSL proxy table.
sticky-grp Displays the sticky group table.
sticky-static-grp Displays the static sticky table.
time-range Displays the time-range table.
track-probe Displays the track probe table.
vip Display the VIP table.
all Displays the internal table information for all the contexts.
context name Displays the internal table information for the specified context.
detail Displays the detailed Configuration Manager table information.
| (Optional) Pipe character (|) for enabling an output modifier that
filters the command output. For a complete description of the options
available for filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier
that redirects the command output to a file. For a complete
description of the options available for redirecting the command
output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-132
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Examples To display real server table information, enter:
host1/Admin# show cfgmgr internal table rserver
Related Commands clear cfgmgr internal history
show checkpoint
To display information relating to the configured checkpoints, use the show checkpoint command.
show checkpoint {all | detail name} [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show checkpoint command output, see the Administration Guide,
Cisco ACE Application Control Engine.
Examples To display the running configuration for the checkpoint MYCHECKPOINT, enter:
host1/Admin# show checkpoint detail MYCHECKPOINT
all Displays a list of all existing checkpoints. The show output includes checkpoint time
stamps.
detail name Displays the running configuration of the specified checkpoint.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-133
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Related Commands checkpoint1-134
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show clock
To display the current date and time settings of the system clock, use the show clock command.
show clock [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To configure the system clock setting, use the clock command in the configuration mode.
For information about the fields in the show clock command output, see the Administration Guide, Cisco
ACE Application Control Engine.
Examples To display the current clock settings, enter:
host1/Admin# show clock
Fri Feb 24 20:08:14 UTC 2006
Related Commands (config) clock summer-time
(config) clock timezone
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-135
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show conn
To display the connection statistics, use the show conn command.
show conn {address ip_address1 [ip_address2] [/prefix_length | netmask mask]] [detail]} | count
| detail | {port number1 [number2] [detail]} | {protocol {tcp | udp} [detail]} | {rserver
rs_name [port_number] [serverfarm sfarm_name1] [detail]} | {serverfarm sfarm_name2
[detail]} [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
address ip_address1
[ip_address2]
Displays connection statistics for a single source or destination IPv4 or IPv6
address or, optionally, for a range of source or destination IPv4 or IPv6
addresses. To specify a range of IP addresses, enter an IP address for the lower
limit of the range and a second IP address for the upper limit of the range.
/prefix_length Displays connection statistics for the IPv6 address or range of IPv6 addresses
that you specify. Enter an IPv6 prefix (for example, /64).
netmask mask Specifies the network mask for the IPv4 address or range of IPv4 addresses that
you specify. Enter a network mask in dotted-decimal notation (for example,
255.255.255.0).
count Displays the total current connections to the ACE.
Note The total current connections is the number of connection objects.
There are two connection objects for each flow and complete
connection.
detail Displays detailed connection information.
Note The total current connections is the number of connection objects.
There are two connection objects for each flow and complete
connection.
port number1
[number2]
Displays connection statistics for a single source or destination port or
optionally, for a range of source or destination ports.
protocol {tcp | udp} Displays connection statistics for TCP or UDP.
rserver rs_name Displays connection statistics for the specified real server.
port_number (Optional) Port number associated with the specified real server. Enter an
integer from 1 to 65535.
serverfarm
sfarm_name1
(Optional) Displays connection statistics for the specified real server
associated with this server farm.
serverfarm
sfarm_name2
Displays connection statistics for the real servers associated with the specified
server farm.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show command.1-136
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show conn command output, see the Security Guide, Cisco ACE
Application Control Engine.
Examples IPv6 Example
To display connection statistics for a range of IP addresses, enter:
host1/C1# show conn address 2001:DB8:1::15 2001:DB8:1::35/64
IPv4 Example
To display connection statistics for a range of IP addresses, enter:
host1/C1# show conn address 192.168.12.15 192.168.12.35 netmask 255.255.255.0
Related Commands clear conn
show context
To display the context configuration information, use the show context command.
show context [context_name | Admin] [|] [>]
Syntax Description
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(1.4) and A2(2.1) This detail option was added for a specified address, port, protocol,
real server, or server farm.
A5(1.0) Added support for IPv6.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(2.2) This detail option was added for a specified address, port, protocol,
real server, or server farm.
A5(1.0) Added support for IPv6.
context_name (Optional) Name of user-created context. The ACE displays just the specified
context configuration information. The context_name argument is case sensitive.
and is visible only from the admin context.
Admin (Optional) Displays just the admin context configuration information. This keyword
is visible only from the admin context.1-137
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The ACE displays different information for this command depending on the context that you are in when
executing the command:
• Admin context—When you are in the Admin context and use the show context command without
specifying a context, the ACE displays the configuration information for the admin context and all
user-created contexts.
• user-created context—When you are in a user-created context and enter the show context command,
the ACE displays only the configuration information of the current context.
For information about the fields in the show context command output, see the Virtualization Guide,
Cisco ACE Application Control Engine.
Examples To display the Admin context and all user-context configuration information, enter:
host1/Admin# show context
To display the configuration information for the user context CTX1, enter:
host1/Ctx1# show context
Related Commands changeto
(config) context
show copyright
To display the software copyright information for the ACE, use the show copyright command.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-138
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show copyright [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show copyright command output, see the Administration Guide,
Cisco ACE Application Control Engine.
Examples To display the ACE software copyright information, enter:
host1/Admin# show copyright
Related Commands This command has no related commands.
show crypto
To display the summary and detailed reports on files containing Secure Sockets Layer (SSL) certificates,
key pairs, chain and authentication groups, and statistics, use the show crypto command.
show crypto { aia-errors | authgroup {group_name| all} | cdp-errors | certificate {filename | all}
| chaingroup {filename | all} | {crl {filename [detail]} | all | best-effort} | csr-params
{filename | all} | files | key {filename | all} | ocspserver {name [detail] | all | best-effort} |
session}} [|] [>]
| (Optional) Pipe character (|) for enabling an output modifier that filters the command output.
For a complete description of the options available for filtering the command output, see the
show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects the
command output to a file. For a complete description of the options available for redirecting
the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-139
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Syntax Description
Command Modes Exec
Admin and user contexts
aia-errors Displays the AuthorityInfoAccess (AIA) extension error statistics.
authgroup Specifies the authentication group file type.
group_name Name of the specific authentication group file.
all Displays the summary report that lists all the files of the specified file type or
certificates for each authentication group, or certificate revocation lists (CRLs) in
the context.
cdp-errors Displays the statistics for discrepancies in CRL Distribution Points (CDPs) for the
certificates on the ACE; not context specific. A CDP indicates the location of the
CRL in the form of a URL. CDP parsing in the certificate occurs only when best
effort CRL is in use. The statistics include incomplete, malformed and missing
information, and unrecognized transports and the number of times that the ACE
ignores CDP errors as related to the (config-parammap-ssl) cdp-errors ignore
command.
certificate Specifies the certificate file type.
filename Name of a specific file. The ACE displays the detailed report for the specified file.
Enter an unquoted text string with no spaces and a maximum of 40 alphanumeric
characters.
chaingroup Specifies the chaingroup file type.
crl Specifies the certificate revocation list configured in the context.
detail (Optional) Displays detailed statistics for the downloading of the CRL including
failure counters.
best-effort Displays summarized information for all best-effort CRLs in ACE (a maximum of
16 CRLs).
csr-params Specifies the Certificate Signing Request (CSR) parameter set.
files Displays the summary report listing all of the crypto files loaded on the ACE,
including certificate, chaingroup, and key pair files. The summary report also shows
whether the file contains a certificate, a key pair, or both.
key Specifies the key pair file type.
ocspserver
name
Identifier of a configured OCSP server. The ACE displays Online Certificate Status
Protocol (OCSP) information. You can use OCSP as an alternative to CRLs.
detail Instructs the ACE to display detailed statistics for the specified OCSP server.
all Displays statistics for all configured OCSP servers.
best-effort Displays statistics for OCSP servers that were obtained on a best-effort basis by
extracting the server information from the client packets.
session Displays the number of cached TLS and SSL client and server session entries in the
current context.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.1-140
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command History
Usage Guidelines This command requires the SSL feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
When using the show crypto certificate command and the certificate file contains a chain, the ACE
displays only the bottom level certificate (the signers are not displayed).
For information about the fields in the show crypto command output, see the SSL Guide, Cisco ACE
Application Control Engine.
Examples To display the summary report that lists all of the crypto files, enter:
host1/Admin# show crypto files
To display
Related Commands crypto delete
crypto export
crypto import
crypto verify
(config) crypto csr-params
(config-parammap-ssl) cdp-errors ignore
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
3.0(0)A1(6.2a) This command was revised with the hardware and stats keywords.
A2(1.0) This command was revised with the authgroup, csr-params, crl,
and session keywords.
A2(2.0) This command was revised with the cdp-errors, detail, and
best-effort keywords.
A2(2.1) This command was revised to include the Best Effort CDP Errors
Ignored field displayed with the cdp-errors keyword.
A5(1.0) Added the aia-errors and the ocspserver keywords and arguments.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(1.0) This command was revised with the authgroup, csr-params, crl,
and session keywords.
A3(2.2) The cdp-errors keyword and the detail option were added.
A3(2.3) The best-effort keyword was added.
A5(1.0) Added the aia-errors and the ocspserver keywords and arguments.1-141
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show dc
(ACE module only) To display the statistics for the daughter card hardware on the ACE ACE, use the show
dc command.
show dc dc_number {console | controller {all | health | interrupts | reg register_number | stats
{cumulative | delta}} | interrupts} [|] [>]
Syntax Description
Command Modes Exec
Admin context only
Command History
dc_number Number of the daughter card (1 or 2).
console Displays whether the master or the slave network processor console is directed to
the base board front panel for the specified daughter card. For example, if the master
network processor is directed to the front panel, the following message appears:
“mCPU console is directed to base board front panel.” See the related set dc
dc_number console command.
controller Displays the register values for the specified daughter card CPU and the specified
controller area.
all Displays all controller register values for the specified daughter card CPU
health Displays the controller health and statistics for the specified daughter card.
interrupts Displays the controller interrupt statistics for the specified daughter card.
reg
register_number
Displays the description, value, and register type for the specified controller register
in the specified daughter card.
stats Displays the controller statistics registers for the specified daughter card. You can
instruct the ACE to display either cumulative stats since the last reboot or the change
in stats since the last time you entered this command.
cumulative Displays accumulated controller statistics since the last time you rebooted the ACE
or entered the clear dc command.
delta Displays the difference in controller statistics since the last time you entered this
command.
interrupts Displays the interrupt statistics for the specified daughter card.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
A4(1.0) This command was introduced.1-142
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Usage Guidelines This command requires the Admin feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
For information about the fields in the show dc command output, see the Administration Guide, Cisco
ACE Application Control Engine.
Examples To display the cumulative daughter card controller statistics, enter:
host1/Admin# show dc 1 controller stats cumulative
Tnrpc call for INFO_VERN_REGISTERS Success
SNO Verni Register Name Address Value
---------------------------------------------------------
0 VERNI_TXDCCTRLBPCNT_REG_ADDR 0x0024 0
1 VERNI_TXBCMBPCNT_REG_ADDR 0x0028 0
2 VERNI_CSR_CNTL_REG_ADDR 0x0080 0
3 VERNI_DCRX0_BYTCNT_L_REG_ADDR 0x3104 0
4 VERNI_DCRX0_BYTCNT_H_REG_ADDR 0x3100 0
5 VERNI_DCRX1_BYTCNT_L_REG_ADDR 0x3114 26857913
6 VERNI_DCRX1_BYTCNT_H_REG_ADDR 0x3110 0
7 VERNI_DCRX2_BYTCNT_L_REG_ADDR 0x3124 2984041857
8 VERNI_DCRX2_BYTCNT_H_REG_ADDR 0x3120 0
9 VERNI_DCRX3_BYTCNT_L_REG_ADDR 0x3134 0
10 VERNI_DCRX3_BYTCNT_H_REG_ADDR 0x3130 0
11 VERNI_DCRX4_BYTCNT_L_REG_ADDR 0x3144 0
12 VERNI_DCRX4_BYTCNT_H_REG_ADDR 0x3140 0
13 VERNI_DCRX5_BYTCNT_L_REG_ADDR 0x3154 10182426
14 VERNI_DCRX5_BYTCNT_H_REG_ADDR 0x3150 0
15 VERNI_DCRX6_BYTCNT_L_REG_ADDR 0x3164 461907
16 VERNI_DCRX6_BYTCNT_H_REG_ADDR 0x3160 0
17 VERNI_DCRX7_BYTCNT_L_REG_ADDR 0x3174 0
18 VERNI_DCRX7_BYTCNT_H_REG_ADDR 0x3170 0
19 VERNI_DCRX0_PKTCNT_REG_ADDR 0x3200 0
20 VERNI_DCRX1_PKTCNT_REG_ADDR 0x3204 270400
21 VERNI_DCRX2_PKTCNT_REG_ADDR 0x3208 33181066
22 VERNI_DCRX3_PKTCNT_REG_ADDR 0x320c 0
23 VERNI_DCRX4_PKTCNT_REG_ADDR 0x3210 0
24 VERNI_DCRX5_PKTCNT_REG_ADDR 0x3214 120311
25 VERNI_DCRX6_PKTCNT_REG_ADDR 0x3218 4946
26 VERNI_DCRX7_PKTCNT_REG_ADDR 0x321c 0
27 VERNI_DCRX0_EPKTCNT_REG_ADDR 0x3300 0
28 VERNI_DCRX1_EPKTCNT_REG_ADDR 0x3304 0
29 VERNI_DCRX2_EPKTCNT_REG_ADDR 0x3308 0
30 VERNI_DCRX3_EPKTCNT_REG_ADDR 0x330c 0
31 VERNI_DCRX4_EPKTCNT_REG_ADDR 0x3310 0
32 VERNI_DCRX5_EPKTCNT_REG_ADDR 0x3314 0
33 VERNI_DCRX6_EPKTCNT_REG_ADDR 0x3318 0
34 VERNI_DCRX7_EPKTCNT_REG_ADDR 0x331c 0
35 VERNI_DCRX0_FCCNT_REG_ADDR 0x3400 0
36 VERNI_DCRX0_DROPCNT_REG_ADDR 0x3420 0
37 VERNI_DCRX1_FCCNT_REG_ADDR 0x3404 0
38 VERNI_DCRX1_DROPCNT_REG_ADDR 0x3424 0
39 VERNI_DCRX2_DROPCNT_REG_ADDR 0x3408 0
40 VERNI_DCRX3_DROPCNT_REG_ADDR 0x340c 0
41 VERNI_DCRX4_FCCNT_REG_ADDR 0x3410 0
42 VERNI_DCRX4_DROPCNT_REG_ADDR 0x3428 0
43 VERNI_DCRX5_FCCNT_REG_ADDR 0x3414 0
44 VERNI_DCRX5_DROPCNT_REG_ADDR 0x342c 0
45 VERNI_DCRX6_DROPCNT_REG_ADDR 0x3418 0
46 VERNI_DCRX7_DROPCNT_REG_ADDR 0x341c 01-143
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
47 VERNI_DCTX0_BYTCNT_L_REG_ADDR 0x4104 0
48 VERNI_DCTX0_BYTCNT_H_REG_ADDR 0x4100 0
49 VERNI_DCTX1_BYTCNT_L_REG_ADDR 0x4114 29588774
50 VERNI_DCTX1_BYTCNT_H_REG_ADDR 0x4110 0
51 VERNI_DCTX2_BYTCNT_L_REG_ADDR 0x4124 15457403
52 VERNI_DCTX2_BYTCNT_H_REG_ADDR 0x4120 0
53 VERNI_DCTX3_BYTCNT_L_REG_ADDR 0x4134 0
54 VERNI_DCTX3_BYTCNT_H_REG_ADDR 0x4130 0
55 VERNI_DCTX4_BYTCNT_L_REG_ADDR 0x4144 0
56 VERNI_DCTX4_BYTCNT_H_REG_ADDR 0x4140 0
57 VERNI_DCTX5_BYTCNT_L_REG_ADDR 0x4154 7139354
58 VERNI_DCTX5_BYTCNT_H_REG_ADDR 0x4150 0
59 VERNI_DCTX6_BYTCNT_L_REG_ADDR 0x4164 82
60 VERNI_DCTX6_BYTCNT_H_REG_ADDR 0x4160 0
61 VERNI_DCTX7_BYTCNT_L_REG_ADDR 0x4174 0
62 VERNI_DCTX7_BYTCNT_H_REG_ADDR 0x4170 0
63 VERNI_DCTX0_PKTCNT_REG_ADDR 0x4200 0
64 VERNI_DCTX1_PKTCNT_REG_ADDR 0x4204 345107
65 VERNI_DCTX2_PKTCNT_REG_ADDR 0x4208 150138
66 VERNI_DCTX3_PKTCNT_REG_ADDR 0x420c 0
67 VERNI_DCTX4_PKTCNT_REG_ADDR 0x4210 0
68 VERNI_DCTX5_PKTCNT_REG_ADDR 0x4214 77580
69 VERNI_DCTX6_PKTCNT_REG_ADDR 0x4218 1
70 VERNI_DCTX7_PKTCNT_REG_ADDR 0x421c 0
71 VERNI_DCTX0_EPKTCNT_REG_ADDR 0x4300 0
72 VERNI_DCTX1_EPKTCNT_REG_ADDR 0x4304 0
73 VERNI_DCTX2_EPKTCNT_REG_ADDR 0x4308 0
74 VERNI_DCTX3_EPKTCNT_REG_ADDR 0x430c 0
75 VERNI_DCTX4_EPKTCNT_REG_ADDR 0x4310 0
76 VERNI_DCTX5_EPKTCNT_REG_ADDR 0x4314 0
77 VERNI_DCTX6_EPKTCNT_REG_ADDR 0x4318 0
78 VERNI_DCTX7_EPKTCNT_REG_ADDR 0x431c 0
79 VERNI_DCTX0_CRCECNT_REG_ADDR 0x4400 0
80 VERNI_DCTX1_CRCECNT_REG_ADDR 0x4404 0
81 VERNI_DCTX2_CRCECNT_REG_ADDR 0x4408 0
82 VERNI_DCTX3_CRCECNT_REG_ADDR 0x440c 0
83 VERNI_DCTX4_CRCECNT_REG_ADDR 0x4410 0
84 VERNI_DCTX5_CRCECNT_REG_ADDR 0x4414 0
85 VERNI_DCTX6_CRCECNT_REG_ADDR 0x4418 0
86 VERNI_DCTX7_CRCECNT_REG_ADDR 0x441c 0
87 VERNI_SOP_ILL_CNT_REG_ADDR 0x4420 0
88 VERNI_SNKCH0_BYTCNT_L_REG_ADDR 0x5104 0
89 VERNI_SNKCH0_BYTCNT_H_REG_ADDR 0x5100 0
90 VERNI_SNKCH1_BYTCNT_L_REG_ADDR 0x5114 29589286
91 VERNI_SNKCH1_BYTCNT_H_REG_ADDR 0x5110 0
92 VERNI_SNKCH2_BYTCNT_L_REG_ADDR 0x5124 15466363
93 VERNI_SNKCH2_BYTCNT_H_REG_ADDR 0x5120 0
94 VERNI_SNKCH3_BYTCNT_L_REG_ADDR 0x5134 0
95 VERNI_SNKCH3_BYTCNT_H_REG_ADDR 0x5130 0
96 VERNI_SNKCH4_BYTCNT_L_REG_ADDR 0x5144 0
97 VERNI_SNKCH4_BYTCNT_H_REG_ADDR 0x5140 0
98 VERNI_SNKCH5_BYTCNT_L_REG_ADDR 0x5154 7141402
99 VERNI_SNKCH5_BYTCNT_H_REG_ADDR 0x5150 0
100 VERNI_SNKCH6_BYTCNT_L_REG_ADDR 0x5164 82
101 VERNI_SNKCH6_BYTCNT_H_REG_ADDR 0x5160 0
102 VERNI_SNKCH7_BYTCNT_L_REG_ADDR 0x5174 0
103 VERNI_SNKCH7_BYTCNT_H_REG_ADDR 0x5170 0
104 VERNI_SNKCH0_PKTCNT_REG_ADDR 0x5200 0
105 VERNI_SNKCH1_PKTCNT_REG_ADDR 0x5210 345107
106 VERNI_SNKCH2_PKTCNT_REG_ADDR 0x5220 150138
107 VERNI_SNKCH3_PKTCNT_REG_ADDR 0x5230 0
108 VERNI_SNKCH4_PKTCNT_REG_ADDR 0x5240 0
109 VERNI_SNKCH5_PKTCNT_REG_ADDR 0x5250 75532
110 VERNI_SNKCH6_PKTCNT_REG_ADDR 0x5260 11-144
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
111 VERNI_SNKCH7_PKTCNT_REG_ADDR 0x5270 0
112 VERNI_SNKCH0_EPKTCNT_REG_ADDR 0x5300 0
113 VERNI_SNKCH1_EPKTCNT_REG_ADDR 0x5310 0
114 VERNI_SNKCH2_EPKTCNT_REG_ADDR 0x5320 0
115 VERNI_SNKCH3_EPKTCNT_REG_ADDR 0x5330 0
116 VERNI_SNKCH4_EPKTCNT_REG_ADDR 0x5340 0
117 VERNI_SNKCH5_EPKTCNT_REG_ADDR 0x5350 0
118 VERNI_SNKCH6_EPKTCNT_REG_ADDR 0x5360 0
119 VERNI_SNKCH7_EPKTCNT_REG_ADDR 0x5370 0
120 VERNI_SNK_GERRCNT_REG_ADDR 0x5400 0
121 VERNI_SRCCH0_BYTCNT_L_REG_ADDR 0x6104 0
122 VERNI_SRCCH0_BYTCNT_H_REG_ADDR 0x6100 0
123 VERNI_SRCCH1_BYTCNT_L_REG_ADDR 0x6114 26857913
124 VERNI_SRCCH1_BYTCNT_H_REG_ADDR 0x6110 0
125 VERNI_SRCCH2_BYTCNT_L_REG_ADDR 0x6124 2984065605
126 VERNI_SRCCH2_BYTCNT_H_REG_ADDR 0x6120 0
127 VERNI_SRCCH3_BYTCNT_L_REG_ADDR 0x6134 0
128 VERNI_SRCCH3_BYTCNT_H_REG_ADDR 0x6130 0
129 VERNI_SRCCH4_BYTCNT_L_REG_ADDR 0x6144 0
130 VERNI_SRCCH4_BYTCNT_H_REG_ADDR 0x6140 0
131 VERNI_SRCCH5_BYTCNT_L_REG_ADDR 0x6154 10182426
132 VERNI_SRCCH5_BYTCNT_H_REG_ADDR 0x6150 0
133 VERNI_SRCCH6_BYTCNT_L_REG_ADDR 0x6164 461907
134 VERNI_SRCCH6_BYTCNT_H_REG_ADDR 0x6160 0
135 VERNI_SRCCH7_BYTCNT_L_REG_ADDR 0x6174 0
136 VERNI_SRCCH7_BYTCNT_H_REG_ADDR 0x6170 0
137 VERNI_SRCCH0_PKTCNT_REG_ADDR 0x6200 0
138 VERNI_SRCCH1_PKTCNT_REG_ADDR 0x6210 270400
139 VERNI_SRCCH2_PKTCNT_REG_ADDR 0x6220 33181387
140 VERNI_SRCCH3_PKTCNT_REG_ADDR 0x6230 0
141 VERNI_SRCCH4_PKTCNT_REG_ADDR 0x6240 0
142 VERNI_SRCCH5_PKTCNT_REG_ADDR 0x6250 120311
143 VERNI_SRCCH6_PKTCNT_REG_ADDR 0x6260 4946
144 VERNI_SRCCH7_PKTCNT_REG_ADDR 0x6270 0
145 VERNI_SRCCH0_EPKTCNT_REG_ADDR 0x6300 0
146 VERNI_SRCCH1_EPKTCNT_REG_ADDR 0x6310 0
147 VERNI_SRCCH2_EPKTCNT_REG_ADDR 0x6320 0
148 VERNI_SRCCH3_EPKTCNT_REG_ADDR 0x6330 0
149 VERNI_SRCCH4_EPKTCNT_REG_ADDR 0x6340 0
150 VERNI_SRCCH5_EPKTCNT_REG_ADDR 0x6350 0
151 VERNI_SRCCH6_EPKTCNT_REG_ADDR 0x6360 0
152 VERNI_SRCCH7_EPKTCNT_REG_ADDR 0x6370 0
153 CH0_OCTEON_FLOWCTRL_CNT_REG_ADDR 0x6400 8
154 CH1_OCTEON_FLOWCTRL_CNT_REG_ADDR 0x6410 0
155 CH2_OCTEON_FLOWCTRL_CNT_REG_ADDR 0x6420 0
156 CH3_OCTEON_FLOWCTRL_CNT_REG_ADDR 0x6430 0
157 CH4_OCTEON_FLOWCTRL_CNT_REG_ADDR 0x6440 0
158 CH5_OCTEON_FLOWCTRL_CNT_REG_ADDR 0x6450 0
159 CH6_OCTEON_FLOWCTRL_CNT_REG_ADDR 0x6460 0
160 CH7_OCTEON_FLOWCTRL_CNT_REG_ADDR 0x6470 0
Related Commands set dc
clear dc1-145
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show debug
To display the debug flags, use the show debug command.
show debug {aaa | access-list | arpmgr | ascii-cfg | bpdu | buffer | cfg_cntlr | cfgmgr | clock | dhcp
| fifo | fm | fs-daemon | ha_dp_mgr | ha_mgr | hm | ifmgr | ipcp | lcp | ldap | license | logfile
| nat-download | netio | pfmgr | pktcap | radius | routemgr | scp | security | sme | snmp | ssl
| syslogd | system | tacacs+ | tl | ttyd | virtualization | vnet | vshd} [|] [>]
Syntax Description aaa Displays the 301 debug flags.
access-list Displays the access-list debug flags.
arpmgr Displays the Address Resolution Protocol (ARP) manager debug flags.
ascii-cfg Displays the ASCII cfg debug flags.
bpdu Displays the bridge protocol data unit (BPDU) debug flags.
buffer Displays the CP buffer debug flags.
cfg_cntlr Displays the configuration controller debug flags.
cfgmgr Displays the configuration manager debug flags.
clock (ACE module only) Displays the state of clock debug settings.
dhcp Displays the Dynamic Host Configuration Protocol (DHCP) debug
flags.
fifo Displays the show packet first in, first out (FIFO) debug flags.
fm Displays the feature manager debug flags.
fs-daemon Displays the FS daemon debug flags.
ha_dp_mgr Displays the high availability (HA) dataplane manager debug flags.
ha_mgr Displays the HA manager debug flags.
hm Displays the HM debug flags.
ifmgr Displays the interface manager debug flags.
ipcp Displays the kernel IP Control Protocol (IPCP) debug flags.
lcp (ACE module only) Displays the LCP debug flags.
ldap Displays the Lightweight Directory Access Protocol (LDAP) debug
flags.
license Displays the licensing debug flags.
logfile Displays the contents of the logfile.
nat-download Displays the Network Address Translation (NAT) download debug flags.
netio Displays the CP net I/O debug flags.
pfmgr Displays the platform manager debug flags.
pktcap Displays the packet capture debug flags.
radius Displays the Remote Authentication Dial-In User Service (RADIUS)
debug flags.
routemgr Displays the route manager debug flags.
scp (ACE module only) Displays the Secure Copy Protocol (SCP) debug
flags.1-146
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the debug feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The ACE debug commands are intended for use by trained Cisco personnel only. Entering these
commands may cause unexpected results. Do not attempt to use these commands without guidance from
Cisco support personnel.
Examples To display the VSHD debug flags, enter:
host1/Admin# show debug vshd
security Displays the security/accounting debug flags.
sme Displays the System Manager Extension (SME) debug flags.
snmp Displays the Simple Network Management Protocol (SNMP) server
debug flags.
ssl Displays the Secure Sockets Layer (SSL) manager debug flags.
syslogd Displays the syslogd debug flags.
system Displays the system debug flags.
tacacs+ Displays the Terminal Access Controller Access Control System Plus
(TACACS+) debug flags.
tl Displays the CP buffer debug flags.
ttyd Displays the TTYD debug flags.
virtualization Displays the virtualization debug flags.
vnet Displays the virtual network (VNET) driver debug flags.
vshd Displays the VSHD debug flags.
| (Optional) Pipe character (|) for enabling an output modifier that filters
the command output. For a complete description of the options available
for filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier
that redirects the command output to a file. For a complete description
of the options available for redirecting the command output, see the
show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-147
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Related Commands debug
clear debug-logfile1-148
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show domain
To display the information about the configured domains in the ACE, use the show domain command.
show domain [name] [|] [>]
Syntax Description
Syntax Description This command has no keywords or arguments.
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To display the complete domain configuration report that lists all of the configured domains, enter the
show domain command without including the name argument.
For information about the fields in the show domain command output, see the Virtualization Guide,
Cisco ACE Application Control Engine.
Examples To display the domain configuration report for the domain D1, enter:
host1/Admin# show domain D1
Related Commands (config) domain
name (Optional) Name of an existing context domain. Specify a domain name to display
the detailed configuration report that relates to the specified domain.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-149
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show download information
To display the state of the configuration download for each interface on the context, use the show
download information command.
show download information [all] [summary]} [|] [>]
Syntax Description
Command Modes Exec
Admin context for the all option.
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If no option is included with this command, the status information for all interfaces in the current context
is displayed.
You can execute the show download information command to monitor the progress of the download.
When you apply changes to a configuration file, the ACE downloads the configuration to its data plane.
When you perform incremental changes, such as copying and pasting commands in a configuration, the
ACE immediately performs the configuration download and does not display any terminal messages at
the start or end of the download.
all Displays the configuration download status for all interfaces on all contexts (Admin
context only).
summary Displays the summary status of the download information for the context. When you
include the all option with the summary option, this command displays the
download summary status for all contexts.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
A2(3.0) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(2.7) only This command displays the regex download optimization status,
enabled or disabled through the debug cfgmgr limit-regex-dnld
command.1-150
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
However, in the following situations, the ACE defers the configuration download until the entire
configuration is applied to the context:
• The startup configuration at boot time
• Copying of the configuration to the running-config file
• A checkpoint rollback
We recommend that you do not execute any configuration commands during the deferred download. The
ACE does not deny you from entering configuration changes. But the changes will not occur until the
download is completed. If the command times out during the download, the following message appears:
Config application in progress. This command is queued to the system.
The ACE does not queue the command immediately, however, the ACE processes and executes the
command when the download is completed even if the command times out.
Examples To display the configuration download status for all contexts, enter:
host1/Admin# show download information all
Related Commands This command has no related commands.
show eobc
(ACE module only) To display the Ethernet Out-of-Band Channel (EOBC) registers and statistics on the
ACE, use the show eobc command.
show eobc {registers | stats} [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
registers Displays the EOBC registers.
stats Displays the EOBC statistics.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
A2(2.3) This command was introduced.
A2(3.1) This command was introduced.1-151
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Usage Guidelines This command has no user role restrictions. For details about role-based access control (RBAC) and user
roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples To display the EOBC statistics, enter:
host1/Admin# show eobc stats
Related Commands This command has no related commands.1-152
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show fifo
To display the packet first in, first out (FIFO) statistics for the Pkt-Fifo module, use the show fifo command.
show fifo {event-history | registers | stats} [|] [>]
Syntax Description
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples To display the control plane packet FIFO registers, enter:
host1/Admin# show fifo registers
Related Commands clear fifo stats
event-history Displays a historic log of the most recent debug messages generated by the Pkt-Fifo
module.
registers Displays the state of all the registers associated with the transmit and receive
hardware engines.
stats Displays detailed counters for the various Pkt-Fifo module event occurrences.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
3.0(0)A1(5) Interrupt statistics were added to the output of the stats keyword.
ACE Appliance Release Modification
A1(7) This command was introduced.1-153
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show file
To display the contents of a specified file in a directory in persistent memory (flash memory) or volatile
memory (RAM), use the show file command.
show file {disk0: | volatile:}[directory/]filename [cksum | md5sum] [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show file command output, see the Administration Guide, Cisco
ACE Application Control Engine.
Examples To display the contents of the file FILE1 stored in the directory MYFILES in disk0:, enter:
host1/Admin# show file disk0:MYFILES/FILE1
disk0: Specifies the disk0 file system in persistent memory.
volatile: Specifies the file system in volatile memory.
[directory/]filename Path and name of the specified file.
cksum (Optional) Displays the cyclic redundancy check (CRC) checksum for the file.
The checksum values compute a CRC for each named file. Use this command
to verify that the files are not corrupted. You compare the checksum output for
the received file against the checksum output for the original file.
md5sum (Optional) Displays the MD5 checksum (electronic fingerprint) for the file.
MD5 is the latest implementation of the Internet standards described in RFC
1321 and is useful for data security and integrity.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-154
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Related Commands dir
clear cores
delete1-155
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show fragment
To display the IPv4 an IPv6 fragmentation and reassembly statistics for all interfaces in the ACE or the
specified interface, use the show fragment command.
show fragment [vlan vlan_id] [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If you omit the vlan vlan_id optional keyword and argument, you can display statistics for all interfaces
in the ACE.
For information about the fields in the show fragment command output, see the Security Guide, Cisco
ACE Application Control Engine.
Examples To display the IPv4 and IPv6 fragmentation and reassembly statistics for VLAN 210, enter:
host1/Admin# show fragment vlan 210
Related Commands show vlans
vlan vlan_id (Optional) Specifies an existing interface.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A5(1.0) Added IPv6 support.
ACE Appliance Release Modification
A1(7) This command was introduced.
A5(1.0) Added IPv6 support.1-156
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show ft
To display the fault-tolerant (ft), or redundancy, statistics per context, use the show ft command.
show ft {config-error [context_name]} | {group {brief | {[group_id] {detail | status |
summary}}}} | {history {cfg_cntlr | ha_dp_mgr | ha_mgr}} | {idmap} | {memory [detail]}
| {peer peer_id {detail | status | summary}} | {stats group_id} | {track group_id {detail |
status | summary}} [|] [>]
Syntax Description config-error
[context_name]
Displays the commands that fail on the standby ACE during bulk synchronization
in a redundant configuration. If all commands succeed on the standby ACE, the
command displays the following message:
No bulk config apply errors
In the Admin context, the optional context_name argument is the name of a user
context. If you do not enter the argument, the command uses the Admin context. In
a user context, this argument is not available.
group group_id Displays FT group statistics for the specified FT group. In the Admin context, this
keyword displays statistics for all FT groups in the ACE. Also, in the Admin
context, you can specify an FT group number to display statistics for an individual
group. In a user context, this keyword displays statistics only for the FT group to
which the user context belongs.
brief Displays the group ID, local state, peer state, context name, context ID of all the FT
groups that are configured in the ACE, and the configuration synchronization status.
detail Displays detailed information for the specified FT group or peer, including the
configuration synchronization status of the running- and the startup-configuration
files.
status Displays the current operating status for the specified FT group or peer.
summary Displays summary information for the specified FT group or peer.
history Displays a history of internal redundancy software statistics (Admin context only).
cfg_cntlr Displays the configuration controller debug log.
ha_dp_mgr Displays the high availability (HA) dataplane manager debug log.
ha_mgr Displays the HA manager debug log.
idmap Displays the IDMAP table for all object types. In a redundancy configuration, the
IDMAP table is used to map objects between the active and the standby ACEs for
use in config sync and state replication.
memory [detail] Displays summary HA manager memory statistics or optional detailed HA manager
memory statistics (Admin context only).
peer peer_id Specifies the identifier of the remote standby member of the FT group.
stats group_id Displays redundancy statistics for the specified FT group.
track group_id Displays redundancy statistics related to tracked items for all FT groups.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering
the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.1-157
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the fault-tolerant feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The show ft {history | memory} command is available to users configured with a custom role in both
the Admin context and a user-configured context, as well as the predefined Admin and Network-Monitor
roles. Because these commands are not context specific, we recommend that you issue them from the
Admin context only. If you issue these commands in a user context, they may not display any data if
other user context information could be displayed.
For detailed information about the fields in the show ft command output, see the Administration Guide,
Cisco ACE Application Control Engine.
Examples To display the detailed statistics for FT group GROUP1, enter:
host1/Admin# show ft group GROUP1 detail
Related Commands clear ft
(config) ft auto-sync
(config) ft group
(config) ft interface vlan
(config) ft peer
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
3.0(0)A1(5) The brief and idmap keywords were added to this command. The
status of config sync was added to the output of the detail keyword.
A2(2.1) The config-error keyword and context_name option were added to
this command.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(2.2) The config-error keyword and context_name option were added to
this command.
A3(2.6) The show ft {history | memory} command is now available to users
configured with a custom role in both the Admin context and a
user-configured context, as well as the predefined Admin and
Network-Monitor roles. See the “Usage Guidelines” section for more
information.
A4(1.0) The brief and detail options were added to the show ft group
command.1-158
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
(config) ft track host
(ACE module only) (config) ft track hsrp
(config) ft track interface
show hardware
To display the ACE hardware details, such as the serial number and the hardware revision level of the
ACE and the ACE module daughter card, use the show hardware command.
show hardware [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show hardware command output, see the Administration Guide,
Cisco ACE Application Control Engine.
Examples To display ACE hardware information, enter:
host1/Admin# show hardware
Related Commands show inventory
show tech-support
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A4(1.0) Added daughter card information.
ACE Appliance Release Modification
A1(7) This command was introduced.1-159
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show hyp
(ACE module only) To display the Hyperion backplane ASIC register values and statistics, use the show
hyp command.
show hyp [reg reg_number | stats] [|] [>]
Syntax Description
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples To display the Hyperion backplane ASIC statistics, enter:
host1/Admin# show hyp stats
Related Commands This command has no related commands.
show icmp statistics
To display the Internet Control Message Protocol (ICMP) statistics, use the show icmp statistics command.
show icmp statistics [|] [>]
reg reg_number (Optional) Displays the specified Hyperion backplane ASIC register values. Enter a
hexadecimal value from 0x0 to 0x6db.
stats (Optional) Displays the Hyperion backplane ASIC statistics.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.1-160
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Use the clear icmp-statistics command to clear the ICMP statistics.
For information about the fields in the show icmp statistics command output, see the Administration
Guide, Cisco ACE Application Control Engine.
Examples To display ICMP statistics, enter:
host1/Admin# show icmp statistics
Related Commands clear icmp statistics
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-161
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show interface
To display the interface information, use the show interface command.
show interface [bvi number | eobc | gigabitEthernet slot_number/port_number [counters] |
internal {event-history {dbg | mts} | iftable [name] | port-vlantable | seciptable | vlantable
[number]} port-channel channel_number | vlan number] [|] [>]
Syntax Description bvi number (Optional) Displays the information for the specified Bridge Group Virtual Interface
(BVI).
eobc (Optional, ACE module only) Displays the interface information for the Ethernet
Out-of-Band channel (EOBC).
gigabitEthernet
slot_number/por
t_number
(Optional, ACE appliance only) Displays the statistics for the specified gigabit
Ethernet slot and port.
• The slot_number represents the physical slot on the ACE containing the
Ethernet ports. This selection is always 1.
• The port_number represents the physical Ethernet port on the ACE. Valid
selections are 1 through 4.
This keyword is available in the Admin context only.
counters (ACE appliance only) Displays a summary of interface counters for the specified
Ethernet data port related to the receive and transmit queues.
internal (Optional) Displays the internal interface manager tables and events.
event-history Displays event history information.
dbg Displays debug history information.
mts Displays message history information.
iftable Displays the master interface table (Admin context only).
name (Optional) Interface table name. If you specify an interface table name, the ACE
displays the table information for that interface.
port-vlantable (Optional, ACE appliance only) Displays the Ethernet port manager VLAN table.
seciptable Displays the interface manager's (ifmgr) view of a logical interface and displays all
the configured secondary IP addresses under an interface
vlantable Displays the VLAN table (Admin context only).
number (Optional) VLAN number. If you specify an interface number, the ACE displays the
table information for that interface.
port-channel
channel_number
(Optional, ACE appliance only) Displays the channel number assigned to a
port-channel interface. Valid values are from 1 to 255. This keyword is available in
the Admin context only.
vlan number (Optional) Displays the statistics for the specified VLAN.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.1-162
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
BVI and VLAN interface—Admin and user contexts
(ACE appliance only) Ethernet data port, Ethernet management port, and port-channel
interface—Admin context only
Command History
Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
(ACE appliance only) In addition, the Ethernet data port, Ethernet management port, and port-channel
interface command functions require the Admin user role.
(ACE appliance only) You can configure flow control on each Ethernet port of a Catalyst 6500 series
switch. However, the ACE does not support flow control. If you connect an ACE to a Catalyst 6500 series
switch, the flow control functionality is disabled on the ACE. The output of the show interface
gigabitEthernet command on the ACE displays the “input flow-control is off, output flow control is off”
flow-control status line as shown in the example above regardless of the state of flow control on the
Catalyst 6500 series switch port to which the ACE is connected.
To display all of the interface statistical information, enter the show interface command without using
any of the optional keywords.
The internal keyword and options are intended for use by trained Cisco personnel for troubleshooting
purposes only.
For information about the fields in the show interface command output, see the Routing and Bridging
Guide, Cisco ACE Application Control Engine.
Examples To display all of the interface statistical information, enter:
host1/Admin# show interface
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(3.1) Added the seciptable option.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(2.5) The command output includes the reason for an UP transition,
timestamp for the last change, number for transitions since creation,
and the last three previous states including the timestamp and the
transition reasons.
If you do not configure a load-balance scheme on the interface, the
load-balance scheme field through the port-channel option displays
src-dst-mac, which is the default load-balance scheme on the source
or destination MAC address.
A4(1.0) Added the seciptable option.1-163
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
ACE Appliance Example
To view the configuration status for Ethernet data port 4, enter:
host1/Admin# show interface gigabitEthernet 1/4
Related Commands clear interface
show inventory
To display the system hardware inventory, use the show inventory command.
show inventory [raw] [|] [>]
Syntax Description
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Use the show inventory command to display information about the field-replaceable units (FRUs) in the
ACE, including product IDs, serial numbers, and version IDs.
If you do not include the raw keyword, the ACE displays the hardware inventory report only.
For information about the fields in the show inventory command output, see the Administration Guide,
Cisco ACE Application Control Engine.
raw (Optional) Displays the hardware inventory report and information about each
temperature sensor in the ACE.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-164
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Examples To display the hardware inventory report, enter:
host1/Admin# show inventory
To display the hardware inventory report and information about each temperature sensor, enter:
host1/Admin# show inventory raw
Related Commands show hardware
show ip
To display the IP statistics, use the show ip command.
show ip {dhcp relay {conf | information policy | statistics} | fib [np number {dest-ip
ip_address}} | summary | wr dest-ip ip_address] | interface brief {[bvi | gigabitEthernet |
port-channel | vlan] number} | route [summary | internal {event-history dbg | memory}] |
traffic} [|] [>]
Syntax Description dhcp relay Specifies the Dynamic Host Configuration Protocol (DHCP) configuration
information.
conf Displays the DHCP relay configuration information.
information policy Displays the relay agent information and the reforwarding policy status.
statistics Displays the DHCP relay statistics.
fib Displays the Forwarding Information Base (FIB) table for the context. This
table contains information that the forwarding processors require to make IP
forwarding decisions. This table is derived from the route and ARP tables.
np number dest-ip
ip_address
(Optional) Displays the FIB information for a destination address on the
specified ACE NP (network processor). For the number argument:
• For the ACE module, enter an integer from 1 to 4.
• For the ACE appliance, enter 1.
For the ip_address argument, enter the IPV4 address in dotted-decimal
notation (for example, 172.27.16.10).
summary (Optional) Displays the FIB table or route summary for the current context.
wr dest-ip ip_address (Optional) Displays the FIB information for the specified wire region (0
only) and destination IP address. Enter the IPv4 address in dotted-decimal
notation (for example, 172.27.16.10).
interface brief Displays a brief configuration and status summary of all interfaces, a
specified bridge group virtual interface (BVI), or a virtual LAN (VLAN),
including the interface number, IP address, status, and protocol.
bvi Displays the information for a specified BVI.
gigabitEthernet Displays the information for an existing gigabit Ethernet (GE) port. Enter 1.
port-channel Displays the information for an existing port-channel.
vlan Displays the statistics for a specified VLAN number. 1-165
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The internal and fib keywords and options are intended for use by trained Cisco personnel for
troubleshooting purposes only.
number Number of the existing BVI, gigabit Ethernet (GE) port, port-channel, or
VLAN. For a BVI, enter an integer from 1 to 4090. For a GE port, enter 1.
For a port channel, enter an integer from 1 to 255. For a VLAN, enter an
integer from 2 to 4090.
route Displays the route entries.
internal (Optional) Specifies the internal route entries.
event-history dbg Displays the event history statistics.
memory Displays the mtrack output statistics.
traffic Displays the IPv4 and IPv6 protocol statistics.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(1.0) Added the interface brief and related keywords.
A5(1.0) Added IPv6 support for the traffic keyword.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(1.0) Added the interface brief and related keywords.
A3(2.5) Added the gigabitEthernet and port-channel keywords.
The interface brief option displays the hardware interfaces along
with the logical interfaces. It also supports the individual output of
each physical interface. For FT interfaces, (ft) appears after the
VLAN ID in the output. This change is only applicable in the Admin
context.
A5(1.0) Added IPv6 support for the traffic keyword.1-166
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
For information about the fields in the show ip command output, see the Security Guide, Cisco ACE
Application Control Engine and the Routing and Bridging Guide, Cisco ACE Application Control
Engine.
Examples To display all IP route entries, enter:
host1/Admin# show ip route
Related Commands clear ip1-167
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show ipcp
To display the Interprocess Communication Protocol (IPCP) statistics, use the show ipcp command. The
ACE module uses the Interprocess Communication Protocol for communication between the control plane
processor and the dataplane processors.
show ipcp {cde | clients | event-history | peek_poke} [|] [>]
Syntax Description
Command Modes Exec
Admin context only
Command History
cde Displays the following statistics:
• ACE module—IPCP messages that were sent over the classification and
distribution engine (CDE) interface.
• ACE appliance—Displays IPCP statistical information.
clients Displays the following statistics:
• ACE module—Displays the IPCP statistics of the service access points
(SAPs).
• ACE appliance—Displays IPCP message queue information.
event-history Displays the following statistics:
• ACE module—Displays the history of error messages (usually none) in
the IPCP driver.
• ACE appliance—Displays IPCP event history information.
peek_poke Displays the following statistics:
• ACE module—Displays the statistics of the special queue that is used to
read from or write to the network processor or the control plane
processor memory from the control plane.
• ACE appliance—Displays IPCP peek poke message queue information.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
A2(1.0) This command was introduced.1-168
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Usage Guidelines This command requires the Admin role. For details about role-based access control (RBAC) and user
roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples To display IPCP statistics for the CDE interface, enter the following command:
host1/Admin# show ipcp cde
Related Commands This command has no related commands.
show ipv6
To display the IPv6 statistics, use the show ipv6 command.
show ipv6 {dhcp relay [statistics]} | {fib [{np number dest-ip ip_address} | summary | wr dest-ip
ip_address]} | {interface [brief] [[bvi | vlan] number]} | neighbors | {route [summary |
internal ktable]} [|] [>]
Syntax Description
ACE Appliance Release Modification
A1(7) This command was introduced.
A4(1.0) The pci option was removed.
dhcp relay Specifies the Dynamic Host Configuration Protocol (DHCP) configuration
information.
statistics (Optional) Displays the DHCP relay statistics.
fib Displays the Forwarding Information Base (FIB) table for the context. This
table contains information that the forwarding processors require to make IP
forwarding decisions. This table is derived from the route and ARP tables.
np number dest-ip
ip_address
(Optional) Displays the FIB information for a destination address on the
specified ACE NP (network processor). For the number argument:
• For the ACE module, enter an integer from 1 to 4.
• For the ACE appliance, enter 1.
For the ip_address argument, enter the IP address in dotted-decimal notation
(for example, 172.27.16.10).
summary (Optional) Displays the FIB table or route summary for the current context.
wr dest-ip ip_address (Optional) Displays the FIB information for the specified wire region (0
only) and destination IP address. Enter the IP address in dotted-decimal
notation (for example, 172.27.16.10).
interface Displays the configuration and status of all interfaces, including the interface
number, IP address, status, and protocol.1-169
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Admin and user contexts
Command History
brief Displays a brief configuration and status summary of all interfaces, a
specified bridge group virtual interface (BVI), or a virtual LAN (VLAN),
including the interface number, IP address, status, and protocol.
bvi Displays the configuration and status information for a specified BVI.
vlan Displays the configuration and status information for a specified VLAN
number.
number Number of the existing BVI, gigabit Ethernet (GE) port, port-channel, or
VLAN. For a BVI, enter an integer from 1 to 4090. For a GE port, enter 1.
For a port channel, enter an integer from 1 to 255. For a VLAN, enter an
integer from 2 to 4090.
neighbors Displays information about the IPv6 neighbors, including the IPv6 address,
MAC address, status (Up or Down), and more.
route Displays the route entries.
internal (Optional) Specifies the internal route entries.
ktable Displays the IPv6 kernel route table entries.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(1.0) Added the interface brief and related keywords.
A5(1.0) Added IPv6 support.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(1.0) Added the interface brief and related keywords.
A3(2.5) Added the gigabitEthernet and port-channel keywords.
The interface brief option displays the hardware interfaces along
with the logical interfaces. It also supports the individual output of
each physical interface. For FT interfaces, (ft) appears after the
VLAN ID in the output. This change is only applicable in the Admin
context.
A5(1.0) Added IPv6 support.1-170
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The internal and fib keywords and options are intended for use by trained Cisco personnel for
troubleshooting purposes only.
For information about the fields in the show ipv6 command output, see the Routing and Bridging Guide,
Cisco ACE Application Control Engine.
Examples To display IPv6 interface summary information for VLAN 300, enter:
host1/Admin# show ipv6 interface brief vlan 300
Related Commands
show kalap udp load
To display the latest load information for a VIP address, VIP-based tag, or a domain name provided to
the KAL-AP request, use the show kalap udp load command in Exec mode.
show kalap udp load {all | domain domain | vip {ip_address | tag name}} [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
all Displays the latest load information for all VIP addresses, and
VIP-based tags and domains with their associated VIP addresses and
port numbers.
domain domain Displays the latest load information for the specified domain name.
vip ip_address | tag name Displays the latest load information for the specified VIP address or VIP
tag name. For the ip_address argument, enter the IP address in
dotted-decimal notation (for example, 192.168.11.1).
| (Optional) Pipe character (|) for enabling an output modifier that filters
the command output. For a complete description of the options available
for filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier
that redirects the command output to a file. For a complete description
of the options available for redirecting the command output, see the
show command.1-171
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command History
Usage Guidelines The output fields for the show kalap udp load all command display the VIP address, VIP tag with its
associated VIP address and port number, or domain name with its associated VIP address and port
number, its load value, and the time stamp.
Examples To display the latest load information to the KAL-AP request for VIP address 10.10.10.10, enter:
host1/Admin# show kalap udp load vip 10.10.10.10
To display the latest load information to the KAL-AP request for domain KAL-AP-TAG1, enter:
host1/Admin# show kalap udp load domain KAL-AP-TAG1
To display the latest load information to the KAL-AP request for the VIP KAL-AP-TAG2 tag, enter:
host1/Admin# show kalap udp load vip tag KAL-AP-TAG2
Related Commands (config-pmap-c) kal-ap-tag
ACE Module Release Modification
A2(1.0) This command was introduced.
A2(2.0) The all keyword was added.
The vip tag name keyword and argument were added.
ACE Appliance Release Modification
A3(1.0) This command was introduced.
A4(1.0) The tag name keyword and argument were added.1-172
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show lcp event-history
(ACE module only) To display the Line Card Process (LCP) debug event history information, use the show
lcp event-history command.
show lcp event-history [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples To display LCP debug event history information, enter:
host1/Admin# show lcp event-history
Related Commands This command has no related commands.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.1-173
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show ldap-server
To display the configured Lightweight Directory Access Protocol (LDAP) server and server group
parameters, use the show ldap-server command.
show ldap-server [groups] [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show ldap-server command output, see the Security Guide, Cisco
ACE Application Control Engine.
Examples To display the configured LDAP server groups, enter:
host1/Admin# show ldap-server groups
Related Commands (config) aaa group server
(config) ldap-server host
(config) ldap-server port
(config) ldap-server timeout
groups (Optional) Displays configured LDAP server group information.
| (Optional) Pipe character (|) for enabling an output modifier that filters the command
output. For a complete description of the options available for filtering the command
output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-174
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show license
To display your ACE license information, use the show license command.
show license [brief | file filename | internal event-history | status | usage] [|] [>]
Syntax Description
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Entering the show license command without any options and arguments displays all of the installed ACE
license files and their contents.
For information about the fields in the show license command output, see the Administration Guide,
Cisco ACE Application Control Engine.
To manage the licenses on your ACE, use the license command.
brief (Optional) Displays a filename list of currently installed licenses.
file filename (Optional) Displays the file contents of the specified license.
internal
event-history
(Optional) Displays a history of licensing-related events.
status (Optional) Displays the status of licensed features.
usage (Optional) Displays the usage table for all licenses.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(2.3) The Count value for Web Optimization in the show license status
command output has been modified from “cps” to “concurrent
connections.”1-175
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Examples To display all of the installed ACE license files and their contents, enter:
host1/Admin# show license
Related Commands copy capture
license1-176
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show line
To display all of the configured console and virtual terminal line sessions, use the show line command.
show line [console [connected]] [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show line command output, see the Administration Guide, Cisco
ACE Application Control Engine.
Examples To display all configured console and virtual terminal line sessions, enter:
host1/Admin# show line
ACE Module Example
To display the configured console settings for the ACE, enter:
host1/Admin# show line console
Related Commands clear line
(ACE module only) (config) line console
console (Optional) Displays the configured console settings for the ACE.
connected (Optional) Displays the physical connection status.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-177
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show logging
To display the current severity level and state of all syslog messages stored in the logging buffer, or to
display information related to specific syslog messages, use the show logging command.
show logging [history | internal {event-history dbg | facility} | message [syslog_id | all | disabled]
| persistent | queue | rate-limit | statistics] [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
history (Optional) Displays the logging history file.
internal (Optional) Displays syslog internal messages.
event-history
dbg
Displays the debug history for the syslog server.
facility Displays the registered internal facilities for the syslog server.
message (Optional) Displays a list of syslog messages that have been modified from the
default settings. These are messages that have been assigned a different severity
level or messages that have been disabled.
syslog_id (Optional) Identifier of a specific system log message to display, specified by message
ID, and identifies whether the message is enabled or disabled.
all (Optional) Displays all system log message IDs and identifies whether they are
enabled or disabled.
disabled (Optional) Displays a complete list of suppressed syslog messages.
persistent (Optional) Displays statistics for the log messages sent to flash memory on the ACE.
queue (Optional) Displays statistics for the internal syslog queue.
rate-limit (Optional) Displays the current syslog rate-limit configuration.
statistics (Optional) Displays syslog statistics.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-178
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To use the show logging command, you must have the ACE buffer enabled as a logging output location.
By default, logging to the local buffer on the ACE is disabled. To enable system logging to a local buffer
and to limit the messages sent to the buffer based on severity, use the logging buffered configuration
command from the desired context.
The show logging command lists the current syslog messages and identifies which logging command
options are enabled.
To clear the ACE buffer of the logging information currently stored, use the clear logging command.
For information about the fields in the show logging command output, see the Security Guide, Cisco
ACE Application Control Engine.
Examples To display a complete list of disabled syslog messages, enter:
host1/Admin# show logging message disabled
To display the contents of the logging history buffer, enter:
host1/Admin# show logging history
To display the contents of the internal facility messages buffer, enter:
host1/Admin# show logging internal facility
To display statistics for the log messages sent to flash memory on the ACE, enter:
host1/Admin# show logging persistent
To display statistics for the internal syslog queue, enter:
host1/Admin# show logging queue
To display the current syslog rate-limit configuration, enter:
host1/Admin# show logging rate-limit
To display the current syslog statistics, enter:
host1/Admin# show logging statistics
Related Commands clear logging
(config) logging buffered1-179
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show login timeout
To display the login session idle timeout value, use the show login timeout command.
show login timeout [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To configure the login timeout value, use the login timeout command in configuration mode.
For information about the fields in the show login timeout command output, see the Administration
Guide, Cisco ACE Application Control Engine.
Examples To display the login timeout value, enter:
host1/Admin# show login timeout
Related Commands (config) login timeout
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-180
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show nat-fabric
To display the Network Address Translation (NAT) policy and pool information for the current context, use
the show nat-fabric command.
show nat-fabric {policies | src-nat policy_id mapped_if | dst-nat static_xlate_id | nat-pools |
implicit-pat| global-static} [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the NAT feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
policies Displays the NAT policies.
src-nat policy_id
mapped_if
Displays the specified source NAT policy information. To obtain the values
for the policy_id and mapped_if arguments, view the policy_id and
mapped_if fields displayed by the show nat-fabric policies command.
dst-nat static_xlate_id Displays the static address translation for the specified static XLATE ID. To
obtain the value for the static_xlate_id argument, view the static_xlate_id
field displayed by the show nat-fabric policies command.
nat-pools Displays NAT pool information for a dynamic NAT policy.
implicit-pat Displays the implicit PAT policies.
global-static Displays global static NAT information when the static command in global
configuration mode is configured.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(1.0) This command was revised with the global-static keyword.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(1.0) This command was revised with the global-static keyword.1-181
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
To obtain the values for the policy_id, mapped_if, and static_xlate_id arguments, view their respective
fields displayed by the show nat-fabric policies command.
Examples To display the implicit PAT policies, enter:
host1/Admin# show nat-fabric implicit-pat
Related Commands (ACE module only) (config) static
show netio
To display the control plane network I/O information, use the show netio command.
show netio {clients | event-history | stats} [|] [>]
Syntax Description
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
clients Displays statistics for the applications that are transmitting and receiving packets
through the Netio module.
event-history Displays a historic log of the most recent debug network I/O messages.
stats Displays detailed counters for various Netio event occurrences.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-182
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Examples To display control plane network I/O client information, enter:
host1/Admin# show netio event-history
1) Event:E_DEBUG, length:73, at 921762 usecs after Sat Jan 1 00:04:55 2000
[105] ed_request_encap: Sending ARP_RESOLUTION for 75.0.0.6, in context 0
2) Event:E_DEBUG, length:78, at 921752 usecs after Sat Jan 1 00:04:55 2000
[105] ed_egress_route_lookup: Route lookup failure -96 for 75.0.0.6, context 0
Related Commands clear netio stats
show nexus-device
To display the Nexus device connection statistics, use the show nexus-device command.
show nexus-device [name][detail]
Syntax Description
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To display the Nexus device connection information, enter the following command:
host1/Admin# show nexus-device DC1
name Configured identifier of the Nexus device. Enter the name of an existing Nexus
device as an unquoted text string with no spaces and a maximum of 64 alphanumeric
characters.
detail Displays an additional field for the IP address of the Nexus device.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module/Appliance
Release Modification
A4(2.0) This command was introduced.1-183
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Related Commands (config) nexus-device1-184
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show np
To display the hardware information stored on the four network processors (NPs), use the show np
command.
show np np_number {access-list {node vlan vlan_number {in node_address | out node_address} |
resource | root vlan vlan_number {in | out} | syslog {lineno-table [index_1 index_2 | all] |
name-table [index_3 index_4 | all]} | trace vlan vlan_number in protocol prot_number |
source source_ip source_port | destination dest_ip dest_port} | {adjacency [lower_index
upper_index [all]} | {buffer stats {event-history | stats | usage}} | {cpu | internal
[lower_index upper_index]] | reap]} | {interface {icmlookup [all] | iflookup}} | {interrupts}
| {lb-stats {option}} | {mac-address-table} | {me-stats ucdump_option} | {memory} | {mtrie
dest-ip dest_ip} | {nat {bitmap map_id | dst_nat policy_id | implicit-pat | policies | src-nat
policy_id interface_id} | {reg} | {status} [|] [>]
Syntax Description np_number Network processor number, as follows:
• ACE module—Enter one of the following processor identifier
numbers:
– 1—Octeon network processor (NP) 1
– 2—Octeon network processor (NP) 2
– 3—Octeon network processor (NP) 3
– 4—Octeon network processor (NP) 4
• ACE appliance—Enter one of the following processor identifier
numbers:
– 0—x86 processor
– 1—Octeon processor
access-list Displays information related to the access control list (ACL).
node Displays the contents of the hardware ACL node that is identified by the
vlan_number.
vlan vlan_number Specifies the number of the VLAN.
in Specifies the inbound traffic flow.
out Specifies the outbound traffic flow.
node_address Address of the node.
resource Displays information about the ACL resource usage.
root Displays the hardware address of the root of the downloaded, aggregated
ACL, identified by the vlan_number.
syslog Displays the ACL syslog tables.
lineno-table Displays the ACl syslog line-number table.
index_1 index_2 Range of indices to display. Enter an integer from 0 to 262143 for
index_1 and index_2.
all Specifies whether to display invalid entries.
name-table Displays the ACL syslog namestring table.
index_3 index_4 Range of indices to display. Enter an integer from 0 to 16383 for index_3
and index_4.1-185
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
trace Traces a packet through a specific ACL.
protocol prot_number Specifies a protocol number.
source Specifies the source of the flow.
source_ip Source IP address.
source_port Source port number.
destination Specifies the destination of a flow.
dest_ip Destination IP address.
dest_port Destination port number.
adjacency Displays information related to the adjacent nodes.
lower_index Lower index value. Enter a value from 1 to 32767.
upper_index Upper index value. Enter a value from 1 to 32767.
all Displays all entries, including invalid entries.
internal Displays the internal information for adjacency structures.
buffer Displays NP buffer usage available and status of ft switchover.
event-history Displays control plane buffer event history.
stats Displays control plane buffer statistics.
usage Displays control plane buffer usage.
cpu Displays information about the CPU processes. This command option is
available only for a user with the Admin role in any context.
reap (Optional, ACE appliance only) Retrieves the encap reap statistics.
interface Displays information related to the interface tables.
icmlookup Displays the ICM/OCM interface table from the CP (0) or the specified
NP.
iflookup Displays the fast path interface lookup table from the CP (0) or the
specified NP.
Note The iflookup keyword presents information from the fast path
interface lookup table. If you wish to verify the configured
shared VLAN host ID value, enter the show running-config |
include shared command.
interrupts (ACE module only) Displays the network processor interrupt error
counters (for example, PIP, L2D, L2T, DRAM, and so on).
lb-stats Displays load-balancing statistics similar to the LbInspectTool.
mac-address-table Displays the MAC address table.
me-stats Displays Micro Engine statistics for the network processors. This
command option is available only for a user with the Admin role in any
context.
ucdump_option Options for the ucdump utility. The ucdump utility is a binary on Xscale
which returns information about Micro Engine statistics. Specify --help
as the ucdump_option argument to list all of the supported ucdump
utility options. Enter up to 80 alphanumeric characters.
Note The following ucdump utility options are disabled from show np
me-stats: -C, -f, and -i.
memory Displays information about the memory processes. This command
option is available only for a user with the Admin role in any context.1-186
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command and its options require the access-list or interface feature in your user role, except for the
cpu, me-stats, and memory options. These three options require that you have the Admin user role in
any context. For details about role-based access control (RBAC) and user roles, see the Virtualization
Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
mtrie dest-ip dest_ip Displays Mtrie entry for the specified destination IP address.
nat Displays information related to the network processor Network Address
Translation (NAT) tables.
bitmap map_id Specifies the NAT-pool bit-map table in the network processor.
dst_nat policy_id Specifies the destination NAT policy.
implicit-pat Specifies the implicit Port Address Translation (PAT) policy table.
policies Specifies the full NAT policy table.
src-nat Specifies the source NAT policy.
policy_id Policy identifier number. Enter a value from 0 to 65535.
interface_id Mapped interface identifier. Enter a value from 0 to 65535.
reg (ACE module only) Displays information related to the network
processor registers.
status (ACE appliance only) Displays status information related to the
specified network processor. You can only display the statistics for
network processor 1.
| (Optional) Pipe character (|) for enabling an output modifier that filters
the command output. For a complete description of the options available
for filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier
that redirects the command output to a file. For a complete description
of the options available for redirecting the command output, see the
show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A4(1.0) The value of 0 was removed from the network processor np_number
argument range.
A4(1.1) Added the buffer keyword and options.
ACE Appliance Release Modification
A1(7) This command was introduced.
A4(1.1) Added the buffer keyword and options.1-187
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
(ACE appliance only) The show np 1 {me-stats | memory | status} is now available to users configured
with a custom role in both the Admin context and a user-configured context, as well as the predefined
Admin and Network-Monitor roles. Because these commands are not context specific, we recommend
that you issue them from the Admin context only. If you issue these commands in a user context, they
may not display any data if other user context information could be displayed.
Examples To display the access list information from the hardware using the network processor 1, enter:
host1/Admin# show np 1 access-list
To display Micro Engine statistics for a ucdump utility (-b, which instructs the ACE to dump fastpath
buffer memory), enter:
host1/Admin# show np me-stats -b
Fastpath thread buffers
=================================
ME:1 thread:0 addr:0x0010 particle:0x00000000 len:78 rx_seq=7
0018 0x8500004e 0x00608034 0x0000001e 0x00101e07 ...N .`.4 .... ....
001c 0x0000ffff 0xffffffff 0x00059a3b 0x9a390800 .... .... ...; .9..
0020 0x4500002c 0xa4540000 0xff11fd64 0x0c010105 E.., .T.. ...d ....
0024 0x0c010101 0xc350c352 0x00185db6 0x000100f0 .... .P.R ..]. ....
0028 0x00000008 0x00000000 0x00000064 0x00000000 .... .... ...d ....
Related Commands clear np
show processes1-188
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show ntp
(ACE appliance only) To display information about the Network Time Protocol (NTP) statistics, use the
show ntp command.
show ntp {peer-status | peers | statistics [io | local | memory | peer ip_address]} [|] [>]
Syntax Description
Command Modes Exec
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To display the status for all configured NTP servers and peers, enter:
host1/Admin# show peer-status
To display a listing of all peers, enter:
switch/Admin# show ntp peers
Related Commands (config) ntp
peer-status Displays the status for all configured NTP servers and peers.
peers Displays a listing of all peers.
statistics Displays the NTP statistics.
io (Optional) Displays information the input/output statistics.
local (Optional) Displays the counters maintained by the local NTP.
memory (Optional) Displays the statistical counters related to the memory code.
peer (Optional) Displays the peer-peer statistical counters of the specified peer.
ip_address Peer statistics for the specified IP address.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering
the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the options
available for redirecting the command output, see the show command.
ACE Appliance Release Modification
A1(7) This command was introduced.1-189
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show optimization-global
To display information about the global optimization statistics, use the show optimization-global
command.
show optimization-global [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To display global optimization statistics, enter:
host1/Admin# show optimization-global
Related Commands (config) optimize
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Appliance Release Modification
A1(7) This command was introduced.1-190
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show parameter-map
To display the detailed configuration information for a specified parameter map, use the show
parameter-map command.
show parameter-map [parammap_name] [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the connection feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To display the configuration for the parameter map SSL_PARAMMAP, enter:
host1/Admin# show parameter-map SSL_PARAMMAP
Related Commands show running-config
parammap_name (Optional) Name of an existing parameter map. Enter the name as an unquoted
text string with no spaces and a maximum of 64 alphanumeric characters.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering
the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the options
available for redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A4(1.0) The persistence rebalance field now displays the enabled strict state
when you configure the persistence-rebalance strict command.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(2.3) The Description field has been added to the show parameter-map
command output. This field displays the previously entered summary
about the specific parameter map.1-191
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show probe
To display the probe information including script probes, use the show probe command.
show probe [probe_name] [detail] [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the probe feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If you enter the show probe command without specifying a probe name, the ACE displays a summary
report that includes all configured probes.
For information about the fields in the show probe command output, see the Server Load-Balancing
Guide, Cisco ACE Application Control Engine.
Examples To display the probe summary report, enter:
host1/Admin# show probe
Related Commands clear probe
(config) probe
probe_name (Optional) Name of an existing probe.
detail (Optional) Displays a detailed probe report that includes configuration information
and statistics for all configured probes.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(2.7). Not applicable for
A4(1.0) or A4(2.0).
The regex cache-length field was added to display the configured
cache length.1-192
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show processes
To display the general information about all of the processes running on the ACE, use the show processes
command. The show processes command displays summary CPU information for the ACE module SiByte
1250 Processor or ACE appliance Pentium processor.
show processes [cpu | log [details | pid process_id] | memory] [|] [>]
Syntax Description
Command Modes Exec
Admin users (users with an Admin role), across all contexts
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The show processes command is available only to Admin users (users with an Admin role) across all
contexts. The displayed system processes information is at the CPU system level (the total CPU usage) and
is not on a per-context level.
For information about the fields in the show processes command output, see the Administration Guide,
Cisco ACE Application Control Engine.
Examples To display information about the memory processes, enter:
host1/Admin# show processes memory
cpu (Optional) Displays information about the CPU processes.
log (Optional) Displays information about the process logs.
details (Optional) Displays detailed process log information for all process identifiers.
pid process_id (Optional) Displays process information about a specific process identifier. Enter a
value from 0 to 2147483647.
memory (Optional) Displays information about the memory processes.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-193
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Related Commands clear processes log
show np
show tech-support
show pvlans
(ACE module only) To display the private VLANs on the ACE downloaded from the supervisor engine in
the Catalyst 6500 series switch, use the show pvlans command.
show pvlans [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show pvlans command output, see the Routing and Bridging
Guide, Cisco ACE Application Control Engine.
Examples To display the private VLANs on the ACE downloaded from the supervisor engine, enter:
host1/Admin# show pvlans
Related Commands This command has no related commands.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.1-194
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show radius-server
To display the configured Remote Authentication Dial-In User Service (RADIUS) server and group
parameters, use the show radius-server command.
show radius-server [groups | sorted] [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show radius-server command output, see the Security Guide,
Cisco ACE Application Control Engine.
Examples To display configured RADIUS server parameters, enter:
host1/Admin# show radius-server
To display the configured RADIUS server groups, enter:
host1/Admin# show radius-server groups
To display the sorted RADIUS servers, enter:
host1/Admin# show radius-server sorted
groups (Optional) Displays configured RADIUS server group information.
sorted (Optional) Displays RADIUS server information sorted by name.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-195
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Related Commands (config) aaa group server
(config) radius-server attribute nas-ipaddr
(config) radius-server deadtime
(config) radius-server host
(config) radius-server key
(config) radius-server retransmit
show resource allocation
To display the allocation for each resource across all resource classes and class members, use the show
resource allocation command.
show resource allocation [|] [>]
Syntax Description
Command Modes Exec
(ACE module) Admin context only
ACE appliance) Admin and user contexts
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command shows the resource allocation but does not show the actual resources being used. To
display information about actual resource usage, use the show resource usage command.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(2.6) This command is now available to users configured with a custom
role in both the Admin context and a user-configured context, as well
as the predefined Admin and Network-Monitor roles. See the “Usage
Guidelines” section for more information.1-196
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
(ACE appliance only) The show resource allocation command is now available to users configured with
a custom role in both the Admin context and a user-configured context, as well as the predefined Admin
and Network-Monitor roles. Because these commands are not context specific, we recommend that you
issue them from the Admin context only. If you issue these commands in a user context, they may not
display any data if other user context information could be displayed.
For information about the fields in the show resource allocation command output, see the
Administration Guide, Cisco ACE Application Control Engine.
Examples To display the allocation for each resource, enter:
host1/Admin# show resource allocation
Related Commands show resource usage
show resource internal
To display internal resource-related functions, use the show resource internal command.
show resource internal {appmap | regexp | socket}[|] [>]
Syntax Description
Command Modes Exec
(ACE module) Admin context only
(ACE Appliance) Admin and user contexts
Command History
appmap Displays the resource driver application map.
regexp Displays the current memory usage for the virtual server ID.
socket Displays the current socket resources.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A4(1.0) The regexp keyword was added.1-197
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
(ACE appliance only) The show resource internal command is now available to users configured with
a custom role in both the Admin context and a user-configured context, as well as the predefined Admin
and Network-Monitor roles. Because these commands are not context specific, we recommend that you
issue them from the Admin context only. If you issue these commands in a user context, they may not
display any data if other user context information could be displayed.
Examples To display the memory used by the virtual server IDs, enter:
host1/Admin# show resource internal regexp
Related Commands show resource usage
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(2.6) This command is now available to users configured with a custom
role in both the Admin context and a user-configured context, as well
as the predefined Admin and Network-Monitor roles. See the “Usage
Guidelines” section for more information.
A4(1.0) The regexp keyword was added.1-198
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show resource usage
To display the resource usage for each Network Processor (NP) or each context, use the show resource
usage command.
show resource usage [np {1 | number |current |denied | peak}] [all | [[context context_name |
summary] [resource {acc-connections | acl-memory | all | conc-connections |
mgmt-connections | probes | proxy-connections | rate {bandwidth | connections | http-comp
| inspect-conn | mac-miss | mgmt-traffic | ssl-connections | syslog} | regexp | sticky |
syslogbuffer | xlates}]]] [counter [all | current | denied | peak [count_threshold]]] [|] [>]
Syntax Description np (Optional) Displays the resource usage for the NP.
1 (ACE appliance only) Displays all resource usage statistics for the NP.
Enter 1.
number (ACE module only) Network Processor (NP) number. Enter a number from
1 to 4. Since the ACE divides all resources equally between all NPs, this
argument allows you to monitor the resource usage for each NP
independently in case it reaches a limit. When an NP reaches a limit, it can
deny a connection even though the limit is not reached in the other NPs.
current Displays the active concurrent instances or the current rate of the resource
for the NPs.
denied Displays the number of denied uses of the resource for the NPs since the
resource statistics were last cleared.
peak Displays the peak concurrent instances, or the peak rate of the resource for
the NPs since the statistics were last cleared, either using the clear
resource usage command or because the device rebooted.
all (Optional) Displays the resource usage for each context individually. This
is the default setting. This option is available in the Admin context only.
context context_name (Optional) Displays the resource usage for the specified context. The
context_name argument is case sensitive. This option is available in the
Admin context only.
summary (Optional) Displays the total resource usage for all contexts together. For
example, the denied column shows the items that have been denied for each
context limit. This option is available in the Admin context only.
top number (Optional) Displays the greatest n users of a single resource arranged from
the highest to the lowest percentage of resources used. You must specify a
single resource type and cannot use the resource all keywords with this
option. This option is available in the Admin context only.
resource (Optional) Displays statistics for one of the following specified resources.
This option is available for the np option in the Admin context only.
acc-connections (ACE appliance only) Displays the number of application acceleration
connections.
acl-memory Displays the ACL memory usage.
all Displays the resource usage for all resources used by the specified context
or contexts.
conc-connections Displays the resource usage for simultaneous connections.
mgmt-connections Displays the resource usage for management connections.1-199
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Defaults None
Command Modes Exec
probes Displays the resource usage for probes.
proxy-connections Displays the resource usage for proxy connections.
rate Displays the rate per second for the specified connections or syslog
messages.
bandwidth Displays the bandwidth in bytes per second.
connections Displays connections per second.
http-comp Displays the HTTP compression rate in bytes per second. To convert the
value to bits per second, multiply the displayed value by 8.
inspect-conn Displays all inspection connections per second.
mac-miss Displays MAC miss traffic that was punted to the CP packets per second.
mgmt-traffic Displays management traffic bytes per second.
ssl-connections Displays Secure Sockets Layer (SSL) connections.
syslog Displays the syslog message buffer usage.
regexp Displays resource usage for regular expressions.
sticky Displays resource usage for sticky entries.
syslogbuffer Displays resource usage for the syslog buffer.
xlates Displays resource usage by Network Address Translation (NAT) and Port
Address Translation (PAT) entries.
counter (Optional) Displays all statistics. You can specify one of the following
options:
all (Optional) Displays all statistics. This is the default setting.
current (Optional) Displays the active concurrent instances or the current rate of
the resource.
denied (Optional) Displays the number of denied uses of the resource since the
resource statistics were last cleared.
peak (Optional) Displays the peak concurrent instances, or the peak rate of the
resource since the statistics were last cleared, either using the clear
resource usage command or because the device rebooted.
count_threshold (Optional) Number above which resources are shown. Enter an integer
from 0 to 4294967295. The default is 1. If the usage of the resource is
below the number you set, then the resource is not shown. If you specify
all for the counter name, then the count_threshold applies to the current
usage. To show all resources, set the count_threshold to 0.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.1-200
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Admin and user contexts
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show resource usage command output, see the Administration
Guide, Cisco ACE Application Control Engine.
Examples To display the resource usage for context C1, enter:
host1/Admin# show resource usage context C1 resource
Related Commands This command has no related commands.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A4(1.0) This command was modified to include the np option and http-comp
keywords for compression.
ACE Appliance Release Modification
A1(7) This command was introduced.
A4(1.0) This command was modified to include the np option.1-201
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show restore
To display restore errors or the restore status, use the show restore command.
show restore errors | status [details] [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To display the details of a restore operation in the Admin context, enter:
host1/Admin# show restore status details
Backup Archive: fusion_2010_09_16_21_34_03.tgz
Type : Full
Start-time : Thu Sep 16 23:27:53 2010
Finished-time : Thu Sep 16 23:28:19 2010
Status : SUCCESS
Current vc : ct3
Completed : 4/4
------------------------+---------------+--------------------------+------------
Context component Time Status
------------------------+---------------+--------------------------+------------
Admin License Thu Sep 16 23:28:03 2010 SUCCESS
Admin Cert/Key Thu Sep 16 23:28:03 2010 SUCCESS
Admin Probe script Thu Sep 16 23:28:03 2010 SUCCESS
Admin Checkpoints Thu Sep 16 23:28:06 2010 SUCCESS
Admin Startup-cfg Thu Sep 16 23:28:07 2010 SUCCESS
Admin Running-cfg Thu Sep 16 23:28:07 2010 SUCCESS
ct1 Cert/Key Thu Sep 16 23:28:17 2010 SUCCESS
ct1 Probe script Thu Sep 16 23:28:17 2010 SUCCESS
errors Displays errors that may occur during a backup operation. For information about
backup system messages, see the System Message Guide, Cisco ACE Application
Control Engine.
status [details] Displays errors that occur during a restore operation. For information about restore
system messages, see the System Message Guide, Cisco ACE Application Control
Engine.
ACE Module Release Modification
A2(3.0) This command was introduced.
ACE Appliance Release Modification
A4(1.0) This command was introduced.1-202
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
ct1 Checkpoints Thu Sep 16 23:28:17 2010 SUCCESS
ct1 Startup-cfg Thu Sep 16 23:28:17 2010 SUCCESS
ct1 Running-cfg Thu Sep 16 23:28:18 2010 SUCCESS
ct2 Cert/Key Thu Sep 16 23:28:18 2010 SUCCESS
ct2 Probe script Thu Sep 16 23:28:18 2010 SUCCESS
ct2 Checkpoints Thu Sep 16 23:28:18 2010 SUCCESS
ct2 Startup-cfg Thu Sep 16 23:28:18 2010 SUCCESS
ct2 Running-cfg Thu Sep 16 23:28:18 2010 SUCCESS
ct3 Cert/Key Thu Sep 16 23:28:19 2010 SUCCESS
ct3 Probe script Thu Sep 16 23:28:19 2010 SUCCESS
ct3 Checkpoints Thu Sep 16 23:28:19 2010 SUCCESS
ct3 Startup-cfg Thu Sep 16 23:28:19 2010 SUCCESS
ct3 Running-cfg Thu Sep 16 23:28:19 2010 SUCCESS
Related Commands restore1-203
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show role
To display the configured user roles (predefined and user-configured roles), use the show role command.
show role [role_name] [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To configure roles, use the role command in configuration mode.
For information about the fields in the show role command output, see the Administration Guide, Cisco
ACE Application Control Engine.
Examples To display all of the available user roles, enter:
host1/Admin# show role
Related Commands (config) role
role_name (Optional) Name of an existing role.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-204
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show rserver
To display the IPv6 or IPv4 summary or detailed statistics for a named real server or for all real servers,
use the show rserver command.
show rserver [rserver_name] [detail] [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the rserver feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show rserver command output, see the Server Load-Balancing
Guide, Cisco ACE Application Control Engine.
For the Total Conn-failures output field of the show rserver detail command, the following conditions
apply:
For Layer 4 traffic with normalization on, the count increments if the three-way handshake fails to be
established for either of the following reasons:
• A RST comes from the client or the server after a SYN-ACK.
• The server does not reply to a SYN. The connection times out.
For Layer 4 traffic with normalization off, the count does not increment.
rserver_name (Optional) Identifier of an existing real server.
detail (Optional) Displays detailed statistics for the real server name that you enter or for
all real servers. If you do not include the detail keyword, the summary report is
displayed.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A5(1.0) Added IPv6 support
ACE Appliance Release Modification
A1(7) This command was introduced.
A5(1.0) Added IPv6 support1-205
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
For L7 traffic (normalization is always on), the count increments if the three-way handshake fails to be
established for either of the following reasons:
• A RST comes from the server after the front-end connection is established
• The server does not reply to a SYN. The connection times out.
Examples To display detailed statistics for all configured real servers, enter:
host1/Admin# show rserver detail
Related Commands clear rserver
(config) rserver1-206
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show running-config
To display the running configuration information associated with the current context, use the show
running-config command.
show running-config [aaa | access-list | action-list | class-map | context | dhcp | domain | ft |
interface | object-group | parameter-map | policy-map | probe | resource-class | role |
rserver | serverfarm | sticky [name]] [|] [>]
Syntax Description
Command Modes Exec
aaa (Optional) Displays authentication, authorization, and accounting (AAA)
information.
access-list (Optional) Displays access control list (ACL) information.
action-list (Optional) Displays action-list information.
class-map (Optional) Displays the list of all class maps configured for the current context. The
ACE also displays configuration information for each class map listed.
context (Optional) Displays the list of contexts configured on the ACE. The ACE also
displays the resource class (member) assigned to each context. The context keyword
only works from within the admin context.
dhcp (Optional) Displays Dynamic Host Configuration Protocol (DHCP) information.
domain (Optional) Displays the list of domains configured for the current context. The ACE
also displays configuration information for each domain listed.
ft (Optional) Displays the list of redundancy or fault-tolerance (ft) configurations
configured for the current context. The ACE also displays configuration information
for each ft configuration listed.
interface (Optional) Displays interface information.
object-group (Optional) Displays object-group information.
parameter-map (Optional) Displays parameter map information.
policy-map (Optional) Displays policy map information.
probe (Optional) Displays probe information.
resource-class (Optional) Displays resource class information.
role (Optional) Displays the list of roles configured for the current context. The ACE also
displays configuration information for each role on the list.
rserver (Optional) Displays rserver information.
serverfarm (Optional) Displays server farm information.
sticky (Optional) Displays sticky information.
name (Optional) Object name to display.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.1-207
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The show running-config command is a context-sensitive command. The ACE creates a running
configuration for each context that you create; therefore, to display the running-config file of a specific
context, you must enter the show running-config command from within the desired context. If you need
to change to another context before executing the show running-config command, use the changeto
command or log directly in to the desired context.
Use the copy capture command to do the following:
• Save a copy of the running configuration to a file on one or more destination locations.
• Save the running configuration as the startup configuration.
• Save the startup configuration as the running configuration.
For information about the fields in the show running-config command output, see the Administration
Guide, Cisco ACE Application Control Engine.
Examples To display the entire running configuration, enter:
host1/Admin# show running-config
Related Commands copy capture
show startup-config
show tech-support
write
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(1.0) This command was revised.
A4(1.1) Added the optional name argument.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(1.0) This command was revised.
A3(2.7). Not applicable for
A4(1.0) and A4(2.0).
The name option was added.1-208
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show scp
(ACE module only) To display the Switch Command Control Protocol (SCP) statistics, use the show scp
command.
show scp {debugs | event-history | stats} [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples To display the SCP statistics, enter:
host1/Admin# show scp stats
Related Commands This command has no related commands.
debugs Displays SCP debug filter settings.
event-history Displays a historic log of the most recent SCP debug messages.
stats Displays detailed counters for SCP events.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.1-209
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show script
To display the statistics for a script file that is active on the ACE including exit codes and exit messages,
use the show script command.
show script {script_name probe_name [rserver_name [port_number] [serverfarm sfarm_name]] |
code script_name} [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the probe feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show script command output, see the Administration Guide,
Cisco ACE Application Control Engine.
Examples To display the script file code for the script in the file MYSCRIPT, enter:
host1/Admin# show script code MYSCRIPT
script_name Name of a loaded script.
probe_name Name of a probe containing an association with the specified script.
rserver_name (Optional) Name of a real server that contains an association with the
specified probe.
port_number (Optional) Port number on the specified real server.
serverfarm sfarm_name (Optional) Specifies the server farm containing an association with the
specified real server.
code script_name Displays the code for the specified script.
| (Optional) Pipe character (|) for enabling an output modifier that filters
the command output. For a complete description of the options available
for filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-210
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Related Commands (config) script file name
(config-probe-probe_type) script1-211
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show security internal event-history
To display information about the security event history, use the show security internal event-history
command.
show security internal event-history {errors | msgs} [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples To display the error logs of the security manager, enter:
host1/Admin# show security internal event-history errors
Related Commands This command has no related commands.
errors Displays the debug error logs of the security manager.
msgs Displays the message logs of the security manager.
| (Optional) Pipe character (|) for enabling an output modifier that filters the command
output. For a complete description of the options available for filtering the command
output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-212
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show serverfarm
To display a summary or detailed statistics about a specified server farm, use the show serverfarm
command.
show serverfarm [name [retcode]] [detail] [NPn] [|] [>]
show serverfarm [name [inband]] [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
name (Optional) Detailed report for the specified server farm. If you do not specify a server
farm name, the summary report is displayed.
retcode (Optional) Displays the HTTP return codes statistics for configured real server and
retcode map combinations only if the return code hit count is greater than 0. All
return code hit counts are an aggregate of the counts of both network processors.
Displays the HTTP return codes associated with the server farm.
detail (Optional) Displays detailed statistics for the specified server farm, including the
current and total connections stuck to each real server due to sticky. When used after
the retcode option, the detail option displays return code statistics even if the value
is 0.
inband (Optional) Displays the number of inband health monitoring connection failures for
each real server in a server farm.
NPn (Optional) Indicates which network processor (NP) handled a connection for a
particular real server. Use this field to troubleshoout real server connections when
only some connections are dropped.
| (Optional) Pipe character (|) for enabling an output modifier that filters the command
output. For a complete description of the options available for filtering the command
output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
3.0(0)A1(4) This command was revised. The Out-of-Rotation Count field was
added to the show command output.
A4(1.0) This command was revised to include the inband option.
A4(1.1) Added the NPn option.1-213
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Usage Guidelines This command requires the serverfarm feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
In software version A4(1.1) and later, the ACE retains the retcode and inband health monitoring statistics
of a server farm when a real server transitions from the OPERATIONAL state to the INACTIVE state.
For information about the fields in the show serverfarm command output, see the Server
Load-Balancing Guide, Cisco ACE Application Control Engine.
Examples To display a summary report about the server farm, enter:
host1/Admin# show serverfarm
Related Commands clear serverfarm
(config) serverfarm
(config-sfarm-host) inband-health check
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(2.3)) This command with the name or detail option was revised to include
the real server description field as defined by the description
command in the serverfarm host real server configuration mode.
A4(1.0) This command was revised to include the inband option.
A4(1.1) Added the NPn option.1-214
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show service-policy
To display the statistics for all policy maps or a specific policy map that is currently in service, use the
show service-policy command. This command also allows you to display statistics for a specific class
map in a policy or the hit counts for match HTTP URL statements in a Layer 7 HTTP policy map. If you
do not enter an option with this command, the ACE displays all enabled policy statistics.
show service-policy [policy_name [class-map class_name]] [detail [dad] | summary |
url-summary] [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
policy_name (Optional) Identifier of an existing policy map that is currently in service (applied
to an interface) as an unquoted text string with a maximum of 64 alphanumeric
characters. If you do not enter the name of an existing policy map, the ACE displays
information and statistics for all policy maps.
class-map
class_name
(Optional) Displays the statistics for the specified class map associated with the
policy.
detail (Optional) Displays a more detailed listing of policy map or class map statistics and
status information.
dad (Optional) Displays the IPv6 duplicate address detection (DAD) information,
including the DAD status of the VIP.
summary (Optional) Displays a summary of policy map or class map statistics and status
information.
url-summary (Optional) Displays the number of times that a connection is established based on a
match HTTP URL statement for a class map in a Layer 7 HTTP policy map.
The URL hit counter is per match statement per load-balancing Layer 7 policy. If
you are using the same combination of Layer 7 policy and class maps with URL
match statements in different VIPs, the count is combined. If the ACE configuration
exceeds 64K URL and load-balancing policy combinations, this counter displays
NA.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
3.0(0)A1(4) Command syntax was changed to allow the display of all service
policies that are configured in the ACE.
A2(1.2) The class-map class_name and summary options were added.1-215
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The show service-policy command displays the following information:
• VLAN to which the policy is applied
• Class map associated with the policy
• Status of any NAT operations
• Status of any load-balancing operations
• Status of any compression operations
• Dynamic Workload Scaling (DWS) status of the VIP
• DAD status of IPv6 VIPs
The ACE updates the counters that the show service-policy command displays after the applicable
connections are closed.
For information about the fields in the show service-policy command output, see the Server
Load-Balancing Guide, Cisco ACE Application Control Engine.
Examples To display detailed statistics and current status of the service policy MGMT_POLICYMAP, enter:
host1/Admin# show service-policy MGMT_POLICYMAP detail
Related Commands clear service-policy
show running-config
(config) service-policy
A2(2.0) The url-summary option was added.
A2(3.3) The regex dnld status field was added.
A4(2.0) Added VIP DWS state output field
A5(1.0) Added optional dad keyword and associated output fields for IPv6.
ACE Module Release Modification
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(2.1) The class-map class_name and summary options were added.
A3(2.5) Compression counter fields were added.
A3(2.6) The regex dnld status field was added.
A4(1.0) The url-summary option was added.
A4(2.0) Added VIP DWS state output field
A5(1.0) Added optional dad keyword and associated output fields for IPv6.1-216
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show snmp
To display the Simple Network Management Protocol (SNMP) statistics and configured SNMP
information, use the show snmp command.
show snmp [community | engineID | group | host | sessions | user] [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
By default, this command displays the ACE contact, the ACE location, the packet traffic information,
community strings, and the user information. You can instruct the ACE to display specific SNMP
information by including the appropriate keyword.
For information about the fields in the show snmp command output, see the Security Guide, Cisco ACE
Application Control Engine.
community (Optional) Displays SNMP community strings.
engineID (Optional) Displays the identification of the local SNMP engine and all remote
engines that have been configured on the ACE.
group (Optional) Displays the names of groups on the ACE, the security model, the status
of the different views, and the storage type of each group.
host (Optional) Displays the configured SNMP notification recipient host, the User
Datagram Protocol (UDP) port number, the user, and the security model.
sessions (Optional) Displays the IP address of the targets for which traps or informs have
been sent.
user (Optional) Displays SNMPv3 user information.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-217
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Examples To display SNMP statistics and configured SNMP information, enter:
host1/Admin# show snmp
Related Commands (config) snmp-server community
(config) snmp-server contact
(config) snmp-server enable traps
(config) snmp-server host
(config) snmp-server location
(config) snmp-server trap link ietf
(config) snmp-server trap-source vlan
(config) snmp-server user1-218
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show ssh
To display the information about the Secure Shell (SSH) keys and sessions, use the show ssh command.
show ssh {key [dsa | rsa | rsa1] | maxsessions [context_name] | session-info [context_name]} [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
From the Admin context, this argument allows you to display only the SSH information associated with
a specific user-created context.
key Displays the host key pair details for all SSH keys.
dsa (Optional) Displays only the details of the DSA key pair for the SSH version 2
protocol.
rsa (Optional) Displays only the details of the RSA key pair for the SSH version 2
protocol.
rsa1 (Optional) Displays only the details of the RSA1 key pair for the SSH version 1
protocol.
maxsessions Displays the maximum number of SSH sessions that the ACE allows. Context
administrators may also view SSH session information associated with a particular
context.
context_name (Optional) Name of an existing context that contains the SSH session information
that the context administrator wants to view. Only the global administrator can view
Telnet information associated with a particular context. The context_name argument
is case sensitive and is visible only from the admin context.
session-info Displays session information, including the session ID, the remote host IP address,
and the active time.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-219
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
For information about the fields in the show ssh command output, see the Security Guide, Cisco ACE
Application Control Engine.
Examples To display all of the loaded SSH keys, enter:
host1/Admin# show ssh key
To display the maximum number of SSH sessions that the ACE permits for the context C2, enter:
host1/Admin # show ssh maxsessions C2
Maximum Sessions Allowed is 2(SSH Server is enabled)
Related Commands clear ssh
(config) class-map
(config) ssh key
(config) ssh maxsessions1-220
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show startup-config
To display information about the startup configuration that is associated with the current context, use the
show startup-config command.
show startup-config [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To clear the startup configuration, use the clear startup-config command.
To copy the running configuration to the startup configuration, or copy the startup configuration to the
running configuration, use the copy running-config command.
For information about the fields in the show startup-config command output, see the Administration
Guide, Cisco ACE Application Control Engine.
Examples To display information about the startup configuration, enter:
host1/Admin# show startup-config
Related Commands clear startup-config
copy capture
show running-config
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-221
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show stats
To display statistics about the ACE operation, use the show stats command.
show stats [connection | {crypto {client [alert | authentication | cipher | termination]} | {server
[alert | authentication | cipher | insert | redirect | termination]}} | http | inspect [ftp | http |
rtsp]| kalap [all] | loadbalance [radius | rdp | rtsp | sip] | optimization http | probe [type
probe_type] | sticky] [|] [>]
Syntax Description connection (Optional) Displays global connection statistics associated with the current context.
crypto (Optional) Displays the back-end (client keyword) and front-end (server keyword)
SSL statistics for the current context.
client Displays the back-end SSL client statistics for the current context. If you do not enter
any options with this keyword, this command displays alert, authentication, cipher,
and termination statistics.
alert (Optional) Displays SSL alert statistics.
authentication (Optional) Displays the SSL authentication statistics.
cipher (Optional) Displays the SSL cipher statistics.
termination (Optional) Displays the back-end SSL termination statistics.
server Displays the front-end SSL server statistics for the current context. If you do not enter
any options with this keyword, this command displays alert, authentication, cipher,
header insertion, redirect, and termination statistics.
insert (Optional) Displays the header insertion statistics.
redirect (Optional) Displays the redirect statistics.
http (Optional) Displays global HTTP statistics associated with the current context.
inspect [ftp |
http | rtsp]
(Optional) Displays global FTP, HTTP, or RTSP inspect statistics associated with the
current context. If you do not include any options with the inspect keyword, the ACE
displays the global HTTP statistics.
kalap (Optional) Displays global server load-balancing (GSLB) statistics associated with
the current context.
all (Optional) In the admin context, displays the total number of KAL-AP statistics for
all contexts. These statistics are followed by the statistics for the admin context and
then all other contexts.
loadbalance (Optional) Displays global load-balancing statistics associated with the current
context.
radius (Optional) Displays Remote Authentication Dial-In User Service (RADIUS)
load-balancing statistics associated with the current context.
rdp (Optional) Displays Reliable Datagram Protocol (RDP) load-balancing statistics
associated with the current context.
rtsp (Optional) Displays Real-Time Streaming Protocol (RTSP) load-balancing statistics
associated with the current context.
sip (Optional) Displays Session Initiation Protocol (SIP) load-balancing statistics
associated with the current context.
optimization
http
(Optional, ACE appliance only) Displays HTTP optimization global statistics
associated with the current context.1-222
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Command HistoryA
Usage Guidelines This command requires the loadbalance, inspect, NAT, connection, or SSL feature in your user role. For
details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE
Application Control Engine.
To display the statistics for a specific probe type (for example, scripted), include the type probe_type
keyword and argument.
Examples To display all of the statistics about the ACE operation, enter:
host1/Admin# show stats
To see a list of probe types, enter:
host1/Admin# show stats probe type ?
probe [type
probe_type]
(Optional) Displays global probe statistics associated with the current context.
sticky (Optional) Displays global sticky statistics associated with the current context.
| (Optional) Pipe character (|) for enabling an output modifier that filters the command
output. For a complete description of the options available for filtering the command
output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(1.0) This command was revised to add the crypto, radius, and rtp
keywords.
A2(1.1) This command was revised to add the rtsp and sip keywords.
A2(2.0) This command was revised to add the all keyword.
This command was revised to add counters for SSL redirect and
header insertion.
A4(1.0) This command was revised to add the alert, authentication, cipher,
insert, redirect, and termination options.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(1.0) This command was revised.
A3(2.1) The alert, authentication, cipher, and termination options were
added.1-223
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Related Commands clear stats
show sticky cookie-insert group
To display the inserted cookie information for the specified sticky group, use the show sticky
cookie-insert group command.
show sticky cookie-insert group sticky_group_name
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the sticky feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command displays information that correlates the inserted cookie, the sticky entry, and the final
destination for the cookie insert configuration. For information about the fields in the show sticky
cookie-insert command output, see the Server Load-Balancing Guide, Cisco ACE Application Control
Engine.
Examples To display the inserted cookie information for the sticky group, enter:
host1/Admin# show sticky cookie-insert group STICKY-TEST
Related Commands (config-sticky-cookie) cookie insert
sticky_group_name The name of the configured sticky group
| (Optional) Pipe character (|) for enabling an output modifier that
filters the command output. For a complete description of the options
available for filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier
that redirects the command output to a file. For a complete description
of the options available for redirecting the command output, see the
show command.
ACE Module Release Modification
A2(1.4) and A2(2.1) This command was introduced.
ACE Appliance Release Modification
A3(2.2) This command was introduced.1-224
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show sticky database
To display the sticky statistics, use the show sticky database command.
show sticky database [static] [active-conn-count min value1 max value2 | client ip_address1 |
group name1 | http-content value3 | http-cookie value24 | http-header value5 | ip-netmask
{both {source ip_address2 destination ip_address3} | destination ip_address4 | source
ip_address5} | layer4-payload value6 | rserver name2 [port] serverfarm name3 | rtsp-header
value7 | sip-header value8 | time-to-expire min value9 max value10 | type {http-content |
http-cookie | http-header | ip-netmask {both | destination | source} | layer4-payload | radius
{calling-id | framed-ip | username} | rtsp-header | sip-header} [count | detail]]
Syntax Description static (Optional) Displays static sticky database entries. If you do not use an
optional keyword to specify the type of static sticky database entry to
display, all entries are displayed.
active-conn-count min
value1 max value2
(Optional) Displays sticky database entries within the specified
connection count range.
client ip_address (Optional) Displays sticky database entries for the source IPv6 or IPv4
address of a client that you specify.
group name1 (Optional) Displays sticky database entries for the sticky group name
that you specify.
http-content value3 (Optional) Displays sticky database entries for the HTTP content
value that you specify.
http-cookie value4 (Optional) Displays sticky database entries for the HTTP cookie value
that you specify.
http-header value5 (Optional) Displays sticky database entries for the HTTP header value
that you specify.
ip-netmask {both {source
ip_address2 destination
ip_address3} | destination
ip_address4 | source
ip_address5}
(Optional) Displays sticky database entries for both the source and
destination addresses, the destination address only, or the source
address only.
layer4-payload value6 (Optional) Displays sticky database entries for the Layer 4 payload
value that you specify.
rserver name2 (Optional) Displays sticky database entries for the real-server name
that you specify.
port (Optional) Real server port number.
serverfarm name3 Specifies a server farm associated with the real server.
rtsp-header value7 (Optional) Displays sticky database entries for the RTSP header value
that you specify.
sip-header value8 (Optional) Displays sticky database entries for the SIP header value
that you specify.
time-to-expire min value9
max value10
(Optional) Displays the sticky database entries within the specified
time to expire range.
type (Optional) Displays sticky database entries for one of the following
sticky group types:
http-content Specifies HTTP content sticky database entries.1-225
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Admin and user contexts
Command History
http-cookie Specifies HTTP cookie sticky database entries.
http-header Specifies HTTP header sticky database entries.
ip-netmask Specifies IP netmask sticky database entries.
both Specifies both source and destination IP netmasks.
destination Specifies the destination IP netmask.
source Specifies the source IP netmask.
radius Specifies RADIUS attribute sticky database entries.
calling-id Specifies RADIUS calling-ID attribute sticky database entries.
framed-ip Specifies RADIUS framed-IP attribute sticky database entries.
username Specifies RADIUS username attribute sticky database entries.
rtsp-header Specifies RTSP header sticky database entries.
sip-header Specifies SIP header sticky database entries.
count (Optional) Displays the count for the sticky databae entries.
detail (Optional) Displays detailed statistics for the specified sticky database
component. The detail option output includes the sticky-hit-count
field to display the total number of times that a sticky entry is hit.
| (Optional) Pipe character (|) for enabling an output modifier that
filters the command output. For a complete description of the options
available for filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier
that redirects the command output to a file. For a complete description
of the options available for redirecting the command output, see the
show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(1.0) This command was revised.
A2(1.3) The show sticky database static http-cookie value2 command no
longer displays the hash key.
A4(1.1) Added the active-conn-count, ip-netmask, time-to-expire, count,
and deatil options.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(1.0) This command was revised.
A4(1.1) Added the active-conn-count, ip-netmask, time-to-expire, count,
and deatil options.1-226
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Usage Guidelines This command requires the sticky feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show sticky command output, see the Server Load-Balancing
Guide, Cisco ACE Application Control Engine.
Examples To display sticky statistics for the client with a source IP address of 192.168.12.15, enter:
host1/Admin# show sticky database client 192.168.12.15
Related Commands (config-sfarm-host-rs) cookie-string
A3(2.2) When you enable cookie insertion through the cookie insert
command in sticky-cookie configuration mode, the show sticky
database static http-cookie command no longer displays the hash
key.
A3(2.6) This command displays the source and destination addresses in
dotted-decimal notation instead of the hexadecimal equivalent.
ACE Appliance Release Modification1-227
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show sticky hash
To correlate a known cookie or URL value with its corresponding sticky database entry (hash), use the
show sticky hash command. This command allows you to generate the hash value from a known cookie
or URL value using the same algorithm that is used by the URL and cookie hashing function.
show sticky hash text
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no usage guidelines.
Examples To generate the hash value for the cookie value 1.1.1.10, enter the following command:
host1/Admin# show sticky hash 1.1.1.10
Hash: 0x8a0937592c500bfb - 9946542108159511547
Now you can display the sticky database for a particular sticky group and match the generated hash with
the sticky entry (hash) in the sticky database.
For example, to display the sticky database for the group STICKY_GROUP1, enter the following
command:
host1//Admin# show sticky database group STICKY_GROUP1
sticky group : STICKY_GROUP1
type : HTTP-COOKIE
timeout : 1440 timeout-activeconns : FALSE
sticky-entry rserver-instance time-to-expire flags
--------------------+----------------+----------------+-------+
9946542108159511547 SERVER1:80 86390 -
Related Commands show sticky database
text Cookie or URL text for which you want to calculate the hash value. Enter the cookie
or URL value as an unquoted text string with no spaces and with a maximum of 1024
alphanumeric characters. If you want to include spaces in the text string, enclose the
text string in quotation marks (“ ”)
ACE Module/Appliance
Release Modification
A4(1.0) This command was introduced.1-228
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show conn sticky
To display all the connections that are linked to a sticky entry, use the show conn sticky internal_id
command. This command is useful in identifying why a sticky entry does not timeout.
show conn sticky internal_id
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no usage guidelines.
Examples The following example shows how to use the two above-mentioned commands to display all the
connections associated with a particular sticky entry.
To obtain the internal IDs of sticky database entries, enter the following command:
switch/Admin# show sticky database static detail | i internal
internal entry-id: 0x200006
internal entry-id: 0x200007
After you have obtained an internal sticky id, use the show conn sticky command to display all the
connections linked to that sticky entry as follows:
switch/Admin# show conn sticky 0x200006
conn-id np dir proto vlan source destination state
-------+--+---+-----+----+-------------------+----------------+------+
242 1 in TCP 20 192.168.20.45:44425192.168.20.15:80 ESTAB
243 1 out TCP 40 192.168.40.28:80 192.168.20.45:44425 ESTAB
switch/Admin# show conn sticky 0x200007
conn-id np dir proto vlan source destination state
-------+--+---+-----+----+-----------------+-----------------+------+
switch/Admin#
Related Commands show sticky database
internal_id internal identifier of a sticky entry in the sticky database.
ACE Module/Appliance
Release Modification
A4(1.0) This command was introduced.1-229
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show syn-cookie
To display SYN cookie statistics, use the show syn-cookie command. To display SYN cookie statistics
for all VLANs that are configured in the current context, enter the command with no arguments.
show syn-cookie [vlan number]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no usage guidelines.
Examples To display SYN cookie statistics for VLAN 100, enter:
host1/C1# show syn-cookie vlan 100
Related Commands clear syn-cookie
vlan number Instructs the ACE to display SYN cookie statistics for the specified interface. Enter
an integer from 2 to 2024.
ACE Module Release Modification
A2(1.0) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-230
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show system
To display the ACE system information, use the show system command.
show system {cpuhog} | {error-id {hex_id | list} | internal {aaa {event-history {errors | msgs}
| mem-stats} | dmesg | log {boot {kickstart | system} | install [details]} | mts {buffers [age
seconds | details | node name | order | sap number | sap_all | summary] | memory | opcode}
| radius event-history {errors | msgs} | sysmgr {event-history {errors | msgs} | service {all
[detail] | local [detail] | name service_name [dependencies | policies | seqnotbl] | not-running
[details] | pid id [config | dependencies | log] | running [details] | uuid hex_id [config |
dependencies]} | startup-config {locks | state} | state | time} | tacacs+ event-history {errors
| msgs} | urifs | vshd {config-intro | feature-list | license-info | log {running-config |
tree-table} | subtype-table | tree-table}} | kcache | kmem | kmemtrack | resources | skbtrack
| uptime | watchdog [lcp | memory | scp]} [|] [>]
Syntax Description cpuhog Displays the largest amount of time that a driver was executing in the
kernel. This keyword is intended for use by trained Cisco personnel for
troubleshooting purposes only.
error-id Displays description about errors. This keyword is available in all user
contexts.
hex_id Error ID in hexadecimal format. The range is from 0x0 to 0xffffffff.
list Specifies all error IDs.
internal Displays Cisco internal system-related functions. The internal keywords
and related keywords, options, and arguments are intended for use by
trained Cisco personnel for troubleshooting purposes only. This option is
available in the Admin context only.
kcache Displays Linux kernel cache statistics.
kmem Displays Linux kernel memory statistics.
kmemtrack Displays how the kernel memory is being currently used. This keyword
is intended for use by trained Cisco personnel for troubleshooting
purposes only.
resources Displays system-related CPU and memory statistics.
skbtrack Displays the allocation and deallocation of network buffers in the drivers.
This keyword is intended for use by trained Cisco personnel for
troubleshooting purposes only.
uptime Displays how long the ACE has been up and running. This keyword is
available in all user contexts.1-231
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Admin context
User contexts (error-id and uptime keywords only)
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show system command output, see the Administration Guide,
Cisco ACE Application Control Engine.
Examples To display system resource information, enter:
host1/Admin# show system resources
watchdog [lcp | memory |
scp]
Displays whether the watchdog is enabled or disabled, and its timeout.
When you enter this keyword without an option, all watchdogs are
displayed. To display a specific watchdog, enter one of the following
options:
• lcp—(ACE module only) Displays the LCP process watchdog
• memory—Displays whether the low memory watchdog is enabled or
disabled, and its timeout.
• scp—(ACE module only) Displays the watchdog for SCP keepalive
messages from the hardware timer interrupt level
The system watchdog command allows you to configure the Memory
watchdog timeout.
(ACE module only) The LCP and SCP timeouts are not configurable.
| (Optional) Pipe character (|) for enabling an output modifier that filters
the command output. For a complete description of the options available
for filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A4(1.0) The watchdog keyword was added.
ACE Appliance Release Modification
A1(7) This command was introduced.
A4(1.0) The dmseg and watchdog memory keywords were added.1-232
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Related Commands system watchdog
show tacacs-server
To display the configured Terminal Access Controller Access Control System Plus (TACACS+) server and
server group parameters, use the show tacacs-server command.
show tacacs-server [groups | sorted] [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show tacacs-server command output, see the Security Guide,
Cisco ACE Application Control Engine.
Examples To display the configured TACACS+ server parameters, enter:
host1/Admin# show tacacs-server
To display the configured TACACS+ server groups, enter:
host1/Admin# show tacacs-server groups
To display the sorted TACACS+ servers, enter:
host1/Admin# show tacacs-server sorted
groups (Optional) Displays configured TACACS+ server group information.
sorted (Optional) Displays TACACS+ server information sorted by name.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-233
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Related Commands (config) aaa group server
(config) tacacs-server deadtime
(config) tacacs-server host
(config) tacacs-server key
(config) radius-server timeout
show tcp statistics
To display the Transmission Control Protocol (TCP) statistics, use the show tcp statistics command.
show tcp statistics [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the connection feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show tcp statistics command output, see the Security Guide,
Cisco ACE Application Control Engine.
Examples To display TCP statistics, enter:
host1/Admin# show tcp statistics
Related Commands clear tcp statistics
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-234
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show tech-support
To display information that is useful to technical support when reporting a problem with your ACE, use
the show tech-support command.
show tech-support [details] [|] [>]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The show tech-support command is useful when collecting a large amount of information about your
ACE for troubleshooting purposes with Cisco technical support. The output of this command can be
provided to technical support representatives when reporting a problem.
details (Optional) Provides detailed information for each of the show commands described
below in the “Usage Guidelines” section.
| (Optional) Pipe character (|) for enabling an output modifier that filters the command
output. For a complete description of the options available for filtering the command
output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(2.2) This command no longer displays the following:
• All show acl-merge acls vlan command output
• All show acl-merge merge-list vlan number out command
output
It also now displays a maximum of four VLANs.
A3(2.6) This command no longer executes the following commands:
• show optimization-debug
• show np 1 me-stats “-W number”1-235
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
The show tech-support command displays the output of several show commands at once. The output
from this command varies depending on your configuration. The default output of the show
tech-support command includes the output of the following commands:
• show hardware—See the show hardware command.
• show interface—See the show interface command.
• show process—See the show processes command.
• show running-config—See the show running-config command.
• show system internal dmesg—See the show system command.
• show version—See the show version command.
Explicitly set the terminal length command to 0 (zero) to disable autoscrolling and enable manual
scrolling. Use the show terminal command to view the configured terminal size. After obtaining the
output of this command, reset your terminal length as required.
You can save the output of this command to a file by appending > filename to the show tech-support
command. If you save this file, verify that you have sufficient space to do so as each of these files may
take about 1.8 MB.
For information about the fields in the show tech-support command output, see the Administration
Guide, Cisco ACE Application Control Engine.
Examples To display the summary version of the technical support report, enter:
host1/Admin# show tech-support
Related Commands show fifo
show hardware
show interface
show processes
show running-config
show terminal
show version
show telnet
To display the information about the Telnet session, use the show telnet command.
show telnet [maxsessions] [context_name] [|] [>]
Syntax Description maxsessions (Optional) Displays the maximum number of enabled Telnet sessions.
context_name (Optional) Name of an existing context. Use the context_name argument to
display Telnet information that pertains only to the specified context. The
context_name argument is case sensitive.1-236
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If you do not include the optional maxsessions keyword, the ACE displays the following Telnet
information:
• Session ID—Unique session identifier for the Telnet session
• Remote host—IP address and port of the remote Telnet client
• Active time—Time since the Telnet connection request was received by the ACE
For information about the fields in the show telnet command output, see the Security Guide, Cisco ACE
Application Control Engine.
Examples To display the current Telnet information, enter:
host1/Admin# show telnet
Related Commands clear telnet
telnet
(config) class-map
show terminal
To display the console terminal settings, use the show terminal command.
show terminal [internal info] [|] [>]
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-237
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show terminal command output, see the Administration Guide,
Cisco ACE Application Control Engine.
Examples To display the console terminal settings, enter:
host1/Admin# show terminal
Related Commands terminal
show udp statistics
To display the User Datagram Protocol (UDP) statistics, use the show udp statistics command.
show udp statistics [|] [>]
internal info (Optional) Displays terminal internal information.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-238
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the connection feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show udp statistics command output, see the Security Guide,
Cisco ACE Application Control Engine.
Examples To display UDP statistics, enter:
host1/Admin# show udp statistics
Related Commands clear udp statistics
show user-account
To display user account information, use the show user-account command.
show user-account [user_name] [|] [>]
Syntax Description
| (Optional) Pipe character (|) for enabling an output modifier that filters the command
output. For a complete description of the options available for filtering the command
output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects the
command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.
user_name (Optional) Name of user.1-239
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command Modes Exec
Command History
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To display the user account information for all users, do not specify a user with the optional user_name
argument.
For information about the fields in the show user-account command output, see the Administration
Guide, Cisco ACE Application Control Engine.
The Account Expiry field for this command displays the date, if any, when the user account expires. This
date is based on Coordinated Universal Time (UTC/GMT), which the ACE keeps internally. If you use
the clock timezone command to configure a UTC offset, this field displays the UTC date and does not
reflect the date with the offset as displayed by the show clock command.
Examples To display the account information for all users, enter:
host1/Admin# show user-account
Related Commands show users
(config) username
show users
To display the information for users that are currently logged in to the ACE, use the show users
command.
show users [user_name] [|] [>]
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-240
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To display the information for all users that are currently logged in to the ACE, do not specify a user
with the optional user_name argument.
For information about the fields in the show users command output, see the Administration Guide, Cisco
ACE Application Control Engine.
Examples To display information for all users that are currently logged in to the ACE, enter:
host1/Admin# show users
Related Commands clear user
show user-account
(config) username
show version
To display the version information of system software that is loaded in flash memory and currently
running on the ACE, use the show version command.
show version [|] [>]
user_name (Optional) Name of user.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-241
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The show version command also displays information related to the following ACE hardware
components:
• (ACE module only) Slot number—Slot number that the ACE occupies on the Catalyst 6500 series
chassis.
• CPU—Number of CPUs and type and model
• Memory—Total and shared volatile memory
• Flash memory—Total and used flash memory
Use the show version command to verify the software version on the ACE before and after an upgrade.
For information about the fields in the show version command output, see the Administration Guide,
Cisco ACE Application Control Engine.
Examples To display the software version information, enter:
host1/Admin# show version
Related Commands show tech-support
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-242
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show vlans
To display the VLANs on the ACE, use the show vlans command. For the ACE module, they are
downloaded from the supervisor engine in the Catalyst 6500 series switch
show vlans [|] [>]
Syntax Description
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show vlans command output, see the Routing and Bridging
Guide, Cisco ACE Application Control Engine.
Examples To display the VLANs on the ACE, enter:
host1/Admin# show vlans
Related Commands This command has no related commands.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-243
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show vm-controller
To display the VM controller connection statistics, use the show vm-controller command.
show vm-controller [name] [detail]
Syntax Description
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To display detailed VM controller statistics, enter:
host1/Admin# show vm-controller VCENTER1 detail
Related Commands (config) vm-controller
name Configured identifier of the VM controller. Enter the name of an existing
VM controller as an unquoted text string with no spaces and a maximum of
64 alphanumeric characters.
detail Displays additional fields for the vendor and the URL location of the VM
controller.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module/Appliance
Release Modification
A4(2.0) This command was introduced.1-244
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show vnet
To display information about the virtual network (VNET) device, use the show vnet command.
show vnet {event-history | stats} [|] [>]
Syntax Description
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples To display VNET device statistics for the control plane, enter:
host1/Admin# show vnet stats
Related Commands clear vnet stats
event-history Displays a historic log of the most recent debug VNET messages.
stats Displays detailed counters for various VNET events.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for
filtering the command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that
redirects the command output to a file. For a complete description of the
options available for redirecting the command output, see the show
command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-245
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
show xlate
To display information about the IP and port translation (XLATE), use the show xlate command.
show xlate [global {ip_address1 [ip_address2 [/prefix-length | netmask mask1]]}] [local
{ip_address3 [ip_address4 [/prefix-length2 | netmask mask2]]}] [gport port1 [port2]] [lport
port1 [port2]] [|] [>]
Syntax Description
Command Modes Exec
Admin context only
Command History
global
ip_address1
ip_address2
(Optional) Displays information for a global IPv6 or IPv4 address or a range of
global IPv6 or IPv4 addresses to which the ACE translates source addresses for
static and dynamic NAT. To specify a range of IP addresses, enter a second IP
address.
/prefix-length IPv6 prefix length that specifies the number of bytes used for the network identifier.
netmask mask (Optional) Specifies a subnet mask for the specified IP addresses.
local
ip_address3
ip_address4
(Optional) Displays information for a local IP address or a range of local IP
addresses. To specify a range of local IP addresses, enter a second IP address.
gport port1
port2
(Optional) Displays information for a global port or a range of global ports to which
the ACE translates source ports for static port redirection and dynamic PAT. Enter a
port number as an integer from 0 to 65535. To specify a range of port numbers, enter
a second port number.
lport port1
port2
(Optional) Displays information for a local port or a range of local ports. Enter a port
number as an integer from 0 to 65535. To specify a range of port numbers, enter a
second port number.
| (Optional) Pipe character (|) for enabling an output modifier that filters the
command output. For a complete description of the options available for filtering the
command output, see the show command.
> (Optional) Greater-than character (>) for enabling an output modifier that redirects
the command output to a file. For a complete description of the options available for
redirecting the command output, see the show command.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-246
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Usage Guidelines This command requires the NAT feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the fields in the show xlate command output, see the Security Guide, Cisco ACE
Application Control Engine.
Examples To display IP and XLATE information, enter:
host1/Admin# show xlate global 172.27.16.3 172.27.16.10 netmask 255.255.255.0 gport 100
200
Related Commands clear xlate
ssh
To initiate a Secure Shell (SSH) session with another device, use the ssh command.
ssh {hostname | user@hostname}
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To initiate an SSH session with the host 196.168.12.10, enter:
host1/Admin# ssh 196.168.12.10
To initiate an SSH session with USER1 on HOST1, enter:
host1/Admin# ssh USER1@HOST1
hostname Name or IP address of the host to access. If no username is specified, the default is
“admin.” Enter up to 64 alphanumeric characters.
user Username on a host.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-247
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Related Commands clear ssh
show ssh
(config) class-map
(config) login timeout
(config) ssh key
(config) ssh maxsessions1-248
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
system internal
To generate a debug snapshot of a service, use the system internal command.
system internal snapshot service {name}
Syntax Description
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command requires the Admin role in the Admin context. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only.
Examples To take a snapshot of a service, enter:
host1/Admin# system internal snapshot service
Related Commands This command has no related commands.
snapshot
service
Specifies debug snapshots of a service.
name Name of a system service for which you want to take a snapshot. Enter an unquoted
text string with no spaces and a maximum of 64 alphanumeric characters.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-249
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
system watchdog
To enable all system watchdogs or the specific system watchdog, use the system watchdog command.
When you enter this command without an option, all watchdogs are enabled. By default, the watchdogs
are enabled.
Use the no form of this command to disable the system watchdogs. When you disable the low memory
watchdog, its timeout is reset to its default.
system watchdog [lcp | memory [timeout seconds] | scp]
system no watchdog [lcp | memory | scp]
Syntax Description
Command Modes Exec
Admin context only
Command History
Usage Guidelines This command requires the Admin role in the Admin context. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is intended for use by trained Cisco personnel for troubleshooting purposes only. When
you are troubleshooting the ACE, disable the watchdog timeout to prevent the ACE from rebooting.
lcp (Optional, ACE module only) Enables the watchdog for the LCP process.
The current SCP watchdog watches this process. However, if the LCP
process is not scheduled on time, this watchdog reboots the ACE.
memory (Optional) Enables the low memory watchdog when the ACE memory
reaches 99 percent.
timeout seconds (Optional) Configures the low memory watchdog timeout in seconds. Enter
a number from 5 to 180. The default is 90. To change the timeout, reenter
the system watchdog memory timeout seconds command. When reenable
a disabled watchdog, the timeout is reset to its default value.
scp (Optional, ACE module only) Enables the watchdog that monitors the SCP
keepalive messages from the hardware timer interrupt level.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(2.4) The lcp, memory and scp options were added.
The system watchdog command now enables all watchdogs.
Previously, it enabled only the SCP watchdog timer.
ACE Appliance Release Modification
A4(1.0) This command was introduced.1-250
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Examples To enable the low memory system watchdog after it has been disabled, enter:
host1/Admin# system watchdog memory
To disable the low memory system watchdog, enter:
host1/Admin# system no watchdog memory
Related Commands show system1-251
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
tac-pac
To save Technical Assistance Center (TAC) information to a local or remote location, use the tac-pac
command.
tac-pac [ftp://server/path[/filename] | scp://server/path[/filename] |
sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename] |
disk0:[path/]filename]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The TAC information that the ACE saves when using the tac-pac command is the same information that
you can display using the show tech-support command.
If you do not specify a directory on a file system, the default is the root directory.
The output of the show tech-support command is in gzip format. We recommend that you include the
.gz extension in the filename so that it can be easily unzipped from the destination filesystem.
Examples To save TAC information and send the output of the show tech-support command to a remote FTP
server, enter:
host1/Admin# tac-pac ftp://192.168.1.2/tac-output_10-7-07.gz
ftp: (Optional) Specifies the File Transfer Protocol network server as the destination.
scp: (Optional) Specifies the Secure Copy network server as the destination.
sftp: (Optional) Specifies the Secure File Transfer Protocol network server as the
destination.
tftp: (Optional) Specifies the Trivial File Transfer Protocol network server as the
destination.
disk0: (Optional) Specifies the disk0: file system in flash memory on the ACE as the
destination.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-252
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Related Commands This command has no related commands.1-253
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
telnet
To initiate a Telnet session with another network device, use the telnet command.
telnet ip_address [port]
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To open a Telnet session with another network device, enter:
host1/Admin# telnet 192.126.2.1
Related Commands clear telnet
show telnet
(config) class-map
(config) login timeout
ip_address IP address of the network host. Enter an IP address in dotted-decimal notation (for
example, 172.16.1.10).
port (Optional) Port number on network host. The range is from 0 to 2147483647.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-254
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
terminal
To configure the terminal display settings, use the terminal command.
terminal {length lines | monitor | no | session-timeout minutes | terminal-type text |
width characters}
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Use the show terminal command to display the current terminal settings.
length lines Sets the number of lines displayed on the current terminal screen. This command is
specific to the console port only. Telnet and Secure Shell (SSH) sessions set the
length automatically. Valid entries are from 0 to 511. The default is 24 lines. A value
of 0 instructs the ACE to scroll continuously (no pausing) and overrides the terminal
width command.
monitor Displays the syslog output on the terminal for the current terminal and session. To
enable the various levels of syslog messages to the terminal, use the logging
monitor command in configuration command mode.
no Negates a command or sets it back to its default value.
session-timeout
minutes
Specifies the session timeout value in minutes to configure the automatic logout time
for the current terminal session on the ACE. When you exceed the time limit
configured by this command, the ACE closes the session and exits. The range is 0 to
525600. The default is 5 minutes. You can set the terminal session-timeout value
to 0 to disable this feature so that the terminal remains active until you choose to exit
the ACE. The ACE does not save this change in the configuration file.
terminal-type
text
Specifies the name and type of the terminal used to access the ACE. If a Telnet or
SSH session specifies an unknown terminal type, the ACE uses the VT100 terminal
by default. Specify a text string from 1 to 80 alphanumeric characters.
width
characters
Sets the number of characters displayed on the current terminal screen. This
command is specific to only the console port. Telnet and SSH sessions set the width
automatically. Valid entries are from 24 to 512. The default is 80 columns.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-255
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
All terminal parameter-setting commands are set locally and do not remain in effect after you end a
session. You must perform this task at the Exec prompt at each session to see the debugging messages.
Examples To specify the VT100 terminal, set the number of screen lines to 35, and set the number of characters to
250, enter:
host1/Admin# terminal terminal-type vt220
host1/Admin# terminal length 35
host1/Admin# terminal width 250
To specify a terminal timeout of 600 minutes for the current session, enter
host1/Admin# terminal session-timeout 600
To set the width to 100 columns, enter:
host1/Admin# terminal width 100
To set the width to its default of 80 columns, enter:
host1/Admin# terminal no width
To start the current terminal monitoring session, enter:
host1/Admin# terminal monitor
To stop the current terminal monitoring session, enter:
host1/Admin# terminal no monitor
Related Commands show terminal
(config) login timeout
traceroute
To trace the route that an IP packet takes to a network host from the ACE, use the traceroute command.
traceroute [ip | ipv6 [ip_address [size packet]]
Syntax Description
Command Modes Exec
Admin and user contexts
ip | ipv6 (Optional) Specifies the IPv4 or IPv6 protocol. If you do not specify the IP protocol,
it is inferred from the address.
ip_address (Optional) IP address of the network host. Enter an IP address in dotted-decimal
notation (for example, 172.27.16.10).
size packet (Optional) Specifies the packet size. Enter a number from 40 to 452. The default is 40.1-256
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command traces the route that an IP packet follows to an Internet host by launching User Datagram
Protocol (UDP) probe packets with a small time to live (TTL), and then listening for an Internet Control
Message Protocol (ICMP) “time exceeded” reply from a gateway.
Examples IPv6 Example
To trace the IPv6 address 2001:DB8:1::2, enter the following command:
host1/Admin# traceroute ipv6 2001:DB8:1::2
To terminate a traceroute session, press Ctrl-C.
IPv4 Example
To display the route that a packet takes from the ACE to a network host with the IP address 196.126.1.2,
enter:
host1/Admin# traceroute 196.126.1.2
Related Commands ping
undebug all
To disable all debugging, use the undebug all command.
undebug all
Syntax Description This command has no keywords or arguments.
Command Modes Exec
Admin and user contexts
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A5(1.0) Added IPv6 support.
ACE Appliance Release Modification
A1(7) This command was introduced.
A5(1.0) Added IPv6 support.1-257
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Command History
Usage Guidelines This command is available to all user roles that allow debugging and is not available to network monitor
or technician users. For details about role-based access control (RBAC) and user roles, see the
Virtualization Guide, Cisco ACE Application Control Engine.
The ACE debug commands are intended for use by trained Cisco personnel only. Entering these
commands may cause unexpected results. Do not attempt to use these commands without guidance from
Cisco support personnel.
Examples To disable all debugging, enter:
host1/Admin# undebug all
Related Commands debug
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-258
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
untar disk0:
To untar a single file with a .tar extension in the disk0: file system, use the untar command.
untar disk0:[path/]filename
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The copy licenses disk0: command creates backup .tar license files on the ACE. If a license becomes
corrupted or lost, or you accidently remove the license on the ACE, you can untar the license and
reinstall it.
You must use the untar command in the Admin context to untar a backup tar license file.
Examples To untar the mylicense.tar file on disk0, enter:
host1/Admin# untar disk0:mylicenses.tar
Related Commands copy licenses
gunzip
[path/]filename Name of the .tar file on the disk0: file system. The filename must end with a .tar
extension.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-259
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
write
To manage persistent and nonpersistent configuration information, use the write command.
write {erase | memory [all] | terminal}
Syntax Description
Exec
Admin and user contexts
Command History
Usage Guidelines For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco
ACE Application Control Engine.
The different versions of this command require the following user role or feature in your user role:
• write erase—Admin user
• write memory—config-copy feature
• write all—Admin user
The write erase command does not remove license files or crypto files (certs and keys) from the ACE.
To remove license files, see the license uninstall command. To remove crypto files, see the crypto
delete command.
If you intend to use the write memory command to save the contents of the running-configuration file
for the current context to the startup-configuration file, you must also specify this command in the
Admin context. Saving changes to the Admin context startup-configuration file is important because the
Admin context startup-configuration file contains all configurations that are used to create each user
context.
To write the running configuration to the startup configuration, you can also use the
copy running-config startup-config command. To erase the startup configuration, you can also use the
clear startup-config command. To display the running configuration, use the show running-config
command.
erase Erases the entire startup configuration with the exception of any configuration that
affects the loader functionality. The startup configuration then reverts back to the
factory-default values. The running configuration is not affected.
memory Writes the running configuration to the startup configuration.
all (Optional) Writes configurations for all existing contexts. This keyword is available
only in the Admin context.
terminal Writes the running configuration to the terminal.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-260
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
Examples To write running configuration to the startup configuration, enter:
host1/Admin# write memory
Related Commands clear startup-config
show running-config
xml-show
To enable the display of raw XML request show command output in XML format, use the xml-show
command.
xml show {off | on | status}
Syntax Description
Command Modes Exec
Admin and user contexts
Command History
Usage Guidelines This command has no user role feature restrictions. For details about role-based access control (RBAC)
and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
By default, XML responses will automatically appear in XML format if the corresponding CLI show
command output supports the XML format. However, if you are running commands on the CLI console
or you are running raw XML responses from NMS, the XML responses appear in regular CLI display
format.
You can enable the display of raw XML request show command output in XML format by performing
one of the following actions:
• Specifying the xml-show on command in Exec mode from the CLI, or
• Including the xml-show on command in the raw XML request itself (CLI commands included in an
XML wrapper).
Specification of the xml-show on command is not required if you are running true XML.
off Displays CLI show command output in regular CLI display output, not in XML
format.
on Displays CLI show command output in XML format unless a specific show
command is not implemented to display its output in XML format.
status Displays the current setting of the xml-show command (on or off).
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.1-261
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 1 CLI Commands
Exec Mode Commands
For details on the show command output supported in XML format, consult the ACE schema file,
schema.xsd for the ACE module or for the ACE appliance, that is included as part of the software image
(see the Administration Guide, Cisco ACE Application Control Engine). The ACE schema File contains
the information on the XML attributes for those show output commands that support XML format.
The off and on keywords affect only the current CLI session in use; they are session-based functions.
Examples To enable the display of raw XML request show command output in XML format from the CLI, enter:
host1/Admin# xml-show on
Related Commands This command has no related commands.2-262
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Configuration Mode Commands
Configuration mode commands allow you to configure global ACE parameters that affect the following
contexts:
• All contexts, when configured in the Admin context
• A single user context, when configured in that context
Configuration mode also allows you to access all the ACE subordinate configuration modes. These
modes provide parameters to configure the major features of the ACE, including access control lists
(ACLs), application protocol inspection, fragmentation and reassembly, interfaces, Network Address
Translation (NAT), persistence (stickiness), protocols, redundancy, routing, scripts, Secure Sockets
Layer (SSL), server load balancing (SLB), TCP/IP normalization, users, and virtualization.
To access configuration mode, use the config command. The CLI prompt changes to (config).
See the individual command descriptions of all the configuration mode commands on the following
pages.
Command Modes Exec mode
Admin and user contexts
Command History
Usage Guidelines This command requires one or more features assigned to your user role that allow configuration, such as
AAA, interface, or fault-tolerant. For details about role-based access control (RBAC) and user roles, see
the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To access configuration mode, enter:
host1/Admin# config
host1/Admin(config)#
Related Commands show running-config
show startup-config
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-263
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) aaa accounting default
To configure the default accounting method, use the aaa accounting default command. You specify
either a previously created AAA server group that identifies separate groups of Terminal Access
Controller Access Control System Plus (TACACS+) or Remote Authentication Dial-In User Service
(RADIUS) servers or the local database on the ACE. Use the no form of this command to remove the
accounting method.
aaa accounting default {group group_name} {local} {none}
no aaa accounting default {group group_name} {local} {none}
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To enable user accounting to be performed using remote TACACS+ servers, followed by local login as
the fallback method, enter:
host1/Admin(config)# aaa accounting default group TacServer local
Related Commands show aaa
show accounting log
(config) aaa authentication login
group group_name Associates the accounting method with a TACACS+ or RADIUS server defined
previously through the aaa group server command. Enter an unquoted text
string with no spaces and a maximum of 64 alphanumeric characters.
local Specifies to use the local database on the ACE as the accounting method.
none Specifies that the ACE does not perform password verification, which disables
password verification. If you configure this option, users can log in without
providing a valid password.
Note Only users with an Admin role can configure the none keyword.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-264
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) aaa group server2-265
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) aaa authentication login
To configure the authentication method used for login to the ACE CLI, use the aaa authentication login
command. Use the no form of this command to disable the authentication method.
aaa authentication login {{console | default} {{group group_name} {local} {none}}} |
error-enable
no aaa authentication login {{console | default} {{group group_name} {local} {none}}} |
error-enable
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Use the error-enable option cautiously. If you specify none, any user will be able to access the ACE at
any time.
console Specifies the console port login authentication method, identified by the
specified server group.
default Specifies the default login authentication method (by console or by Telnet or
Secure Shell [SSH] session) that is identified by the specified server group.
group group_name Associates the login authentication process with a Terminal Access Controller
Access Control System Plus (TACACS+), Remote Authentication Dial-In User
Service (RADIUS), or Lightweight Directory Access Protocol (LDAP) server
defined through the aaa group server command. Enter an unquoted text string
with no spaces and a maximum of 64 alphanumeric characters.
local Specifies to use the local database on the ACE as the login authentication
method. If the server does not respond, then the local database is used as the
fallback authentication method.
none Specifies that the ACE does not perform password verification. If you configure
this option, users can log in to the ACE without providing a valid password.
Note Only users with an Admin role can configure the none keyword.
error-enable Enables the display of the login error message when the remote AAA servers
fail to respond.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-266
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
To view the current display status, use the show aaa authentication login error-enable command.
When a user attempts to log in, and the remote AAA servers do not respond to the authentication request,
the ACE processes the login sequence by switching to local user database.
Examples To enable console authentication using the TACSERVER server group, followed by local login as the
fallback method, enter:
host1/Admin(config)# aaa authentication login console group TACSERVER local
Password verification remains enabled for login authentication.
To turn off password validation, enter:
host1/Admin(config)# aaa authentication login console group TACSERVER local none
Related Commands show aaa
(config) aaa accounting default
(config) aaa group server
(config) aaa group server
To configure independent server groups of Terminal Access Controller Access Control System Plus
(TACACS+), Remote Authentication Dial-In User Service (RADIUS), or Lightweight Directory Access
Protocol (LDAP) servers, use the aaa group server command. Use the no form of this command to
remove a server group.
aaa group server {ldap | radius | tacacs+} group_name
no aaa group server {ldap | radius | tacacs+} group_name
Syntax Description
Command Modes Configuration mode
Admin and user contexts
ldap Specifies an LDAP directory server group. For information about the commands in
the LDAP server configuration mode, see the “LDAP Configuration Mode
Commands” section.
radius Specifies a RADIUS server group. For information about the commands in the
RADIUS server configuration mode, see the “RADIUS Configuration Mode
Commands” section.
tacacs+ Specifies a TACACS+ server group. For information about the commands in the
TACACS+ server configuration mode, see the “TACACS+ Configuration Mode
Commands” section.
group_name Name for the LDAP, RADIUS, or TACACS+ server group. Enter an unquoted text
string with no spaces and a maximum of 64 alphanumeric characters.2-267
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command History
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
A server group is a list of server hosts of a particular type. The ACE allows you to configure multiple
TACACS+, RADIUS, and LDAP servers as a named server group. You group the different AAA server
hosts into distinct lists. The ACE searches for the server hosts in the order in which you specify them
within a group. You can configure a maximum of 10 server groups for each context in the ACE.
You can configure server groups at any time, but they take effect only when you apply them to the AAA
service using the aaa authentication login or the aaa accounting default commands.
To create a AAA server group and access one of the three AAA server group configuration modes, enter
the aaa group server ldap, aaa group server radius, or aaa group server tacacs+ command in
configuration mode. The CLI prompt changes to (config-ldap), (config-radius), or (config-tacacs+). In
this mode, you specify the IP address of one or more previously configured servers that you want added
to or removed from the server group.
Examples To create a RADIUS server group and add a previously configured RADIUS server, enter:
(config)# aaa group server radius RAD_Server_Group1
host1/Admin(config-radius)# server 192.168.252.1
host1/Admin(config-radius)# server 192.168.252.2
host1/Admin(config-radius)# server 192.168.252.3
Related Commands show aaa
show running-config
(config) aaa accounting default
(config) aaa authentication login
(config) access-group
To apply an IPv4 or IPv6 access control list (ACL) to the inbound direction on all VLAN interfaces in a
context and make the ACL active, use the access-group command. Use the no form of this command to
remove an ACL from all interfaces in a context.
access-group input acl_name
no access-group input acl_name
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-268
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the access-list feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Use this command to apply an IPv6 or an IPv4 ACL to a single interface or all interfaces in a context.
You must apply an ACL to an interface to allow the passing of traffic on that interface. This command
enables you to apply an ACL to all interfaces in a context in the inbound direction only and to allow
traffic on all interfaces simultaneously. The following considerations apply:
• You can use the access-group command in configuration mode only if there are no interfaces in the
context to which you have applied an ACL previously using the (config-if) access-group command
in interface configuration mode.
• If you have applied an ACL globally to all interfaces in a context, you cannot apply an ACL to an
individual interface using the (config-if) access-group command in interface configuration mode.
• You can apply one Layer 2 ACL and one Layer 3 ACL globally to all interfaces in a context.
• You can apply both a Layer 3 and a Layer 2 ACL to all Layer 2 bridge-group virtual interfaces
(BVIs) in a context.
• On Layer 3 virtual LAN (VLAN) interfaces, you can apply only Layer 3 ACLs. You can apply one
IPv6 and one IPv4 ACL in each direction on a Layer 3 VLAN interface.
• In a redundant configuration, the ACE does not apply a global ACL to the FT VLAN. For details
about redundancy, see the Administration Guide, Cisco ACE Application Control Engine.
For complete details on ACLs, see the Security Guide, Cisco ACE Application Control Engine.
Examples To apply an ACL named INBOUND to the inbound direction of all interfaces in the Admin context,
enter:
host1/Admin(config)# access-group input INBOUND
To remove an ACL from all interfaces in the Admin context, enter:
input Specifies the inbound direction of all interfaces in a context on which
you want to apply the ACL
acl_name Identifier of an existing ACL that you want to apply to an interface
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A5(1.0) Added IPv6 support.
ACE Appliance Release Modification
A1(7) This command was introduced.
A5(1.0) Added IPv6 support.2-269
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
host1/Admin(config)# no access-group input INBOUND
Related Commands (config-if) access-group
show access-list2-270
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) access-list ethertype
To configure an EtherType access control list (ACL), use the access-list ethertype command. Use the
no form of this command to remove the ACL from the configuration.
access-list name ethertype {deny | permit} {any | bpdu | ipv6 | mpls}
no access-list name ethertype {deny | permit} {any | bpdu | ipv6 | mpls}
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the access-list feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
You can configure an ACL that controls traffic based on its EtherType. An EtherType is a subprotocol
identifier. EtherType ACLs support Ethernet V2 frames. EtherType ACLs do not support
802.3-formatted frames because they use a length field instead of a type field. Bridge protocol data units
(BPDUs) are exceptions because they are SNAP-encapsulated, and the ACE is designed to specifically
handle BPDUs.
You can permit or deny BPDUs. By default, all BPDUs are denied. The ACE receives trunk port (Cisco
proprietary) BPDUs because ACE ports are trunk ports. Trunk BPDUs have VLAN information inside
the payload, so the ACE modifies the payload with the outgoing VLAN if you permit BPDUs. BPDU
packets are not subjected to bandwidth policing in a bridge-mode configuration.
You can configure an EtherType ACL only on a Layer 2 interface in the inbound direction.
name Unique identifier of the ACL. Enter an unquoted text string with a maximum of
64 alphanumeric characters.
ethertype Specifies a subprotocol of type: any, bpdu, ipv6, or mpls.
deny Blocks connections on the assigned interface.
permit Allows connections on the assigned interface.
any Specifies any EtherType.
bpdu Specifies bridge protocol data units.
ipv6 Specifies Internet Protocol version 6.
mpls Specifies Multiprotocol Label Switching.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(2.4) BPDU packets are not subjected to bandwidth policing in a
bridge-mode configuration.
ACE Appliance Release Modification
A1(7) This command was introduced.2-271
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
When you specify the mpls keyword in an EtherType ACL, the ACE denies or permits both
MPLS-unicast and MPLS-multicast traffic.
Examples To configure an ACL that controls traffic based on its EtherType, enter:
(config)# access-list INBOUND ethertype permit mpls
Related Commands clear access-list
show access-list2-272
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) access-list extended
To create an extended ACL, use the access-list extended command. The two major types of extended
ACLs are as follows:
• Non-ICMP ACLs
• ICMP ACLs
Use the no form of this command to delete the ACL.
IPv6 Syntax
For a non-ICMP extended ACL, the syntax is as follows:
access-list name [line number] extended {deny | permit}
{protocol {anyv6 | host src_ipv6_address | src_ipv6_address/prefix_length
| object-group net_obj_grp_name} [operator port1 [port2]] {anyv6 | host dest_ipv6_address |
dest_ipv6_address/prefix_length | object-group net_obj_grp_name} [operator port3 [port4]]}
| {object-group service_obj_grp_name} {anyv6 | host src_ipv6_address
| src_ipv6_address/prefix_length | object-group net_obj_grp_name} {anyv6 | host
dest_ipv6_address | dest_ipv6_address/prefix_length | object-group net_obj_grp_name}
no access-list name [line number] extended {deny | permit}
{protocol {anyv6 | host src_ipv6_address | src_ipv6_address/prefix_length
| object-group net_obj_grp_name} [operator port1 [port2]] {anyv6 | host dest_ipv6_address |
dest_ipv6_address/prefix_length | object-group net_obj_grp_name} [operator port3 [port4]]}
| {object-group service_obj_grp_name} {anyv6 | host src_ipv6_address
| src_ipv6_address/prefix_length | object-group net_obj_grp_name} {anyv6 | host
dest_ipv6_address | dest_ipv6_address/prefix_length | object-group net_obj_grp_name}
For an ICMP-extended ACL, the syntax is as follows:
access-list name [line number] extended {deny | permit}
{icmpv6 {anyv6 | host src_ipv6_address | src_ipv6_address/prefix_length| object_group
net_obj_grp_name} {anyv6 | host dest_ipv6_address | dest_ipv6_address/prefix_length|
object_group network_grp_name} [icmp_type [code operator code1 [code2]]]}
| {object-group service_obj_grp_name} {anyv6 | host src_ipv6_address
| src_ipv6_address/prefix_length| object-group net_obj_grp_name} {anyv6 | host
dest_ipv6_address | dest_ipv6_address/prefix_length| object-group net_obj_grp_name}
no access-list name [line number] extended {deny | permit}
{icmpv6 {anyv6 | host src_ipv6_address | src_ipv6_address/prefix_length| object_group
net_obj_grp_name} {anyv6 | host dest_ipv6_address | dest_ipv6_address/prefix_length|
object_group network_grp_name} [icmp_type [code operator code1 [code2]]]}
| {object-group service_obj_grp_name} {anyv6 | host src_ipv6_address
| src_ipv6_address/prefix_length| object-group net_obj_grp_name} {anyv6 | host
dest_ipv6_address | dest_ipv6_address/prefix_length| object-group net_obj_grp_name}
IPv4 Syntax
For a non-ICMP extended ACL, the syntax is as follows:
access-list name [line number] extended {deny | permit}
{protocol {any | host src_ip_address | src_ip_address netmask | object-group
net_obj_grp_name} [operator port1 [port2]] {any | host dest_ip_address | dest_ip_address
netmask | object-group net_obj_grp_name} [operator port3 [port4]]}2-273
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
|{object-group service_obj_grp_name} {any | host src_ip_address | src_ip_address netmask |
object-group net_obj_grp_name} {any | host dest_ip_address | dest_ip_address netmask |
object-group net_obj_grp_name}
no access-list name [line number] extended {deny | permit}
{protocol {any | host src_ip_address | src_ip_address netmask | object-group
net_obj_grp_name} [operator port1 [port2]] {any | host dest_ip_address | dest_ip_address
netmask | object-group net_obj_grp_name} [operator port3 [port4]]}
|{object-group service_obj_grp_name} {any | host src_ip_address | src_ip_address netmask |
object-group net_obj_grp_name} {any | host dest_ip_address | dest_ip_address netmask |
object-group net_obj_grp_name}
For an ICMP-extended ACL, the syntax is as follows:
access-list name [line number] extended {deny | permit}
{icmp {any | host src_ip_address | src_ip_address netmask | object_group
net_obj_grp_name} {any | host dest_ip_address | dest_ip_address netmask | object_group
network_grp_name} [icmp_type [code operator code1 [code2]]]}
|{object-group service_obj_grp_name} {any | host src_ip_address | src_ip_address netmask |
object-group net_obj_grp_name} {any | host dest_ip_address | dest_ip_address netmask |
object-group net_obj_grp_name}
no access-list name [line number] extended {deny | permit}
{icmp {any | host src_ip_address | src_ip_address netmask | object_group
net_obj_grp_name} {any | host dest_ip_address | dest_ip_address netmask | object_group
network_obj_grp_name} [icmp_type [code operator code1 [code2]]]}
|{object-group service_obj_grp_name} {any | host src_ip_address | src_ip_address netmask |
object-group net_obj_grp_name} {any | host dest_ip_address | dest_ip_address netmask |
object-group net_obj_grp_name}
Syntax Description name Unique identifier of the ACL. Enter an unquoted text string with a maximum of
64 alphanumeric characters.
line number (Optional) Specifies the line number position where you want the entry that you
are configuring to appear in the ACL. The position of an entry affects the lookup
order of the entries in an ACL. If you do not configure the line number of an
entry, the ACE applies a default increment and a line number to the entry and
appends it at the end of the ACL.2-274
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
extended Specifies an extended ACL. Extended ACLs allow you to specify the destination
IP address and subnet mask and other parameters not available with a standard
ACL.
deny Blocks connections on the assigned interface.
permit Allows connections on the assigned interface.
protocol Name or number of an IP protocol. Enter a protocol name or an integer from 0 to
255 that represents an IP protocol number from the following:
• ah—(51) Authentication Header
• eigrp—(88) Enhanced IGRP
• esp—(50) Encapsulated Security Payload
• gre—(47) Generic Routing Encapsulation
• icmp—(1) Internet Control Message Protocol (See Table 1-1 for optional
ICMPv4 messaging types)
• icmpv6—(58) Internet Control Message Protocol (See Table 1-2 for
optional ICMPv6 messaging types)
• igmp—(2) Internet Group Management Protocol
• ip—(0) Internet Protocol
• ip-in-ip—(4) IP-in-IP Layer 3 tunneling protocol
• ospf—(89) Open Shortest Path First
• pim—(103) Protocol Independent Multicast
• tcp—(6) Transmission Control Protocol
• udp—(17) User Datagram Protocol
any Specifies the network traffic from any IPv4 source.
anyv6 Specifies the network traffic from any IPv6 source.
host
src_ipv6_address
Specifies the IPv6 address of the host from which the network traffic originates.
Use this keyword and argument to specify the network traffic from a single IPv6
address.
host
src_ip_address
Specifies the IP address of the host from which network traffic originates. Use
this keyword and argument to specify the network traffic from a single IP
address.
src_ipv6_address/
prefix_length
Traffic from a source defined by the IPv6 address and the prefix length. Use these
arguments to specify network traffic from a range of IPv6 source addresses.
src_ip_address
netmask
Traffic from a source defined by the IP address and the network mask. Use these
arguments to specify the network traffic from a range of source IP addresses.
object-group
network_obj_grp_
name
Specifies the identifier of an existing source network object group. To use object
groups in an ACL, replace the normal network (source_address, mask, and so
on), service (protocol operator port) or ICMP type (icmp_type) arguments with
an object-group name. 2-275
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
operator (Optional) Operand used to compare source and destination port numbers for
TCP, TCP-UDP, and UDP protocols. The operators are as follows:
• eq—Equal to.
• gt—Greater than.
• lt—Less than.
• neq—Not equal to.
• range—An inclusive range of port values. If you entered the range operator,
enter a second port number value to define the upper limit of the range.
port1 [port2] TCP or UDP source port name or number from which you permit or deny services
access. Enter an integer from 0 to 65535. To enter an inclusive range of ports,
enter two port numbers. Port2 must be greater than or equal to port1. See
Table 1-3 for a list of well-known TCP port names and numbers and Table 1-4
for a list of well-known UDP port names and numbers.
dest_ipv6_address/
prefix_length
IPv6 address of the network or host to which the packet is being sent and the
prefix length of the IPv6 destination address. Use these arguments to specify a
range of IPv6 destination addresses.
dest_ip_address
netmask
Specifies the IP address of the network or host to which the packet is being sent
and the network mask bits that are to be applied to the destination IP address. Use
these arguments to specify a range of destination IP addresses.
anyv6 Specifies the network traffic that goes to any IPv6 destination.
any Specifies the network traffic going to any destination.
host
dest_ipv6_address
Specifies the IPv6 address of the destination of the packets in a flow. Use this
keyword and argument to specify the network traffic destined to a single IPv6
address.
host destination_
address
Specifies the IP address and subnet mask of the destination of the packets in a
flow. Use this keyword and argument to specify the network traffic destined to a
single IP address.
operator (Optional) Operand used to compare source and destination port numbers for
TCP, TCP-UDP, and UDP protocols. The operators are as follows:
• lt—Less than.
• gt—Greater than.
• eq—Equal to.
• neq—Not equal to.
• range—An inclusive range of port values. If you enter this operator, enter a
second port number value to define the upper limit of the range.
port3 [port4] TCP or UDP destination port name or number to which you permit or deny access
to services. To enter an optional inclusive range of ports, enter two port numbers.
Port4 must be greater than or equal to port3. See Table 1-3 for a list of
well-known ports.
icmp_type (Optional) Type of ICMP messaging. Enter either an integer that corresponds to
the ICMP code number or one of the ICMP types as described in Table 1-1.
code (Optional) Specifies that a numeric operator and ICMP code follows. 2-276
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the access-list feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The ACE does not explicitly support standard ACLs. To configure a standard ACL, specify the
destination addresses as “any” and do not specify ports in an extended ACL.
For the source IP address and destination IP address netmasks, the ACE supports only standard subnet
mask entries in an ACL. Wildcard entries and non-standard subnet masks are not supported.
For TCP and UDP connections, you do not need to also apply an ACL on the destination interface to
allow returning traffic, because the ACE allows all returning traffic for established connections.
You can apply only one extended ACL to each direction (inbound or outbound) of an interface. You can
also apply the same ACL on multiple interfaces.You can apply EtherType ACLs only in the inbound
direction and only on Layer 2 interfaces.
operator An operator that the ACE applies to the ICMP code number that follows. Enter
one of the following operators:
• lt—Less than.
• gt—Greater than.
• eq—Equal to.
• neq—Not equal to.
• range—An inclusive range of ICMP code values. When you use this
operator, specify two code numbers to define the range.
code1, code2 ICMP code number that corresponds to an ICMP type. See Table 1-3. If you
entered the range operator, enter a second ICMP code value to define the upper
limit of the range.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(1.0) This command was revised with the object-group keyword and
associated keywords and arguments.
A5(1.0) Added IPv6 support.
ACE Appliance Release Modification
A1(7) This command was introduced.
A2(1.0) This command was revised with the object-group keyword and
associated keywords and arguments.
A5(1.0) Added IPv6 support.2-277
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
If you create an ICMP extended ACL, you can optionally specify the type of ICMP messaging. Enter
either an integer that corresponds to the ICMP code number or one of the ICMP messaging types as
described in Table 1-1 (ICMPv4) and Table 1-2 (ICMPv6).
ACLs have no effect on neighbor discovery (ND) packets and they are always permitted to and through
the ACE. For more information about ND, see the Routing and Bridging Guide, Cisco ACE Application
Control Engine.
Ta b l e 1-1 ICMPv4 Types
ICMPv4 Code Number ICMPv4 Type
0 echo-reply
3 unreachable
4 source-quench
5 redirect
6 alternate-address
8 echo
9 router-advertisement
10 router-solicitation
11 time-exceeded
12 parameter-problem
13 timestamp-request
14 timestamp-reply
15 information-request
16 information-reply
17 mask-request
18 mask-reply
30 traceroute
31 conversion-error
32 mobile-redirect
Ta b l e 1-2 ICMPv6 Types
ICMPv6 Code Number ICMPv6 Type
1 unreachable
3 time-exceeded
4 parameter-problem
30 traceroute
128 echo
129 echo-reply
137 redirect2-278
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
139 information-request
140 information-reply
Ta b l e 1-3 Well-Known TCP Port Numbers and Key Words
Keyword Port Number Description
aol 5190 America-Online
bgp 179 Border Gateway Protocol
chargen 19 Character Generator
citrix-ica 1494 Citrix Independent Computing Architecture
protocol
cmd 514 Same as exec, with automatic
authentication
ctiqbe 2748 Computer Telephony Interface Quick
Buffer Encoding
daytime 13 Daytime
discard 9 Discard
domain 53 Domain Name System
echo 7 Echo
exec 512 Exec (RSH)
finger 79 Finger
ftp 21 File Transfer Protocol
ftp-data 20 FTP data connections
gopher 70 Gopher
hostname 101 NIC hostname server
http 80 Hyper Text Transfer Protocol
https 443 HTTP over TLS/SSL
ident 113 Ident Protocol
imap4 143 Internet Message Access Protocol,
version 4
irc 194 Internet Relay Chat
kerberos 88 Kerberos
klogin 543 Kerberos Login
kshell 544 Kerberos Shell
ldap 389 Lightweight Directory Access Protocol
ldaps 636 LDAP over TLS/SSL
login 513 Login (rlogin)
lotusnotes 1352 IBM Lotus Notes
Table 1-2 ICMPv6 Types (continued)
ICMPv6 Code Number ICMPv6 Type2-279
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
lpd 515 Printer Service
matip-a 350 Mapping of Airline Traffic over Internet
Protocol (MATIP) Type A
netbios-ssn 139 NetBIOS Session Service
nntp 119 Network News Transport Protocol
pcanywhere-data 5631 PC Anywhere data
pim-auto-rp 496 PIM Auto-RP
pop2 109 Post Office Protocol v2
pop3 110 Post Office Protocol v3
pptp 1723 Point-to-Point Tunneling Protocol, RFC
2637
rtsp 554 Real Time Streaming Protocol
sip 5060 Session Initiation Protocol
skinny 2000 Cisco Skinny Client Control Protocol
(SCCP)
smtp 25 Simple Mail Transfer Protocol
sqlnet 1521 Structured Query Language Network
ssh 22 Secure Shell
sunrpc 111 Sun Remote Procedure Call
tacacs 49 Terminal Access Controller Access Control
System
talk 517 Talk
telnet 23 Telnet
time 37 Time
uucp 540 UNIX-to-UNIX Copy Program
whois 43 Nicname
www 80 World Wide Web (HTTP)
Ta b l e 1-4 Well-Known UDP Key Words and Port Numbers
Keyword Port Number Description
biff 512 Mail notification
bootpc 68 Bootstrap Protocol client
bootps 67 Bootstrap Protocol server
discard 9 Discard
dnsix 195 DNSIX Security protocol auditing
(dn6-nlm-aud)
domain 53 Domain Name System
Table 1-3 Well-Known TCP Port Numbers and Key Words (continued)
Keyword Port Number Description2-280
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Examples IPv6 Examples
To configure an IPv6 TCP extended ACL, enter:
host1/Admin(config)# access-list INBOUND line 10 extended permit tcp 2001:DB8:1::1/64 gt
1024 2001:DB8:2::1 lt 4000
To remove an entry from an extended ACL, enter:
echo 7 Echo
isakmp 500 Internet Security Association Key
Management Protocol
kerberos 88 Kerberos
mobile-ip 434 Mobile IP registration
nameserver 42 Host Name Server
netbios-dgm 138 NetBIOS datagram service
netbios-ns 137 NetBIOS name service
netbios-ssn 139 NetBIOS Session Service
ntp 123 Network Time Protocol
pcanywherestatus
5632 PC Anywhere status
radius 1812 Remote Authentication Dial-in User
Service
radius-acct 1813 RADIUS Accounting
rip 520 Routing Information Protocol
snmp 161 Simple Network Management Protocol
snmptrap 162 SNMP Traps
sunrpc 111 Sun Remote Procedure Call
syslog 514 System Logger
tacacs 49 Terminal Access Controller Access Control
System
talk 517 Talk
tftp 69 Trivial File Transfer Protocol
time 37 Time
who 513 Who service (rwho)
wsp 9200 Connectionless Wireless Session Protocol
wsp-wtls 9202 Secure Connectionless WSP
wsp-wtp 9201 Connection-based WSP
wsp-wtp-wtls 9203 Secure Connection-based WSP
xdmcp 177 X Display Manager Control Protocol
Table 1-4 Well-Known UDP Key Words and Port Numbers (continued)
Keyword Port Number Description2-281
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
host1/Admin(config)# no access-list INBOUND line 10
To control a ping, specify echo (128) (host to ACE).
To allow an external host with IP address 2001:DB8:1::2 to ping a host behind the ACE with an IP
address of FC00:ABCD:1:2::5, enter:
host1/Admin(config)# access-list INBOUND extended permit icmpv6 host 2001:DB8:1::2 host
FC00:ABCD:1:2::5 echo code eq 0
To remove an entry from an ICMP ACL, enter:
host1/Admin(config)# no access-list INBOUND extended permit icmpv6 host 2001:DB8:1::2
echo
IPv4 Examples
To configure a TCP extended ACL, enter:
host1/Admin(config)# access-list INBOUND line 10 extended permit tcp 192.168.12.0
255.255.255.0 gt 1024 172.27.16.0 255.255.255.0 lt 4000
To remove an entry from an extended ACL, enter:
host1/Admin(config)# no access-list INBOUND line 10
To allow an external host with IP address 192.168.12.5 to be able to ping a host behind the ACE with an
IP address of 10.0.0.5, enter:
(config)# access-list INBOUND extended permit icmp host 192.168.12.5 host 10.0.0.5 echo
code eq 0
To remove an entry from an ICMP ACL, enter:
(config)# no access-list INBOUND extended permit icmp host 192.168.12.5 echo
To use object groups for all available parameters, enter:
ISM/Admin(config)# access-list acl_name extended {deny | permit} object-group
service_grp_name object-group network_grp_name object-group network_grp_name
Related Commands clear access-list
show access-list
(config) access-list remark
You can add comments about an access control list (ACL) to clarify the function of the ACL. To add a
comment to an ACL, use the access-list remark command. You can enter only one comment per ACL
and the comment appears at the top of the ACL. Use the no form of this command to remove an ACL
remark.
access-list name remark text
no access-list name remark text2-282
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the access-list feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If you delete an ACL using the no access-list name command, then the remarks are also removed.
Examples To add an entry comment to an ACL, enter:
host1/Admin(config)# access-list INBOUND remark This is a remark
To remove entry comments from an ACL, enter:
(config)# no access-list INBOUND line 200 remark
Related Commands clear access-list
show access-list
(config) access-list resequence
To resequence the entries in an extended access control list (ACL) with a specific starting number and
interval, use the access-list resequence command. Use the no form of this command to reset the number
assigned to an ACL entry to the default of 10.
access-list name resequence number1 number2
no access-list name resequence number1 number2
name Unique identifier of the ACL. Enter an unquoted text string with no spaces and a
maximum of 64 alphanumeric characters.
line number (Optional) Specifies the line number position where you want the comments to appear
in the ACL. If you do not specify a line number, the ACE applies a default increment
and a line number to the remark and appends it at the end of the ACL.
remark text Specifies any comments that you want to include about the ACL. Comments appear
at the top of the ACL. Enter an unquoted text string with a maximum of
100 alphanumeric characters. You can enter leading spaces at the beginning of the
text. Trailing spaces are ignored.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-283
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the access-list feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The ability to resequence entries in an ACL is supported only for extended ACLs.
Examples For example, to assign the number 5 to the first entry in the access list INBOUND and then number each
succeeding entry by adding 15 to the preceding entry line number, enter:
host1/Admin(config)# access-list INBOUND resequence 5 15
Related Commands clear access-list
show access-list
(config) action-list type modify http
Action list modify configuration mode commands allow you to configure ACE action lists. An action list
is a named group of actions that you associate with a Layer 7 HTTP class map in a Layer 7 HTTP policy
map. You can create an action list to modify an HTTP header or to rewrite an HTTP redirect URL for
SSL. For information about the commands in action list modify configuration mode, see the “Action List
Modify Configuration Mode Commands” section.
To create an action list, use the action-list type modify http command. The CLI prompt changes to
(config-actlist-modify). Use the no form of this command to remove the action list from the
configuration.
action-list type modify http name
name Unique identifier of the ACL. Enter an unquoted text string with a maximum of
64 alphanumeric characters.
resequence Specifies the renumbering of the entries in an ACL.
number1 Number assigned to the first entry in the ACL. Enter any integer. The default is 10.
number2 Number added to each entry in the ACL after the first entry. Enter any integer. The
default is 10.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-284
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
no action-list type modify http name
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command has no usage guidelines.
Examples To create an action list, enter:
host1/Admin(config)# action-list type modify http HTTP_MODIFY_ACTLIST
host1/Admin(config-actlist-modify)#
To remove the action list from the configuration, enter:
host1/Admin(config)# no action-list type modify http HTTP_MODIFY_ACTLIST
Related Commands show running-config
show stats
name Unique name for the action list. Enter an unquoted text string with a maximum of
64 alphanumeric characters.
ACE Module Release Modification
A2(1.0) This command was introduced.
ACE Appliance Release Modification
A3(1.0) This command was introduced.2-285
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) action-list type optimization http
(ACE appliance only) Action list optimization configuration mode commands allow you to configure
ACE action lists. An action list is a named group of actions that you associate with a Layer 7 HTTP
optimization policy map. The action-list type command allows you to configure a series of application
acceleration and optimization statements. After you enter this command, the system enters the action list
optimization configuration mode.
For information about the commands in action list optimization configuration mode, see the “Action List
Optimization Configuration Mode Commands” section.
To create an optimization action map for performing application acceleration and optimization, use the
action-list type command in global configuration mode. The CLI prompt changes to
(config-actlist-optm). Use the no form of this command to remove an action list from the ACE.
action-list type optimization http list_name
no action-list type optimization http list_name
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines The commands in this mode require the loadbalance feature in your user role. For details about
role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application
Control Engine.
After you configure the action list, you associate it with a specific statement in a Layer 7 HTTP
optimization policy map. The Layer 7 optimization HTTP policy map activates an optimization HTTP
action list that allows you to configure the specified optimization actions.
For information about the commands in action list optimization configuration mode, see the “Action List
Optimization Configuration Mode Commands” section. For details about configuring the commands in
the action list optimization configuration mode, see the Cisco 4700 Series Application Control Engine
Appliance Application Acceleration and Optimization Configuration Guide.
optimization http Specifies an optimization HTTP action list. After you create the
optimization HTTP type action list, you configure application
acceleration and optimization functions in the action list optimization
configuration mode. For information about the commands in action list
optimization configuration mode, see the “Action List Optimization
Configuration Mode Commands” section.
list_name Name assigned to the action list. Enter a unique name as an unquoted
text string with a maximum of 64 alphanumeric characters.
ACE Appliance Release Modification
A1(7) This command was introduced.2-286
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Examples To create an optimization HTTP action list, enter:
host1/Admin(config)# action-list type optimization http ACT_LIST1
host1/Admin(config-actlist-optm)#
To remove the action list from the configuration, enter:
host1/Admin(config)# no action-list type optimization http ACT_LIST1
Related Commands show action-list
show running-config
(config) parameter-map type
(config) policy-map2-287
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) arp
To configure the Address Resolution Protocol (ARP) on the ACE to manage and map IP to Media Access
Control (MAC) information to forward and transmit packets, use the arp command. Use the no form of
this command to remove the ARP entry or reset a default value.
arp {ip_address mac_address | interval seconds | inspection enable [flood | no flood] |
learned-interval seconds | learned-mode enable | rate seconds | ratelimit pps | retries number
| sync disable | sync-interval seconds}
no arp {ip_address mac_address | interval | inspection enable | learned-interval | learned-mode
enable | rate | ratelimit | retries | sync disable | sync-interval}
Syntax Description
Command Modes Configuration mode
ip_address mac_address Static ARP entry in the ARP table that allows ARP responses from an IP
address to a MAC address. Enter the IP address in dotted-decimal notation
(for example, 172.16.56.76). Enter the MAC address in dotted-hexadecimal
notation (for example, 00.60.97.d5.26.ab).
interval seconds Specifies the interval in seconds that the ACE sends ARP requests to the
configured hosts. Enter a number from 15 to 31526000. The default is 300.
inspection enable Enables ARP inspection, preventing malicious users from impersonating
other hosts or routers, known as ARP spoofing. The default is disabled.
flood (Optional) Enables ARP forwarding of nonmatching ARP packets. The
ACE forwards all ARP packets to all interfaces in the bridge group. This is
the default setting.
no flood (Optional) Disables ARP forwarding for the interface and drops
non-matching ARP packets.
learned-interval
seconds
Sets the interval in seconds when the ACE sends ARP requests for learned
hosts. Enter a number from 60 to 31536000. The default is 14400.
learned-mode enable Enables the ACE to learn MAC addresses if the command has been
disabled. By default, for bridged traffic, the ACE learns MAC addresses
from all traffic. For routed traffic, the ACE learns MAC addresses only from
ARP response packets or from packets that are destined to the ACE (for
example, a ping to a VIP or a ping to a VLAN interface).
rate seconds Specifies the time interval in seconds between ARP retry attempts to hosts.
Enter a number from 1 to 60. The default is 10.
ratelimit pps Specifies the rate limit in packets per second for gratuitous ARPs sent by
the ACE. Enter a number from 100 to 8192. The default is 512. Note that
this keyword applies to the entire ACE.
retries number Specifies the number of ARP attempts before the ACE flags the host as
down. Enter a number from 2 to 15. The default is 3.
sync disable Disables the replication of ARP entries. By default, ARP entry replication
is enabled.
sync-interval seconds Specifies the time interval between ARP sync messages for learned hosts.
Enter an integer from 1 to 3600 seconds (1 hour). The default is 5 seconds.2-288
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Admin and user contexts. The ratelimit keyword is available in the Admin context only.
Command History
Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The static arp command in configuration mode now allows the configuration of the multicast MAC
address for a host. The ACE uses this multicast MAC address while sending packets to the host. This
enhancement allows the support of deployments that involve clustering (for example Checkpoint
clustering). A host can be assigned an multicast MAC address with the arp command. The ACE does not
learn the multicast MAC addresses for a host.
ARP inspection operates only on ingress bridged interfaces. By default, ARP inspection is disabled on
all interfaces, allowing all ARP packets through the ACE. When you enable ARP inspection, the ACE
uses the IP address and interface ID (ifID) of an incoming ARP packet as an index into the ARP table.
The ACE then compares the MAC address of the ARP packet with the MAC address in the indexed static
ARP entry in the ARP table and takes the following actions:
• If the IP address, source ifID, and MAC address match a static ARP entry, the inspection succeeds
and the ACE allows the packet to pass.
• If the IP address and interface of the incoming ARP packet match a static ARP entry, but the MAC
address of the packet does not match the MAC address that you configured in that static ARP entry,
ARP inspection fails and the ACE drops the packet.
• If the ARP packet does not match any static entries in the ARP table or there are no static entries in
the table, then you can set the ACE to either forward the packet out all interfaces (flood) or to drop
the packet (no-flood). In this case, the source IP address to MAC address mapping is new to the
ACE. If you enter the flood option, the ACE creates a new ARP entry and marks it as LEARNED.
If you enter the no-flood option, the ACE drops the ARP packet.
The ARP rate limit applies to all gratuitous ARPs sent for local addresses on new configurations, ACE
reboot, and on MAC address changes.
When you change the ARP request internal for learned hosts and configured hosts, the new timeout does
not take effect until the existing time is reached. If you want the new timeout to take effect immediately,
enter the clear arp command to apply the new ARP interval (see the clear arp command).
For more information, see the Routing and Bridging Guide, Cisco ACE Application Control Engine
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
3.0(0)A1(3) This command was revised with the sync disable and sync-interval
keywords.
3.0(0)A1(6.2a) This command was revised with the ratelimit keyword.
A2(3.2) The static arp this command now allows the configuration of a
multicast MAC address.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(2.6) The static arp this command now allows the configuration of a
multicast MAC address. 2-289
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Examples To allow ARP responses from the router at 10.1.1.1 with the MAC address 00.02.9a.3b.94.d9, enter:
host1/contexta(config)# arp 10.1.1.1 00.02.9a.3b.94.d9
To remove a static ARP entry, enter:
host1/contexta(config)# no arp 10.1.1.1 00.02.9a.3b.94.d9
To enable ARP inspection and to drop all nonmatching ARP packets, enter:
host1/contexta(config)# arp inspection enable no-flood
To configure the retry attempt interval of 15 seconds, enter:
host1/contexta(config)# arp rate 15
To reset the retry attempt interval to the default of 10 seconds, enter:
host1/contexta(config)# no arp rate
To disable the replication of ARP entries, enter:
host1/contexta(config)# sync disable
Related Commands clear arp
show arp
(config) banner
Use the banner command to specify a message to display as the message-of-the-day banner when a user
connects to the ACE CLI. Use the no form of this command to delete or replace a banner or a line in a
multiline banner.
banner motd text
no banner motd text
Syntax Description
Command Modes Configuration mode
Admin and user contexts
motd Configures the system to display as the message-of-the-day banner when a user connects to
the ACE.
text Line of message text to be displayed as the message-of-the-day banner. The text string
consists of all characters that follow the first space until the end of the line (carriage return
or line feed). The # character functions as the delimiting character for each line. For the
banner text, spaces are allowed but tabs cannot be entered at the CLI. Multiple lines in a
message-of-the-day banner are handled by entering a new banner command for each line
that you wish to add.
The banner message is a maximum of 80 alphanumeric characters per line, up to a
maximum of 3000 characters (3000 bytes) total for a message-of-the-day banner. This
maximum value includes all line feeds and the last delimiting character in the message.2-290
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command History
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To replace a banner or a line in a multiline banner, use the no banner motd command before adding the new
lines.
To add multiple lines in a message-of-the-day banner, precede each line by the banner motd command.
The ACE appends each line to the end of the existing banner. If the text is empty, the ACE adds a carriage
return (CR) to the banner.
You can include tokens in the form $(token) in the message text. Tokens will be replaced with the
corresponding configuration variable, as follows:
• $(hostname)—Displays the hostname for the ACE during run time.
• $(line)—Displays the tty (teletypewriter) line or name (for example, /dev/console, /dev/pts/0, or 1).
To use the $(hostname) in single line banner motd input, include double quotation marks (“) around the
$(hostname) so that the $ is interpreted to a special character for the beginning of a variable in the single
line. An example is as follows:
switch/Admin(config)# banner motd #Welcome to “$(hostname)”...#
Do not use the double quotation mark (“) or the percent sign (%) as a delimiting character in a single
line message string. Do not use the delimiting character in the message string.
For multiline input, double quotation marks (“) are not required for the token because the input mode is
different from the signal line mode. The ACE treats the double quotation mark (“) as a regular character
when you operate in multiline mode.
Examples To add a message-of-the-day banner, enter:
host1/Admin(config)# banner motd #Welcome to the “$(hostname)”.
host1/Admin(config)# banner motd Contact me at admin@admin.com for any
host1/Admin(config)# banner motd issues.#
Related Commands show banner motd
(config) boot system image:
To set the BOOT environment variable, use the boot system image: command. Use the no form of this
command to remove the name of the system image file.
boot system image:filename
no boot system image:filename
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-291
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Syntax Description
Command Modes Configuration mode
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
You can add several images to the BOOT environment variable to provide a fail-safe boot configuration.
If the first file fails to boot the ACE, subsequent images that are specified in the BOOT environment
variable are tried until the ACE boots or there are no additional images to attempt to boot. If there is no
valid image to boot, the ACE enters ROM-monitor mode where you can manually specify an image to
boot.
The ACE stores and executes images in the order in which you added them to the BOOT environment
variable. If you want to change the order in which images are tried at startup, you can either prepend and
clear images from the BOOT environment variable to attain the desired order or you can clear the entire
BOOT environment variable and then redefine the list in the desired order.
If the file does not exist (for example, if you entered the wrong filename), then the filename is appended
to the boot string, and this message displays:
Warning: File not found but still added in the bootstring.
If the file does exist, but is not a valid image, the file is not added to the bootstring, and this message
displays:
Warning: file found but it is not a valid boot image.
Examples ACE Module Example
To set the BOOT environment variable, enter:
host1/Admin(config)# boot system image:sb-ace.REL_1_0_0
ACE Appliance Example
To set the BOOT environment variable, enter:
host1/Admin(config)# boot system image:ace-t1k9-mzg.3.1.0.bin
Related Commands show bootvar
(config) config-register
filename Name of the system image file.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-292
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) buffer threshold
To set threshold levels for the NP buffers in the active and the standby ACEs and cause the active ACE
to reboot if the thresholds are reached or exceeded, use the buffer threshold command. Use the no form
of this command to .
buffer threshold active number1 standby number2 action reload
no buffer threshold active number1 standby number2 action reload
Syntax Description
Command Modes Configuration mode
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The ACE checks the status of NP buffer usage every five seconds to initiate the reload action if the buffer
threshold is configured and reached, and to generate syslogs if necessary. If the buffer threshold
command is configured and if the NP buffer usage reaches or exceeds the threshold, the ACE reloads. In
a redundant configuration, a switchover occurs and the former standby ACE becomes the active ACE. In
the absence of this command, the automatic reload feature is disabled. You can also use this command
in a stand-alone ACE.
Examples To specify the active NP buffer utilization threshold as 88 percent and the standby NP buffer utilization
threshold as 40 percent, enter the following command:
active number1 Specifies the buffer threshold for the active redundant ACE or stand-alone ACE as
a percentage. Enter 50, 75, 88, 95, or 100. There is no default value. In a redundant
configuration, if the buffer usage of any NP reaches or exceeds the threshold and
each of the NP’s buffer usage in the standby ACE is below the configured standby
threshold, the active ACE reboots and a switchover occurs. For a standalone ACE,
if any of the NP’s buffer usage exceeds the active value, then the ACE reboots.
standby number Specifies the buffer threshold for the standby redundant ACE. Enter 10, 20, 30, 40,
50. There is no default value. In a redundant configuration, if the active ACE buffer
usage reaches or exceeds the configured active threshold and the standby ACE
buffer usage reaches or exceeds the standby threshold, the active ACE does not
reboot and no switchover occurs. For a reload and a switchover to occur, the standby
buffer usage of all NPs must be less than the configured standby threshold value.
action reload Specifies that the ACE reloads when the buffer utilization exceeds the configured
threshold. In a redundant configuration, a switchover occurs upon reload of the
active ACE.
ACE Release Modification
A5(1.0) This command was introduced.2-293
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
host1/Admin(config)# buffer threshold active 88 standby 40 action reload
Related Commands show np2-294
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) class-map
To create a Layer 3 and Layer 4 or a Layer 7 class map, use the class-map command. Use the no form
of the command to remove a class map from the ACE.
class-map [match-all | match-any] map_name
class-map type {ftp inspect match-any | generic {match-all | match-any}} map_name
class-map type {http {inspect | loadbalance} | management | radius loadbalance |
rtsp loadbalance | sip {inspect | loadbalance}} [match-all | match-any] map_name
no class-map [match-all | match-any] map_name
no class-map type {ftp inspect match-any | generic {match-all | match-any}} map_name
no class-map type {http {inspect | loadbalance} | management | radius loadbalance |
rtsp loadbalance | sip {inspect | loadbalance}} [match-all | match-any] map_name
Syntax Description match-all Determines how the ACE evaluates Layer 3 and Layer 4 network traffic when
multiple match criteria exist in a class map. The class map is considered a match if
all the match criteria listed in the class map match the network traffic class in the
class map (typically, match commands of different types). The default setting is to
meet all of the match criteria (match-all) in a class map.
match-any Determines how the ACE evaluates Layer 3 and Layer 4 network traffic when
multiple match criteria exist in a class map. The class map is considered a match if
only one of the match criteria listed in the class map matches the network traffic class
in the class map (typically, match commands of the same type). The default setting
is to meet all of the match criteria (match-all) in a class map.
map_name Name assigned to the class map. Enter an unquoted text string with no spaces and a
maximum of 64 alphanumeric characters. For a Layer 3 and Layer 4 class map, you
enter the class map configuration mode and the prompt changes to (config-cmap).
type Specifies the class map type that is to be defined. When you specify a class map type,
you enter its corresponding class map configuration mode (for example, HTTP
inspection configuration mode).
ftp inspect Specifies a Layer 7 class map for the inspection of File Transfer Protocol (FTP)
request commands. For information about commands in FTP inspection
configuration mode, see the “Class Map FTP Inspection Configuration Mode
Commands” section.
generic Specifies a Layer 7 class map for generic TCP or UDP data parsing. For information
about commands in class map generic configuration mode, see the “Class Map
Generic Configuration Mode Commands” section.
http inspect |
loadbalance
Specifies a Layer 7 class map for HTTP server load balancing (loadbalance
keyword) or a Layer 7 class map for the HTTP deep packet application protocol
inspection (inspect keyword) of traffic through the ACE.
For information about commands in class map HTTP inspection configuration mode,
see the “Class Map HTTP Inspection Configuration Mode Commands” section. For
information about commands in class map HTTP server load-balancing configuration
mode, see the “Class Map HTTP Load Balancing Configuration Mode Commands”
section.2-295
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the inspect, loadbalance, NAT, connection, SSL, or vip feature in your user role,
depending on the type of class map that you want to configure. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Use the class map configuration mode commands to create class maps that classify inbound network
traffic destined to, or passing through, the ACE based on a series of flow match criteria specified in the
class map. The CLI prompt changes correspondingly to the selected class map configuration mode, for
example, (config-cmap), (config-cmap-ftp-insp), (config-cmap-http-lb), or (config-cmap-mgmt).
A Layer 3 and Layer 4 class map contains match criteria that classifies the following:
• Network traffic that can pass through the ACE based on source or destination IP address, source or
destination port, or IP protocol and port
management Specifies a Layer 3 and Layer 4 class map to classify the IP network management
protocols received by the ACE. For information about commands in class map
management configuration mode, see the “Class Map Management Configuration
Mode Commands” section.
radius
loadbalance
Specifies a Layer 7 class map for RADIUS server load balancing of traffic through
the ACE. For information about commands in RADIUS server load-balancing
configuration mode, see the “Class Map RADIUS Load Balancing Configuration
Mode Commands” section.
rtsp
loadbalance
Specifies a Layer 7 class map for RTSP server load balancing of traffic through the
ACE. For information about commands in RTSP server load-balancing configuration
mode, see the “Class Map RTSP Load Balancing Configuration Mode Commands”
section.
sip inspect |
loadbalance
Specifies a Layer 7 class map for SIP server load balancing (loadbalance keyword)
or a Layer 7 class map for the SIP deep packet application protocol inspection
(inspect keyword) of traffic through the ACE.
For information about commands in class map SIP inspection configuration mode,
see the “Class Map SIP Inspection Configuration Mode Commands” section. For
information about commands in class map SIP server load-balancing configuration
mode, see the “Class Map SIP Load Balancing Configuration Mode Commands”
section.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(1.0) This command was revised.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(1.0) This command was revised.2-296
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
• Network management traffic that can be received by the ACE based on the HTTP, HTTPS, ICMP,
SNMP, SSH, or Telnet protocols
A Layer 7 class map contains match criteria that classifies specific Layer 7 protocol information. The
match criteria enables the ACE to do the following:
• Perform server load balancing based on the HTTP cookie, the HTTP header, the HTTP URL,
protocol header fields, or source IP addresses
• Perform deep packet inspection of the HTTP protocol
• Perform FTP request command filtering
The ACE supports a system-wide maximum of 8192 class maps.
For details about creating a class map, see the Administration Guide, Cisco ACE Application Control
Engine.
When multiple match criteria exist in the traffic class, you can identify evaluation instructions using the
match-any or match-all keywords. If you specify match-any, the traffic that is evaluated must match
one of the specified criteria (typically, match commands of the same type). If you specify match-all,
the traffic that is evaluated must match all of the specified criteria (typically, match commands of
different types).
Examples To create a Layer 3 and Layer 4 class map named L4VIP_CLASS that specifies the network traffic that
can pass through the ACE for server load balancing, enter:
host1/Admin(config)# class-map match-all L4VIP_CLASS
host1/Admin(config-cmap)#
To create a Layer 3 and Layer 4 class map named MGMT-ACCESS_CLASS that classifies the network
management protocols that can be received by the ACE, enter:
host1/Admin(config)# class-map type management match-any MGMT-ACCESS_CLASS
host1/Admin(config-cmap-mgmt)#
To create a Layer 7 class map named L7SLB_CLASS that performs HTTP server load balancing, enter:
host1/Admin(config)# class-map type http loadbalance match-any L7SLB_CLASS
host1/Admin(config-cmap-http-lb)#
To create a Layer 7 class map named HTTP_INSPECT_L7CLASS that performs HTTP deep packet
inspection, enter:
(config)# class-map type http inspect match-any HTTP_INSPECT_L7CLASS
host1/Admin(config-cmap-http-insp)#
To create a Layer 7 class map named FTP_INSPECT_L7CLASS that performs FTP command
inspection, enter:
host1/Admin(config)# class-map type ftp inspect match-any FTP_INSPECT_L7CLASS
host1/Admin(config-cmap-ftp-insp)#
Related Commands show startup-config
(config) policy-map
(config) service-policy2-297
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) clock timezone
To set the time zone, use the clock timezone command. Use the no form of this command to configure
independent server groups of Terminal Access Controller Access Control System Plus (TACACS+),
Remote Authentication Dial-In User Service (RADIUS), or Lightweight Directory Access Protocol
(LDAP) servers.
clock timezone {zone_name {+ | –} hours minutes} | {standard time_zone}
no clock timezone
Syntax Description
Command Modes Configuration mode
Admin context only
zone_name 8-letter name of the time zone (for example, PDT) to be displayed when the time zone is
in effect. See Table 1-5 in the “Usage Guidelines” section for a list of the common time
zone acronyms used for this argument.
hours Hours offset from Coordinated Universal Time (UTC).
minutes Minutes offset from UTC. Range is from 0 to 59 minutes.
standard
time_zone
Sets the time to a standard time zone that include an applicable UTC hours offset. Enter
one of the following well-known time zones:
• ACST—Australian Central Standard Time as UTC + 9.5 hours
• AKST—Alaska Standard Time as UTC –9 hours
• AST—Atlantic Standard Time as UTC –4 hours
• BST—British Summer Time as UTC + 1 hour
• CEST—Central Europe Summer Time as UTC + 2 hours
• CET—Central Europe Time as UTC + 1 hour
• CST—Central Standard Time as UTC –6 hours
• EEST—Eastern Europe Summer Time as UTC + 3 hours
• EET—Eastern Europe Time as UTC + 2 hours
• EST—Eastern Standard Time as UTC –5 hours
• GMT—Greenwich Mean Time as UTC
• HST—Hawaiian Standard Time as UTC –10 hours
• IST—Irish Summer Time as UTC + 1 hour
• MSD—Moscow Summer Time as UTC + 4 hours
• MSK—Moscow Time as UTC + 3 hours
• MST—Mountain Standard Time as UTC –7 hours
• PST—Pacific Standard Time as UTC –8 hours
• WEST—Western Europe Summer Time as UTC + 1 hour
• WST—Western Standard Time as UTC + 8 hours2-298
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command History
Usage Guidelines The ACE keeps time internally in Universal Time Coordinated (UTC) offset, so this command is used
only for display purposes and when the time is set manually.
This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Table 1-5 lists common time zone acronyms used for the zone_name argument.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(1.0) The ACST keyword was introduced. It replaced the CST keyword, as
UTC +9.5 hours.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(1.0) The ACST keyword was introduced. It replaced the CST keyword, as
UTC +9.5 hours.
Ta b l e 1-5 Time Zone Acronyms
Acronym Time Zone Name and UTC Offset
Europe
BST British Summer Time as UTC + 1 hour
CET Central Europe Time as UTC + 1 hour
CEST Central Europe Summer Time as UTC + 2 hours
EET Eastern Europe Time as UTC + 2 hours
EEST Eastern Europe Summer Time as UTC + 3 hours
GMT Greenwich Mean Time as UTC
IST Irish Summer Time as UTC + 1 hour
MSK Moscow Time as UTC + 3 hours
MSD Moscow Summer Time as UTC + 4 hours
WET Western Europe Time as UTC
WEST Western Europe Summer Time as UTC + 1 hour
United States and Canada
AST Atlantic Standard Time as UTC –4 hours
ADT Atlantic Daylight Time as UTC –3 hours
CT Central Time, either as CST or CDT, depending on the place and time of
the year
CST Central Standard Time as UTC –6 hours
CDT Central Daylight Saving Time as UTC –5 hours
ET Eastern Time, either as EST or EDT, depending on the place and time of
the year2-299
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Examples To set the time zone to PST and to set an UTC offset of –8 hours, enter:
host1/Admin(config)# clock timezone PST -8 0
To remove the clock time-zone setting, enter:
host1/Admin(config)# no clock timezone PST -8 0
Related Commands (ACE appliance only) clock set
show clock
(config) clock summer-time
EST Eastern Standard Time as UTC –5 hours
EDT Eastern Daylight Saving Time as UTC –4 hours
MT Mountain Time, either as MST or MDT, depending on the place and time
of the year
MDT Mountain Daylight Saving Time as UTC –6 hours
MST Mountain Standard Time as UTC –7 hours
PT Pacific Time, either as PST or PDT, depending on the place and time of the
year
PDT Pacific Daylight Saving Time as UTC –7 hours
PST Pacific Standard Time as UTC –8 hours
AKST Alaska Standard Time as UTC –9 hours
AKDT Alaska Standard Daylight Saving Time as UTC –8 hours
HST Hawaiian Standard Time as UTC –10 hours
Australia
CST Central Standard Time as UTC + 9.5 hours
EST Eastern Standard/Summer Time as UTC + 10 hours (+11 hours during
summer time)
WST Western Standard Time as UTC + 8 hours
Table 1-5 Time Zone Acronyms (continued)
Acronym Time Zone Name and UTC Offset2-300
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) clock summer-time
To configure the ACE to change the time automatically to summer time (daylight saving time), use the
clock summer-time command. Use the no form of this command to remove the clock summer-time
setting.
clock summer-time {daylight_timezone_name start_week start_day start_month start_time
end_week end_day end_month end_time daylight_offset | standard time_zone}
no clock summer-time
Syntax Description
Command Modes Configuration mode
Admin context only
daylight_timezone_name 8-letter name of the time zone (for example, PDT) to be displayed when
summer time is in effect. For a list of the common time zone acronyms
used for this argument, see the “Usage Guidelines” section for the
(config) clock timezone command.
start_week Start week for summer time, ranging from 1 through 5.
start_day Start day for summer time, ranging from Sunday through Saturday.
start_month Start month for summer time, ranging from January through December.
start_time Start time (military time) in hours and minutes.
end_week End week for summer time, ranging from 1 through 5.
end_day End day for summer time, ranging from Sunday through Saturday.
end_month End month for summer time, ranging from January through December.
end_time End time (military format) in hours and minutes.
daylight_offset Number of minutes to add during summer time. Valid entries are from
1 to 1440. The default is 60.
standard time_zone Sets the daylight time to a standard time zone that includes an
applicable daylight time start and end range along with a daylight offset.
Enter one of the following well-known time zones:
• ADT—Atlantic Daylight Time: 2 a.m. first Sunday in April—2
a.m. last Sunday in October, + 60 minutes
• AKDT—Alaska Standard Daylight Time: 2 a.m. first Sunday in
April—2 a.m. last Sunday in October, + 60 minutes
• CDT—Central Daylight Time: 2 a.m. first Sunday in April—2 a.m.
last Sunday in October, + 60 minutes
• EDT—Eastern Daylight Time: 2 a.m. first Sunday in April—2 a.m.
last Sunday in October, + 60 minutes
• MDT—Mountain Daylight Time: 2 a.m. first Sunday in April—
2 a.m. last Sunday in October, + 60 minutes
• PDT—Pacific Daylight Time: 2 a.m. first Sunday in April—2 a.m.
last Sunday in October, + 60 minutes2-301
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The first part of the command specifies when summer time begins, and the second part of the command
specifies when summer time ends. All times are relative to the local time zone; the start time is relative
to standard time and the end time is relative to summer time. If the starting month is after the ending
month, the ACE assumes that you are located in the southern hemisphere.
Examples To specify that summer time begins on the first Sunday in April at 02:00 and ends on the last Sunday in
October at 02:00, with a daylight offset of 60 minutes, enter:
host1/Admin(config)# clock summer-time Pacific 1 Sun Apr 02:00 5 Sun Oct 02:00 60
To remove the clock summer-time setting, enter:
host1/Admin(config)# no clock summer-time
Related Commands show clock
(config) clock timezone
(config) config-register
To change the configuration register settings, use the config-register configuration command. Use the
no form of this command to reset the config-register to its default setting.
config-register value
no config-register value
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-302
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Syntax Description
Command Modes Configuration mode
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
You can modify the boot method that the ACE uses at the next startup by setting the boot field in the
software configuration register. The configuration register identifies how the ACE should boot.
For the ACE module, it also identifies where the system image is stored. You can modify the boot field
to force the ACE to boot a particular system image at startup instead of using the default system image.
The config-register command affects only the configuration register bits that control the boot field and
leaves the remaining bits unaltered.
value Configuration register value that you want to use the next time that you restart the ACE.
• For the ACE module, the supported value entries are as follows:
– 0—(default) Upon reboot, the ACE boots to ROM monitor. The ACE remains in
ROM monitor mode at startup.
– 1—Upon reboot, the ACE boots the system image identified in the BOOT
environment variable (see the (config) boot system image: command). The BOOT
environment variable specifies a list of image files on various devices from which
the ACE can boot at startup. If the ACE encounters an error or if the image is not
valid, it will try the second image (if one is specified). If the second image also fails
to boot, the ACE returns to ROM monitor.
• For the ACE appliance, the supported value entries are as follows:
– 0x0—Upon reboot, the ACE boots to the GNU GRand Unified Bootloader (GRUB).
From the GRUB boot loader, you specify the system boot image to use to boot the
ACE. Upon startup, the ACE loads the startup-configuration file stored in Flash
memory (nonvolatile memory) to the running-configuration file stored in RAM
(volatile memory).
– 0x1—(default) Upon reboot, the ACE boots the system image identified in the
BOOT environment variable (see (config) boot system image:). The BOOT
environment variable specifies a list of image files on various devices from which
the ACE can boot at startup. If the ACE encounters an error or if the image is not
valid, it will try the second image (if one is specified). Upon startup, the ACE loads
the startup-configuration file stored in Flash memory (nonvolatile memory) to the
running-configuration file stored in RAM (volatile memory).
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-303
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Examples ACE Module Example
To set the boot field in the configuration register to boot the system image identified in the BOOT
environment variable upon reboot, enter:
host1/Admin(config)# config-register 1
ACE Appliance Example
To set the boot field in the configuration register to boot the system image identified in the BOOT
environment variable upon reboot and to load the startup-configuration file stored in Flash memory,
enter:
host1/Admin(config)# config-register 0x1
Related Commands (config) boot system image:
(config) context
To create a context, use the context command. The CLI prompt changes to (config-context). A context
provides a user view into the ACE and determines the resources available to a user. Use the no form of
this command to remove a context.
context name
no context name
Syntax Description
Command Modes Configuration mode
Admin context only
Command History
name Name that designates a context. Enter an unquoted text string with no spaces and a maximum
of 64 alphanumeric characters. Do not configure a context name that contains opening
braces, closing braces, white spaces, or any of the following characters: ` $ % & * ( ) \ | ; ' "
< > / ?
Do not start the context name with the following characters: - . # ~
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(2.3) This command no longer supports you from configuring a context
name that contains opening braces, closing braces, white spaces, or
any of the following symbols: ` $ % & * ( ) \ | ; ' " < > / ? 2-304
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
By default, the ACE allows you to create and use five user-configured contexts plus the default Admin
context. To use a maximum of 251 contexts (Admin context plus 250 user contexts), you must purchase
an additional license from Cisco Systems.
Examples To create a context called C1, enter:
host1/Admin(config)# context C1
host1/Admin(config-context)#
To remove the context from the configuration, enter:
host1/Admin(config)# no context C1
Related Commands changeto
show context
show user-account
show users
(config) crypto authgroup
To create a certificate authentication group, use the crypto authgroup command. Once you create an
authentication group, the CLI enters into the authentication group configuration mode, where you add
the required certificate files to the group. Use the no form of this command to delete an existing
authentication group.
crypto authgroup group_name
no crypto authgroup group_name
Syntax Description
Command Modes Configuration mode
Admin and user contexts
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(2.3) This command no longer supports you from configuring a context
name that contains opening braces, closing braces, white spaces, or
any of the following symbols: ` $ % & * ( ) \ | ; ' " < > / ?
group_name Name that you assign to the authentication group. Enter an unquoted text string
with no spaces and a maximum of 64 alphanumeric characters. 2-305
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command History
Usage Guidelines This command requires the Secure Sockets Layer (SSL) feature in your user role. For details about
role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application
Control Engine.
By creating an authentication group, you can implement a group of certificates that are trusted as
certificate signers on the ACE. After creating the authentication group and assigning its certificates, you
can configure client authentication on an SSL-proxy service by assigning the authentication group to the
service. You include an authentication group in the handshake process by configuring the SSL
proxy-service with the authentication group (see the (config) ssl-proxy service command).
You can configure an authentication group with up to ten certificates.
Examples To create the authentication group AUTH-CERT1, enter:
host1/Admin(config)# crypto authgroup AUTH-CERT
Related Commands (config) ssl-proxy service
(config) crypto chaingroup
To create a certificate chain group, use the crypto chaingroup command. Once you create a chain group,
the CLI enters into the chaingroup configuration mode, where you add the required certificate files to
the group. Use the no form of this command to delete an existing chain group.
crypto chaingroup group_name
no crypto chaingroup group_name
Syntax Description
Command Modes Configuration mode
Admin and user contexts
ACE Module Release Modification
A2(1.0) This command was introduced.
A4(1.0) The number of certificates in an authentication group was increased
from 4 to 10.
ACE Appliance Release Modification
A1(7) This command was introduced.
A4(1.0) The number of certificates in an authentication group was increased
from 4 to 10.
group_name Name that you assign to the chain group. Enter an unquoted text string with no
spaces and a maximum of 64 alphanumeric characters. 2-306
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command History
Usage Guidelines This command requires the Secure Sockets Layer (SSL) feature in your user role. For details about
role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application
Control Engine.
A chain group specifies the certificate chains that the ACE sends to its peer during the handshake
process. A certificate chain is a hierarchal list of certificates that includes the subject’s certificate, the
root CA certificate, and any intermediate CA certificates. You include a chain group in the handshake
process by configuring the SSL proxy service with the chain group (see the (config) ssl-proxy service
command).
Each context on the ACE can contain up to eight chain groups.
Examples To create the chain group MYCHAINGROUP, enter:
host1/Admin(config)# crypto chaingroup MYCHAINGROUP
Related Commands (config) ssl-proxy service
(config) crypto crl
To download a certificate revocation list (CRL) to the ACE, use the crypto crl command. Use the no
form of this command to remove a CRL.
crypto crl crl_name url
no crypto crl crl_name
Syntax Description
Command Modes Configuration mode
Admin and user contexts
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.
crl_name Name that you assign to the CRL. Enter an unquoted text string with no spaces
and a maximum of 64 alphanumeric characters.
url URL where the ACE retrieves the CRL. Enter the URL full path including the
CRL filename in an unquoted alphanumeric string with a maximum of
255 characters. Both HTTP and LDAP URLs are supported. Start the URL with
the http:// prefix or the ldap:// prefix. 2-307
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command History
Usage Guidelines This command requires the Secure Sockets Layer (SSL) feature in your user role. For details about
role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application
Control Engine.
You can use a CRL downloaded to the ACE for client or server authentication on an SSL proxy service.
After you download the CRL, you can assign it to an SSL proxy service for either client or server
authentication (see (config-ssl-proxy) crl for more information).
The ldap:/// prefix is not considered a valid LDAP CRL link in the CDP portion of the server certificate.
Valid formats for LDAP URLs are as follows:
• ldap://10.10.10.1:389/dc=cisco,dc=com?o=bu?certificateRevocationList
• ldap://10.10.10.1/dc=cisco,dc=com?o=bu?certificateRevocationList
• ldap://ldapsrv.cisco.com/dc=cisco,dc=com?o=bu?certificateRevocationList
• ldap://ldapsrv.cisco.com:389/dc=cisco,dc=com?o=bu?certificateRevocationList
To use a question mark (?) character as part of the URL, press Ctrl-v before entering it. Otherwise the
ACE interprets the question mark as a help command.
You can configure up to eight CRLs per context.
Examples To download a CRL that you want to name CRL1 from http://crl.verisign.com/class1.crl, enter:
host1/Admin(config)# crypto crl CRL1 http://crl.verisign.com/class1.crl
To remove the CRL, enter:
host1/Admin(config)# no crypto crl CRL1
Related Commands (config) ssl-proxy service
(config) crypto crlparams
To configure signature verification on a Certificate Revocation List (CRL) to determine that it is from a
trusted certificate authority or to configure a timeoute for CRL downloads to specify the maximum wait
time for the ACE to retrieve the CRL data from a server, use the crypto crlparams command. Use the
no form of this command to remove the CRL global parameters.
ACE Module Release Modification
A2(1.0) This command was introduced.
A2(2.0) This command was revised to support LDAP URLs and increased the
number of CRLs per context from four to eight.
ACE Appliance Release Modification
A3(1.0) This command was introduced.
A4(1.0) This command was revised to support LDAP URLs and increased the
number of CRLs per context from four to eight.2-308
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
crypto crlparams crl_name {cacert ca_cert_filename | timeout number}
no crypto crlparams crl_name {cacert ca_cert_filename | timeout number}
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the PKI feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
In the absence of the timeout keyword, if the ACE does not receive the complete certificate revocation
list (CRL) in a timely manner from a CRL server or the server does not close the connection, the ACE
continues to wait for the data to arrive. While it is waiting for the CRL data, the ACE keeps the socket
connection with the server open until the TCP connection with the server is closed because of inactivity.
The TCP inactivity timer value could be as large as an hour. There is no way to clear this already
established connection with the CRL server even if the static CRL is removed from the configuration.
Examples To download a CRL that you want to name CRL1 from http://crl.verisign.com/class1.crl, enter:
host1/Admin(config)# crypto crl CRL1 http://crl.verisign.com/class1.crl
To remove the CRL, enter:
host1/Admin(config)# no crypto crl CRL1
to configure a 200-second CRL download timeout for CRL1, enter the following command:
crl_name Name that you assign to the CRL. Enter an unquoted text string with no spaces
and a maximum of 64 alphanumeric characters.
cacert
ca_cert_filename
Name of the CA certificate file used for signature verification.
timeout number Specifies the time in seconds that the ACE waits for the CRL data before closing
the connection with the server. For static CRLs, enter an integer from 2 to 300.
For best-effort CRLs, the timeout is 60 seconds and not user-configurable. If the
ACE does not receive the entire CRL data within the timeout limit, the ACE closes
the socket connection with the server. For static CRLs, you can abort the CRL data
download by removing the static CRL from the configuration.
ACE Module Release Modification
A2(1.4) and A2(2.1) This command was introduced.
A4(1.1) Added the timeout number keyword and argument.
ACE Appliance Release Modification
A3(2.2) This command was introduced.
A4(1.1) Added the timeout number keyword and argument.2-309
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
host1/Admin(config)# crypto crl-params CRL1 timeout 200
When the CRL data download timeout expires and the download is aborted, the ACE generates a syslog
to log the event as follows:
%ACE-6-253008: CRL crl_name could not be retrieved, reason: crl data dnld timeout error
The crl_name variable indicates the name of an existing CRL whose download was aborted because the
CRL download timeout expired.
To return the behavior of the ACE to the default of waiting until the entire CRL is downloaded before
closing the SSL connection or waiting for the TCP inactivity timeout to close the TCP connection, enter
the following command:
host1/Admin(config)# no crypto crl-params CRL1 timeout 200
Related Commands (config) ssl-proxy service
(config) crypto csr-params
To create a Certificate Signing Request (CSR) parameter set to define a set of distinguished name
attributes, use the crypto csr-params command. Use the no form of this command to remove an existing
CSR parameter set.
crypto csr-params csr_param_name
no crypto csr-params csr_param_name
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the SSL feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
csr_param_name Name that designates a CSR parameter set. Enter an unquoted text string with no
spaces and a maximum of 64 alphanumeric characters.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-310
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
A CSR parameter set defines the distinguished name attributes that the ACE applies to the CSR during
the CSR-generating process. The distinguished name attributes provide the CA with the information that
it needs to authenticate your site. Creating a CSR parameter set allows you to generate multiple CSRs
with the same distinguished name attributes. You can create up to eight CSR parameter sets per context.
When you use the crypto csr-params command to specify a CSR parameter set, the prompt changes to
the csr-params configuration mode (for more information on this mode and commands, see the “CSR
Parameters Configuration Mode Commands” section), where you define each of the distinguished name
attributes. The ACE requires that you define the following attributes:
Country name
• State or province
• Common name
• Serial number
If you do not configure the required attributes, the ACE displays an error message when you attempt to
generate a CSR using the incomplete CSR parameter set.
Examples To create the CSR parameter set CSR_PARAMS_1, enter:
host1/Admin(config)# crypto csr-params CSR_PARAMS_1
host1/Admin(config-csr-params)
Related Commands crypto generate csr
show crypto
(config) crypto ocspserver
To configure an Online Certificate Status Protocol (OCSP) server that the ACE uses for revocation
checks, use the crypto ocspserver command. By default, SSL rehandshake is disabled in all ACE
contexts. Use the no form of this command to reset the default behavior.
crypto ocspserver ocsp_server_name url [conninactivitytout timeout] [nonce enable | disable]
[reqsigncert signer_cert_filename {reqsignkey signer_key_filename}] [respsigncert
response_signer_cert]
no crypto ocspserver ocsp_server_name url [conninactivitytout timeout] [nonce enable | disable]
[reqsigncert signer_cert_filename {reqsignkey signer_key_filename}] [respsigncert
response_signer_cert]
Syntax Description ocsp_server_name Identifier of the OCSP server. You use this name to apply the OCSP server to an
SSL proxy service. Enter an unquoted text string with no spaces and a maximum
of 64 alphanumeric characters.
url HTTP URL in the form: http://ocsphost.com:port_id/. The port ID is optional. If
you do not specify a port, the default value of 2560 is used. You can specify either
an IPv4- or an IPv6-based URL. Enter an unquoted text string with no spaces and
a maximum of 255 alphanumeric characters.
conninactivitytout
timeout
(Optional) TCP connection inactivity timeout. in seconds. Enter an integer from 2
to 3600. The default is 300 seconds.2-311
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command Modes Configuration mode
All contexts
Command History
Usage Guidelines This command requires the SSL feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
OCSP has the following configurations guidelines and restrictions:
• You can configure a maximum of 64 OCSP servers in the ACE.
• You can configure a maximum of 10 OCSP servers in an SSL proxy service.
• The ACE can handle a maximum of 64 OCSP server connections with both static and best effort
OCSP servers combined.
• If you configure best-effort OCSP servers and best-effort CRLs in the same proxy list, the ACE
extracts a maximum of four AIAs and four CDPs to conserve resources.
• Client authentication may be delayed when you configure OCSP servers and CRLs in the same SSL
proxy service.
• The ACE does not perform authentication and revocation checks on response signer certificates.
Examples To configure an OCSP server that the ACE uses to check the revocation status of SSL certificates, enter
the following command:
host1/Admin(config)# crypto ocspserver OCSP_SSERVER1 http://10.10.10.10/ nonce enable
conninactivitytout 60
To remove an OCSP server from the configuration, enter the following command:
nonce enable |
disable
(Optional) Enables or disables the use of a nonce. By default, nonce is disabled. A
nonce is a unique string that is used to bind OCSP requests and responses. When a
nonce is enabled, the ACE includes a unique string in the requests that is sends to
the OCSP server. The server must include the string in its responses to the ACE to
verify the response.
reqsigncert
signer_cert_filename
(Optional) Signer’s certificate filename to sign outgoing requests to the OCSP
server. By default, the request is not signed.
reqsignkey
signer_key_filename
(Optional) Signer’s private key filename to sign outgoing requests to the OCSP
server. By default, the request is not signed. If you enter the reqsigncert option,
you must enter the reqsignkey option.
respsigncert
response_signer_cert
(Optional) Certificate to verify the signature of the OCSP server responses. By
default, the signature in the response from the OCSP server are not verified.
ACE Module Release Modification
A5(1.0) This command was introduced.
ACE Appliance Release Modification
A5(1.0) This command was introduced.2-312
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
host1/Admin(config)# no crypto ocspserver OCSP_SSERVER1
Related Commands show crypto
(config) crypto rehandshake enabled
To enable SSL rehandshake for all VIPs in a context, use the crypto rehandshake enabled command in
configuration mode. By default, SSL rehandshake is disabled in all ACE contexts. Use the no form of
this command to reset the default behavior.
crypto rehandshake enabled
no crypto rehandshake enabled
Syntax Description This command has no keywords or arguments.
Command Modes Configuration mode
All contexts
Command History
Usage Guidelines This command requires the SSL feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The crypto rehandshake enabled configuration mode command overrides the rehandshake enable
parameter map command that you can configure individually in an SSL proxy service.
Examples To enable SSL rehandshake for all VIPs in a context, enter:
host1/Admin(config)# crypto rehandshake enabled
To return the ACE behavior to the default of rehandshake being disabled, enter:
host1/Admin(config)# no crypto rehandshake enabled
Related Commands show crypto
(config-parammap-ssl) rehandshake enabled
ACE Module Release Modification
A4(1.0) This command was introduced.
ACE Appliance Release Modification
A4(1.0) This command was introduced.2-313
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) domain
To create a domain, use the domain command. The CLI prompt changes to (config-domain). See the
“Domain Configuration Mode Commands” section for details. Use the no form of this command to
remove a domain from the configuration.
domain name
no domain name
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
You can configure a maximum of 63 domains in each context.
A domain does not restrict the context configuration that you can display using the show running-config
command. You can still display the running configuration for the entire context. However, you can
restrict your access to the configurable objects within a context by adding to the domain only a limited
subset of all the objects available to a context. To limit a user’s ability to manipulate the objects in a
domain, you can assign a role to that user. For more information about domains and user roles, see the
Virtualization Guide, Cisco ACE Application Control Engine.
You can configure KAL-AP TAGs as domains. For the domain load calculation, the ACE considers the
Layer 3 class map, server farm, and real server objects. All other objects under the domain are ignored
during the calculation.
Examples To create a domain named D1, enter:
host1/Admin(config)# domain D1
host1/Admin(config-domain)#
name Name for the domain. Enter an unquoted text string with no spaces and a maximum of
76 alphanumeric characters.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(2.0) The length of the name argument changes from 64 to 76 characters.
ACE Appliance Release Modification
A1(7) This command was introduced.2-314
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Related Commands (config) context
show user-account
show users
(config) end
To exit from configuration mode and return to Exec mode, use the end command.
end
Syntax Description This command has no keywords or arguments.
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command has no user role restrictions. For details about role-based access control (RBAC) and user
roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
You can also press Ctrl-Z or enter the exit command to exit configuration mode.
Examples To exit from configuration mode and return to Exec mode, enter:
host1/Admin(config)# end
host1/Admin#
Related Commands This command has no related commands.
(config) exit
To exit from the current configuration mode and return to the previous mode, use the exit command.
exit
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-315
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Syntax Description This command has no keywords or arguments.
Command Modes All configuration modes
Admin and user contexts
Command History
Usage Guidelines This command has no user role restrictions. For details about role-based access control (RBAC) and user
roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
In configuration mode, the exit command transitions to the Exec mode.
In all other configuration modes, the exit command transitions to the previous configuration mode.
You can also press Ctrl-Z, enter the (config) end command, or enter the exit command to exit
configuration mode.
Examples To exit from configuration mode and return to Exec mode, enter:
host1/Admin(config)# exit
host1/Admin#
To exit from interface configuration mode and return to configuration mode, enter:
host1/Admin(config-if)# exit
host1/Admin(config)#
Related Commands This command has no related commands.
(config) ft auto-sync
To enable automatic synchronization of the running-configuration and the startup-configuration files in
a redundancy configuration, use the ft auto-sync command. Use the no form of this command to disable
the automatic synchronization of the running-configuration or the startup-configuration file.
ft auto-sync {running-config | startup-config}
no ft auto-sync {running-config | startup-config}
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-316
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the fault-tolerant feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
By default, the ACE automatically updates the running configuration on the standby context of an FT
group with any changes that occur to the running configuration of the active context. If you disable the
ft auto-sync command, you need to update the configuration of the standby context manually. For more
information about configuration synchronization and configuring redundancy, see the Administration Guide,
Cisco ACE Application Control Engine.
Caution Toggling ft auto-sync running-config in the Admin context may have undesirable side effects if the
same command is also disabled in an active user context. If the ft auto-sync running-config command
is disabled in the active Admin context and in an active user context, and you subsequently enable the ft
auto-sync running-config command in the active Admin context first, the entire configuration of the
standby user context will be lost. Always enter the ft auto-sync running-config command in the active
user context first, and then enable the command in the active Admin context.
The ACE does not copy or write changes in the running-configuration file to the startup-configuration
file unless you enter the copy running-config startup-config command or the write memory command
for the current context. To write the contents of the running-configuration file to the
startup-configuration file for all contexts, use the write memory all command. At this time, if the ft
auto-sync startup-config command is enabled, the ACE syncs the startup-configuration file on the
active ACE to the standby ACE.
The ACE does not synchronize the SSL certificates and key pairs that are present in the active context
with the standby context of an FT group. If the ACE performs a configuration synchronization and does
not find the necessary certs and keys in the standby context, config sync fails and the standby context
enters the STANDBY_COLD state.
running-config Enables autosynchronization of the running-configuration file. The default is
enabled.
startup-config Enables autosynchronization of the startup-configuration file. The default is
enabled.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-317
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Caution Do not enter the no inservice command followed by the inservice command on the active context of an
FT group when the standby context is in the STANDBY_COLD state. Doing so may cause the standby
context running-configuration file to overwrite the active context running-configuration file.
To copy the certs and keys to the standby context, you must export the certs and keys from the active
context to an FTP or TFTP server using the crypto export command, and then import the certs and keys
to the standby context using the crypto import command. For more information about importing and
exporting certs and keys, see the SSL Guide, Cisco ACE Application Control Engine.
To return the standby context to the STANDBY_HOT state in this case, ensure that you have imported
the necessary SSL certs and keys to the standby context, and then perform a bulk sync of the active
context configuration by entering the following commands in configuration mode in the active context
of the FT group:
1. no ft auto-sync running-config
2. ft auto-sync running-config
Examples To enable autosynchronization of the running-configuration file in the C1 context, enter:
host1/C1(config)# ft auto-sync running-config
Related Commands (config) ft group
(config) ft interface vlan
(config) ft peer
(config) ft track host
(ACE module only) (config) ft track hsrp
(config) ft track interface
(config) ft connection-sync disable
By default, connection replication is enabled. There may be times when you want to disable it. To disable
connection replication, use the ft connection-sync disable command. The syntax of this command is as
follows:
ft connection-sync disable
no ft connection-sync disable
Syntax Description This command has no keywords or arguments.
Command Modes Configuration mode
Admin and user contexts2-318
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command History
Usage Guidelines This command requires the fault-tolerant feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Initially, after you disable connection replication, the active ACE does not synchronize connections to
the standby ACE. After a bulk sync:
• New connections are not synchronized
• Connections are not updated in a periodic scan
• Connections that are already synchronized on the standby are not torn down
If you enable connection replication after a bulk sync occurs, the ACE takes the following actions:
• New connections are synced immediately
• Existing connections are synced in the next periodic cycle (in approximately 3 to 4 minutes)
Sticky replication is disabled by default and you can configure it on a per sticky group basis. The
replicate sticky command takes precedence over the ft connection-sync disable command, so new
client connections can be load balanced to the same server even when connection replication is disabled.
Note the following caveats with stickiness when connection replication is disabled:
• The sticky database is not always in sync on the standby. With connection replication disabled,
sticky connections on the active close normally, but on the standby the connections time out
according to the idle timeout setting.
• When sticky entries are approaching their expiration time, it is possible to have a zero
active-conns-count on the standby and still have active connections on the active ACE. This
condition can lead to sticky entries that are not present after a switchover.
Examples To disable connection replication in the C1 context, enter the following command:
host1/C1(config)# ft connection-sync disable
To reenable connection replication after you have disabled it, enter the following command:
host1/Admin(config)# no ft connection-sync disable
Related Commands (config) ft auto-sync
(config) ft group
To create a fault-tolerant (FT) group for redundancy, use the ft group command. After you enter this
command, the system enters the FT group configuration mode. Use the no form of this command to remove
an FT group from the configuration.
ACE Module Release Modification
A4(1.1) This command was introduced.
ACE Appliance Release Modification
A4(1.1) This command was introduced.2-319
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
ft group group_id
no ft group group_id
Syntax Description
Command Modes Configuration mode
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
You must configure the same group ID on both peer ACEs.
On each ACE, you can create multiple FT groups:
• For ACE module, up to a maximum of 251 (250 contexts and 1 Admin context)
• For ACE appliance, up to a maximum of 64 groups
Each group consists of a maximum of two members (contexts): one active context on one ACE and one
standby context on the peer ACE.
For information about the commands in FT group configuration mode, see the “FT Group Configuration
Mode Commands” section.
Examples To configure an FT group, enter:
host1/Admin(config)# ft group 1
host1/Admin(config-ft-group)#
To remove the group from the configuration, enter:
host1/Admin(config)# no ft group 1
Related Commands (config) ft auto-sync
(config) ft interface vlan
group-id Unique identifier of the FT group.
• For the ACE module, enter an integer from 1 to 255.
• For the ACE appliance, enter an integer from 1 to 64.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(2.6) The number of FT groups increased from 21 to 64.2-320
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) ft peer
(config) ft track host
(ACE module only) (config) ft track hsrp
(config) ft track interface
(config) ft interface vlan
To create a dedicated fault-tolerant (FT) VLAN over which two redundant peers communicate, use the ft
interface vlan command. After you enter this command, the system enters the FT interface configuration
mode. Use the no form of this command to remove an FT VLAN from the configuration.
ft interface vlan vlan_id
no ft interface vlan vlan_id
Syntax Description
Command Modes Configuration mode
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Peer ACEs communicate with each other over a dedicated FT VLAN. These redundant peers use the FT
VLAN to transmit and receive heartbeat packets and state and configuration replication packets. You
must configure the same VLAN on each peer ACE. You cannot use this VLAN for normal network traffic
and the FT VLAN does not support IPv6.
To remove an FT VLAN, first remove it from the FT peer using the no ft interface vlan command in FT
peer configuration mode. See the (config-ft-peer) ft-interface vlan command for more information.
(ACE appliance only) To configure one of the Ethernet ports or a port-channel interface on the ACE for
fault tolerance using a dedicated FT VLAN for communication between the members of an FT group,
use the ft-port vlan command in interface configuration mode. See the (config-if) ft-port vlan
command for more information.
(ACE appliance only) On both peer ACE appliances, you must configure the same Ethernet port or
port-channel interface as the FT VLAN port. For example:
vlan_id Unique identifier for the FT VLAN. Enter an integer from 2 to 4094.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-321
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
• If you configure ACE appliance 1 to use Ethernet port 4 as the FT VLAN port, then be sure to configure
ACE appliance 2 to use Ethernet port 4 as the FT VLAN port.
• If you configure ACE appliance 1 to use port-channel interface255 as the FT VLAN port, then be sure
to configure ACE appliance 2 to use port-channel interface 255 as the FT VLAN.
Examples To configure an FT VLAN, enter:
host1/Admin(config)# ft interface vlan 200
host1/Admin(config-ft-intf)#
To remove the FT VLAN from the redundancy configuration, enter:
host1/Admin(config)# no ft interface vlan 200
Related Commands (config) ft auto-sync
(config) ft group
(config) ft peer
(config) ft track host
(ACE module only) (config) ft track hsrp
(config) ft track interface
(ACE appliance only) (config-if) ft-port vlan
(config) ft peer
On both peer ACEs, configure an FT peer definition. To create an FT peer, use the ft peer command.
After you enter this command, the system enters the FT peer configuration mode. You can configure a
maximum of two ACEs as redundancy peers. Use the no form of this command to remove the FT peer
from the configuration.
ft peer peer_id
no ft peer peer_id
Syntax Description
Command Modes Configuration mode
Admin context only
Command History
peer_id Unique identifier of the FT peer. Enter 1.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-322
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Each ACE ACE can have one FT peer. FT peers are redundant ACE ACEs that communicate with each other
over a dedicated FT VLAN.
Before you can remove an FT peer from the configuration, remove the peer from the FT group using the
no peer command in FT group configuration mode.
For information about the commands in FT peer configuration mode, see the “FT Peer Configuration
Mode Commands” section.
Examples To configure an FT peer, enter:
host1/Admin(config)# ft peer 1
host1/Admin(config-ft-peer)#
Related Commands (config) ft auto-sync
(config) ft group
(config) ft interface vlan
(config) ft track host
(ACE module only) (config) ft track hsrp
(config) ft track interface
(config) ft track host
To create a tracking and failure detection process for a gateway or host, use the ft track host command.
After you enter this command, the system enters FT track host configuration mode. Use the no form of this
command to remove the gateway-tracking process.
ft track host name
no ft track host name
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
name Unique identifier of the tracking process for a gateway or host. Enter an unquoted text string
with no spaces and a maximum of 64 alphanumeric characters.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-323
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Usage Guidelines This command requires the fault-tolerant (FT) feature in your user role. For details about role-based
access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control
Engine.
For information about commands in FT track host configuration mode, see the “FT Track Host
Configuration Mode Commands” section.
For details about configuring redundant ACE ACEs, see the Administration Guide, Cisco ACE
Application Control Engine.
Examples To create a tracking process for a gateway, enter:
host1/Admin(config)# ft track host TRACK_GATEWAY1
host1/Admin(config-ft-track-host)#
To remove the gateway-tracking process, enter:
host1/Admin(config)# no ft track host TRACK_GATEWAY1
Related Commands (ACE module only) (config) ft track hsrp
(config) ft track interface
(config) ft track hsrp
(ACE module only) To configure failure detection and tracking for a Hot Standby Router Protocol
(HSRP) group, use the ft track hsrp command. After you enter this command, the system enters FT track
hsrp configuration mode. Use the no form of this command to stop tracking for an HSRP group.
ft track hsrp name
ft track hsrp name
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the fault-tolerant (FT) feature in your user role. For details about role-based
access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control
Engine.
name Unique identifier of the tracking process for an HSRP group. Enter an unquoted text string
with no spaces and a maximum of 64 alphanumeric characters.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.2-324
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
You must configure the HSRP group on the supervisor engine on the Catalyst 6500 series switch before
you configure HSRP tracking on the ACE. Failure to do so may result in erroneous state information for
the HSRP group being displayed in the show ft track detail command output in Exec mode. For
information about commands in FT track hsrp configuration mode, see the “FT Track Interface
Configuration Mode Commands” section.
For details about configuring redundant ACE ACEs, see the Administration Guide, Cisco ACE
Application Control Engine.
Examples To configure FT tracking for an HSRP group, enter:
host1/Admin(config)# ft track hsrp TRACK_HSRP_GRP1
host1/Admin(config-ft-track-hsrp)#
To remove the HSRP group-tracking process, enter:
host1/Admin(config)# no ft track hsrp TRACK_HSRP_GRP1
Related Commands (config) ft auto-sync
(config) ft group
(config) ft interface vlan
(config) ft peer
(config) ft track host
(config) ft track interface
(config) ft track interface
To create a tracking and failure detection process for a critical interface, use the ft track interface
command. After you enter this command, the system enters FT track interface configuration mode. Use the
no form of this command to stop tracking for an interface.
ft track interface name
no ft track interface name
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
name Unique identifier of the tracking process for a critical interface. Enter an unquoted text string
with no spaces and a maximum of 64 alphanumeric characters.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.2-325
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Usage Guidelines This command requires the fault-tolerant (FT) feature in your user role. For details about role-based
access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control
Engine.
You cannot delete an interface if the ACE is using the interface for tracking. Also, you cannot configure
the FT VLAN for tracking.
For information about commands in FT track interface configuration mode, see the “FT Track Interface
Configuration Mode Commands” section.
For details about configuring redundant ACE ACEs, see the Administration Guide, Cisco ACE
Application Control Engine.
Examples To configure a tracking and failure detection process for an interface, enter:
host1/Admin(config)# ft track interface TRACK_VLAN100
To remove the interface-tracking process, enter:
host1/Admin(config)# no ft track interface TRACK_VLAN100
Related Commands (config) ft auto-sync
(config) ft group
(config) ft interface vlan
(config) ft peer
(config) ft track host
(ACE module only) (config) ft track hsrp
(config) hostname
To specify a hostname for the ACE, use the hostname command. The hostname is used for the command
line prompts and default configuration filenames. If you establish sessions to multiple devices, the
hostname helps you track where you enter commands. Use the no form of this command to reset the
hostname to the default of switch.
hostname name
no hostname name
Syntax Description
ACE Appliance Release Modification
A1(7) This command was introduced.
name New hostname for the ACE. Enter a case-sensitive text string that contains from 1 to
32 alphanumeric characters (with no spaces). The underscore (_) character is not supported
in the hostname for the ACE.2-326
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command Modes Configuration mode
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
By default, the hostname for the ACE is switch.
Examples To change the hostname of the ACE from switch to ACE1, enter:
switch/Admin(config)# hostname ACE1
ACE1/Admin(config)#
Related Commands (config) peer hostname
(config) hw-module
(ACE module only) To configure hardware module parameters in the ACE, use the hostname command.
Use the no form of this command to reset to the default behavior.
hw-module {cde-same-port-hash | optimize-lookup}
no hw-module {cde-same-port-hash | optimize-lookup}
Syntax Description
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A4(1.0) Underscores (_) in the host name for an ACE are not supported.
ACE Appliance Release Modification
A1(7) This command was introduced.
A4(1.0) Underscores (_) in the host name for an ACE are not supported.
cde-same-port-hash Configures the classification and distribution engine (CDE) to perform the
hash function using the ports when the TCP or UDP packets are equal. When
this command is configured, the ACE also disables implicit PAT on packets
so that the source port does not change. This command is available only in
the Admin context.
optimize-lookup Disables the egress MAC address lookup that the ACE normally performs.
Use this command when you have multiple ACEs installed in a chassis with
heavy traffic to improve performance.2-327
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command Modes Configuration mode
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
By default, when the source and destination ports of a TCP or UDP packet are equal, the CDE uses the
source IP address and destination IP address to perform the hash function. When they are not equal, the
CDE only uses the ports. When the cde-same-port-hash command is configured and the ports are equal,
the CDE uses a slightly different hash method from the default method.
If you have multiple ACEs installed in a Catalyst 6500 Series Switch or in a Cisco Catalyst 7600 Router,
you may experience lower performance than expected with very high rates of traffic. If you fail to
achieve the advertised performance of the ACE, you can disable the egress MAC address lookup using
the hw-module optimize-lookup command.
Do not use the hw-module optimize-lookup command if you have intelligent modules with distributed
forwarding cards (DFCs) installed in the Catalyst 6500 Series Switch or the Cisco Catalyst 7600 Router.
Using this command with such modules will cause the Encoded Address Recognition Logic (EARL)
units on these modules and on the Supervisor to become unsynchronized.
Examples To configure the CDE to perform the hash function using the ports when the TCP or UDP packets are
equal, enter:
switch/Admin(config)# hw-module cde-same-port-hash
To reset the default behavior, enter:
switch/Admin(config)# no hw-module cde-same-port-hash
Related Commands show cde
(config) interface
To configure a bridge-group virtual interface (BVI), VLAN interface, and for the ACE appliance, the
Ethernet port, or port-channel interface, use the interface command. The CLI prompt changes to
(config-if). Use the no form of this command to remove the interface.
interface {bvi group_number | gigabitEthernet slot_number/port_number | port-channel
channel_number | vlan number}
no interface {bvi group_number | gigabitEthernet slot_number/port_number | port-channel
channel_number | vlan number}
ACE Module Release Modification
3.0(0)A1(6.2a) This command was introduced.
A2(1.0) This command was revised with the optimize-lookup keyword.2-328
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Syntax Description
Command Modes Configuration mode
BVI and VLAN—Admin and user contexts
(ACE appliance only) Ethernet port and port-channel interface—Admin context only
Command History
Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about commands in interface configuration mode, see the “Interface Configuration
Mode Commands” section. For details about configuring a BVI interface, Ethernet port, port-channel
interface, or VLAN interface, see the Routing and Bridging Guide, Cisco ACE Application Control
Engine.
To enable the bridge-group VLANs, you must configure a bridge-group virtual interface (BVI) that
represents a corresponding bridge group. You should configure an IP address in the same subnet on the
BVI. This address is used for management traffic and as a source IP address for traffic from the ACE,
similar to ARP requests.
You can configure one or more VLAN interfaces in any user context before you assign those VLAN
interfaces to the associated user contexts through the (config-context) allocate-interface command in
the Admin context.
The ACE supports a maximum of 4093 VLAN interfaces with a maximum of 1024 shared VLANs.
bvi
group_number
Creates a BVI for a bridge group and accesses interface configuration mode
commands for the BVI. The group_number argument is the bridge-group number
configured on a VLAN interface.
gigabitEthernet
slot_number/
port_number
(ACE appliance only) Specifies one of the four Ethernet ports on the rear panel of
the ACE as follows:
• slot_number—The physical slot on the ACE containing the Ethernet ports.
This selection is always 1, the location of the daughter card in the ACE. The
daughter card includes the four Layer 2 Ethernet ports to perform Layer 2
switching.
• port_number—The physical Ethernet port on the ACE. Valid selections are 1
through 4, which specifies one of the four Ethernet ports (1, 2, 3, or 4)
associated with the slot 1 (daughter card) selection.
port-channel
channel_number
(ACE appliance only) Specifies the channel number assigned to this port-channel
interface. Valid values are from 1 to 255.
vlan number Assigns the VLAN to the context and accesses interface configuration mode
commands for the VLAN. The number argument is the number for a VLAN
assigned to the ACE.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-329
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Each ACE supports a maximum of 8192 interfaces that includes VLANs, shared VLANs, and BVI
interfaces.
ACE Appliance Guidelines
In addition, the Ethernet port and port-channel interface command functions require the Admin user role.
The four Ethernet ports provide physical Ethernet ports to connect servers, PCs, routers, and other
devices to the ACE. You can configure the four Ethernet ports to provide an interface for connecting to
10-Mbps, 100-Mbps, or 1000-Mbps networks. Each Layer 2 Ethernet port supports autonegotiate,
full-duplex, or half-duplex operation on an Ethernet LAN and can carry traffic within a designated
VLAN.
You can group physical ports together on the ACE to form a logical Layer 2 interface called the
EtherChannel (or port channel). You must configure all the ports that belong to the same port channel
with the same values (such as port parameters, VLAN membership, and trunk configuration). Only one
port channel in a channel group is allowed, and a physical port can belong to only to a single port-channel
interface.
Examples To assign VLAN interface 200 to the Admin context and access interface configuration mode, enter:
host1/Admin(config)# interface vlan 200
host1/Admin(config-if)#
To remove a VLAN, enter:
host1/Admin(config)# no interface vlan 200
To create a BVI for bridge group 15, enter:
host1/Admin(config)# interface bvi 15
host1/Admin(config-if)#
To delete a BVI for bridge group 15, enter:
host1/Admin(config)# no interface bvi 15
ACE Appliance Example
To configure Ethernet port 3 and access interface configuration mode, enter:
host1/Admin(config)# interface gigabitEthernet 1/3
host1/Admin(config-if)#
To create a port-channel interface with a channel number of 255, enter:
host1/Admin(config)# interface port-channel 255
host1/Admin(config-if)#
Related Commands clear interface
show interface2-330
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) ip dhcp relay
To configure a Dynamic Host Configuration Protocol (DHCP) relay agent on the ACE, use the ip dhcp
relay command. When you configure the ACE as a DHCP relay agent, it is responsible for forwarding
the requests and responses negotiated between the DHCP clients and the server. You must configure a
DHCP server when you enable the DHCP relay. Use the no form of this command to disable a DHCP
relay agent setting.
ip dhcp relay {enable | information policy {keep | replace} | server ip_address}
no ip dhcp relay {enable | information policy {keep | replace} | server ip_address}
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the DHCP feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The DHCP relay agent can be configured at both the context and interface level of the ACE. Note the
following configuration considerations:
• If you configure the DHCP relay agent at the context level, the configuration is applicable to all
interfaces associated with the context.
enable Accepts DHCP requests from clients on the associated context or interface and
enables the DHCP relay agent. The DHCP relay starts forwarding packets to the
DHCP server address specified in the ip dhcp relay server command for the
associated interface or context.
information policy Configures a relay agent information reforwarding policy on the DHCP server to
identify what the DHCP server should do if a forwarded message already
contains relay information.
keep Indicates that existing information is left unchanged on the DHCP relay agent.
This is the default setting.
replace Indicates that existing information is overwritten on the DHCP relay agent.
server Specifies the IP address of a DHCP server to which the DHCP relay agent
forwards client requests.
ip_address IP address of the DHCP server. Enter the address in dotted-decimal IP notation
(for example, 192.168.11.1).
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-331
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
• If you configure the DHCP relay agent at the interface level, the configuration is applicable to that
particular interface only; the remaining interfaces fallback to the context level configuration.
Examples To set the IP address of a DHCP server at the context level, enter:
host1/Admin# changeto C1
host1/C1# config
Enter configuration commands, one per line. End with CNTL/Z
host1/C1(config)# ip dhcp relay enable
host1/C1(config)# ip dhcp relay server 192.168.20.1
To specify the DHCP relay at the interface level, enter:
host1/Admin(config)# interface vlan 50
host1/Admin(config-if)# ip dhcp relay enable
host1/Admin(config-if)# ip dhcp relay server 192.168.20.1
To remove the IP address of the DHCP server, enter:
host1/Admin(config-if)# no ip dhcp relay server 192.168.20.1
Related Commands clear ip
show ip2-332
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) ip domain-list
To configure a domain name search list, use the ip domain-list command. The domain name list can
contain a maximum of three domain names. Use the no form of this command to remove a domain name
from the list.
ip domain-list name
no ip domain-list name
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the domain name feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
You can configure a Domain Name System (DNS) client on the ACE to communicate with a DNS server
to provide hostname-to-IP-address translation for hostnames in CRLs for the client authentication
feature. For unqualified hostnames (hostnames that do not contain a domain name), you can configure a
default domain name or a list of domain names that the ACE can use to:
• Complete the hostname
• Attempt a hostname-to-IP-address resolution with a DNS server
If you configure both a domain name list and a default domain name, the ACE uses only the domain name
list and not the single default name. After you have enabled domain name lookups and configured a
domain name list, the ACE uses each domain name in turn until it can resolve a single domain name into
an IP address.
Examples For example, to configure a domain name list, enter:
host1/Admin(config)# ip domain-list cisco.com
host1/Admin(config)# ip domain-list foo.com
host1/Admin(config)# ip domain-list xyz.com
To remove a domain name from the list, enter:
host1/Admin(config)# no ip domain-list xyz.com
name Domain name. Enter an unquoted text string with no spaces and a maximum of
85 alphanumeric characters.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-333
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Related Commands show running-config
(config) ip domain-lookup
(config) ip domain-name
(config) ip domain-lookup
To enable the ACE to perform a domain lookup (host-to-address translation) with a DNS server, use the
ip domain-lookup command. By default, this command is disabled. Use the no form of this command
to return the state of domain lookups to the default value of disabled.
ip domain-lookup
no ip domain-lookup
Syntax Description This command has no keywords or arguments.
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the Domain Name feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
You can configure a Domain Name System (DNS) client on the ACE to communicate with a DNS server
to provide hostname-to-IP-address translation for hostnames in CRLs for the client authentication
feature.
Before you configure a DNS client on the ACE, ensure that one or more DNS name servers are properly
configured and are reachable. Otherwise, translation requests (domain lookups) from the DNS client will
be discarded. You can configure a maximum of three name servers. The ACE attempts to resolve the
hostnames with the configured name servers in order until the translation succeeds. If the translation
fails, the ACE reports an error.
For unqualified hostnames (hostnames that do not contain a domain name), you can configure a default
domain name or a list of domain names that the ACE can use to do the following:
• Complete the hostname
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-334
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
• Attempt a hostname-to-IP-address resolution with a DNS server
Examples For example, to enable domain lookups, enter:
host1/Admin(config)# ip domain-lookup
To return the state of domain lookups to the default value of disabled, enter:
host1/Admin(config)# no ip domain-lookup
Related Commands show running-config
(config) ip domain-list
(config) ip domain-name
(config) ip name-server2-335
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) ip domain-name
To configure a default domain name, use the ip domain-name command. The domain name list can
contain a maximum of three domain names. Use the no form of this command to remove a domain name
from the list.
ip domain-list name
no ip domain-list name
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the domain name feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The DNS client feature allows you to configure a default domain name that the ACE uses to complete
unqualified hostnames. An unqualified hostname does not contain a domain name (any name without a
dot). When domain lookups are enabled and a default domain name is configured, the ACE appends a
dot (.) and the configured default domain name to the unqualified host name and attempts a domain
lookup.
Examples For example, to specify a default domain name of cisco.com, enter:
host1/Admin(config)# ip domain-name cisco.com
In the above example, the ACE appends cisco.com to any unqualified host name in a CRL before the
ACE attempts to resolve the host name to an IP address using a DNS name server.
To remove the default domain from the configuration, enter:
host1/Admin(config)# no ip domain-name cisco.com
name Default domain name. Enter an unquoted text string with no spaces and a
maximum of 85 alphanumeric characters.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-336
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Related Commands show running-config
(config) ip domain-list
(config) ip domain-lookup2-337
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) ip name-server
To configure a DNS name server on the ACE, use the ip name-server command. You can configure a
maximum of three DNS name servers. Use the no form of this command to remove a name server from
the list.
ip name-server ip_address
no ip name-server ip_address
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the domain name feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To translate a hostname to an IP address, you must configure one or more (maximum of three) existing
DNS name servers on the ACE. Ping the IP address of each name server before you configure it to ensure
that the server is reachable.
Examples For example, to configure three name servers for the DNS client feature, enter:
host1/Admin(config)# ip name-server 192.168.12.15 192.168.12.16 192.168.12.17
To remove a name server from the list, enter:
host1/Admin(config)# no ip name-server 192.168.12.15
Related Commands show running-config
(config) ip domain-lookup
ip_address IP address of a name server. Enter the address in dotted decimal notation (for
example, 192.168.12.15). You can enter up to three name server IP addresses in
one command line.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-338
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) ip route
To configure a default or static IP route, use the ip route command. Use the no form of this command
to remove a default or static IP route from the configuration.
ip route ipv6_dest_address/prefix_length {global_nexthop_address | {bvi number | vlan number
{link_local_address}}} | {ipv4_dest_address netmask gateway_ip_address}
no ip route dest_ip_prefix netmask gateway_ip_address
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
ipv6_dest_address IPv6 destination address for the route. The address that you specify for the static
route is the address that is in the packet before entering the ACE and performing
network address translation.
/prefix_length Specifies how many of the most significant bits (MSBs) of the IPv6 address are
used for the network identifier. Enter a a forward slash character (/) followed by
an integer from 1 to 128. The default is /128.
global_nexthop_add
ress
IP address of the gateway router (the next-hop address for this route). The
gateway address must be in the same network as specified in the ip address
command for a VLAN interface. For information on configuring the address, see
the Routing and Bridging Guide, Cisco ACE Application Control Engine.
bvi number Forward bridged VLAN interface for the link-local address.
link_local_address Link-local address of the interface.
vlan number Forward VLAN interface for the link-local address.
ipv4_dest_address IPv4 destination address for the route. The address that you specify for the static
route is the address that is in the packet before entering the ACE and performing
network address translation.
netmask Subnet mask for the route.
gateway_ip_address IP address of the gateway router (the next-hop address for this route). The
gateway address must be in the same network as specified in the ip address
command for a VLAN interface.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A5(1.0) Added IPv6 support.
ACE Appliance Release Modification
A1(7) This command was introduced.
A5(1.0) Added IPv6 support.2-339
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Usage Guidelines This command requires the routing feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The default route identifies the router IP address to which the ACE sends all IP packets for which it does
not have a route.
Admin and user contexts do not support dynamic routing. You must use static routes for any networks
to which the ACE is not directly connected; for example, use a static route when there is a router between
a network and the ACE.
The ACE supports up to eight equal cost routes on the same interface for load balancing.
Routes that identify a specific destination address take precedence over the default route.
See the Routing and Bridging Guide, Cisco ACE Application Control Engine for more information about
configuring default or static routes.
Examples IPv6 Examples
To configure a static route to send all traffic destined to 2001:DB8:1::1/64 to the next-hop router at
2001:DB8:1::10, enter the following command:
host1/Admin(config)# ip route 2001:DB8:1::1/64 2001:DB8:1::10
To configure a default route, set the IPv6 address for the route to ::/0, the IPv6 equivalent of “any.” For
example, if the ACE receives traffic that does not have a route and you want the ACE to send the traffic
out the interface to the router at 2001:DB8:1::10/64, enter:
host1/Admin(config)# ip route ::/0 2001:DB8:1::10
To remove a default or static route, use the no form of the command as follows:
host1/Admin(config)# no ip route 2001:DB8:1::1/64 2001:DB8:1::10
IPv4 Examples
To configure a default route, set the IP address and the subnet mask for the route to 0.0.0.0. For example,
if the ACE receives traffic that it does not have a route, it sends the traffic out the interface to the router
at 192.168.4.8. Enter:
host1/Admin(config)# ip route 0.0.0.0 0.0.0.0 192.168.4.8
Related Commands (config-if) ip address2-340
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) ipv6 nd interval
To configure the refresh interval for existing neighbor discovery (ND) entries of configured hosts, use
the ipv6 nd interval command in configuration mode. Use the no form of this command to reset the ND
refresh interval to the default value of 300 seconds.
ipv6 nd interval number
no ipv6 nd interval number
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines You configure this command for each context.
Examples To configure an NS message interval of 600 seconds (10 minutes), enter the following command:
host1/Admin(config)# ipv6 nd interval 600
To reset the NS message interval to the default of 300 seconds, enter the following command;
host1/Admin(config)# no ipv6 nd interval 600
Related Commands (config-if) ipv6 nd ns-interval
interval Indicates the frequency of the neighbor solicitation (NS) messages that are sent
by the ACE.
number Specifies the time interval in seconds between NS messages for configured
hosts. Enter an integer from 15 to 31536000. The default is 300 seconds
(5 minutes).
ACE Module/Appliance Release Modification
A5(1.0) This command was introduced.2-341
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) ipv6 nd learned-interval
To configure the refresh interval for ND entries of learned hosts, use the ipv6 nd learned-interval
command. Use the no form of this command to reset the ND refresh interval of learned hosts to the
default value of 300 seconds.
ipv6 nd learned-interval number
no ipv6 nd learned-interval number
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines You configure this command for each context.
Examples To configure a learned neighbor interval of 600 seconds (10 minutes), enter the following command:
host1/Admin(config)# ipv6 nd learned-interval 600
To reset the learned neighbor interval to the default of 300 seconds, enter the following command;
host1/Admin(config)# no ipv6 nd learned-interval 600
Related Commands (config-if) ipv6 nd ns-interval
learned-interval Indicates the refresh interval for ND entries of learned hosts.
number Specifies the time interval in seconds between NS messages for learned
neighbor entries. Enter an integer from 60 to 31536000. The default is 300
seconds (5 minutes).
ACE Module/Appliance Release Modification
A5(1.0) This command was introduced.2-342
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) ipv6 nd retries
To configure the number of NS attempts before the ACE considers a host as down, use the ipv6 nd
retries command. Use the no form of this command to reset the number of retries to the default value of
3.
ipv6 nd retries number
no ipv6 nd retries number
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines You configure this command for each context.
Examples To configure the ACE to resend NS messages five times before marking the host as down, enter the
following command:
host1/Admin(config)# ipv6 nd retries 5
To reset the number of retries to the default value of 3, enter the following command;
host1/Admin(config)# no ipv6 nd retries 5
Related Commands (config-if) ipv6 nd ns-interval
(config) ipv6 nd interval
number Specifies the number of times that the ACE resends the NS messages before
considering a host as down. Enter an integer from 1 to 15. The default is 3.
ACE Module/Appliance Release Modification
A5(1.0) This command was introduced.2-343
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) ipv6 nd sync disable
To disable the replication of ND entries from the active to the standby in a redundant configuration, use
the ipv6 nd sync disable command. Use the no form of this command to reset the ACE behavior to the
default of replicating ND entries to the standby in a redundant configuration.
ipv6 nd sync disable
no ipv6 nd sync disable
Syntax Description This command has no keywords or arguments.
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines You configure this command for each context.
Examples To disable ND entry replication for the current context, enter the following command:
host1/Admin(config)# ipv6 nd sync disable
To reenable the replication of ND entries, enter the following command;
host1/Admin(config)# no ipv6 nd sync disable
Related Commands (config-if) ipv6 nd ns-interval
ACE Module/Appliance Release Modification
A5(1.0) This command was introduced.2-344
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) ipv6 nd sync-interval
To configure the time interval between neighbor discovery (ND) synchronization messages for learned
hosts, use the ipv6 nd sync-interval command. Use the no form of this command to reset the interval
to the default value of 5 seconds.
ipv6 nd sync-interval number
no ipv6 nd sync-interval number
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines You configure this command for each context.
Examples To specify a time intervall between ND synchronization messages for learned hosts of 100 seconds,
enter:
host1/Admin(config)# ipv6 nd sync-interval 100
To restore the default value of 5 seconds, enter the following command:
host1/Admin(config)# no ipv6 nd sync-interval
Related Commands (config-if) ipv6 nd ns-interval
number Specifies the time interval between ND synchronization messages. Enter an
integer from 1 to 3600 seconds (1 hour). The default is 5 seconds.
ACE Module/Appliance Release Modification
A5(1.0) This command was introduced.2-345
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) kalap udp
To configure secure KAL-AP on the ACE, use the kalap udp command to access KAL-AP UDP
configuration mode. The CLI prompt changes to (config-kalap-udp). Use the no form of this command
to return to configuration mode (or use the exit command).
kalap udp
no kalap udp
Syntax Description This command has no keywords or arguments.
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the probe feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The ACE supports secure KAL-AP for MD5 encryption of data between the ACE and the Global Site
Selector (GSS). For encryption, you must configure a shared secret as a key for authentication between
the GSS and the ACE context. For information about the commands in KAL-AP UDP configuration
mode, see the “KAL-AP UDP Configuration Mode Commands” section.
Examples To enter KAL-AP UDP configuration mode, enter:
host1/Admin(config)# kalap udp
host1/Admin(config-kalap-udp)#
Related Commands show kalap udp load
show running-config
(config-kalap-udp) ip address
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-346
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) ldap-server host
To specify the Lightweight Directory Access Protocol (LDAP) server IP address, the destination port,
and other options, use the ldap-server host command. You can enter multiple ldap-server host
commands to configure multiple LDAP servers. Use the no form of this command to revert to a default
LDAP server authentication setting.
ldap-server host ip_address [port port_number] [timeout seconds] [rootDN “DN_string”
[password bind_password]]
no ldap-server host ip_address [port port_number] [timeout seconds] [rootDN “DN_string”
[password bind_password]]
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
ip_address IP address for the LDAP server. Enter the address in dotted-decimal IP notation
(for example, 192.168.11.1).
port port_number (Optional) Specifies the TCP destination port for communicating authentication
requests to the LDAP directory server. The port_number argument specifies the
LDAP + port number. Enter an integer from 1 to 65535.
timeout seconds (Optional) Specifies the time in seconds to wait for a response from the LDAP
server before the ACE can declare a timeout failure with the LDAP server. Use
this option to change the time interval that the ACE waits for the LDAP server to
reply to an authentication request. Enter an integer from 1 to 60. The default is
5 seconds.
rootDN
“DN_string”
(Optional) Defines the distinguished name (DN) for a user who is unrestricted by
access controls or administrative limit parameters to perform operations on the
LDAP server directory. The rootDN user can be thought of as the root user for
the LDAP server database. Enter a quoted string with a maximum of
63 alphanumeric characters. The default is an empty string.
password
bind_password
(Optional) Defines the bind password (rootpw) applied to the rootDN of the
LDAP server directory. Enter an unquoted string with a maximum of 63
alphanumeric characters. The default is an empty string.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-347
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
By default, the LDAP server port is 389. If your LDAP server uses a port other than 389, use the port
keyword to configure an appropriate port before starting the LDAP service. The ldap-server port
command overrides the global setting for the specified server.
By default, the ACE waits 5 seconds for the LDAP server to reply to an authentication request before the
ACE declares a timeout failure and attempts to contact the next server in the group. The ldap-server
timeout command overrides the global setting for the specified server.
Examples To configure LDAP server authentication parameters, enter:
host1/Admin(config)# ldap-server host 192.168.2.3 port 2003
host1/Admin(config)# ldap-server host 192.168.2.3 timeout 60
host1/Admin(config)# ldap-server host 192.168.2.3 rootDN “cn=manager,dc=cisco,dc=com"
password lab
To remove the LDAP server authentication setting, enter:
host1/Admin(config)# no ldap-server host 192.168.2.3 timeout 60
Related Commands show aaa
(config) aaa group server
(config) ldap-server port
(config) ldap-server timeout
(config) ldap-server port
To globally configure a TCP port (if your LDAP server uses a port other than the default port 389) before
you start the LDAP service, use the ldap-server port command. This global port setting will be applied
to those LDAP servers for which a TCP port value is not individually configured by the ldap-server host
command. Use the no form of this command to revert to the default of TCP port 389.
ldap-server port port_number
no ldap-server port port_number
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
port_number Destination port to the LDAP server. Enter an integer from 1 to 65535. The default is
TCP port 389.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-348
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To override the global TCP port setting (specified by the ldap-server port command) for a specific
server, use the ldap-server host port command.
Examples To globally configure the TCP port, enter:
host1/Admin(config)# ldap-server port 2003
To revert to the default of TCP port 389, enter:
host1/Admin(config)# no ldap-server port 2003
Related Commands show aaa
(config) aaa group server
(config) ldap-server host
(config) ldap-server timeout
(config) ldap-server timeout
To globally change the time interval that the ACE waits for the LDAP server to reply to a response before
it declares a timeout failure, use the ldap-server timeout command. By default, the ACE waits 5 seconds
to receive a response from an LDAP server before it declares a timeout failure and attempts to contact
the next server in the group. The ACE applies this global timeout value to those LDAP servers for which
a timeout value is not individually configured by the ldap-server host command. Use the no form of this
command to revert to the default of 5 seconds between transmission attempts.
ldap-server timeout seconds
no ldap-server timeout seconds
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
seconds Timeout value in seconds. Enter an integer from 1 to 60. The default is 5 seconds.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-349
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To override the global TCP timeout setting (specified by the ldap-server timeout command) for a
specific server, use the ldap-server host timeout command.
Examples To globally configure the timeout value to 30 seconds, enter:
host1/Admin(config)# ldap-server timeout 30
To change to the default of 5 seconds between transmission attempts, enter:
host1/Admin(config)# no ldap-server timeout 30
Related Commands show aaa
(config) aaa group server
(config) ldap-server host
(config) ldap-server port
(config) line console
(ACE module only) To configure the console interface settings, use the line console configuration mode
command. When you enter this command, the prompt changes (config-console) and you enter the
console configuration mode. Use the no form of this command to reset the console configuration mode
parameters to their default settings.
line console
no line console
Syntax Description There are no keywords or arguments for this command.
Command Modes Configuration mode
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The console port is an asynchronous serial port on the Catalyst 6500 series switch that enables the ACE
to be set up for initial configuration through a standard RS-232 port with an RJ-45 connector. Any device
connected to this port must be capable of asynchronous transmission. Connection to a terminal requires
a terminal emulator to be configured as 9600 baud, 8 data bits, 1 stop bit, no parity.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.2-350
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
For information about the commands in console configuration mode, see the “Console Configuration
Mode Commands” section.
Examples To enter console configuration mode, enter:
host1/Admin(config)# line console
host1/Admin(config-console)#
Related Commands clear line
show line
(config) line vty
To configure the virtual terminal line settings, use the line vty configuration mode command. When you
enter this command, the prompt changes (config-line) and you enter the line configuration mode. Use
the no form of this command to reset the line configuration mode parameter to its default setting.
line vty
no line vty
Syntax Description This command has no keywords or arguments.
Command Modes Configuration mode
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about the commands in line configuration mode, see the “Line Configuration Mode
Commands” section.
Examples To enter the line configuration mode, enter:
host1/Admin(config)# line vty
host1/Admin(config-line)#
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-351
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Related Commands clear line
show line2-352
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) login timeout
To modify the length of time that a user can be idle before the ACE terminates the console, Telnet, or
Secure Shell (SSH) session, use the login timeout command. By default, the inactivity timeout value is
5 minutes. Use the no form of this command to restore the default timeout value of 5 minutes.
login timeout minutes
no login timeout
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To specify a timeout period of 10 minutes, enter:
host1/Admin(config)# login timeout 10
To restore the default timeout value of 5 minutes, enter.
host1/Admin(config)# no login timeout
Related Commands telnet
(config-cmap-mgmt) match protocol
minutes Length of time in minutes. Enter a value from 0 to 60 minutes. A value of 0 instructs the
ACE never to time out. The default is 5 minutes.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-353
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) logging buffered
To enable system logging to a local buffer and to limit the messages sent to the buffer based on severity,
use the logging buffered command. By default, logging to the local buffer on the ACE is disabled. New
messages are appended to the end of the buffer. The first message displayed is the oldest message in the buffer.
When the log buffer fills, the ACE deletes the oldest message to make space for new messages. Use the
no form of this command to disable message logging.
logging buffered severity_level
no logging buffered
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To set the logging buffer level to 3 for logging error messages, enter:
host1/Admin(config)# logging buffered 3
To disable message logging, enter:
host1/Admin(config)# no logging buffered
severity_level Maximum level for system log messages sent to the buffer. The severity level that
you specify indicates that you want syslog messages at that level and below.
Allowable entries are as follows:
• 0—emergencies (system unusable messages)
• 1—alerts (take immediate action)
• 2—critical (critical condition)
• 3—errors (error message)
• 4—warnings (warning message)
• 5—notifications (normal but significant condition)
• 6—informational (information message)
• 7—debugging (debug messages)
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-354
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Related Commands (config) logging enable2-355
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) logging console
To enable the logging of syslog messages during console sessions and to limit the display of messages
based on severity, use the logging console command. By default, the ACE does not display syslog
messages during console sessions. Use the no form of this command to disable logging to the console.
logging console severity_level
no logging console
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Logging to the console can degrade system performance. Use the logging console command only when
you are testing and debugging problems, or when there is minimal load on the network. We recommend
that you use the lowest severity level possible because logging at a high rate may affect ACE
performance. Do not use this command when the network is busy.
Examples To enable system logging to the console for messages with severity levels of 2, 1, and 0:
host1/Admin(config)# logging console 2
severity_level Maximum level for system log messages sent to the console. The severity level that
you specify indicates that you want to log messages at that level and below.
Allowable entries are as follows:
• 0—emergencies (system unusable messages)
• 1—alerts (take immediate action)
• 2—critical (critical condition)
• 3—errors (error message)
• 4—warnings (warning message)
• 5—notifications (normal but significant condition)
• 6—informational (information message)
• 7—debugging (debug messages)
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-356
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Related Commands (config) logging enable2-357
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) logging device-id
To specify that the device ID of the ACE is included in the syslog message, use the logging device-id
command. If enabled, the ACE displays the device ID in all non-EMBLEM-formatted syslog messages.
The device ID specification does not affect the syslog message text that is in the EMBLEM format. Use
the no form of this command to disable device ID logging for the ACE in the syslog message.
logging device-id {context-name | hostname | ipaddress interface_name | string text}
no logging device-id
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The device ID part of the syslog message is viewed through the syslog server only and not directly on
the ACE. The device ID does not appear in EMBLEM-formatted messages, Simple Network
Management Protocol (SNMP) traps, or on the ACE console, management session, or buffer.
Examples To instruct the ACE to use the hostname of the ACE to uniquely identify the syslog messages, enter:
host1/Admin(config)# logging device-id hostname
context-name Specifies the name of the current context as the device ID to uniquely identify the
syslog messages sent from the ACE.
hostname Specifies the hostname of the ACE as the device ID to uniquely identify the
syslog messages sent from the ACE.
ipaddress
interface_name
Specifies the IP address of the interface as the device ID to uniquely identify the
syslog messages sent from the ACE. You can specify the IP address of a VLAN
interface or BVI as the device ID. If you use the ipaddress keyword, syslog
messages sent to an external server contain the IP address of the interface
specified, regardless of which interface the ACE uses to send the log data to the
external server. Enter an unquoted text string with no spaces and a maximum of
64 alphanumeric characters.
string text Specifies a text string to uniquely identify the syslog messages sent from the
ACE. The maximum length is 64 alphanumeric characters without spaces. You
cannot use the following characters: & (ampersand), ‘ (single quotation mark),
“ (double quotation marks), < (less than), > (greater than), or ? (question mark).
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-358
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
To disable the use of the hostname of the ACE, enter:
host1/Admin(config)# no logging device-id
Related Commands (config) logging enable2-359
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) logging enable
To enable message logging, use the logging enable command. Message logging is disabled by default.
You must enable logging if you want to send messages to one or more output locations. Use the no form
of this command to stop message logging to all output locations.
logging enable
no logging enable
Syntax Description This command has no keywords or arguments.
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Message logging is disabled by default. When enabled, log messages are sent to a logging process, which
logs messages to designated locations asynchronously to the processes that generated the messages. You
must set a logging output location to view any logs.
Examples To enable message logging to all output locations, enter:
host1/Admin(config)# logging enable
To stop message logging to all output locations, enter:
host1/Admin(config)# no logging enable
Related Commands This command has no related commands.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-360
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) logging facility
To change the logging facility to a value other than the default of 20 (LOCAL4), use the logging facility
command. Most UNIX systems expect the messages to use facility 20. The ACE allows you to change
the syslog facility type to identify the behavior of the syslog daemon (syslogd) on the host. Use the no
form of this command to set the syslog facility to its default of 20.
logging facility number
no logging facility number
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The syslog daemon uses the specified syslog facility to determine how to process messages. Each
logging facility configures how the syslog daemon on the host handles a message. Syslog servers file
messages based on the facility number in the message. For more information on the syslog daemon and
facility levels, see your syslog daemon documentation.
Examples To set the syslog facility as 16 (LOCAL0) in syslog messages, enter:
host1/Admin(config)# logging facility 16
To change the syslog facility back to the default of LOCAL4, enter:
host1/Admin(config)# no logging facility 16
Related Commands (config) logging enable
number Syslog facility. Enter an integer from 16 (LOCAL0) to 23 (LOCAL7). The default is
20 (LOCAL4).
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-361
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) logging fastpath
To enable the logging of connection setup and teardown messages through the fastpath, use the logging
fastpath command. By default, the ACE logs connection setup and teardown syslog messages through
the control plane. Use the no form of this command to disable the logging of connection setup and
teardown syslog messages.
logging fastpath
no logging fastpath
Syntax Description This command has no keywords or arguments.
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Because of the large number of syslog messages that are generated by connection setup and teardown,
you can instruct the ACE to send these syslogs through the fast path instead of the control plane. The
fast path supports a much higher rate of syslogs than the control plane does. When you instruct the ACE
to send these syslogs through the fast path, the message formatting changes (different message spacing)
and the syslog IDs change from 106023, 302022, 302023, 302024, and 302025 to 106028, 302028,
302029, 302030, and 302031, respectively.
Examples To configure the ACE to log connection setup and teardown syslog messages, enter:
host1/Admin(config)# logging fastpath
To disable the ACE from logging connection setup and teardown syslog messages, enter:
host1/Admin(config)# no logging fastpath
Related Commands (config) logging enable
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-362
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) logging history
To set the Simple Network Management Protocol (SNMP) message severity level when sending log
messages to a network management system (NMS), use the logging history command. Use the no form
of this command to disable logging of informational system messages to an NMS.
logging history severity_level
no logging history
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To enable or disable all SNMP syslog message logging, use the logging history command without the
severity_level argument.
We recommend that you use the debugging (7) level during initial setup and during testing. After setup,
set the level from debugging (7) to a lower value for use in your network.
Examples To send informational system message logs to an SNMP NMS, enter:
host1/Admin(config)# logging history 6
severity_level Maximum level system log messages sent as traps to the NMS. The severity level that
you specify indicates that you want to log messages at that level and below.
Allowable entries are as follows:
• 0—emergencies (system unusable messages)
• 1—alerts (take immediate action)
• 2—critical (critical condition)
• 3—errors (error message)
• 4—warnings (warning message)
• 5—notifications (normal but significant condition)
• 6—informational (information message)
• 7—debugging (debug messages)
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-363
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
To disable logging to an SNMP NMS, enter:
host1/Admin(config)# no logging history
Related Commands (config) logging enable2-364
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) logging host
To specify a host (the syslog server) that receives the syslog messages sent by the ACE, use the logging
host command. You can use multiple logging host commands to specify additional servers to receive the
syslog messages. Use the no form of this command to disable logging to a syslog server. By default,
logging to a syslog server on a host is disabled on the ACE.
logging host ip_address [tcp | udp [/port#] | [default-udp] | [format emblem]]
no logging host ip_address
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
If you choose to send log messages to a host, the ACE sends those messages using either UDP or TCP.
The host must run a program (known as a server) called syslogd, a daemon that accepts messages from
other applications and the network, and writes them out to system wide log files. UNIX provides the
syslog server as part of its operating system. If you are running Microsoft Windows, you must obtain a
syslog server for the Windows operating system.
ip_address IP address of the host to be used as the syslog server.
tcp (Optional) Specifies to use TCP to send messages to the syslog server. A server
can only be specified to receive either UDP or TCP, not both.
udp (Optional) Specifies to use UDP to send messages to the syslog server. A
server can only be specified to receive either UDP or TCP, not both.
/port# (Optional) Port that the syslog server listens to for syslog messages. Enter an
integer from 1025 to 65535. The default protocol and port are UDP/514. The
default TCP port, if specified, is 1470.
default-udp (Optional) Instructs the ACE to default to UDP if the TCP transport fails to
communicate with the syslog server.
format emblem (Optional) Enables EMBLEM-format logging for each syslog server. The
Cisco Resource Management Environment (RME) is a network management
application that collects syslogs. RME can process syslog messages only if
they are in EMBLEM format.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-365
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
If you use TCP as the logging transport protocol, the ACE denies new network access sessions if the
ACE is unable to reach the syslog server, if the syslog server is misconfigured, if the TCP queue is full,
or if the disk is full.
The format emblem keywords allow you to enable EMBLEM-format logging for each syslog server.
EMBLEM-format logging is available for either TCP or UDP syslog messages. If you enable
EMBLEM-format logging for a particular syslog host, then the messages are sent to that host. If you also
enable the logging timestamp command, the messages are sent to the syslog server with a time stamp.
For example, the EMBLEM format for a message with a time stamp appears as follows:
ipaddress or dns name [Dummy Value/Counter]: [mmm dd hh:mm:ss TimeZone]:
%FACILITY-[SUBFACILITY-]SEVERITY-MNEMONIC: [vtl-ctx: context id] Message-text
Examples To send log messages to a syslog server, enter:
host1/Admin(config)# logging host 192.168.10.1 tcp/1025 format emblem default-udp
To disable logging to a syslog server, enter:
host1/Admin(config)# no logging host 192.168.10.1
Related Commands (config) logging enable
(config) logging timestamp2-366
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) logging message
To control the display of a specific system logging message or to change the severity level associated
with the specified system logging message, use the logging message command. Use the no form of this
command to disable logging of the specified syslog message.
logging message syslog_id [level severity_level]
no logging message syslog_id
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
You can use the show logging command to determine the level currently assigned to a message and
whether the message is enabled.
For information on syslog messages and their IDs, see the System Message Guide, Cisco ACE
Application Control Engine.
syslog_id Specific message that you want to disable or to enable.
level
severity_level
(Optional) Changes the severity level associated with a specific system log
message. For example, the %-4-411001 message listed in the syslog has the
default assigned severity level of 4 (warning message). You can change the
assigned default severity level to a different level.
Allowable entries are as follows:
• 0—emergencies (system unusable messages)
• 1—alerts (take immediate action)
• 2—critical (critical condition)
• 3—errors (error message)
• 4—warnings (warning message)
• 5—notifications (normal but significant condition)
• 6—informational (information message)
• 7—debugging (debug messages)
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-367
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Examples To disable the %-6-615004 syslog message (VLAN available for configuring an interface), enter:
host1/Admin(config)# no logging message 615004
To resume logging of the disabled syslog message, enter:
host1/Admin(config)# logging message 615004 level 6
To change the severity level of the 615004 syslog message from the default of 6 (informational) to a
severity level of 5 (notification), enter:
(config)# logging message 615004 level 5
To return the severity level of the 615004 syslog message to the default of 6, enter:
host1/Admin(config)# no logging message 615004
Related Commands (config) logging enable2-368
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) logging monitor
To display syslog messages as they occur when accessing the ACE through a Secure Shell (SSH) or a
Telnet session, use the logging monitor command. You can limit the display of messages based on
severity. By default, logging to a remote connection using the SSH or Telnet is disabled on the ACE. Use
the no form of this command to disable system message logging to the current Telnet or SSH session.
logging monitor severity_level
no logging monitor
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Note Before you can use this command, you must enable remote access on the ACE and establish a remote
connection using the SSH or Telnet protocols from a PC.
severity_level Maximum level for system log messages displayed during the current SSH or Telnet
session. The severity level that you specify indicates that you want to log messages at
that level and below. Allowable entries are as follows:
• 0—emergencies (system unusable messages)
• 1—alerts (take immediate action)
• 2—critical (critical condition)
• 3—errors (error message)
• 4—warnings (warning message)
• 5—notifications (normal but significant condition)
• 6—informational (information message)
• 7—debugging (debug messages)
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-369
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
To display logs during the SSH or Telnet session, use the terminal monitor Exec mode command. This
command enables syslog messages for all sessions in the current context. The logging monitor
command sets the logging preferences for all SSH and Telnet sessions, while the terminal monitor
command controls logging for each individual Telnet session. However, in each session, the terminal
monitor command controls whether syslog messages appear on the terminal during the session.
Examples To send informational system message logs to the current Telnet or SSH session, enter:
host1/Admin# terminal monitor
host1/Admin# config
Enter configuration commands, one per line. End with CNTL/Z
host1/Admin(config)# logging monitor 6
To disable system message logging to the current Telnet or SSH session, enter:
host1/Admin(config)# no logging monitor
Related Commands (config) logging enable
(config) logging persistent
To send specific log messages to compact flash on the ACE, use the logging persistent command. By
default, logging to compact flash is disabled on the ACE. The ACE allows you to specify the system
message logs that you want to keep after a system reboot by saving them to compact flash. Use the no
form of this command to disable logging to compact flash.
logging persistent severity_level
no logging persistent
Syntax Description
Command Modes Configuration mode
Admin and user contexts
severity_level Maximum level for system log messages sent to compact flash. The severity level that
you specify indicates that you want to log messages at that level and below. Allowable
entries are as follows:
• 0—emergencies (system unusable messages)
• 1—alerts (take immediate action)
• 2—critical (critical condition)
• 3—errors (error message)
• 4—warnings (warning message)
• 5—notifications (normal but significant condition)
• 6—informational (information message)
• 7—debugging (debug messages)2-370
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command History
Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
We recommend that you use a lower severity level, such as severity level 3, because logging at a high
rate to flash memory on the ACE might affect performance.
Examples To send informational system message logs to flash memory on the ACE, enter:
host1/Admin(config)# logging persistent 6
To disable logging to flash memory on the ACE, enter:
host1/Admin(config)# no logging persistent
Related Commands (config) logging enable
(config) logging queue
To change the number of syslog messages that can appear in the message queue, use the logging queue
command. By default, the ACE can hold 80 syslog messages in the message queue while awaiting
processing. Use the no form of this command to reset the logging queue size to the default of
100 messages.
logging queue queue_size
no logging queue queue_size
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.
queue_size Queue size for storing syslog messages. Enter an integer from 1 to 8192. The default is
80 messages.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.2-371
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Set the queue size before the ACE processes syslog messages. When traffic is heavy, messages might get
discarded.
Examples To set the size of the syslog message queue to 1000, enter:
host1/Admin(config)# logging queue 1000
To reset the logging queue size to the default of 80 messages, enter:
host1/Admin(config)# no logging queue 0
Related Commands (config) logging enable
(config) logging rate-limit
To limit the rate at which the ACE generates messages in the syslog, use the logging rate-limit
command. You can limit the number of syslog messages generated by the ACE for specific messages.
Use the no form of this command to disable rate limiting for message logging in the syslog.
logging rate-limit {num {interval | level severity_level | message syslog_id} | unlimited {level
severity_level | message syslog_id}}
no logging rate-limit {num {interval | level severity_level | message syslog_id} | unlimited {level
severity_level | message syslog_id}}
Syntax Description
ACE Appliance Release Modification
A1(7) This command was introduced.
num Number at which the syslog is to be rate limited.
interval Time interval in seconds over which the system message logs should be limited. The
default time interval is 1 second.2-372
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Disabled rate limiting is the default setting. In this case, the logging rate-limit unlimited command will
not be displayed in the ACE running-configuration file.
The severity level you enter indicates that you want all syslog messages at the specified level to be
rate-limited. For example, if you specify a severity level of 7, the ACE applies a rate limit only to level 7
(debugging messages). If you want to apply a logging rate limit on a different severity level, you must
configure the logging rate-limit level command for that level as well.
If you configure rate limiting for syslogs 302028 through 302031 (connection setup and teardown
syslogs that are formatted in the data plane), the ACE always rate-limits these syslogs at level 6. Even
if you change the logging level to a different value using the logging message command and the new
logging level appears on the syslog server or other destination, the ACE will continue to rate-limit these
syslogs at level 6.
For information on syslog messages and their IDs, see the System Message Guide, Cisco ACE
Application Control Engine.
level
severity_level
Specifies the syslog level that you want to rate limit. Allowable entries are as follows:
• 0—emergencies (system unusable messages)
• 1—alerts (take immediate action)
• 2—critical (critical condition)
• 3—errors (error message)
• 4—warnings (warning message)
• 5—notifications (normal but significant condition)
• 6—informational (information message)
• 7—debugging (debug messages)
message
syslog_id
Identifies the ID of the specific message you want to suppress reporting.
unlimited Disables rate limiting for messages in the syslog.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-373
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Examples To limit the syslog rate to a 60-second time interval for informational messages (level 6), enter:
host1/Admin(config)# logging rate-limit 42 60 level 6
To suppress reporting of system message 302022, enter:
host1/Admin(config)# logging rate-limit 42 60 302022
To disable rate limiting, enter:
host1/Admin(config)# no logging rate-limit 42 60 level 6
Related Commands (config) logging enable
(config) logging standby
To enable logging on the standby ACE in a redundant configuration, use the logging standby command.
When enabled, the standby ACE syslog messages remain synchronized should a failover occur. When
enabled, this command causes twice the message traffic on the syslog server. Use the no form of this
command to disable logging on the standby ACE.
logging standby
no logging standby
Syntax Description This command has no keywords or arguments.
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is disabled by default.
Examples To enable logging on the failover standby ACE:
host1/Admin(config)# logging standby
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-374
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
To disable logging on the standby ACE, enter:
host1/Admin(config)# no logging standby
Related Commands (config) logging enable
(config) logging supervisor
(ACE module only) To set the severity level at which syslog messages are sent to the supervisor engine,
use the logging supervisor command. The ACE can forward syslog messages to the supervisor engine
on the Catalyst 6500 series switch. Use the no form of this command to disable system message logging
to the supervisor engine.
logging supervisor severity_level
no logging supervisor
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
severity_level Maximum level for system log messages. The severity level that you specify indicates
that you want to log messages at that level and below. Allowable entries are as
follows:
• 0—emergencies (system unusable messages)
• 1—alerts (take immediate action)
• 2—critical (critical condition)
• 3—errors (error message)
• 4—warnings (warning message)
• 5—notifications (normal but significant condition)
• 6—informational (information message)
• 7—debugging (debug messages)
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.2-375
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Examples To send informational system message logs to the supervisor engine on the Catalyst 6500 series switch,
enter:
host1/Admin(config)# logging supervisor 6
To disable system message logging to the supervisor engine, enter:
host1/Admin(config)# no logging supervisor 3
Related Commands (config) logging enable
(config) logging timestamp
To specify that syslog messages should include the date and time that the message was generated, use
the logging timestamp command. By default, the ACE does not include the date and time in syslog
messages. Use the no form of this command to specify that the ACE not include the date and time when
logging syslog messages.
logging timestamp
no logging timestamp
Syntax Description This command has no keywords or arguments.
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is disabled by default.
Examples To enable the time stamp on system logging messages, enter:
host1/Admin(config)# logging timestamp
To disable the time stamp from syslog messages, enter:
host1/Admin(config)# no logging timestamp
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-376
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Related Commands (config) logging enable
(config) logging trap
To identify which messages are sent to a syslog server, use the logging trap command. This command
limits the logging messages sent to a syslog server based on severity. Use the no form of this command
to return the trap level to the default (information messages).
logging trap severity_level
no logging trap
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the syslog feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To send logging messages to a syslog server, use the logging host command to specify the name or IP
address of the host to be used as the syslog server.
severity_level Maximum level for system log messages. The severity level that you specify indicates
that you want to log messages at that level and below. Allowable entries are as
follows:
• 0—emergencies (system unusable messages)
• 1—alerts (take immediate action)
• 2—critical (critical condition)
• 3—errors (error message)
• 4—warnings (warning message)
• 5—notifications (normal but significant condition)
• 6—informational (information message)
• 7—debugging (debug messages)
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-377
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Examples To send informational system message logs to the syslog server, enter:
host1/Admin(config)# logging trap 6
To disable sending message logs to the syslog server, enter:
host1/Admin(config)# no logging trap 6
Related Commands (config) logging enable
(config) logging host
(config) nexus-device
To create the DCI device (Nexus 7000 series switch) for the dynamic workload scaling (DWS) feature,
use the nexus-device command. The CLI prompt changes to (config-dci). See the “DCI Configuration
Mode Commands” section for details. Use the no form of this command to remove the DCI device from
the configuration.
nexus-device name
no nexus-device name
Syntax Description
Command Modes Configuration mode
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The DCI device provides the locality information (local or remote) of the virtual machines (VMs) only.
You can configure one DCI device per ACE.
Examples To create a DCI device named DCI_DEVICE1, enter:
host1/Admin(config)# nexus-device DCI_DEVICE1
host1/Admin(config-dci)#
To remove the DCI device from the configuration, enter:
host1/Admin(config)# no nexus-device DCI_DEVICE1
name Name of the DCI device that the ACE queries for the locality information of the VMs. Enter
an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.
ACE Module/Appliance
Release Modification
A4(2.0) This command was introduced.2-378
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Related Commands show nexus-device2-379
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) ntp
(ACE appliance only) To configure the ACE system clock to synchronize a peer (or to be synchronized
by a peer) or to be synchronized by a time server, use the ntp command. Use the no form of the command
to remove an NTP peer or server from the configuration.
ntp {peer ip_address1 [prefer] | server ip_address2 [prefer]}
no ntp {peer ip_address1 [prefer] | server ip_address2 [prefer]}
Syntax Description
Command Modes Configuration mode
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
An NTP association can be a peer association, which means that the ACE is willing to synchronize to
the other system or to allow the other system to synchronize to the ACE. An NTP association can also
be a server association, which means that only this system will synchronize to the other system, not the
other way around. You can identify multiple servers; the ACE uses the most accurate server.
To send logging messages to a syslog server, use the logging host command to specify the name or IP
address of the host to be used as the syslog server.
Examples To specify multiple NTP server IP addresses and identify a preferred server, enter:
host1/Admin(config)# ntp server 192.168.10.10 prefer
host1/Admin(config)# ntp server 192.168.4.143
host1/Admin(config)# ntp server 192.168.5.10
peer Configures the ACE system clock to synchronize a peer or to be synchronized by a
peer. You can specify multiple associations.
ip_address1 IP address of the peer providing or being provided by the clock synchronization.
prefer (Optional) Makes this peer the preferred peer that provides synchronization. Using
the prefer keyword reduces switching back and forth between peers.
server Configures the ACE system clock to be synchronized by a time server. You can
specify multiple associations.
ip_address2 IP address of the time server that provides the clock synchronization.
prefer (Optional) Makes this server the preferred server that provides synchronization. Use
the prefer keyword to set this NTP server as the preferred server if multiple servers
have similar accuracy. NTP uses an algorithm to determine which server is the most
accurate and synchronizes to that one. If servers have similar accuracy, then the
prefer keyword specifies which of those servers to use.
ACE Appliance Release Modification
A1(7) This command was introduced.2-380
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
To form a peer association with a preferred peer, enter:
host1/Admin(config)# ntp peer 192.168.10.0 prefer
To remove an NTP peer or server from the configuration, enter:
host1/Admin(config)# no ntp peer 192.168.10.0
Related Commands clear np
show clock
(config) object-group
To create an object group, use the object-group command. Object groups allow you to streamline the
creation of multiple ACL entries in an ACL. Use the no form of this command to remove the object group
from the configuration.
object-group [network | service] name
no object-group [network | service] name
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines You can create either network or service object groups. After you create these groups, you can use a
single ACL entry to allow trusted hosts to make specific service requests to a group of public servers.
If you add new members to an existing object group that is already in use by an entry in a large ACL,
recommitting the ACL can take a long time, depending on the size of the ACL and the object group. In
some cases, making this change can cause the ACE to devote over an hour to committing the ACL, during
which time you cannot access the terminal. We recommend that you first remove the ACL entry that
refers to the object group, make your change, and then add the ACL entry back into the ACL.
network Specifies a group of hosts or subnet IP addresses.
service Specifies a group of TCP or UDP port specifications.
name Unique identifier for the object group. Enter the object group name as an
unquoted, alphanumeric string from 1 to 64 characters.
ACE Module Release Modification
A2(1.0) This command was introduced.
ACE Appliance Release Modification
A3(1.0) This command was introduced.2-381
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Examples To create a network object group, enter:
host1/Admin(config)# object-group network NET_OBJ_GROUP1
Related Commands (config-objgrp-netw) ip_address
(config-objgrp-netw) host2-382
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) optimize
(ACE appliance only) To configure the global optimization settings on the ACE, enter the optimize
command. The CLI prompt changes to (config-optimize). To remove an optimize mode selection, use
the no form of the command.
optimize
no optimize
Syntax Description This command has no keywords or arguments.
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines The commands in this mode require the loadbalance feature in your user role. For details about
role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application
Control Engine.
For information about commands in optimize configuration mode, see the “Optimize Configuration
Mode Commands” section. For details about configuring the commands in the optimize configuration
mode, see the Application Acceleration and Optimization Guide, Cisco ACE 4700 Series Application
Control Engine Appliance.
Examples To access the optimize configuration mode, enter:
host1/Admin(config)# optimize
host1/Admin(config-optimize)#
Related Commands show optimization-global
(config) parameter-map type
To create a connection-, HTTP- or SSL-type parameter map, use the parameter-map type command.
For the ACE appliance only, you can also create an optimization HTTP-type parameter map. Use the no
form of this command to remove a parameter map from the ACE.
parameter-map type {connection | generic | http | optimization http | rtsp | sip | skinny | ssl}
name
no parameter-map type {connection | generic | http | optimization http | rtsp | sip | skinny | ssl}
name
ACE Appliance Release Modification
A1(7) This command was introduced.2-383
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Syntax Description connection Specifies a connection-type parameter map. After you create the
connection-type parameter map, you configure TCP, IP, and other
settings for the map in the parameter map connection configuration
mode. For information about the commands in parameter map
connection configuration mode, see the “Parameter Map Connection
Configuration Mode Commands” section.
dns Specifies a DNS parameter map. After you create a DNS parameter
map, you configure settings for the map in the parameter map DNS
configuration mode. For information about the commands in
parameter map DNS configuration mode, see the “Parameter Map
DNS Configuration Mode Commands” section.
generic Specifies a generic Layer 7 parameter map. After you create the
generic Layer 7 parameter map, you configure settings for the map in
the parameter map generic configuration mode. For information about
the commands in parameter map generic configuration mode, see the
“Parameter Map HTTP Configuration Mode Commands” section.
http Specifies an HTTP-type parameter map. After you create the
HTTP-type parameter map, you configure HTTP settings for the map
in the parameter map HTTP configuration mode. For information
about the commands in parameter map HTTP configuration mode,
see the “Parameter Map HTTP Configuration Mode Commands”
section.
optimization http (ACE appliance only) Specifies an optimization HTTP-type
parameter map and define its application acceleration and
optimization settings. After you create the optimization HTTP-type
parameter map, you configure settings for the map in the parameter
map optimization HTTP configuration mode. For information about
the commands in parameter map HTTP connection configuration
mode, see the “Parameter Map Optimization Configuration Mode
Commands” section.
rtsp Specifies an RTSP-type parameter map. After you create the
RTSP-type parameter map, you configure RTSP settings for the map
in the parameter map RTSP configuration mode. For information about
the commands in parameter map RTSP configuration mode, see the
“Parameter Map RTSP Configuration Mode Commands” section.
sip Specifies a SIP-type parameter map. After you create the SIP-type
parameter map, you configure SIP settings for the map in the
parameter map SIP configuration mode. For information about the
commands in parameter map SIP configuration mode, see the
“Parameter Map SIP Configuration Mode Commands” section.
skinny Specifies a Skinny Client Control Protocol (SCCP) type parameter
map. After you create the SCCP-type parameter map, you configure
SCCP settings for the map in the parameter map SCCP configuration
mode. For information about the commands in parameter map SCCP
configuration mode, see the “Parameter Map SCCP Configuration
Mode Commands” section.2-384
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines The connection and http commands requires the connection feature in your user role. The ssl commands
in this mode require the connection or SSL feature.
(ACE appliance only) The optimization http commands in this mode require the loadbalance feature in
your user role.
For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco
ACE Application Control Engine.
The parameter-map type command allows you to configure a series of Layer 3 and Layer 4 statements
that instruct the ACE how to handle TCP termination, normalization and reuse, SSL termination, and
advanced HTTP behavior for server load-balancing connections. After you enter this command, the system
enters the corresponding parameter map configuration mode.
To access one of the parameter-map configuration modes, enter the appropriate parameter-map type
command. For example, enter parameter-map type connection, parameter-map type http, or
parameter-map type ssl. The CLI prompt changes to the corresponding mode, for example,
(config-parammap-conn), (config-parammap-http), or (config-parammap-ssl).
After you configure the parameter map, you associate it with a specific action statement in a policy map.
Examples To create a connection-type parameter map called TCP_MAP, enter:
host1/Admin(config)# parameter-map type connection TCP_MAP
host1/Admin(config-parammap-conn)#
To create an HTTP-type parameter map called HTTP_MAP, enter:
host1/Admin(config)# parameter-map type http HTTP_MAP
host1/Admin(config-parammap-http)#
ssl Specifies an SSL-type parameter map. After you create the SSL-type
parameter map, you configure SSL settings for the map in the
parameter map SSL configuration mode. For information about the
commands in parameter map SSL connection configuration mode,
see the “Parameter Map SSL Configuration Mode Commands”
section.
name Name assigned to the parameter map. Enter an unquoted text string
with no spaces and a maximum of 64 alphanumeric characters.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(1.0) This command was revised.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(1.0) This command was revised.2-385
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
To create an SSL-type parameter map called SSL_MAP, enter:
host1/Admin(config)# parameter-map type ssl SSL_MAP
host1/Admin(config-parammap-ssl)#
ACE Appliance Example
To create an optimization HTTP parameter map called OPTIMIZE_MAP, enter:
host1/Admin(config)# parameter-map type optimization http OPTIMIZE_MAP
host1/Admin(config-parammap-optmz)#
Related Commands show running-config
(config) policy-map
(config) peer hostname
To specify a hostname for the peer ACE in a redundant configuration, use the peer hostname command.
The hostname is used for the command line prompts and default configuration filenames. If you establish
sessions to multiple devices, the hostname helps you track where you enter commands. Use the no form
of this command to reset the hostname of the peer to the default of switch.
peer hostname name
no peer hostname name
Syntax Description
Command Modes Configuration mode
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
By default, the hostname for the ACE is switch.
name New hostname for the peer ACE. Enter a case-sensitive text string that contains from 1 to
32 alphanumeric characters.
ACE Module Release Modification
A2(1.0) This command was introduced.
ACE Appliance Release Modification
A3(1.0) This command was introduced.2-386
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Examples To change the hostname of the peer ACE from switch to ACE_1, enter:
switch/Admin(config)# peer hostname ACE_1
ACE_1/Admin(config)#
Related Commands (config) hostname
(config) peer shared-vlan-hostid
To configure a specific bank of MAC addresses for a peer ACE in a redundant configuration, use the
peer shared-vlan-hostid command. Use the no form of this command to remove the configured bank
of MAC addresses.
peer shared-vlan-hostid number
no peer shared-vlan-hostid
Syntax Description
Command Modes Configuration mode
Admin context only
Command History
Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Examples To configure bank 3 for a peer ACE, enter:
host1/Admin(config)# peer shared-vlan-hostid 3
To remove the configured bank of MAC addresses, enter:
host1/Admin(config)# no peer shared-vlan-hostid
number Bank of MAC addresses that the ACE uses. Enter a number from 1 to
16. Be sure to configure different bank numbers for multiple ACEs.
ACE Module Release Modification
3.0(0)A1(6.2a) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-387
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Related Commands (config) arp
(config) shared-vlan-hostid2-388
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) policy-map
Use the policy-map command to create a Layer 3 and Layer 4 or Layer 7 policy map. To access one of
the policy map configuration modes, use the policy-map command. Use the no form of this command
to remove a policy map from the ACE.
policy-map multi-match map_name
policy-map type inspect {ftp first-match | http all-match | sip all-match | skinny} map_name
policy-map type loadbalance {first-match | generic first-match | http first-match |
radius first-match | rdp first-match | rtsp first-match | sip first-match} map_name
policy-map type management first-match map_name
policy-map type optimization http first-match map_name
no policy-map multi-match map_name
no policy-map type inspect {ftp first-match | http all-match | sip all-match | skinny} map_name
no policy-map type loadbalance {first-match | generic first-match | http first-match |
radius first-match | rdp first-match | rtsp first-match | sip first-match} map_name
no policy-map type management first-match map_name
Syntax Description multi-match Configures a Layer 3 and Layer 4 policy map that defines the
different actions applied to traffic passing through the ACE. The ACE
attempts to match multiple classes within the Layer 3 and Layer 4
policy map to allow a multifeature Layer 3 and Layer 4 policy map.
The ACE executes the action for only one matching class within each
of the class sets. The definition of which classes are in the same class
set depends on the actions applied to the classes; the ACE associates
each policy map action with a specific set of classes.
For information about the commands in policy map configuration
mode, see the “Policy Map Configuration Mode Commands” section.
map_name Name assigned to the policy map. Enter an unquoted text string with
no spaces and a maximum of 64 alphanumeric characters.
type Specifies the type of policy map to be defined. When you specify a
policy map type, you enter its corresponding policy map
configuration mode (for example, RADIUS load balancing).
inspect ftp first-match Specifies a Layer 7 policy map that defines the inspection of File
Transfer Protocol (FTP) commands by the ACE. The ACE executes
the action for the first matching classification. For a list of classes in
a policy map, the actions associated with the first class that matches
the packet are the actions that the ACE executes on the packet. For
information about the commands in policy map FTP inspection
configuration mode, see the “Policy Map FTP Inspection
Configuration Mode Commands” section.2-389
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
inspect http all-match Specifies a Layer 7 policy map that defines the deep packet
inspection of the HTTP protocol by the ACE. The ACE attempts to
match all specified conditions against the matching classification and
executes the actions of all matching classes until it encounters a deny
for a match request. For information about the commands in policy
map inspection HTTP configuration mode, see the “Policy Map
Inspection HTTP Configuration Mode Commands” section.
inspect sip all-match Specifies a Layer 7 policy map that defines the inspection of SIP
protocol packets by the ACE. The ACE attempts to match all
specified conditions against the matching classification and executes
the actions of all matching classes until it encounters a deny for a
match request. For information about the commands in policy map
inspection SIP configuration mode, see the “Policy Map Inspection
SIP Configuration Mode Commands” section.
inspect skinny Specifies a Layer 7 policy map that defines the inspection of SCCP
or skinny protocol packets by the ACE. The ACE uses the SCCP
inspection policy to filter traffic based on message ID and to perform
user-configurable actions on that traffic. For information about the
commands in policy map inspection SIP configuration mode, see the
“Policy Map Inspection Skinny Configuration Mode Commands”
section.
loadbalance first-match Specifies a Layer 7 policy map that defines Layer 7 HTTP server
load-balancing decisions. The ACE executes the action for the first
matching classification. For a list of classes in a policy-map, the
actions associated with the first class that matches the packet are the
actions that the ACE executes on the packet. For information about
the commands in policy map load balance configuration mode, see
the “Policy Map Load Balancing HTTP Configuration Mode
Commands” section.
loadbalance generic
first-match
Specifies a Layer 7 policy map that defines Layer 7 HTTP server
load-balancing decisions. The ACE executes the action for the first
matching classification. For a list of classes in a policy-map, the
actions associated with the first class that matches the packet are the
actions that the ACE executes on the packet. For information about
the commands in policy map load balance configuration mode, see
the “Policy Map Load Balancing Generic Configuration Mode
Commands” section.
loadbalance http first-match Specifies a Layer 7 policy map that defines Layer 7 HTTP server
load-balancing decisions. The ACE executes the action for the first
matching classification. For a list of classes in a policy-map, the
actions associated with the first class that matches the packet are the
actions that the ACE executes on the packet. For information about
the commands in policy map load balance configuration mode, see
the “Policy Map Load Balancing HTTP Configuration Mode
Commands” section.2-390
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command Modes Configuration mode
loadbalance radius
first-match
Specifies a Layer 7 policy map that defines Layer 7 HTTP server
load-balancing decisions. The ACE executes the action for the first
matching classification. For a list of classes in a policy-map, the
actions associated with the first class that matches the packet are the
actions that the ACE executes on the packet. For information about
the commands in policy map load balance configuration mode, see
the “Policy Map Load Balancing RADIUS Configuration Mode
Commands” section.
loadbalance rdp first-match Specifies a Layer 7 policy map that defines Layer 7 HTTP server
load-balancing decisions. The ACE executes the action for the first
matching classification. For a list of classes in a policy-map, the
actions associated with the first class that matches the packet are the
actions that the ACE executes on the packet. For information about
the commands in policy map load balance configuration mode, see
the “Policy Map Load Balancing RDP Configuration Mode
Commands” section.
loadbalance rtsp first-match Specifies a Layer 7 policy map that defines Layer 7 HTTP server
load-balancing decisions. The ACE executes the action for the first
matching classification. For a list of classes in a policy-map, the
actions associated with the first class that matches the packet are the
actions that the ACE executes on the packet. For information about
the commands in policy map load balance configuration mode, see
the “Policy Map Load Balancing RDP Configuration Mode
Commands” section.
loadbalance sip first-match Specifies a Layer 7 policy map that defines Layer 7 HTTP server
load-balancing decisions. The ACE executes the action for the first
matching classification. For a list of classes in a policy-map, the
actions associated with the first class that matches the packet are the
actions that the ACE executes on the packet. For information about
the commands in policy map load balance configuration mode, see
the “Policy Map Load Balancing SIP Configuration Mode
Commands” section.
management first-match Specifies a Layer 3 and Layer 4 policy map that defines the IP
management protocols that can be received by the ACE. The ACE
executes the specified action only for traffic that meets the first
matching classification with a policy map. For information about the
commands in policy map management configuration mode, see the
“Policy Map Management Configuration Mode Commands” section.
optimization http
first-match
(ACE appliance only) Specifies a Layer 7 policy map that defines
Layer 7 HTTP optimization operations. The Layer 7 optimization
HTTP policy map associates an HTTP optimization action list and
parameter map to configure the specified optimization actions. The
ACE executes the action for the first matching classification. For a
list of classes in a policy-map, the actions associated with the first
class that matches the packet are the actions that the ACE executes on
the packet. For information about the commands in policy map
optimization configuration mode, see the “Policy Map Optimization
Configuration Mode Commands” section.2-391
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Admin and user contexts
Command History
Usage Guidelines This command requires the inspect, loadbalance, NAT, connection, or SSL feature in your user role. For
details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE
Application Control Engine.
Use the policy map configuration mode commands to configure a series of Layer 3 and Layer 4 or
Layer 7 policies. Each policy map defines a series of actions (functions) that you apply to a set of
classified inbound traffic. The CLI prompt changes correspondingly to the selected policy map
configuration mode: config-pmap, config-pmap-c, config-pmap-insp-http, config-pmap-insp-http-c,
config-pmap-insp-http-m, config-pmap-lb, config-pmap-lb-c, config-pmap-lb-m, config-pmap-mgmt,
and config-pmap-mgmt-c.
(ACE appliance only) In addition, the prompt include config-pmap-optmz and config-pmap-optmz-c.
For a Layer 3 and Layer 4 traffic classification, you create Layer 3 and Layer 4 policy maps with actions
that configure the following:
• Network management traffic received by the ACE (HTTP, HTTPS, ICMP, SNMP, SSH, or Telnet)
• Server load balancing based on Layer 3 and Layer 4 connection information (virtual IP address)
• Secure Sockets Layer (SSL) security services between a web browser (the client) and the HTTP
connection (the server)
• Static or dynamic Network Address Translation (NAT)
• Application protocol inspection (also known as protocol fixup)
• TCP termination, normalization, and reuse
• IP normalization and fragment reassembly
For a Layer 7 traffic classification, you create policy maps with actions that configure the following:
• Server load balancing based on the Layer 7 HTTP-related information (such as HTTP headers,
cookies, and URLs), or the client IP address
• (ACE appliance only) Application acceleration and optimization functions
• Deep packet inspection of the HTTP protocol
• FTP command inspection
The ACE supports a system-wide maximum of 4096 policy maps.
For details about creating a policy map, see the Administration Guide, Cisco ACE Application Control
Engine.
Examples To create a Layer 3 and Layer 4 server load-balancing policy map named L4_SLB_POLICY, enter:
host1/Admin(config)# policy-map multi-match L4_SLB_POLICY
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(1.0) This command was revised.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(1.0) This command was revised.2-392
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
host1/Admin(config-pmap)#
To create a Layer 3 and Layer 4 management protocol policy map named
L4_MGMT-ACCESS_POLICY, enter:
host1/Admin(config)# policy-map type management match-any L4_MGMT-ACCESS_CLASS
host1/Admin(config-pmap-mgmt)#
(ACE appliance only) To create a Layer 7 optimization HTTP policy map named
L7OPTIMIZATION_POLICY, enter:
host/Admin(config)# policy-map type optimization http first-match L7OPTIMIZATION_POLICY
host/Admin(config-pmap-optmz)#
To create a Layer 7 HTTP server load-balancing policy map named L7_SLB_POLICY, enter:
host1/Admin(config)# policy-map type loadbalance first-match L7_SLB_POLICY
host1/Admin(config-pmap-lb)#
To create a Layer 7 HTTP deep packet inspection policy map named L7_HTTP_INSPECT_POLICY,
enter:
host/Admin(config) # policy-map type inspect http all-match HTTP_INSPECT_L7POLICY
host/Admin(config-pmap-ins-http)#
To create a Layer 7 FTP command inspection policy map named L7_FTP_INSPECT_POLICY, enter:
host1/Admin(config)# class-map type ftp inspect match-any L7_FTP_INSPECT_POLICY
host1/Admin(config-pmap-ftp-ins)#
Related Commands show startup-config
(config) class-map
(config) parameter-map type
(config) service-policy
(config) probe
To define a probe and access its configuration mode, use the probe command. The CLI prompt changes
to (config-probe_type). Use the no form of this command to delete the probe.
probe probe_type probe_name
no probe probe_type probe_name
Syntax Description probe_type Probe types. The probe type determines what the probe sends to the
real server. Enter one of the following keywords:
• dns—Sends a request to a DNS server giving it a configured
domain. To determine if the server is up, the ACE must receive
the configured IP address for that domain.
• echo {tcp | udp}—Sends a string to the server and compares the
response to the original string. If the response string matches the
original string, the server is marked as passed. Otherwise, the
ACE retries a configured number of times and time interval
before the server is marked as failed.2-393
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
• finger—Sends a Finger probe to a server to verify that a defined
username is a username on the server. Use the Finger protocol to
configure the username string.
• ftp—Initiates an FTP session. By default, this probe is for an
anonymous login with the option of configuring a user ID and
password. The ACE performs an FTP GET or LS to determine
the outcome of the probe. This probe supports only active
connections.
• http—Sets up a TCP connection and issues an HTTP request.
The default request is an HTTP 1.1 GET request with the URL /.
Any valid HTTP response causes the probe to mark the real
server as passed. You can also configure an HTTP response
value.
• https—Similar to the HTTP probe, but this probe uses SSL to
generate encrypted data.
• icmp—Sends an ICMP request and listens for a response. If the
server returns a response, the ACE marks the real server as
passed. If there is no response and the time times out, or an ICMP
standard error such as DESTINATION_UNREACHABLE
occurs, the ACE marks the real server as failed.
• imap—Identical to POP/POP3 probe, but uses IMAP.
• pop—Initiates a POP session, using a configured user ID and
password. Then, the probe attempts to retrieve e-mail from the
server and validates the result of the probe based on the return
codes received from the server.
• radius—Connects to a RADIUS server and logs in to it to
determine whether the server is up.
• rtsp—Establishes a TCP connection and sends a request packet
to the RTSP server to determine whether the server is up.
• scripted—Executes probes from a configured script to perform
health probing. You can author specific scripts with features not
present in standard health probes.
• sip {tcp | udp}— Establishes a TCP or UDP connection and
sends an OPTIONS request packet to the user agent on the SIP
server to determine whether the server is up.
• smtp—Initiates an SMTP session by logging in to the server.
• snmp—Establishes a UDP connection and sends a maximum of
eight SMNP OID queries to probe the server.
• tcp—Initiates a TCP handshake and expects a response. By
default, a successful response causes the probe to mark the server
as passed, and then the probe sends a FIN to end the session. If
the response is not valid or if there is no response, the probe
marks the real server as failed.
• telnet—Establishes a connection to the real server and verifies
that a greeting from the application was received.2-394
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the probe feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
For information about commands in probe configuration mode, see the “Probe Configuration Mode
Commands” section.
Examples To define a TCP probe named PROBE1 and access its mode, enter:
host1/Admin(config)# probe tcp PROBE1
host1/Admin(config-probe-tcp)#
To delete a TCP probe named PROBE1, enter:
host1/Admin(config)# no probe tcp PROBE1
• udp—Sends a UDP packet to a real server. The probe marks the
server as failed only if an ICMP Port Unreachable message is
returned. Optionally, you can configure this probe to send
specific data and expect a specific response to mark the real
server as passed.
• vm—Polls the local VM load information from the VM
controller (vCenter) for the dynamic workload scaling (DWS)
feature. The ACE calculates the average aggregate load
information as a percentage of CPU usage or memory usage to
determine when to burst traffic to the remote data center. If the
server farm consists of both physical servers and VMs, the ACE
considers load information only from the VMs. After you
configure the VM probe and its attributes, you associate it with a
VM controller and a server farm.
probe_name Identifier for the probe. The probe name associates the probe to the
real server. Enter an unquoted text string with no spaces and a
maximum of 64 alphanumeric characters.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
A2(1.0) This command was revised.
A4(2.0) Added the VM probe type.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(1.0) This command was revised.
A4(2.0) Added the VM probe type.2-395
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Related Commands clear probe
show probe
(config) radius-server attribute nas-ipaddr
To specify a RADIUS NAS-IP-Address attribute, use the radius-server attribute nas-ipaddr
command. Use the no form of this command to delete the RADIUS NAS-IP-Address and return to the
default configuration.
radius-server attribute nas-ipaddr nas_ip_address
no radius-server attribute nas-ipaddr nas_ip_address
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
By default, the NAS-IP-Address is not configured. The ACE performs a route lookup on the Remote
Authentication Dial-In User Service (RADIUS) server IP address and uses the result.
The RADIUS NAS-IP-Address attribute allows you to configure an arbitrary IP address to be used as
RADIUS attribute 4, NAS-IP-Address for each context.
The radius-server attribute nas-ipaddr command allows the ACE to behave as a single RADIUS client
from the perspective of the RADIUS server. The configured NAS-IP-Address will be encapsulated in all
outgoing RADIUS authentication request and accounting packets.
Examples To specify a RADIUS NAS-IP-Address, enter:
host1/Admin(config)# radius-server attribute nas-ipaddr 192.168.1.1
nas_ip_address IP address that is used as the RADIUS NAS-IP-Address, attribute 4.
Enter the address in dotted-decimal IP notation (for example,
192.168.11.1).
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-396
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
To delete the RADIUS NAS-IP-Address and return to the default configuration, enter:
host1/Admin(config)# no radius-server attribute nas-ipaddr 192.168.1.1
Related Commands show aaa
(config) aaa group server
(config) radius-server host
(config) radius-server deadtime
To globally set the time interval in which the ACE verifies whether a nonresponsive server is operational,
use the radius-server deadtime command. Use the no form of this command to reset the Remote
Authentication Dial-In User Service (RADIUS) server dead-time request to the default of 0.
radius-server deadtime minutes
no radius-server deadtime minutes
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Use of this command causes the ACE to mark as “dead” any RADIUS servers that fail to respond to
authentication requests. This action avoids the wait for the request to time out before trying the next
configured server. The ACE skips a RADIUS server that is marked as dead by sending additional
requests for the duration of minutes.
The dead-time interval starts when the server does not respond to the number of authentication request
transmissions configured through the radius-server retransmit command. When the server responds to
a probe access-request packet, the ACE transmits the authentication request to the server.
minutes Length of time that the ACE skips a nonresponsive RADIUS server
for transaction requests. Enter an integer from 0 to 1440 (24 hours).
The default is 0.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-397
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Examples To globally configure a 15-minute dead-time for RADIUS servers that fail to respond to authentication
requests, enter:
host1/Admin(config)# radius-server deadtime 15
To set the RADIUS server dead-time request to 0, enter:
host1/Admin(config)# no radius-server deadtime 15
Related Commands show aaa
(config) aaa group server
(config) radius-server host
(config) radius-server host
To designate and configure a host for RADIUS server functions, use the radius-server host command.
You can define multiple radius-server host commands to configure multiple Remote Authentication
Dial-In User Service (RADIUS) servers. Use the no form of this command to remove the RADIUS
server from the configuration.
radius-server host ip_address [key shared_secret [0 shared_secret | 7 shared_secret]] [auth-port
port_number] [acct-port port_number] [authentication] [accounting] [timeout seconds]
[retransmit count]
no radius-server host ip_address [key shared_secret [0 shared_secret | 7 shared_secret]]
[auth-port port_number] [acct-port port_number] [authentication] [accounting] [timeout
seconds] [retransmit count]
Syntax Description ip_address IP address for the RADIUS server. Enter the address in
dotted-decimal IP notation (for example, 192.168.11.1).
key (Optional) Enables an authentication key for communication
between the ACE and the RADIUS daemon running on the RADIUS
server. The key is a text string that must match the encryption key
used on the RADIUS server.
shared_secret Key that is used to authenticate communication between the
RADIUS client and server. The shared secret must match the one
configured on the RADIUS server. Enter the shared secret as a
case-sensitive string with no spaces with a maximum of 63
alphanumeric characters.
0 (Optional) Configures a key specified in clear text (indicated by 0) to
authenticate communication between the RADIUS client and server.
7 (Optional) Configures a key specified in encrypted text (indicated by
7) to authenticate communication between the RADIUS client and
server.
auth-port port_number (Optional) Specifies the UDP destination port for communicating
authentication requests to the RADIUS server. By default, the
RADIUS authentication port is 1812 (as defined in RFC 2138 and
RFC 2139). The port_number argument specifies the RADIUS port
number. Valid values are from 1 to 65535.2-398
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The key option overrides the global setting of the radius-server key command. If you do not specify a
key, the global value is used. RADIUS keys are always stored in encrypted form in persistent storage.
The running configuration also displays keys in encrypted form.
If neither the authentication nor the accounting options are specified, the RADIUS server is used for
both accounting and authentication.
If your RADIUS server uses a port other than 1813, use the acct-port keyword to configure the ACE for
the appropriate port before starting the RADIUS service.
acct-port port_number (Optional) Specifies the UDP destination port for communicating
accounting requests to the RADIUS server. By default, the RADIUS
accounting port is 1813 (as defined in RFC 2138 and RFC 2139). The
port_number argument specifies the RADIUS port number. Valid
values are from 1 to 65535.
authentication (Optional) Specifies that the RADIUS server is used only for
authentication purposes.
If neither the authentication nor the accounting options are specified,
the RADIUS server is used for both accounting and authentication
purposes.
accounting (Optional) Specifies that the RADIUS server is used only for
accounting purposes.
If neither the authentication nor the accounting options are specified,
the RADIUS server is used for both accounting and authentication
purposes.
timeout seconds (Optional) Specifies the time interval that the ACE waits for the
RADIUS server to reply to an authentication request before
retransmitting a request. Valid entries are from 1 to 60 seconds. The
default is 1 second.
retransmit count (Optional) Specifies the number of times that the ACE retransmits an
authentication request to a timed-out RADIUS server before
declaring the server to be unresponsive and contacting the next server
in the group. Valid entries are from 1 to 5 attempts. The default is one
attempt.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-399
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
If your RADIUS server uses a port other than 1812, use the auth-port keyword to configure the ACE
for the appropriate port before starting the RADIUS service.
The retransmit and timeout options override the global settings assigned for the specified server when
you enter the radius-server retransmit and radius-server timeout commands.
Examples To configure RADIUS server authentication parameters, enter:
host1/Admin(config)# radius-server host 192.168.2.3 key HostKey
host1/Admin(config)# radius-server host 192.168.2.3 key 7 secret_1256
host1/Admin(config)# radius-server host 192.168.2.3 auth-port 1645
host1/Admin(config)# radius-server host 192.168.2.3 acct-port 1646
host1/Admin(config)# radius-server host 192.168.2.3 authentication
host1/Admin(config)# radius-server host 192.168.2.3 accounting
host1/Admin(config)# radius-server host 192.168.2.3 timeout 25
host1/Admin(config)# radius-server host 192.168.2.3 retransmit 3
To revert to a default RADIUS server authentication setting, enter:
host1/Admin(config)# no radius-server host 192.168.2.3 acct-port 1646
Related Commands show aaa
(config) aaa group server
(config) radius-server attribute nas-ipaddr2-400
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) radius-server key
To globally configure an authentication key for communication between the ACE and the Remote
Authentication Dial-In User Service (RADIUS) daemon running on each RADIUS server, use the
radius-server key command. Use the no form of this command to remove the global RADIUS server
key setting from the configuration.
radius-server key {shared_secret | 0 shared_secret | 7 shared_secret}
no radius-server key {shared_secret | 0 shared_secret | 7 shared_secret}
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The key is a text string that must match the encryption key used on the RADIUS server. RADIUS keys
are always stored in encrypted form in persistent storage on the ACE. This global key will be applied to
those RADIUS servers in a named server group for which a shared secret is not individually configured
by the (config) radius-server host command.
Examples To globally configure an authentication key to be sent in encrypted text (indicated by 7) to the RADIUS
server, enter:
host1/Admin(config)# radius-server key 7 abe4DFeeweo00o
To delete the key, enter:
host1/Admin(config)# no radius-server key 7 abe4DFeeweo00o
shared_secret Key used to authenticate communication between the RADIUS client
and the server. The shared secret must match the one configured on
the RADIUS server. Enter the shared secret as a case-sensitive string
with no spaces and a maximum of 63 alphanumeric characters.
0 Configures a key specified in clear text (indicated by 0) to
authenticate communication between the RADIUS client and server.
7 Configures a key specified in encrypted text (indicated by 7) to
authenticate communication between the RADIUS client and server.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-401
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Related Commands show aaa
(config) aaa group server
(config) radius-server host
(config) radius-server retransmit
To globally change the number of times that the ACE sends an authentication request to a Remote
Authentication Dial-In User Service (RADIUS) server, use the radius-server retransmit command.
Use the no form of this command to revert to the default of one transmission attempt.
radius-server retransmit count
no radius-server retransmit count
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The ACE applies this global retransmission value to those RADIUS servers for which a value is not
individually configured by the (config) radius-server host command.
If all servers in the group are unavailable for authentication and accounting, the ACE tries the local
database if you configure a local fallback method by entering the aaa authentication login or the aaa
accounting default commands. If you do not have a fallback method, the ACE continues to contact one
of the AAA servers listed in the server group.
Examples To globally configure the number of retransmissions to 3, enter:
host1/Admin(config)# radius-server retransmit 3
To revert to the default of one transmission attempt, enter:
host1/Admin(config)# no radius-server retransmit 3
count Number of times that the ACE attempts to connect to a RADIUS
server(s) before trying to contact the next available server. Enter an
integer from 1 to 5. The default is 1.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-402
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Related Commands show aaa
(config) aaa group server
(config) radius-server host
(config) radius-server timeout
To globally change the time interval that the ACE waits for the Remote Authentication Dial-In User
Service (RADIUS) server to reply before retransmitting an authentication request to the RADIUS server,
use the radius-server timeout command. Use the no form of this command to revert to the default of
one second between transmission attempts.
radius-server timeout seconds
no radius-server timeout seconds
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the AAA feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The ACE applies this global timeout value to those RADIUS servers for which a timeout value is not
individually configured by the (config) radius-server host command.
Examples To globally configure the timeout value to 30 seconds, enter:
host1/Admin(config)# radius-server timeout 30
To revert to the default of one second between transmission attempts, enter:
host1/Admin(config)# no radius-server timeout 30
Related Commands show aaa
(config) aaa group server
seconds Time in seconds between retransmissions to the RADIUS server.
Enter an integer from 1 to 60 seconds. The default is 1 second.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-403
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) radius-server host
(config) regex compilation-timeout
(ACE appliance only) To configure the timeout for regex compilation, use the regex
compilation-timeout command. When you configure a regex and its compilation is longer than the
configured timeout, the ACE stops the regex compilation. Use the no form of this command to revert to
the default of 60 minutes.
regex compilation-timeout minutes
no regex compilation-timeout
Syntax Description
Command Modes Configuration mode
Admin context
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
This command is applicable across all contexts.
Examples To configure a compilation timeout of 80 minutes, enter the following command:
host/Admin(config)# regex compilation-timeout 80
To reset the regex compilation timeout to the default value of 60 minutes, enter the following command:
host/Admin(config)# no regex compilation-timeout
Related Commands This command has no related commands.
minutes Timeout value in minutes. Enter an integer from 1 to 500. The default timeout is
60 minutes.
ACE Appliance Release Modification
A3(2.7). Not applicable for
A4(1.0) and A4(2.0).
This command was introduced.2-404
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) resource-class
Caution The no resource-class command will remove all resources from any context to which the specified
resource class is assigned. Be sure that you want to do this before you enter the command.
To create a resource class and enter resource configuration mode, use the resource-class command. The
CLI prompt changes to (config-resource). Configure a resource class to limit the use of system resources
by one or more contexts. Use the no form of this command to remove the resource-class setting.
resource-class name
no resource-class name
Syntax Description
Command Modes Configuration mode
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Use a resource class to allocate and limit system resources among contexts in your ACE. The default
resource class allocates 100 percent of all configurable system resources to each context. By creating a
resource class, you can prevent oversubscription by limiting the percentage of resources available to
each context. After you create and configure a resource class, use the (config-context) member
command in context configuration mode to assign a context to the class.
To use the stickiness feature, you must allocate a minimum percentage of resources to the feature.
Otherwise, stickiness will not work. For more details, see the Virtualization Guide, Cisco ACE
Application Control Engine.
For information about the commands in the resource configuration mode, see the “Resource
Configuration Mode Commands” section.
name Name assigned to the resource class. Enter an unquoted text string
with no spaces and a maximum of 64 alphanumeric characters. You
can also use the resource class called default.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-405
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Examples To create a resource class called RC1, enter:
host1/C1(config)# resource-class RC1
host1/C1(config-resource)
To remove the resource class from the configuration, enter:
host1/C1(config)# no resource-class RC1
Related Commands show resource allocation
show resource usage
show user-account
show users
(config-context) member
(config) role
To assign a user role to a user and enter role configuration mode, use the role command. The CLI prompt
changes to (config-role). User roles determine the privileges that a user has, the commands that a user
can enter, and the actions that a user can perform in a particular context. You can apply the roles that you
create only in the context in which you create them. See the “Role Configuration Mode Commands”
section for details. Use the no form of this command to remove the user role assignment.
role name
no role name
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
name Identifier associated with a user role. Enter an unquoted text string
with no spaces and a maximum of 64 alphanumeric characters.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-406
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
If you do not assign a user role to a new user, the default user role is Network-Monitor. For users that
you create in the Admin context, the default scope of access is the entire device. For users that you create
in other contexts, the default scope of access is the entire context. If you need to restrict a user’s access,
you must assign a role-domain pair using the (config) username command.
For information about the commands in the role configuration mode, see the “Role Configuration Mode
Commands” section.
For information about configuring roles and assigning them to users, see the Virtualization Guide, Cisco
ACE Application Control Engine
Examples To assign a role, enter:
host1/C1(config)# role TECHNICIAN
host1/C1(config-role)#
To remove the role from the configuration, enter:
host1/C1(config)# no role TECHNICIAN
Related Commands show role
show user-account
show users
(config) username
(config) rserver
To create a real server for server load balancing (SLB) and enter real server configuration mode, use the
rserver command. The CLI prompt changes to (config-host-rserver) or (config-redirect-rserver),
depending on the type of real server that you create. You can create a maximum of 16,384 real servers.
Use the no form of this command to remove the real server from the configuration.
rserver [host | redirect] name
no rserver [host | redirect] name
Syntax Description host (Optional) Specifies a typical real server that provides content and
services to clients. This is the default setting. For details on the
commands in real server host configuration mode, see the “Real
Server Host Configuration Mode Commands” section.
redirect (Optional) Specifies a real server used to redirect traffic to a new
location as specified in the relocn-string argument of the
webhost-redirection command. For details on the commands in real
server redirect configuration mode, see the “Real Server Redirect
Configuration Mode Commands” section.
name Identifier for the real server. Enter an unquoted text string with no
spaces and maximum of 64 alphanumeric characters.2-407
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the rserver feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
All servers in a server farm must be of the same type: host or redirect. You can create a maximum of
4096 real servers in each ACE.
Examples To create a real server of type host, enter:
host1/Admin(config)# rserver server1
To remove the real server of type host from the configuration, enter:
host1/Admin(config)# no rserver server1
Related Commands (config-rserver-redir) webhost-redirection
clear rserver
show rserver
(config) script file name
To load a script into memory on the ACE and enable it for use, use the script file name command. Use
the no form of this command to remove a script from memory and the running configuration.
script file name script_name
no script file name script_name
Syntax Description
Command Modes Configuration mode
Admin and user contexts
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.
script_name Name of the script on the disk0: filesystem. The script name must be
unique across the context. You will use the filename when you
configure the probe.2-408
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command History
Usage Guidelines This command requires the probe feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To run a script or create a health probe using a script, you must see the script name, not the script file
from which the script was loaded.
Examples To load a script into memory, enter:
host1/Admin(config)# script file name ftp1.tcl
To remove the script, enter:
host1/Admin(config)# no script file name ftp1.tcl
Related Commands show script
(config) serverfarm
To create a new server farm or modify an existing server farm and enter the serverfarm configuration
mode, use the serverfarm command. You can configure a maximum of 4096 server farms on each ACE.
Use the no form of this command to remove the server farm from the configuration.
serverfarm [host | redirect] name
no serverfarm [host | redirect] name
Syntax Description
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.
host (Optional) Specifies a typical server farm that consists of real servers
that provide content and services to clients. This is the default. For
details on the commands in the serverfarm host configuration mode,
see the “Server Farm Host Configuration Mode Commands” section.
redirect (Optional) Specifies that the server farm consist only of real servers
that redirect client requests to alternate locations specified by the
relocation string or port number in the real server configuration. For
details on the commands in the serverfarm redirect host configuration
mode, see the “Server Farm Redirect Configuration Mode
Commands” section.
name Unique identifier of the server farm. Enter an unquoted text string
with no spaces and a maximum of 64 alphanumeric characters.2-409
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the server-farm feature in your user role. For details about role-based access
control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
After you create a server farm, you configure the other server farm attributes and add real servers to the
farm. You can configure a maximum of 4096 server farms in each ACE.
Examples To create a server farm of type host called SFARM1, enter:
host1/Admin(config)# serverfarm SFARM1
host1/Admin(config-sfarm-host)#
To remove a server farm called SFARM1, enter:
host1/Admin(config)# no serverfarm SFARM1
host1/Admin(config-sfarm-host)#
Related Commands (config-rserver-redir) webhost-redirection
clear serverfarm
show serverfarm
(config) service-policy
To apply a previously created policy map and attach the traffic policy to a specific VLAN interface or
globally to all VLAN interfaces in the same context, use the service-policy command. Use the no form
of this command to remove a service policy.
service-policy input policy_name
no service-policy input policy_name
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-410
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Note the following when creating a service policy:
• Policy maps, applied globally in a context, are internally applied on all interfaces existing in the
context.
• You can apply the policy in an input direction only.
• A policy activated on an interface overwrites any specified global policies for overlapping
classification and actions.
• The ACE allows only one policy of a specific feature type to be activated on a given interface.
Examples To specify an interface VLAN and apply the Layer 3 and Layer 4 SLB policy map to the VLAN, enter:
host1/C1(config)# interface vlan50
host1/C1(config-if)# mtu 1500
host1/C1(config-if)# ip address 172.20.1.100 255.255.0.0
host1/C1(config-if)# service-policy input L4SLBPOLICY
To globally apply the Layer 3 and Layer 4 SLB policy map to the entire context:
host1/C1(config)# service-policy input L4SLBPOLICY
To globally detach a traffic policy from a context, enter:
host1/C1(config)# no service-policy input L4SLBPOLICY
Related Commands clear service-policy
show service-policy
(config-if) service-policy input
input Specifies that the traffic policy is to be attached to the input
direction of an interface. The traffic policy evaluates all traffic
received by that interface.
policy_name Name of a previously defined policy map, configured with a
previously created policy-map command. The name can be a
maximum of 64 alphanumeric characters.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-411
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) shared-vlan-hostid
To configure a specific bank of MAC addresses for an ACE, use the shared-vlan-hostid command. Use
the no form of this command to remove a configured bank of MAC addresses.
shared-vlan-hostid number
no shared-vlan-hostid
Syntax Description
Command Modes Configuration mode
Admin context only
Command History
Usage Guidelines This command requires the interface feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
When contexts share a VLAN, the ACE assigns a different MAC address to the VLAN on each context.
The MAC addresses reserved for shared VLANs are 0x001243dc6b00 to 0x001243dcaaff, inclusive. All
ACE ACEs derive these addresses from a global pool of 16k MAC addresses. This pool is divided into
16 banks, each containing 1,024 addresses. An ACE supports only 1,024 shared VLANs, and would use
only one bank of MAC addresses out of the pool.
By default, the bank of MAC addresses that the ACE uses is randomly selected at boot time. However,
if you configure two ACE ACEs in the same Layer 2 network and they are using shared VLANs, the
ACEs may select the same address bank and use the same MAC addresses. To avoid this conflict, you
need to configure the bank that the ACEs will use.
Examples To configure bank 2 of MAC addresses, enter:
host1/Admin(config)# shared-vlan-hostid 2
To remove the configured bank of MAC addresses, enter:
host1/Admin(config)# no shared-vlan-hostid
number Bank of MAC addresses that the ACE uses. Enter a number from 1 to
16. Be sure to configure different bank numbers for multiple ACEs.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-412
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Related Commands (config) arp
(config) peer shared-vlan-hostid
(config) snmp-server community
To create or modify Simple Network Management Protocol (SNMP) community names and access
privileges, use the snmp-server community command. Each SNMP device or member is part of a
community. An SNMP community determines the access rights for each SNMP device. SNMP uses
communities to establish trust between managers and agents. Use the no form of this command to
remove an SNMP community.
snmp-server community community_name [group group_name | ro]
no snmp-server community community_name [group group_name | ro]
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Caution If you change the SNMP engine ID for an Admin or user context, all configured SNMP users become
invalid. You must recreate all SNMP users by using the snmp-server community command in
configuration mode.
Command History
community_name SNMP community name for this system. Enter an unquoted text
string with no space and a maximum of 32 alphanumeric characters.
group group_name (Optional) Identifies the role group to which the user belongs. Enter
Network-Monitor, the default group name and the only role that is
supported.
Note Only network monitoring operations are supported through
the ACE implementation of SNMP. In this case, all SNMP
users are automatically assigned the system-defined default
group of Network-Monitor. For details on creating users, see
the Virtualization Guide, Cisco ACE Application Control
Engine.
ro (Optional) Allows read-only access for this community.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-413
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Usage Guidelines This command has no user role restrictions. For details about role-based access control (RBAC) and user
roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
After you create or modify a community, all SNMP devices assigned to that community as members have
the same access rights (as described in RFC 2576). The ACE allows read-only access to the MIB tree for
devices included in this community. The read-only community string allows a user to read data values,
but prevents that user from modifying modify the data.
SNMP communities are applicable only for SNMPv1 and SNMPv2c. SNMPv3 requires user
configuration information such as specifying the role group that the user belongs to, authentication
parameters for the user, authentication password, and message encryption parameters.
Examples To specify an SNMP community called SNMP_Community1, which is a member of the user group, with
read-only access privileges for the community, enter:
host1/Admin(config)# snmp-server community SNMP_Community1 group Network-Monitor
To remove an SNMP community, enter:
host1/Admin(config)# no snmp-server community SNMP_Community1 group Network-Monitor
Related Commands (config) snmp-server host2-414
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) snmp-server contact
To specify the contact information for the Simple Network Management Protocol (SNMP) system, use
the snmp-server contact command. You can specify information for only one contact name. Use the no
form of this command to remove an SNMP contact.
snmp-server contact contact_information
no snmp-server contact
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command has no user role restrictions. For details about role-based access control (RBAC) and user
roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
You can specify only one contact name per SNMP system.
Examples To specify SNMP system contact information, enter:
host1/Admin(config)# snmp-server contact “User1 user1@cisco.com”
To remove the specified SNMP contact information, enter:
host1/Admin(config)# no snmp-server contact
Related Commands (config) snmp-server host
contact_information SNMP contact information for this system. Enter a text string with a
maximum of 240 alphanumeric characters, including spaces. If the
string contains more than one word, enclose the string in quotation
marks (“ ”). You can include information on how to contact the
person; for example, you can include a phone number or an e-mail
address.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-415
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) snmp-server enable traps
To enable the ACE to send Simple Network Management Protocol (SNMP) traps and informs to the
network management system (NMS), use the snmp-server enable traps command. This command
enables both traps and inform requests for the specified notification types. Use the no form of this
command to disable the sending of SNMP traps and inform requests.
snmp-server enable traps [notification_type [notification_option]]
no snmp-server enable traps [notification_type [notification_option]]
Syntax Description
Command Modes Configuration mode
notification_type (Optional) Type of notification to enable. If no type is specified, the
ACE sends all notifications. Specify one of the following keywords:
• license—Sends SNMP license manager notifications. This
keyword appears only in the Admin context.
• slb—Sends server load-balancing notifications. When you
specify the slb keyword, you can specify a notification_option
value.
• snmp—Sends SNMP notifications. When you specify the snmp
keyword, you can specify a notification_option value.
• syslog—Sends error message notifications (Cisco Syslog MIB).
Specify the level of messages to be sent with the logging history
command.
• virtual-context—Sends virtual context change notifications.
This keyword appears only in the Admin context.
notification_option (Optional) One of the following SNMP notifications to enable:
• When you specify the snmp keyword, specify the
authentication, coldstart, linkdown, or linkup keyword to
enable SNMP notifications. This selection generates a
notification if the community string provided in SNMP request
is incorrect, or when a VLAN interface is either up or down. The
coldstart keyword appears only in the Admin context.
• When you specify the slb keyword, specify the real, serverfarm,
or vserver keyword to enable server load-balancing
notifications. This selection generates a notification if one of the
following occurs:
– The real server changes state (up or down) due to such
occurrences as user intervention, ARP failures, and probe
failures.
– The virtual server changes state (up or down). The virtual
server represents the servers behind the content switch in the
ACE to the outside world and consists of the following
attributes: destination address (can be a range of IP
addresses), protocol, destination port, incoming VLAN.2-416
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Admin and user contexts
Command History
Usage Guidelines This command has no user role restrictions. For details about role-based access control (RBAC) and user
roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The notification types used in the snmp-server enable traps command all have an associated MIB
object that globally enables or disables them. However, not all of the notification types available in the
snmp-server host command have notificationEnable MIB objects, so some of the notification types
cannot be controlled using the snmp-server enable traps command.
To configure the ACE to send the SNMP notifications, specify at least one snmp-server enable traps
command. To enable multiple types of notifications, you must enter a separate snmp-server enable
traps command for each notification type and notification option. If you enter the command without any
keywords, the ACE enables all notification types and traps.
The snmp-server enable traps command is used with the snmp-server host command. The
snmp-server host command specifies which host receives the SNMP notifications. To send
notifications, you must configure at least one SNMP server host.
(ACE appliance only) The supported SNMP notifications (traps) in the CISCO-ENHANCED-SLB-MIB
for the serverfarm option are as follows:
• esRealServerStateUpRev1 State of a real server configured in a server farm is up due to user
intervention.The notification is sent with the following varbinds:
– cesRealServerName
– cesServerFarmRserverBackupPort
– cesServerFarmName
– cesServerFarmRserverAdminStatus
– cesServerFarmRserverOperStatus
– cesRserverIpAddressType
– cesRserverIpAddress
– cesServerFarmRserverDescr
• cesRealServerStateDownRev1 State of a real server configured in a server farm is down due to user
intervention. The notification is sent with the following varbinds:
– cesRealServerName
– cesServerFarmRserverBackupPort
– cesServerFarmName
– cesServerFarmRserverAdminStatus
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.
A3(2.4) The serverfarm option was added to this command.2-417
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
– cesServerFarmRserverOperStatus
– cesServerFarmRserverStateDescr
– cesRserverIpAddressType
– cesRserverIpAddress
– cesServerFarmRserverDescr
• cesRealServerStateChangeRev1 State of a real server configured in a server farm changed to a new
state as a result of something other than a user intervention. This notification is sent for situations
such as ARP failures, probe failures, and so on. The notification is sent with the following varbinds:
– cesRealServerName
– cesServerFarmRserverBackupPort
– cesServerFarmName
– cesServerFarmRserverAdminStatus
– cesServerFarmRserverOperStatus
– cesServerFarmRserverStateDescr
– cesRserverIpAddressType
– cesRserverIpAddress
– cesProbeName
– cesServerFarmRserverDescr
Examples To enable the ACE to send server load-balancing traps to the host myhost.cisco.com using the
community string public, enter:
host1/Admin(config)# snmp-server host myhost.cisco.com
host1/Admin(config)# snmp-server community SNMP_Community1 group Network-Monitor
host1/Admin(config)# snmp-server enable traps slb real
To disable SNMP server notifications, enter:
host1/Admin(config)# no snmp-server enable traps slb real
Related Commands (config) snmp-server host2-418
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) snmp-server engineid
To configure the SNMP engine ID for an ACE context, use the snmp-server engineid command. Use
the no form of this command to reset the default engine ID for the context.
snmp-server engineid number
no snmp-server engineid number
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Caution If you change the SNMP engine ID for an Admin or user context, all configured SNMP users become
invalid and all SNMP communities are deleted. You must recreate all SNMP users by using the
snmp-server user command in configuration mode. You must recreate all SNMP communities by using
the snmp-server community command in configuration mode.
Command History
Usage Guidelines The ACE allows you to configure an SNMP engine ID for the Admin or user context. By default, the
ACE automatically creates an SNMP engine ID for the Admin context and each user context. The SNMP
engine represents a logically separate SNMP agent. The IP address for an ACE context provides access
to only one SNMP engine ID.
For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco
ACE Application Control Engine.
Examples To configure an engine ID 88439573498573888843957349857388 for the Admin context, enter:
host1/Admin(config)# snmp-server engineID 88439573498573888843957349857388
To reset the default engine ID for the Admin context, enter:
host1/Admin(config)# no snmp-server engineID
contact_information SNMPv3 engine ID that you want to configure. Enter a range of 10
to 64 hexadecimal digits.
ACE Module Release Modification
A2(1.0) This command was introduced.
ACE Appliance Release Modification
A3(2.3) This command was introduced.2-419
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
To display the engine ID for a context, use the show snmp engineID command in Exec mode for the
context. For example, to display the engine ID for the Admin context, enter:
host1/Admin# show snmp engineID
Related Commands (config) snmp-server host
(config) snmp-server community
(config) snmp-server user2-420
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) snmp-server host
To specify which host receives Simple Network Management Protocol (SNMP) notifications, use the
snmp-server host command. To send notifications, you must configure at least one SNMP host using
the snmp-server host command. Use the no form of this command to remove the specified host.
snmp-server host host_address [informs | traps] [version {1 | 2c | {3 auth | noauth | priv}]
community-string_username [udp-port number]
no snmp-server host host_address [informs | traps] [version {1 | 2c | {3 auth | noauth | priv}]
community-string_username [udp-port number]
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
host_address IP address of the host (the targeted recipient). Enter the address in
dotted-decimal IP notation (for example, 192.168.11.1).
informs (Optional) Sends SNMP inform requests to the identified host, which
allows for manager-to-manager communication. Inform requests can
be useful when you need more than one NMS in the network.
traps (Optional) Sends SNMP traps to the identified host. An agent uses a
trap to tell the NMS that a problem has occurred. The trap originates
from the agent and is sent to the trap destination, as configured within
the agent itself. The trap destination is typically the IP address of the
NMS.
version (Optional) Specifies the version of SNMP used to send the traps.
SNMPv3 is the most secure model because it allows packet
encryption with the priv keyword.
1 Specifies SNMPv1.
2c Specifies SNMPv2C.
3 Specifies SNMPv3.
auth Enables Message Digest 5 (MD5) and Secure Hash Algorithm (SHA)
packet authentication.
noauth Specifies the noAuthNoPriv security level.
priv Enables Data Encryption Standard (DES) packet encryption
(privacy).
community-string_username SNMP community string or username with the notification operation
to send. Enter an unquoted text string with no space and a maximum
of 32 alphanumeric characters.
udp-port number (Optional) Specifies the port UDP port of the host to use. The default
is 162. Enter a number from 0 to 65535.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.2-421
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Usage Guidelines This command has no user role restrictions. For details about role-based access control (RBAC) and user
roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The ACE supports a maximum of 10 SNMP hosts per context.
Examples To specify the recipient of an SNMP notification, enter:
host1/Admin(config)# snmp-server host 192.168.1.1 traps version 2c abcddsfsf udp-port 500
To remove the specified host, enter:
host1/Admin(config)# no snmp-server host 192.168.1.1 traps version 2c abcddsfsf udp-port
500
Related Commands (config) snmp-server enable traps
(config) snmp-server location
To specify the Simple Network Management Protocol (SNMP) system location, use the snmp-server
location command. You can specify only one location. Use the no form of this command to remove the
SNMP system location.
snmp-server location location
no snmp-server location
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
ACE Appliance Release Modification
A1(7) This command was introduced.
location Physical location of the system. Enter a text string with a maximum
of 240 alphanumeric characters, including spaces. If the string
contains more than one word, enclose the string in quotation marks
(“ ”).
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.2-422
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Usage Guidelines This command has no user role restrictions. For details about role-based access control (RBAC) and user
roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
You can specify only one location per SNMP system.
Examples To specify SNMP system location information, enter:
host1/Admin(config)# snmp-server location “Boxborough MA”
To remove the specified SNMP system location information, enter:
host1/Admin(config)# no snmp-server location
Related Commands (config) snmp-server community
(config) snmp-server trap link ietf
To instruct the ACE to send the linkUp and linkDown traps with the IETF standard IF-MIB (RFC 2863)
variable bindings that consist of ifIndex, ifAdminStatus, and ifOperStatus, use the snmp-server trap
link ietf command. Use the no form of this command to revert to the Cisco implementation of linkUp
and linkDown traps.
snmp-server trap link ietf
no snmp-server trap link ietf
Syntax Description This command has no keywords or arguments.
Command Modes Configuration mode
Admin and user contexts
Command History
ACE Appliance Release Modification
A1(7) This command was introduced.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-423
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Usage Guidelines This command has no user role restrictions. For details about role-based access control (RBAC) and user
roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
By default, the ACE sends the Cisco implementation of linkUp and linkDown traps to the NMS. The
ACE sends the Cisco Systems IF-MIB variable bindings that consist of ifIndex, ifAdminStatus,
ifOperStatus, ifName, ifType, clogOriginID, and clogOriginIDType. You can configure the ACE to send
the IETF standards-based implementation for linkUp and linkDown traps (as outlined in RFC 2863).
The Cisco var-binds are sent by default. To receive RFC 2863-compliant traps, you must specify the
snmp-server trap link ietf command.
Examples To configure the linkUp and linkDown traps to be compliant with RFC 2863, enter:
host1/Admin(config)# snmp-server trap link ietf
To revert to the Cisco implementation of linkUp and linkDown traps, enter:
host1/Admin(config)# no snmp-server trap link ietf
Related Commands (config) snmp-server enable traps
(config) snmp-server trap-source vlan
To specify the use of the IP address configured on a VLAN as the trap-source address in the SNMPv1
trap PDU, use the snmp-server trap-source vlan command. If the VLAN interface does not contain a
valid IP address, the sending of notifications fails for SNMPv1 traps. Use the no form of this command
to remove the specified VLAN as the source address in the SNMPv1 trap PDU and reset the default
behavior.
snmp-server trap-source vlan number
no snmp-server trap-source vlan number
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
number VLAN number of the configured interface. Enter a value from 2 to
4094 for an existing VLAN.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-424
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Usage Guidelines By default, the ACE uses the trap source IP address from the internal routing table, depending on the
destination host address, where the ACE will send the notification.
For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco
ACE Application Control Engine.
(ACE appliance only) The ACE restricts you from selecting the VLAN number of the FT VLAN
interface that has been specified between redundant ACE appliances as the trap source address contained
in the SNMP v1 trap PDU.
Examples To specify VLAN 50 in the VLAN interface as the source address in the SNMPv1 trap PDUs, enter:
host1/Admin(config)# snmp-server trap-source vlan 50
To remove the specified VLAN as the source address in the SNMPv1 trap PDU and reset the default
behavior, enter:
host1/Admin(config)# no snmp-server trap-source
Related Commands (config) snmp-server enable traps
(config) snmp-server unmask-community
To unmask the snmpCommunityName and snmpCommunitySecurityName OIDs of the
SNMP-COMMUNITY-MIB, use the snmp-server unmask-community command. By default, these
OIDs are masked. Use the no form of this command to mask these OIDs.
snmp-server unmask-community
no snmp-server unmask-community
Syntax Description This command has no keywords or arguments.
Command Modes Configuration mode
Admin and user contexts
Command History
A3(2.1) You can no longer select the VLAN number of the FT VLAN interface
that has been specified between redundant ACE appliances as the trap
source address contained in the SNMP v1 trap PDU.
ACE Appliance Release Modification
ACE Module Release Modification
A2(1.5) This command was introduced.2-425
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Usage Guidelines This command has no user role restrictions. For details about role-based access control (RBAC) and user
roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To assign multiple roles to a user, enter multiple snmp-server user commands.
You can create a maximum of 28 SNMP users for each context.
User configuration through the snmp-server user command is applicable only for SNMPv3; SNMPv1
and SNMPv2c use a community string match for user authentication.
The ACE synchronizes the interactions between a user created with the username command and the
same user specified using the snmp-server user command; updates made to a user configuration in the
ACE CLI are automatically reflected in the SNMP server. For example, when you delete a user, the user
is automatically deleted from both the SNMP server and the CLI. In addition, user-role mapping changes
are synchronized in SNMP and CLI.
Only network monitoring operations are supported through the ACE implementation of SNMP where all
SNMP users are automatically assigned to the system-defined default group of Network-Monitor.
Examples To set the user information, enter:
host1/Admin# config
Enter configuration commands, one per line. End with CNTL/Z
host1/Admin(config)# snmp-server user joe Network-Monitor auth sha abcd1234
host1/Admin(config)# snmp-server user sam Network-Monitor auth md5 abcdefgh
host1/Admin(config)# snmp-server user Bill Network-Monitor auth sha abcd1234 priv abcdefgh
To disable the SNMP user configuration or to remove an SNMP user, enter:
host1/Admin(config)# no snmp-server user Bill Network-Monitor auth sha abcd1234 priv
abcdefgh
Related Commands This command has no related commands.
(config) snmp-server user
To configure Simple Network Management Protocol (SNMP) user information, use the snmp-server
user command. Use the no form of this command to disable the SNMP user configuration or to remove
an SNMP user.
snmp-server user user_name [group_name] [auth {md5 | sha} password1 [priv [aes-128]
password2] [localizedkey]]
no snmp-server user user_name [group_name] [auth {md5 | sha} password1 [priv [aes-128]
password2] [localizedkey]]
ACE Appliance Release Modification
A3(2.3) This command was introduced.2-426
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Syntax Description user_name Username. Enter an unquoted text string with no spaces and a
maximum of 24 alphanumeric characters.
group_name • (Optional) User role group to which the user belongs. Enter
Network-Monitor, the default group name and the only role that
is supported.
Note Only network monitoring operations are supported through
the ACE implementation of SNMP. In this case, all SNMP
users are automatically assigned the system-defined default
group of Network-Monitor. For details on creating users, see
the Virtualization Guide, Cisco ACE Application Control
Engine.
auth (Optional) Sets authentication parameters for the user.
Authentication determines that the message is from a valid source.
md5 Specifies the HMAC Message Digest 5 (MD5) encryption algorithm
for user authentication.
sha Specifies the HMAC Secure Hash Algorithm (SHA) encryption
algorithm for user authentication.
password1 User authentication password. Enter an unquoted text string with no
space and a maximum of 130 alphanumeric characters. The ACE
automatically synchronizes the SNMP authentication password as
the password for the CLI user. The ACE supports the following
special characters in a password:
, . / = + - ^ @ ! % ~ # $ * ( )
Note that the ACE encrypts clear text passwords in the
running-config.
priv (Optional) Specifies encryption parameters for the user. The priv
option and the aes-128 option indicate that this privacy password is
for generating a 128-bit AES key.
aes-128 (Optional) Specifies the 128-byte Advanced Encryption Standard
(AES) algorithm for privacy. AES is a symmetric cipher algorithm and
is one of the privacy protocols for SNMP message encryption. It
conforms with RFC 3826.
password2 Encryption password for the user. The AES priv password can have a
minimum of eight alphanumeric characters. If the passphrases are
specified in clear text, you can specify a maximum of 64
alphanumeric characters. If you use the localized key, you can
specify a maximum of 130 alphanumeric characters. Spaces are not
allowed. The ACE supports the following special characters in a
password:
, . / = + - ^ @ ! % ~ # $ * ( )
Note that the ACE encrypts clear text passwords in the
running-config.
localizedkey (Optional) Specifies that the password is in a localized key format for
security encryption.2-427
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command Modes Configuration mode
Admin and user contexts
Note If you change the SNMP engine ID for an Admin or user context, all configured SNMP users become
invalid. You must recreate all SNMP users by using the snmp-server user command in configuration
mode.
Command History
Usage Guidelines This command has no user role restrictions. For details about role-based access control (RBAC) and user
roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To assign multiple roles to a user, enter multiple snmp-server user commands.
You can create a maximum of 28 SNMP users for each context.
User configuration through the snmp-server user command is applicable only for SNMPv3; SNMPv1
and SNMPv2c use a community string match for user authentication.
The ACE synchronizes the interactions between a user created with the username command and the
same user specified using the snmp-server user command; updates made to a user configuration in the
ACE CLI are automatically reflected in the SNMP server. For example, when you delete a user, the user
is automatically deleted from both the SNMP server and the CLI. In addition, user-role mapping changes
are synchronized in SNMP and CLI.
Only network monitoring operations are supported through the ACE implementation of SNMP where all
SNMP users are automatically assigned to the system-defined default group of Network-Monitor.
Examples To set the user information, enter:
host1/Admin# config
Enter configuration commands, one per line. End with CNTL/Z
host1/Admin(config)# snmp-server user joe Network-Monitor auth sha abcd1234
host1/Admin(config)# snmp-server user sam Network-Monitor auth md5 abcdefgh
host1/Admin(config)# snmp-server user Bill Network-Monitor auth sha abcd1234 priv abcdefgh
To disable the SNMP user configuration or to remove an SNMP user, enter:
host1/Admin(config)# no snmp-server user Bill Network-Monitor auth sha abcd1234 priv
abcdefgh
Related Commands (config) snmp-server community
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-428
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) ssh key
To generate the Secure Shell (SSH) private key and the corresponding public key for use by the SSH
server, use the ssh key command. Use the no form of this command to remove an SSH key pair.
ssh key {dsa | rsa | rsa1} [bits [force]]
no ssh key {dsa | rsa | rsa1}
Syntax Description
Command Modes Configuration mode
Admin context only
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
Before you generate the key, set the hostname. This setting is used in the generation of the key.
The global administrator performs the key generation in the Admin context. All contexts associated with
the ACE share the common key. There is only a single host-key pair.
If you are the administrator or another user authorized in the Admin context, use the changeto command
in exec mode to move to the Admin context. An administrator can perform all allowable functions within
the Admin context.
Ensure that you have an SSH host key pair with the appropriate version before you enable the SSH
service. The SSH service accepts three types of key pairs for use by SSH versions 1 and 2. Generate the
SSH host key pair according to the SSH client version used.
dsa Generates the DSA key pair for the SSH version 2 protocol.
rsa Generates the RSA key pair for the SSH version 2 protocol.
rsa1 Generates the RSA1 key pair for the SSH version 1 protocol.
bits (Optional) Number of bits for the key pair. For DSA, enter an integer
from 768 to 2048. For RSA and RSA1, enter an integer from 768 to
4096. The greater the number of bits that you specify, the longer it
takes to generate the key. The default is 1024.
force (Optional) Forces the generation of a DSA or RSA key even when
previous keys exist. If the SSH key pair option is already generated
for the required version, use the force option to overwrite the
previously generated key pair.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-429
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Examples To generate an RSA1 key pair in the Admin context, enter:
host1/Admin(config)# ssh key rsa1 768
generating rsa1 key(768 bits).....
.
generated rsa1 key
To remove the SSH host key pair, enter:
host1/Admin(config)# no ssh key rsa1
Related Commands (config) ssh maxsessions
(config-cmap-mgmt) match protocol
(config) ssh maxsessions
To control the maximum number of Secure Shell (SSH) sessions allowed for each context, use the ssh
maxsessions command. By default, the ACE supports four concurrent SSH management sessions for
each user context and 16 concurrent SSH management sessions for the Admin context. Use the no form
of this command to revert to the default number of SSH sessions.
ssh maxsessions max_sessions
no ssh maxsessions
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the Admin user role. For details about role-based access control (RBAC) and
user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The ACE supports a total maximum of 256 concurrent SSH sessions.
max_sessions Maximum number of concurrent SSH sessions allowed for the associated context. The
range is from 1 to 4 SSH sessions per user context and from 1 to 16 SSH sessions for
the Admin context. The defaults are 4 (user context) and 16 (Admin context).
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-430
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Examples To set the maximum number of concurrent SSH sessions in the Admin context to 3, enter:
host1/Admin(config)# ssh maxsessions 3
To revert to the default of 16 SSH sessions for the Admin context, enter:
host1/Admin(config)# no ssh maxsessions
Related Commands (config) ssh key
(config-cmap-mgmt) match protocol
(config) ssl-proxy service
To create a Secure Sockets Layer (SSL) proxy service, use the ssl-proxy service command. For SSL
termination, you configure the ACE with an SSL proxy server service because the ACE acts as an SSL
server. Once you create an SSL proxy service, the CLI enters into the ssl-proxy configuration mode,
where you define each of the proxy service attributes that the ACE uses during the SSL handshake. Use
the no form of this command to delete an existing SSL proxy service.
ssl-proxy service pservice_name
no ssl-proxy service pservice_name
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the SSL feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
When you create a SSL proxy service, the CLI prompt changes to the ssl-proxy configuration mode,
where you define the following SSL proxy service attributes:
• Authentication group
• Certificate
• Key pair
pservice_name Name of the SSL proxy service. Enter an unquoted text string with no spaces
and a maximum of 64 alphanumeric characters.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-431
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
• Chain group
• Parameter map
For information about the commands in SSL proxy configuration mode, see the “SSL Proxy
Configuration Mode Commands” section.
Examples To create the SSL proxy service PSERVICE_SERVER, enter:
host1/Admin(config)# ssl-proxy service PSERVICE_SERVER
host1/Admin(config-ssl-proxy)#
To delete an existing SSL proxy service, enter:
host1/Admin(config)# no ssl-proxy PSERVICE_SERVER
Related Commands (config-ssl-proxy) cert
(config-ssl-proxy) authgroup
(config-ssl-proxy) chaingroup
(config-ssl-proxy) key
(config-ssl-proxy) ssl advanced-options
(config) static
(ACE module only) To configure the static NAT overwrite feature, use the static command. This feature
allows a maximum number of 400 K static NATs. By default, the ACE allows you to configure a
maximum 8 K static NAT configurations. Use the no form of this command to reset the default behavior.
static vlan mapped_vlan_id vlan real_vlan_id mapped_ip_address {real_ip_address [netmask
mask]}
no static vlan mapped_vlan_id vlan real_vlan_id mapped_ip_address {real_ip_address [netmask
mask]}
Syntax Description mapped_vlan_id The VLAN ID of the interface connected to the mapped IP address network.
In a context, the mapped interface must be the same in each static NAT
configuration.
real_vlan_id The VLAN ID of the interface connected to the real IP address network.
mapped_ip_address The translated IP address for the real address. Enter an IP address in
dotted-decimal notation (for example, 172.27.16.10). In a context, the
mapped IP address must be different in each static NAT configuration.
real_ip_address The real server IP address for translation. Enter an IP address in
dotted-decimal notation (for example, 172.27.16.10). In a context, you must
configure a different address for configurations that have the same real
server interface.
netmask mask (Optional) Specifies the subnet mask for the real server address. Enter a
subnet mask in dotted-decimal notation (for example, 255.255.255.0).2-432
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the NAT feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
The ACE creates static connections that contain the NATs as soon as the configuration is applied.
Because these connections exist before the packets are received, no ACL is required to permit flows that
will be translated.
When using the static command, consider the following restrictions:
• The ACE supports this configuration only in routed mode.
• The ACE allows only one mapped interface in a context. However, each static NAT configuration
must have a different mapped IP address.
• The ACE does not support bidirectional NAT, source address and destination address translation for
the same flow.
• You must limit the number of real server IP addresses on the same subnet as the real interface to less
than 1 K. Also, limit the number of mapped IP addresses on the same subnet as the mapped interface
to less than 1 K.
• You must not configure more than one next-hop at any point on the mapped interface.
It is not recommended that you configure MPC-based NAT for the same context in which you configure
the static command.
Examples To create a static NAT configuration for the mapped interface VLAN 176, real server interface VLAN
171, and real server IP address of 10.181.0.2 255.255.255.255 to be translated to the mapped address
5.6.7.4, enter:
host1/C1(config)# static vlan 176 vlan 171 5.6.7.4 10.81.0.2 netmask 255.255.255.255
To remove this configuration, enter:
host1/C1(config)# no static vlan 176 vlan 171 5.6.7.4 10.81.0.2 netmask 255.255.255.255
Related Commands show nat-fabric
show running-config
ACE Module Release Modification
A2(1.0) This command was introduced.2-433
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) sticky http-content
To create a sticky group for HTTP content stickiness, use the sticky http-content command. The prompt
changes to the sticky HTTP content configuration mode (config-sticky-content). Use the no form of this
command to remove the sticky group from the configuration.
sticky http-content name
no sticky http-content name
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the sticky feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To use the stickiness feature, you must allocate a minimum percentage of system resources to stickiness.
Otherwise, the feature will not work. For more information about allocating resources, see the
Virtualization Guide, Cisco ACE Application Control Engine.
For information about the commands in sticky HTTP content configuration mode, see the “Sticky HTTP
Content Configuration Mode Commands” section.
Examples To create a sticky group for HTTP packet content stickiness, enter:
host1/Admin(config)# sticky http-content HTTP_CONTENT_GROUP
host1/Admin(config-sticky-content)#
To remove the sticky group from the configuration, enter:
host1/Admin(config)# no sticky http-content HTTP_CONTENT_GROUP
Related Commands show running-config
show sticky database
name Unique identifier of the sticky group. Enter an unquoted text string
with no spaces and a maximum of 64 alphanumeric characters.
ACE Module Release Modification
A2(1.0) This command was introduced.
ACE Appliance Release Modification
A3(1.0) This command was introduced.2-434
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) sticky http-cookie
To configure the ACE to use HTTP cookies for stickiness and enter sticky cookie configuration mode,
use the sticky http-cookie command. The CLI prompt changes to (config-sticky-cookie). The ACE uses
the learned cookie to provide stickiness between a client and a server for the duration of a transaction.
Use the no form of this command to remove the sticky group from the configuration.
sticky http-cookie name1 name2
no sticky http-cookie name1 name2
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the sticky feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To use the stickiness feature, you must allocate a minimum percentage of system resources to stickiness.
Otherwise, the feature will not work. For more information about allocating resources, see the
Virtualization Guide, Cisco ACE Application Control Engine.
For information about the commands in sticky cookie configuration mode, see the “Sticky HTTP Cookie
Configuration Mode Commands” section.
Examples To create a sticky group for cookie stickiness, enter:
host1/Admin(config)# sticky http-cookie cisco.com GROUP3
To remove the sticky group from the configuration, enter:
host1/Admin(config)# no sticky http-cookie cisco.com GROUP3
http-cookie name1 Specifies that the ACE learn the cookie value from the HTTP header of the client
request or from the Set-Cookie message from the server. Enter a unique identifier
for the cookie as an unquoted text string with no spaces and a maximum of 64
alphanumeric characters.
name2 Unique identifier of the sticky group. Enter an unquoted text string with no spaces
and a maximum of 64 alphanumeric characters.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-435
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Related Commands show running-config
show sticky database2-436
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) sticky http-header
To create an HTTP header sticky group to enable the ACE to stick client connections to the same real
server based on HTTP headers, use the sticky http-header command. The prompt changes to the
sticky-header configuration mode (config-sticky-header). Use the no form of this command to remove
the sticky group from the configuration.
sticky http-header name1 name2
no sticky http-header name1 name2
Syntax Description
Command Modes Configuration mode
Admin and user contexts
name1 HTTP header name. Enter the HTTP header name as an unquoted text
string with no spaces and a maximum of 64 alphanumeric characters.
Alternatively, you can select one of the following standard headers:
• Accept
• Accept-Charset
• Accept-Encoding
• Accept-Language
• Authorization
• Cache-Control
• Connection
• Content-MD5
• Expect
• From
• Host
• If-Match
• Pragma
• Referer
• Transfer-Encoding
• User-Agent
• Via
See the Server Load-Balancing Guide, Cisco ACE Application
Control Engine for a definition of each standard header.
name2 Unique identifier of the sticky group. Enter an unquoted text string
with no spaces and a maximum of 64 alphanumeric characters.2-437
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Command History
Usage Guidelines This command requires the sticky feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To use the stickiness feature, you must allocate a minimum percentage of system resources to stickiness.
Otherwise, the feature will not work. For more information about allocating resources, see the
Virtualization Guide, Cisco ACE Application Control Engine.
For information about the commands in HTTP sticky header configuration mode, see the “Sticky HTTP
Header Configuration Mode Commands” section.
Examples To create a group for HTTP header stickiness, enter:
host1/Admin(config)# sticky http-header Host GROUP4
host1/Admin(config-sticky-header)#
To remove the sticky group from the configuration, enter:
host1/Admin(config)# no sticky http-header Host GROUP4
Related Commands show running-config
show sticky database
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-438
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
(config) sticky ip-netmask
To create a sticky group for IP address stickiness, use the sticky-ip netmask command. The prompt
changes to the sticky-IP configuration mode (config-sticky-ip). You can create a maximum of 4096
sticky groups on an ACE. Use the no form of this command to remove the sticky group from the
configuration.
sticky ip-netmask netmask address {both | destination | source} name
no sticky ip-netmask netmask address {both | destination | source} name
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the sticky feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To use the stickiness feature, you must allocate a minimum percentage of system resources to stickiness.
Otherwise, the feature will not work. For more information about allocating resources, see the
Virtualization Guide, Cisco ACE Application Control Engine.
netmask Network mask that the ACE applies to the IP address. Enter a
network mask in dotted-decimal notation (for example,
255.255.255.0).
address {both | destination |
source}
Specifies the IP address used for stickiness. Enter one of the
following options after the address keyword:
• both—Specifies that the ACE use both the source IP address and
the destination IP address to stick the client to a server.
• destination—Specifies that the ACE use the destination address
specified in the client request to stick the client to a server. You
typically use this keyword in caching environments.
• source—Specifies that the ACE use the client source IP address
to stick the client to a server. You typically use this keyword in
web application environments.
name Unique identifier of the sticky group. Enter an unquoted text string
with no spaces and a maximum of 64 alphanumeric characters.
ACE Module Release Modification
3.0(0)A1(2) This command was introduced.
ACE Appliance Release Modification
A1(7) This command was introduced.2-439
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
For information about the commands in sticky IP configuration mode, see the “Sticky IP Configuration
Mode Commands” section.
Examples To create a sticky group that uses IP address stickiness based on both the source IP address and the
destination IP address, enter:
host1/Admin(config)# sticky ip-netmask 255.255.255.0 address both GROUP1
host1/Admin(config-sticky-ip)#
To remove the sticky group from the configuration, enter:
host1/Admin(config)# no sticky ip-netmask 255.255.255.0 address both GROUP1
Related Commands show running-config
show sticky database
(config) sticky layer4-payload
To create a sticky group for Layer 4 payload stickiness, use the sticky layer4-payload command. The
prompt changes to the sticky Layer 4 payload configuration mode (config-sticky-l4payloa). Use the no
form of this command to remove the sticky group from the configuration.
sticky layer4-payload name
no sticky layer4-payload name
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
Usage Guidelines This command requires the sticky feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
name Unique identifier of the sticky group. Enter an unquoted text string
with no spaces and a maximum of 64 alphanumeric characters.
ACE Module Release Modification
A2(1.0) This command was introduced.
ACE Appliance Release Modification
A3(1.0) This command was introduced.2-440
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
To use the stickiness feature, you must allocate a minimum percentage of system resources to stickiness.
Otherwise, the feature will not work. You can create a maximum of 4096 sticky groups on an ACE.For
more information about allocating resources, see the Virtualization Guide, Cisco ACE Application
Control Engine.
For information about the commands in sticky Layer 4 payload configuration mode, see the “Sticky
Layer 4 Payload Configuration Mode Commands” section.
Examples To create a sticky group that uses Layer 4 payload stickiness, enter:
host1/Admin(config)# sticky layer4-payload L4_PAYLOAD_GROUP
host1/Admin(config-sticky-l4payloa)#
To remove the sticky group from the configuration, enter:
host1/Admin(config)# no sticky layer4-payload L4_PAYLOAD_GROUP
Related Commands show running-config
show sticky database
(config) sticky radius framed-ip
To create a sticky group for RADIUS attribute stickiness, use the sticky radius framed-ip command.
The prompt changes to the sticky RADIUS configuration mode (config-sticky-radius). Use the no form
of this command to remove the sticky group from the configuration.
sticky radius framed-ip [calling-station-id | username] name
no sticky radius framed-ip [calling-station-id | username] name
Syntax Description
Command Modes Configuration mode
Admin and user contexts
Command History
calling-station-id (Optional) Specifies stickiness based on the RADIUS framed IP
attribute and the calling station ID attribute.
username (Optional) Specifies stickiness based on the RADIUS framed IP
attribute and the username attribute.
name Unique identifier of the RADIUS sticky group. Enter an unquoted text
string with no spaces and a maximum of 64 alphanumeric characters.
ACE Module Release Modification
A2(1.0) This command was introduced.2-441
Command Reference, Cisco ACE Application Control Engine
OL-25339-01
Chapter 2 CLI Commands
Configuration Mode Commands
Usage Guidelines This command requires the sticky feature in your user role. For details about role-based access control
(RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.
To use the stickiness feature, you must allocate a minimum percentage of system resources to stickiness.
Otherwise, the feature will not work. For more information about allocating resources, see the
Virtualization Guide, Cisco ACE Application Control Engine.
For information about the commands in sticky RADIUS configuration mode, see the “Sticky RADIUS
Configuration Mode Commands” section.
Examples To create a sticky group for RADIUS attribute stickiness, enter:
host1/Admin(config)# sticky radius framed-ip calling-station-id RADIUS_GROUP
host1/Admin(config-sticky-radius)#
To remove the sticky group from the configuration, enter:
host1/Admin(config)# no sticky radius framed-ip calling-station-id RADIUS_GROUP
Related Commands show running-config
show sticky database
(config) sticky rtsp-header
To create an RTSP header sticky group to enable the ACE to stick client connections to the same real
server based |